Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

possibly a trojan on computer? [RESOLVED]


  • This topic is locked This topic is locked

#1
die another day

die another day

    Member

  • Member
  • PipPip
  • 14 posts
Ok i have no idea how i got this onto my computer but everytime i start up my computer ill get this message


"Servies and Controller app
Services and Controller app has encountered a problem and needs to close/ We are sorry for the inconvenience. If you were in the middle of something, the information you were working on might be lost. Please tell Microsoft aobut this problem. We have created an error report that you can send to help improve Services and Controller app. We will treat this report as conidential and anonymous. To see what data this error report contains, click here.
Send Error Report Dont Send."


and the other message after this one is......

"System Shutdown
This system is shutting down. Please save all work in progress and log off. Any unsaved changes will be lost. This shutdown was initiated by NT AUTHORITY\SYSTEM Time before shutdown: starts at 1 minute" and then theres something else just under that but i missed it

and then once the countdown hits 0 my computer restarts. and my internet won'teven start so cant do much on that computer right now. im on my laptop now. but ill try anythign u tell me to
  • 0

Advertisements


#2
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, my name is fenzodahl512 and welcome to Geekstogo.. I'm currently consulting with the experts about your computer problem and will be back as soon as possible..

Thank you for your patience and understanding... :)

Regards
fenzodahl512
  • 0

#3
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello.. my name is fenzodahl512 and welcome to Geekstogo.. Please do the following..


Please start your computer.. Whenever you get the "Servies and Controller app" error, please ignore it and do below step.

Whenever the "computer will shut down in 60/30 seconds" box appears, quickly navigate to Start --> Run, and type or copy/paste the following command into the Run box and press Enter:

shutdown -a




NEXT


Please have a read at this topic and do all the preliminary steps given.

If you are using Windows Vista, or if you are using XP and already have Service Pack 1a or later, please ignore Step Three: Windows Updates and continue with Step Four: Reboot - Test

It should handle about 70% of your malware problem.. Should the problem still exist, please post a fresh HijackThis log here as shown in the Step Five: Posting a Hijack This Log.. Thank you :)

Regards
fenzodahl512
  • 0

#4
die another day

die another day

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I finally got my internet to work long enough for all those steps and i got the notepad from 2 things and ill post em here......


;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-05-17 21:46:47
PROTECTIONS: 2
MALWARE: 135
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
Norton Antivirus 2007 14.2.0.29 No Yes
Norton Antivirus Internet Security 2007 14.2.0.29 No No
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\clsid\{b7156514-a76c-4545-9d5b-a4e1d02c7aec}
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\topsearch.tslink
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\classes\topsearch.tslink.1
00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\topsearch.tslink
00029258 application/altnet HackTools No 0 Yes No hkey_classes_root\topsearch.tslink.1
00029258 application/altnet HackTools No 0 Yes No HKEY_CLASSES_ROOT\Interface\{582AB125-1403-42FB-9EFB-198690BA1496}
00029258 application/altnet HackTools No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}
00096000 Application/Altnet HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP447\A0119018.dll
00097146 Application/Altnet HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP447\A0119023.dll
00097147 Application/Altnet HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP447\A0119020.dll
00099505 Application/Altnet HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP447\A0119012.exe
00112308 Application/Altnet HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP447\A0119013.dll
00112311 Application/BrilliantDigital HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP447\A0119011.exe
00114274 Application/Altnet HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP447\A0119024.dll
00121802 Application/Altnet HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP447\A0119022.exe
00121803 Application/Altnet HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP447\A0119010.exe
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][2].txt
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Dwayne\Local Settings\Temp\nsd19.tmp
00141430 Application/P2PNetworking HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP445\A0118823.exe
00141436 Application/P2PNetworking HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP445\A0118822.cpl
00141438 Application/P2PNetworking HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP445\A0118821.DLL
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][1].txt
00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][3].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][1].txt
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][2].txt
00145869 Cookie/SpyLog TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][1].txt
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][1].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][2].txt
00167704 Cookie/Xiti TracingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][1].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][2].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][2].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][1].txt
00167763 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][1].txt
00167795 Cookie/Cd Freaks TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][3].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][1].txt
00168105 Cookie/Cd Freaks TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][2].txt
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][2].txt
00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][2].txt
00169752 Application/Need2Find HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP444\A0118774.DLL
00169753 Application/Need2Find HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP444\A0118773.DLL
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No :\Documents and Settings\Dwayne\Cookies\[email protected][1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][1].txt
00180282 Application/Need2Find HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP444\A0118772.DLL
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][2].txt
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][2].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][1].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][2].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][2].txt
00252281 Adware/Trymedia Adware No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP469\A0119924.exe
00252281 Adware/Trymedia Adware No 0 Yes No C:\Downloads\InFishermanFreshwater-dm[1].exe
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][1].txt
00267259 spyware/browseraccelerator Spyware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{074E3AA7-7718-4404-B3F8-FF8FB5414E0E}
00267259 spyware/browseraccelerator Spyware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D6A91CF-37C6-4EB2-A8D8-F65F1DB14ECE}
00274973 Adware/RXToolbar Adware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP447\A0119007.dll
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][1].txt
00290697 Cookie/Malwarewipe TrackingCookie No 0 Yes No C:\WINDOWS\Temp\Cookies\[email protected][2].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][1].txt
00298627 Cookie/Safetyhomepage TrackingCookie No 0 Yes No C:\WINDOWS\Temp\Cookies\[email protected][1].txt
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][1].txt
00349071 Adware/RXToolbar Adware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP447\A0119008.dll
00361459 Application/Altnet HackTools No 0  Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP445\A0118814.dll
00371752 Adware/Yazzle Adware No 0 Yes No C:\Documents and Settings\Dwayne\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.66895
00517676 Application/Altnet HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP445\A0118804.dll
00519271 Adware/CWS.Searchmeup Adware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP447\A0119009.exe
00519272 Adware/CWS.Searchmeup Adware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP447\A0119025.dll
00520005 Trj/Downloader.NUS Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP563\A0145899.exe
00520936 Application/ViewPoint HackTools No 0 Yes No C:\WINDOWS\Temp\0\Private\Vendor\ProgFiles\ViewBarBHO.dll
00520936 Application/ViewPoint HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP555\A0133698.dll
00580591 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP488\A0124298.dll
00735083 Application/Altnet HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP447\A0119019.dll
01143365 Application/Altnet HackTools No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP447\A0119021.dll
01192461 Trj/Downloader.PCQ Virus/Trojan No 0 Yes No C:\Documents and Settings\Dwayne\Local Settings\Temp\issnjbas.exe
01192461 Trj/Downloader.PCQ Virus/Trojan No 0 Yes No C:\Documents and Settings\Dwayne\Local Settings\Temp\rkdedhcp.exe
01192461 Trj/Downloader.PCQ Virus/Trojan No 0 Yes No C:\Documents and Settings\Dwayne\Local Settings\Temp\usltnexw.exe
01192461 Trj/Downloader.PCQ Virus/Trojan No 0 Yes No C:\Documents and Settings\Dwayne\Local Settings\Temp\lpxuschx.exe
01192461 Trj/Downloader.PCQ Virus/Trojan No 0 Yes No C:\Documents and Settings\Dwayne\Local Settings\Temp\ljdrgrmp.exe
01192461 Trj/Downloader.PCQ Virus/Trojan No 0 Yes No C:\Documents and Settings\Dwayne\Local Settings\Temp\xfwcindy.exe
01192461 Trj/Downloader.PCQ Virus/Trojan No 0 Yes No C:\Documents and Settings\Dwayne\Local Settings\Temp\xklkupce.exe
01192461 Trj/Downloader.PCQ Virus/Trojan No 0 Yes No C:\Documents and Settings\Dwayne\Local Settings\Temp\paibgpdg.exe
01192461 Trj/Downloader.PCQ Virus/Trojan No 0 Yes No C:\Documents and Settings\Dwayne\Local Settings\Temp\hiexopjx.exe
01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][2].txt
01240387 Trj/Downloader.PJT Virus/Trojan No 0 Yes  No C:\Documents and Settings\Dwayne\Local Settings\Temp\xjpvkglk.exe
01240387 Trj/Downloader.PJT Virus/Trojan No 0 Yes No C:\Documents and Settings\Dwayne\Local Settings\Temp\irkrnlxf.exe
01240387 Trj/Downloader.PJT Virus/Trojan No 0 Yes No C:\Documents and Settings\Dwayne\Local Settings\Temp\yqgujmcv.exe
01240387 Trj/Downloader.PJT Virus/Trojan No 0 Yes No C:\Documents and Settings\Dwayne\Local Settings\Temp\ewwbitew.exe
01240387 Trj/Downloader.PJT Virus/Trojan No 0 Yes No C:\Documents and Settings\Dwayne\Local Settings\Temp\vcknanha.exe
01240387 Trj/Downloader.PJT Virus/Trojan No 0 Yes No C:\Documents and Settings\Dwayne\Local Settings\Temp\mdlvxqot.exe
01240387 Trj/Downloader.PJT Virus/Trojan No 0 Yes No C:\Documents and Settings\Dwayne\Local Settings\Temp\eiqghhoq.exe
01240387 Trj/Downloader.PJT Virus/Trojan No 0 Yes No C:\Documents and Settings\Dwayne\Local Settings\Temp\dtolvvgh.exe
01240387 Trj/Downloader.PJT Virus/Trojan No 0 Yes No C:\Documents and Settings\Dwayne\Local Settings\Temp\ccphdcec.exe
01240387 Trj/Downloader.PJT Virus/Trojan No 0 Yes No C:\Documents and Settings\Dwayne\Local Settings\Temp\bxgbahdd.exe
01240387 Trj/Downloader.PJT Virus/Trojan No 0 Yes No C:\Documents and Settings\Dwayne\Local Settings\Temp\rijqvask.exe
01240387 Trj/Downloader.PJT Virus/Trojan No 0 Yes No C:\Documents and Settings\Dwayne\Local Settings\Temp\pwchgiwv.exe
01240387 Trj/Downloader.PJT Virus/Trojan No 0 Yes No C:\Documents and Settings\Dwayne\Local Settings\Temp\bspimesd.exe
01240387 Trj/Downloader.PJT Virus/Trojan No 0 Yes No C:\Documents and Settings\Dwayne\Local Settings\Temp\agghgywj.exe
01260190 Trj/Downloader.OZB Virus/Trojan No 0 Yes No C:\Documents and Settings\Dwayne\Local Settings\Temp\nxaonwlp.dll
01260190 Trj/Downloader.OZB Virus/Trojan No 0 Yes No C:\Documents and Settings\Dwayne\Local Settings\Temp\pqkugiew.dll
01260190 Trj/Downloader.OZB Virus/Trojan No 0 Yes No C:\Documents and Settings\Dwayne\Local Settings\Temp\afbwftym.dll
01260190 Trj/Downloader.OZB Virus/Trojan No 0 Yes No C:\Documents and Settings\Dwayne\Local Settings\Temp\uwugkrwa.dll
01260190 Trj/Downloader.OZB Virus/Trojan No 0 Yes No C:\Documents and Settings\Dwayne\Local Settings\Temp\facfdfag.dll
01260190 Trj/Downloader.OZB Virus/Trojan No 0 Yes No C:\Documents and Settings\Dwayne\Local Settings\Temp\mcuxgxge.dll
01260190 Trj/Downloader.OZB Virus/Trojan No 0 Yes No C:\Documents and Settings\Dwayne\Local Settings\Temp\kxvvhrim.dll
01260190 Trj/Downloader.OZB Virus/Trojan No 0 Yes No C:\Documents and Settings\Dwayne\Local Settings\Temp\knwmccgy.dll
01260190 Trj/Downloader.OZB Virus/Trojan No 0 Yes No C:\Documents and Settings\Dwayne\Local Settings\Temp\kbjkyahf.dll
01260190 Trj/Downloader.OZB Virs/Trojan No 0 Yes No C:\Documents and Settings\Dwayne\Local Settings\Temp\keoqdikl.dll
01260190 Trj/Downloader.OZB Virus/Trojan No 0 Yes No C:\Documents and Settings\Dwayne\Local Settings\Temp\gigjywof.dll
01307694 Adware/Winpopup Adware No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP469\A0119918.exe
01315953 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP564\A0145916.exe
01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][1].txt
02377326 Adware/Adband Adware No 0 No No C:\Documents and Settings\Dwayne\Local Settings\Temp\bndupd4.exe[BndDrive3.dll]
02526336 Spyware/MarketScore Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP478\A0122007.exe
02886407 Application/DownAndRun HackTools No 0 No No C:\Documents and Settings\Dwayne\Local Settings\Temp\bndupd4.exe[bndloader.exe]
02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][2].txt
02897073 Cookie/Revenue TrackingCookie No 0 Yes No C:\Documents and Settings\Dwayne\Cookies\[email protected][1].txt
02901572 Spyware/MarketScore Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP494\A0124722.exe
02902053 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP494\A0124719.dll
02902665 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP475\A0120904.dll
02914711 Adware/WebSearch Adware No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP494\A0124721.dll
02919541 Adware/IST Adware No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP483\A0124134.dll
02919542 Adware/IST Adware No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP483\A0124123.dll
02919545 Adware/IST Adware No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP494\A0124723.dll
02919546 Adware/IST Adware No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP483\A0124119.exe
02921333 Adware/Zango Adware No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP483\A0124136.dll
02929610 Adware/Zango Adware No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP483\A0124131.exe
02936016 Adware/Insider Adware No 0 Yes No C:\System Volue Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP539\A0128094.exe
02936016 Adware/Insider Adware No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP538\A0128081.exe
02936016 Adware/Insider Adware No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP542\A0128287.exe
02936936 Trj/Downloader.TNT Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP544\A0128382.exe
02937945 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP549\A0128492.dll
02938020 Trj/Downloader.TMZ Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP546\A0128424.exe
02938488 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP549\A0128493.dll
02938505 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP552\A0129479.dll
02938511 Trj/Proxy.BF Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP558\A0143809.dll
02938531 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP551\A0129473.dll
02938570 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP553\A0130489.dll
02938578 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP549\A0128491.dll
02938578 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP549\A0129424.dll
02938581 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP550\A0129459.dll
02938581 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP551\A0129463.dll
02938581 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP551\A0129467.dll
02938823 Spyware/AdClicker Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP543\A0128310.exe
02940030 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP549\A0128494.dll
02940808 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP553\A0130486.dll
02940861 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP553\A0130481.dll
02940899 Spyware/Virtumonde  Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP550\A0129460.dll
02942696 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP553\A0131467.dll
02942829 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP558\A0143807.dll
02943468 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\Program Files\Common Files\Real\Update_OB\crack.exe
02947116 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP562\A0144869.dll
02947116 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP562\A0144876.dll
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP562\A0144870.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP562\A0144871.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP562\A0144875.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP562\A0144874.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP562\A0144865.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP562\A0144866.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP562\A0144873.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP562\A0144872.exe
02947658 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP558\A0143808.dll
02947660 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP553\A0131469.dll
02947660 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP554\A0133478.dll
02957754 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP560\A0143818.dll
02957754 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP558\A0143805.dll
02957754 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP560\A0144794.ll
02957754 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP559\A0143815.dll
02968325 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\WINDOWS\system32\bqzpas.sys
02970832 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP562\A0144868.dll
02970913 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP561\A0144850.dll
02970995 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP555\A0133753.dll
02970995 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP556\A0134753.dll
02971002 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP556\A0135761.dll
02971046 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP562\A0144878.dll
02972465 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\rauftxdq.dll
02972465 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\rrxlkwal.dll
02974511 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP562\A0144877.dll
02974511 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP562\A0144867.dll
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location }
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description }
;===============================================================================
=================================================================================
==================
;===============================================================================
=================================================================================
===================


That was for ActiveScan


heres the hijackthis...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:20:15 AM, on 5/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.f578.mail....d=3n61lvhvsrkd7
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {31c6ae46-c100-41f8-ae58-275bc51ba875} - C:\WINDOWS\system32\opnlJcby.dll (file missing)
O2 - BHO: (no name) - {323A19DD-8319-EE9C-1266-898DCD508297} - C:\WINDOWS\system32\tkvofe.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {66681F8B-D34B-B9CD-1A66-898DCD508190} - C:\WINDOWS\system32\oonlk.dll (file missing)
O2 - BHO: (no name) - {676B4C87-814A-EA9F-1266-898DCD508ECB} - C:\WINDOWS\system32\qpcv.dll (file missing)
O2 - BHO: {3c159a0a-8dc8-b8a8-bb94-8012e0350718} - {8170530e-2108-49bb-8a8b-8cd8a0a951c3} - C:\WINDOWS\system32\vfadsovn.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [rundll23] C:\WINDOWS\system32\rundll23.exe
O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.7.8\webbuying.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Dwayne\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.drivecleaner.com
O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantispyware.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2d8ed06d-3c30-438b-96ae-4d110fdc1fb8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1153584659031
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driverage...driveragent.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: DP|p|m|O
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ssqnmkk - ssqnmkk.dll (file missing)
O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 12713 bytes

thats it is this all good?
  • 0

#5
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello die another day.. Thanks for the reply.. I always waiting for you :)


Please temporarily disable your Norton Antivirus prior to our fix.. Please visit this webpage if you do not know how..



Please read my post CAREFULLY before proceed with this step. Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.
For more information regarding this download, please visit this webpage

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Please go HERE to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: DO NOT mouseclick combofix's window while it's running. That may cause it to stall**




Please re-enable back your Norton Antivirus after performing above step..


Regards
fenzodahl512
  • 0

#6
die another day

die another day

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
heres what i got...and prior to reading your last reply i tried to update my norton and then it wouldnt update and now i cant access norton anymore and im unsure of where my norton CD is any help or am i just hoping to find it later?



ComboFix 08-05-19.4 - Dwayne 2008-05-19 19:03:19.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.228 [GMT -7:00]
Running from: C:\Documents and Settings\Dwayne\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\pppatc~1
C:\Program Files\pppatc~1\?ppPatch\
C:\temp\0c2
C:\temp\0c2\tmpRC.log
C:\Temp\abW9
C:\temp\brr
C:\temp\brr\tmpZTF.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ajcfcajl.ini
C:\WINDOWS\system32\avuivnew.ini
C:\WINDOWS\system32\bqzpas.sys
C:\WINDOWS\system32\CKTBaGgh.ini
C:\WINDOWS\system32\CKTBaGgh.ini2
C:\WINDOWS\system32\cofggxpy.ini
C:\WINDOWS\system32\ctplmfkl.ini
C:\WINDOWS\system32\dhrfqwmk.ini
C:\WINDOWS\system32\dqicwwmd.ini
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\fNqqBJjl.ini
C:\WINDOWS\system32\fNqqBJjl.ini2
C:\WINDOWS\system32\ghkmp.ini
C:\WINDOWS\system32\ghkmp.ini2
C:\WINDOWS\system32\inst.dat
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mpstojqn.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\pk.bin
C:\WINDOWS\system32\qefgvpmo.ini
C:\WINDOWS\system32\qkxrusbg.ini
C:\WINDOWS\system32\rauftxdq.dll
C:\WINDOWS\system32\rMa02yy
C:\WINDOWS\system32\rmimbtdh.ini
C:\WINDOWS\system32\rrxlkwal.dll
C:\WINDOWS\system32\twmdnegr.ini
C:\WINDOWS\system32\ueqaheqa.ini
C:\WINDOWS\system32\uninstall.exe
C:\WINDOWS\system32\uytgebdo.ini
C:\WINDOWS\system32\vfadsovn.dll
C:\WINDOWS\system32\vgdmxpfa.ini
C:\WINDOWS\system32\wpgnketr.ini
C:\WINDOWS\system32\wyadd.bak1
C:\WINDOWS\system32\wyadd.bak2
C:\WINDOWS\system32\wyadd.ini
C:\WINDOWS\system32\wyadd.ini2
C:\WINDOWS\system32\wyadd.tmp
C:\WINDOWS\system32\ybcJlnpo.ini
C:\WINDOWS\system32\ybcJlnpo.ini2
C:\WINDOWS\system32\ymsycmti.ini
C:\WINDOWS\system32\ymyuxhxo.ini
C:\WINDOWS\system32\yycelpge.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_NWSAPAGENT
-------\Service_6to4
-------\Service_bqzpas
-------\Service_NwSapAgent


((((((((((((((((((((((((( Files Created from 2008-04-20 to 2008-05-20 )))))))))))))))))))))))))))))))
.

2008-05-18 07:53 . 2008-05-18 07:53 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-05-18 07:19 . 2008-05-18 07:19 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-17 19:39 . 2008-05-18 15:52 <DIR> d-------- C:\Program Files\Panda Security
2008-05-17 08:40 . 2008-05-17 08:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-17 08:39 . 2008-05-18 15:52 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-17 08:39 . 2008-05-18 15:54 <DIR> d-------- C:\Documents and Settings\Dwayne\Application Data\SUPERAntiSpyware.com
2008-05-15 21:40 . 2008-05-15 21:40 <DIR> d-------- C:\Documents and Settings\Dwayne\Application Data\Malwarebytes
2008-05-15 21:38 . 2008-05-15 21:38 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-15 21:38 . 2008-05-15 21:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-10 19:15 . 2008-05-19 19:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-10 19:15 . 2008-05-10 19:15 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-08 17:49 . 2008-05-08 17:49 1,487,215 --ahs---- C:\WINDOWS\system32\ymyuxhxo.tmp
2008-05-04 21:18 . 2008-05-16 19:38 109,709 --a------ C:\WINDOWS\BM07377d2e.xml
2008-05-04 21:11 . 2008-05-04 21:11 2 --a------ C:\67391005
2008-05-04 13:23 . 2008-05-04 13:23 <DIR> d-------- C:\Program Files\EA GAMES
2008-05-04 13:23 . 2004-08-17 19:14 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-04-26 11:33 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-26 11:33 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-26 11:33 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-26 09:49 . 2008-04-26 09:49 <DIR> d-------- C:\Program Files\Microsoft Works
2008-04-26 09:47 . 2008-04-26 09:47 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-04-26 09:41 . 2008-04-26 09:41 <DIR> dr-h----- C:\MSOCache
2008-04-26 09:41 . 2008-05-15 19:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-20 02:08 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-18 22:52 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-18 17:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-18 16:59 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-18 16:59 10,563 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-18 15:46 --------- d-----w C:\Program Files\Norton AntiVirus
2008-05-16 03:38 --------- d--h--w C:\Program Files\LimeWire
2008-05-09 00:46 --------- d-----w C:\Program Files\Common Files\AOL
2008-05-09 00:35 --------- d-----w C:\Program Files\Viewpoint
2008-05-09 00:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-09 00:31 --------- d-----w C:\Program Files\Project64 1.6
2008-05-09 00:28 --------- d-----w C:\Program Files\AIM Gadgets
2008-05-09 00:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-05-03 02:52 --------- d-----w C:\Program Files\Apple Software Update
2008-04-05 16:18 --------- d-----w C:\Documents and Settings\Dwayne\Application Data\Apple Computer
2008-04-05 01:52 --------- d-----w C:\Program Files\iTunes
2008-04-05 01:52 --------- d-----w C:\Program Files\iPod
2008-04-05 01:48 --------- d-----w C:\Program Files\QuickTime
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-24 18:08 --------- d--h--w C:\Program Files\New Folder
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-02 01:36 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-19 03:18 6,994,886 ----a-w C:\Documents and Settings\gameboy advance\Pokemon_Emerald_-_GBA.zip
2008-02-19 03:15 4,952,405 ----a-w C:\Documents and Settings\gameboy advance\Pokemon_Sapphire_-_GBA.zip
2008-02-19 03:13 4,952,282 ----a-w C:\Documents and Settings\gameboy advance\Pokemon_Ruby_-_GBA.zip
2008-02-19 03:11 5,341,251 ----a-w C:\Documents and Settings\gameboy advance\Pokemon_-_Leaf_Green_-_GBA.zip
2008-02-19 03:09 5,341,129 ----a-w C:\Documents and Settings\gameboy advance\Pokemon_-_Fire_Red_-_GBA.zip
2008-02-19 01:10 164,531,336 ----a-w C:\Documents and Settings\4\zsnesw151.zip
2008-02-18 21:11 163,663,395 ----a-w C:\Documents and Settings\4\127 super nintendo games (SNES roms).zip
2008-02-16 17:54 10,762,816 ----a-w C:\Documents and Settings\1\GoldenEye_007_(E)_[!].zip
2008-02-16 16:35 12,535,577 ----a-w C:\Documents and Settings\1\Super_Smash_Bros._(A)_[!].zip
2008-02-16 16:23 11,819,370 ----a-w C:\Documents and Settings\1\Star_Wars_-_Shadows_of_the_Empire_(E)_[!].zip
2008-02-16 16:14 48,284,630 ----a-w C:\Documents and Settings\1\Pokemon_Stadium_2_(F)_[!].zip
2008-02-16 16:03 17,327,098 ----a-w C:\Documents and Settings\1\Mario_Golf_(E)_[!].zip
2008-02-16 15:54 27,959,031 ----a-w C:\Documents and Settings\1\Turok_3_-_Shadow_of_Oblivion_(E)_[!].zip
2008-02-16 15:47 45,971 ----a-w C:\Documents and Settings\1\Turok_2_-_Seeds_of_Evil_(E)_[!].zip
2008-02-16 15:45 7,591,184 ----a-w C:\Documents and Settings\1\Turok_-_Dinosaur_Hunter_(E)_(V1.0)_[!].zip
2008-02-16 15:43 10,044,131 ----a-w C:\Documents and Settings\1\Toy_Story_2_(E)_[!].zip
2008-02-11 16:58 61,353,425 ----a-w C:\Documents and Settings\1\Conker's_Bad_Fur_Day.zip
2008-02-11 16:38 6,268,366 ----a-w C:\Documents and Settings\1\Super_Mario_64_(U)_[!].zip
2008-02-11 03:55 9,569,688 ----a-w C:\Documents and Settings\2\mame0123s.exe
2008-02-11 02:29 11,173,904 ----a-w C:\Documents and Settings\1\NBA_Jam_99_(E)_[!].zip
2008-02-11 00:08 26,666,375 ----a-w C:\Documents and Settings\1\Legend_of_Zelda,_The_-_Ocarina_of_Time_(U)_(V1.1)_[!].zip
2008-02-10 23:55 27,733,155 ----a-w C:\Documents and Settings\1\Pokemon_Stadium_(E)_(V1.1)_[!].zip
2008-02-10 23:43 13,668,873 ----a-w C:\Documents and Settings\1\Mortal_Kombat_4_(E)_[!].zip
2008-02-10 19:19 111,988 ----a-w C:\Documents and Settings\game\SuperMarioForever.zip
2007-12-24 23:17 177,664 ----a-w C:\Documents and Settings\game\Jnes.exe
2007-11-19 03:12 31,937,536 ----a-w C:\Documents and Settings\2\mamepp.exe
2007-11-19 03:11 49,152 ----a-w C:\Documents and Settings\2\romcmp.exe
2007-11-19 03:11 190,464 ----a-w C:\Documents and Settings\2\chdman.exe
2007-11-19 03:11 11,776 ----a-w C:\Documents and Settings\2\jedutil.exe
2007-11-19 03:11 10,752 ----a-w C:\Documents and Settings\2\ledutil.exe
2007-11-19 03:03 31,892,992 ----a-w C:\Documents and Settings\2\mame.exe
2005-10-31 15:56 700,416 ---ha-w C:\Program Files\StubInstaller.exe
2002-02-13 21:52 32,256 ----a-w C:\Documents and Settings\game\kailleraclient.dll
2007-05-09 02:54 952 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31c6ae46-c100-41f8-ae58-275bc51ba875}]
C:\WINDOWS\system32\opnlJcby.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{323A19DD-8319-EE9C-1266-898DCD508297}]
C:\WINDOWS\system32\tkvofe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66681F8B-D34B-B9CD-1A66-898DCD508190}]
C:\WINDOWS\system32\oonlk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{676B4C87-814A-EA9F-1266-898DCD508ECB}]
C:\WINDOWS\system32\qpcv.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00 15360]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 18:43 4670704]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 00:33 8720384]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 03:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 03:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 03:00 455168]
"rundll23"="C:\WINDOWS\system32\rundll23.exe" [ ]
"Anti Trojan Elite"="C:\Program Files\Anti Trojan Elite\TJEnder.exe" [ ]
"SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [2007-12-06 12:58 1069920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-18 22:21 185896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 00:33 8720384]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-02-18 19:44:16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqnmkk]
ssqnmkk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\WINDOWS\\system32\\winver.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

R3 BLKWGD;Belkin Wireless G Desktop Card Service;C:\WINDOWS\system32\DRIVERS\BLKWGD.sys [2005-06-01 20:37]
S3 ATE_PROCMON;ATE_PROCMON;C:\Program Files\Anti Trojan Elite\ATEPMon.sys []
S3 Fadpu16E;Fadpu16E;C:\DOCUME~1\Dwayne\LOCALS~1\Temp\Fadpu16E.sys []
S3 wlanndi5;wlanndi5 NDIS Protocol Driver;C:\WINDOWS\system32\wlanndi5.SYS [2004-04-21 17:51]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0adca56-fe31-11db-b50a-001676880864}]
\Shell\AutoRun\command - F:\setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-05-14 15:56:29 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-19 19:08:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-05-19 19:12:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-20 02:12:25

Pre-Run: 27,910,635,520 bytes free
Post-Run: 31,050,399,744 bytes free

255 --- E O F --- 2008-05-16 10:03:50
  • 0

#7
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, thanks for the reply.. Now, please do the following...


Please go to Start > Control Panel > Add or Remove Programs and remove the following (if present):

Viewpoint





NEXT


Installing Recovery Console:

It appears your computer has no Recovery Console installed. We need to install Recovery Console first before proceed to our next fix. Please do the following..

Please go to Microsoft's website => HERE

Select the download that's appropriate for your Operating System: Windows XP Home Edition Service Pack 2 (SP2)


Posted Image


Download the file & save it as it's originally named, next to ComboFix.exe.



Posted Image


Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

After successfully install Recovery Console, a pop-on will appear asking to run ComboFix, please select NO.




NEXT



1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
C:\WINDOWS\system32\ymyuxhxo.tmp
C:\WINDOWS\BM07377d2e.xml
C:\67391005
C:\WINDOWS\system32\opnlJcby.dll
C:\WINDOWS\system32\tkvofe.dll
C:\WINDOWS\system32\oonlk.dll
C:\WINDOWS\system32\qpcv.dll
C:\WINDOWS\system32\ssqnmkk.dll
C:\WINDOWS\system32\rundll23.exe

Folder::
C:\Program Files\Viewpoint
C:\Documents and Settings\All Users\Application Data\Viewpoint

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31c6ae46-c100-41f8-ae58-275bc51ba875}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{323A19DD-8319-EE9C-1266-898DCD508297}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66681F8B-D34B-B9CD-1A66-898DCD508190}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{676B4C87-814A-EA9F-1266-898DCD508ECB}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqnmkk]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"rundll23"=-

3. Save the above as CFScript.txt in your Desktop.

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.


Regards
fenzodahl512
  • 0

#8
die another day

die another day

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
CF-RC:

winxpsp1_en_hom_bf.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

COmbofix:


ComboFix 08-05-19.4 - Dwayne 2008-05-20 4:57:07.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.292 [GMT -7:00]
Running from: C:\Documents and Settings\Dwayne\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\All Users\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\67391005
C:\WINDOWS\BM07377d2e.xml
C:\WINDOWS\system32\oonlk.dll
C:\WINDOWS\system32\opnlJcby.dll
C:\WINDOWS\system32\qpcv.dll
C:\WINDOWS\system32\rundll23.exe
C:\WINDOWS\system32\ssqnmkk.dll
C:\WINDOWS\system32\tkvofe.dll
C:\WINDOWS\system32\ymyuxhxo.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\67391005
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\Dwayne\Local Settings\Temporary Internet Files\bestwiner.stt
C:\Documents and Settings\Dwayne\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
C:\Documents and Settings\Dwayne\Local Settings\Temporary Internet Files\ijjistarter2.exe
C:\Program Files\Viewpoint
C:\WINDOWS\BM07377d2e.xml
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\wintsvtr32.exe
C:\WINDOWS\system32\ymyuxhxo.tmp

.
((((((((((((((((((((((((( Files Created from 2008-04-20 to 2008-05-20 )))))))))))))))))))))))))))))))
.

2008-05-18 07:53 . 2008-05-18 07:53 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-05-18 07:19 . 2008-05-18 07:19 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-17 19:39 . 2008-05-18 15:52 <DIR> d-------- C:\Program Files\Panda Security
2008-05-17 08:40 . 2008-05-17 08:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-17 08:39 . 2008-05-18 15:52 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-17 08:39 . 2008-05-18 15:54 <DIR> d-------- C:\Documents and Settings\Dwayne\Application Data\SUPERAntiSpyware.com
2008-05-15 21:40 . 2008-05-15 21:40 <DIR> d-------- C:\Documents and Settings\Dwayne\Application Data\Malwarebytes
2008-05-15 21:38 . 2008-05-15 21:38 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-15 21:38 . 2008-05-15 21:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-10 19:15 . 2008-05-20 05:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-10 19:15 . 2008-05-10 19:15 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-04 13:23 . 2008-05-04 13:23 <DIR> d-------- C:\Program Files\EA GAMES
2008-05-04 13:23 . 2004-08-17 19:14 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-04-26 11:33 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-26 11:33 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-26 11:33 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-26 09:49 . 2008-04-26 09:49 <DIR> d-------- C:\Program Files\Microsoft Works
2008-04-26 09:47 . 2008-04-26 09:47 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-04-26 09:41 . 2008-04-26 09:41 <DIR> dr-h----- C:\MSOCache
2008-04-26 09:41 . 2008-05-15 19:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-20 02:08 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-18 22:52 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-18 17:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-18 16:59 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-18 16:59 10,563 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-18 15:46 --------- d-----w C:\Program Files\Norton AntiVirus
2008-05-16 03:38 --------- d--h--w C:\Program Files\LimeWire
2008-05-09 00:46 --------- d-----w C:\Program Files\Common Files\AOL
2008-05-09 00:31 --------- d-----w C:\Program Files\Project64 1.6
2008-05-09 00:28 --------- d-----w C:\Program Files\AIM Gadgets
2008-05-09 00:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-05-03 02:52 --------- d-----w C:\Program Files\Apple Software Update
2008-04-05 16:18 --------- d-----w C:\Documents and Settings\Dwayne\Application Data\Apple Computer
2008-04-05 01:52 --------- d-----w C:\Program Files\iTunes
2008-04-05 01:52 --------- d-----w C:\Program Files\iPod
2008-04-05 01:48 --------- d-----w C:\Program Files\QuickTime
2008-03-24 18:08 --------- d--h--w C:\Program Files\New Folder
2008-02-19 03:18 6,994,886 ----a-w C:\Documents and Settings\gameboy advance\Pokemon_Emerald_-_GBA.zip
2008-02-19 03:15 4,952,405 ----a-w C:\Documents and Settings\gameboy advance\Pokemon_Sapphire_-_GBA.zip
2008-02-19 03:13 4,952,282 ----a-w C:\Documents and Settings\gameboy advance\Pokemon_Ruby_-_GBA.zip
2008-02-19 03:11 5,341,251 ----a-w C:\Documents and Settings\gameboy advance\Pokemon_-_Leaf_Green_-_GBA.zip
2008-02-19 03:09 5,341,129 ----a-w C:\Documents and Settings\gameboy advance\Pokemon_-_Fire_Red_-_GBA.zip
2008-02-19 01:10 164,531,336 ----a-w C:\Documents and Settings\4\zsnesw151.zip
2008-02-18 21:11 163,663,395 ----a-w C:\Documents and Settings\4\127 super nintendo games (SNES roms).zip
2008-02-16 17:54 10,762,816 ----a-w C:\Documents and Settings\1\GoldenEye_007_(E)_[!].zip
2008-02-16 16:35 12,535,577 ----a-w C:\Documents and Settings\1\Super_Smash_Bros._(A)_[!].zip
2008-02-16 16:23 11,819,370 ----a-w C:\Documents and Settings\1\Star_Wars_-_Shadows_of_the_Empire_(E)_[!].zip
2008-02-16 16:14 48,284,630 ----a-w C:\Documents and Settings\1\Pokemon_Stadium_2_(F)_[!].zip
2008-02-16 16:03 17,327,098 ----a-w C:\Documents and Settings\1\Mario_Golf_(E)_[!].zip
2008-02-16 15:54 27,959,031 ----a-w C:\Documents and Settings\1\Turok_3_-_Shadow_of_Oblivion_(E)_[!].zip
2008-02-16 15:47 45,971 ----a-w C:\Documents and Settings\1\Turok_2_-_Seeds_of_Evil_(E)_[!].zip
2008-02-16 15:45 7,591,184 ----a-w C:\Documents and Settings\1\Turok_-_Dinosaur_Hunter_(E)_(V1.0)_[!].zip
2008-02-16 15:43 10,044,131 ----a-w C:\Documents and Settings\1\Toy_Story_2_(E)_[!].zip
2008-02-11 16:58 61,353,425 ----a-w C:\Documents and Settings\1\Conker's_Bad_Fur_Day.zip
2008-02-11 16:38 6,268,366 ----a-w C:\Documents and Settings\1\Super_Mario_64_(U)_[!].zip
2008-02-11 03:55 9,569,688 ----a-w C:\Documents and Settings\2\mame0123s.exe
2008-02-11 02:29 11,173,904 ----a-w C:\Documents and Settings\1\NBA_Jam_99_(E)_[!].zip
2008-02-11 00:08 26,666,375 ----a-w C:\Documents and Settings\1\Legend_of_Zelda,_The_-_Ocarina_of_Time_(U)_(V1.1)_[!].zip
2008-02-10 23:55 27,733,155 ----a-w C:\Documents and Settings\1\Pokemon_Stadium_(E)_(V1.1)_[!].zip
2008-02-10 23:43 13,668,873 ----a-w C:\Documents and Settings\1\Mortal_Kombat_4_(E)_[!].zip
2008-02-10 19:19 111,988 ----a-w C:\Documents and Settings\game\SuperMarioForever.zip
2007-12-24 23:17 177,664 ----a-w C:\Documents and Settings\game\Jnes.exe
2007-11-19 03:12 31,937,536 ----a-w C:\Documents and Settings\2\mamepp.exe
2007-11-19 03:11 49,152 ----a-w C:\Documents and Settings\2\romcmp.exe
2007-11-19 03:11 190,464 ----a-w C:\Documents and Settings\2\chdman.exe
2007-11-19 03:11 11,776 ----a-w C:\Documents and Settings\2\jedutil.exe
2007-11-19 03:11 10,752 ----a-w C:\Documents and Settings\2\ledutil.exe
2007-11-19 03:03 31,892,992 ----a-w C:\Documents and Settings\2\mame.exe
2005-10-31 15:56 700,416 ---ha-w C:\Program Files\StubInstaller.exe
2002-02-13 21:52 32,256 ----a-w C:\Documents and Settings\game\kailleraclient.dll
2007-05-09 02:54 952 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( [email protected]_19.12.09.76 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-20 02:08:31 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-20 11:59:45 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 18:43 4670704]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 00:33 8720384]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 03:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 03:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 03:00 455168]
"Anti Trojan Elite"="C:\Program Files\Anti Trojan Elite\TJEnder.exe" [ ]
"SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [2007-12-06 12:58 1069920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-18 22:21 185896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 00:33 8720384]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-02-18 19:44:16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\WINDOWS\\system32\\winver.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

R3 BLKWGD;Belkin Wireless G Desktop Card Service;C:\WINDOWS\system32\DRIVERS\BLKWGD.sys [2005-06-01 20:37]
S3 ATE_PROCMON;ATE_PROCMON;C:\Program Files\Anti Trojan Elite\ATEPMon.sys []
S3 Fadpu16E;Fadpu16E;C:\DOCUME~1\Dwayne\LOCALS~1\Temp\Fadpu16E.sys []
S3 wlanndi5;wlanndi5 NDIS Protocol Driver;C:\WINDOWS\system32\wlanndi5.SYS [2004-04-21 17:51]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0adca56-fe31-11db-b50a-001676880864}]
\Shell\AutoRun\command - F:\setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-05-14 15:56:29 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-20 05:00:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-05-20 17:06:04 - machine was rebooted [Dwayne]
ComboFix-quarantined-files.txt 2008-05-21 00:05:42
ComboFix2.txt 2008-05-20 02:12:47

Pre-Run: 30,964,133,888 bytes free
Post-Run: 30,962,905,088 bytes free

194 --- E O F --- 2008-05-16 10:03:50


HIjack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:24:55 PM, on 5/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.f578.mail....d=3n61lvhvsrkd7
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Dwayne\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.drivecleaner.com
O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantispyware.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1153584659031
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6a344d34-5231-452a-8a57-d064ac9b7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driverage...driveragent.cab
O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 9371 bytes
  • 0

#9
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, your logs look better :) Have you found your Norton Disc yet? Lets do the following..


Please show hidden files and folders. Please visit HERE if you don't know how.

Jotti File Submission:
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:

    • C:\Program Files\Search Settings\SearchSettings.exe
  • Click on the submit button
  • Please post the results in your next reply.
If Jotti server is too busy, please submit the file to VirusTotal instead.




NEXT


Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

  • O15 - Trusted Zone: *.amaena.com
  • O15 - Trusted Zone: *.drivecleaner.com
  • O15 - Trusted Zone: *.errorprotector.com
  • O15 - Trusted Zone: *.errorsafe.com
  • O15 - Trusted Zone: *.imageservr.com
  • O15 - Trusted Zone: *.imagesrvr.com
  • O15 - Trusted Zone: *.systemdoctor.com
  • O15 - Trusted Zone: *.winantispyware.com
  • O15 - Trusted Zone: *.winantivirus.com
  • O15 - Trusted Zone: *.winfixer.com

Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.




NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Please post the following logs in your next reply

1. Jotti/VirusTotal result
2. MalwareBytes' Anti-Malware log
3. A fresh Deckard System Scanner log (after MalwareBytes' step)
4. Tell me about your computer condition



Regards
fenzodahl512

Edited by fenzodahl512, 21 May 2008 - 08:56 AM.

  • 0

#10
die another day

die another day

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
1.jotti

Scan taken on 22 May 2008 03:54:30 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing


2.mbam log

Malwarebytes' Anti-Malware 1.12
Database version: 775

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 112115
Time elapsed: 26 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 25

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\AntivirusGolden\DbgHelp.Dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Real\Update_OB\crack.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\bqzpas.sys.vir (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP475\A0120904.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP488\A0124298.dll (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP538\A0128081.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP539\A0128094.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP542\A0128287.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP543\A0128310.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP544\A0128382.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP546\A0128424.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP549\A0128491.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP549\A0129424.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP550\A0129459.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP551\A0129463.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP551\A0129467.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP553\A0130486.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP553\A0131468.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP553\A0131469.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP554\A0132467.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP554\A0133478.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP561\A0144848.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP561\A0144853.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP563\A0144886.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP568\A0147579.sys (Rootkit.Agent) -> Quarantined and deleted successfully.


3.and i don't know how to find the 3rd thing you watned me to post.

4.i think it's running pretty good not as slow
  • 0

Advertisements


#11
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts

3.and i don't know how to find the 3rd thing you watned me to post.


Sorry die another day.. my mistake... Please do the following...


Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • Please let your firewall allow the scanning/downloading process.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


Regards
fenzodahl512
  • 0

#12
die another day

die another day

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
main txt:

Deckard's System Scanner v20071014.68
Run by Dwayne on 2008-05-22 21:31:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
197: 2008-05-23 04:31:31 UTC - RP574 - Deckard's System Scanner Restore Point
196: 2008-05-22 13:03:58 UTC - RP573 - System Checkpoint
195: 2008-05-21 12:03:58 UTC - RP572 - System Checkpoint
194: 2008-05-20 11:56:55 UTC - RP571 - ComboFix created restore point
193: 2008-05-20 13:49:25 UTC - RP570 - ComboFix created restore point


-- First Restore Point --
1: 2008-05-16 04:38:56 UTC - RP378 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis (run as Dwayne.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:32:55 PM, on 5/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Dwayne\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Dwayne.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.f578.mail....d=3n61lvhvsrkd7
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Dwayne\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1153584659031
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6a344d34-5231-452a-8a57-d064ac9b7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driverage...driveragent.cab
O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 9025 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080521-205707-192 O15 - Trusted Zone: *.amaena.com
backup-20080521-205707-203 O15 - Trusted Zone: *.winfixer.com
backup-20080521-205707-210 O15 - Trusted Zone: *.winantivirus.com
backup-20080521-205707-342 O15 - Trusted Zone: *.systemdoctor.com
backup-20080521-205707-450 O15 - Trusted Zone: *.errorprotector.com
backup-20080521-205707-482 O15 - Trusted Zone: *.imagesrvr.com
backup-20080521-205707-541 O15 - Trusted Zone: *.winantispyware.com
backup-20080521-205707-659 O15 - Trusted Zone: *.imageservr.com
backup-20080521-205707-670 O15 - Trusted Zone: *.drivecleaner.com
backup-20080521-205707-845 O15 - Trusted Zone: *.errorsafe.com

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*
.txt - txtfile - shell\open\command - Notepad.exe %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>

S3 ATE_PROCMON - c:\program files\anti trojan elite\atepmon.sys (file missing)
S3 Fadpu16E - c:\docume~1\dwayne\locals~1\temp\fadpu16e.sys (file missing)
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
S3 wlanndi5 (wlanndi5 NDIS Protocol Driver) - c:\windows\system32\wlanndi5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 XTrapD12 - c:\windows\system32\xtrapd12.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ACS (Atheros Configuration Service) - c:\windows\system32\acs.exe
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-21 08:56:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-22 and 2008-05-22 -----------------------------

2008-05-22 18:17:14 0 d-------- C:\WINDOWS\pss
2008-05-21 20:58:58 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-20 06:52:09 245920 --a------ C:\cmldr
2008-05-20 06:52:03 0 d-------- C:\cmdcons
2008-05-19 19:02:38 68096 --a------ C:\WINDOWS\zip.exe
2008-05-19 19:02:38 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-19 19:02:38 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-19 19:02:38 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-19 19:02:38 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-19 19:02:38 98816 --a------ C:\WINDOWS\sed.exe
2008-05-19 19:02:38 80412 --a------ C:\WINDOWS\grep.exe
2008-05-19 19:02:38 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-18 07:53:41 0 d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-05-18 07:19:45 0 d-------- C:\Program Files\Trend Micro
2008-05-17 19:39:36 0 d-------- C:\Program Files\Panda Security
2008-05-17 08:40:26 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-17 08:39:38 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-17 08:39:38 0 d-------- C:\Documents and Settings\Dwayne\Application Data\SUPERAntiSpyware.com
2008-05-15 21:40:24 0 d-------- C:\Documents and Settings\Dwayne\Application Data\Malwarebytes
2008-05-15 21:38:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-15 21:38:14 0 d-------- C:\Program Files\Common Files\Download Manager
2008-05-04 13:23:01 0 d-------- C:\Program Files\EA GAMES
2008-05-04 13:23:00 442368 -ra------ C:\WINDOWS\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6>
2008-04-26 09:49:07 0 d-------- C:\Program Files\Microsoft Works
2008-04-26 09:47:22 0 d-------- C:\Program Files\Microsoft.NET
2008-04-26 09:41:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-26 09:41:01 0 dr-h----- C:\MSOCache


-- Find3M Report ---------------------------------------------------------------

2008-05-21 21:26:34 0 d-------- C:\Program Files\AntivirusGolden
2008-05-19 19:08:28 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-18 15:52:30 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-18 08:46:54 0 d-------- C:\Program Files\Norton AntiVirus
2008-05-18 08:18:13 0 d-------- C:\Program Files\Common Files
2008-05-15 20:38:37 0 d--h----- C:\Program Files\LimeWire
2008-05-08 17:46:13 0 d-------- C:\Program Files\Common Files\AOL
2008-05-08 17:31:20 0 d-------- C:\Program Files\Project64 1.6
2008-05-08 17:28:44 0 d-------- C:\Program Files\AIM Gadgets
2008-05-02 19:52:29 0 d-------- C:\Program Files\Apple Software Update
2008-04-05 09:25:17 63432 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-04-05 09:18:36 0 d-------- C:\Documents and Settings\Dwayne\Application Data\Apple Computer
2008-04-04 18:52:59 0 d-------- C:\Program Files\iTunes
2008-04-04 18:52:44 0 d-------- C:\Program Files\iPod
2008-04-04 18:48:18 0 d-------- C:\Program Files\QuickTime
2008-03-28 14:19:45 0 d-------- C:\Documents and Settings\Dwayne\Application Data\Adobe
2008-03-24 11:08:09 0 d--h----- C:\Program Files\New Folder
2008-03-21 17:59:57 287 --a------ C:\WINDOWS\EReg072.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 03:00 AM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 03:00 AM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 03:00 AM]
"Anti Trojan Elite"="C:\Program Files\Anti Trojan Elite\TJEnder.exe" []
"SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [12/06/2007 12:58 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [02/18/2008 10:21 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:00 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 06:43 PM]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [12/07/2007 12:33 AM]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2/18/2008 7:44:16 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0adca56-fe31-11db-b50a-001676880864}]
AutoRun\command- F:\setupSNK.exe




-- End of Deckard's System Scanner: finished at 2008-05-22 21:33:59 ------------


extra.txt:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.53GHz
Percentage of Memory in Use: 64%
Physical Memory (total/avail): 509.98 MiB / 182.09 MiB
Pagefile Memory (total/avail): 1248.58 MiB / 902.91 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1926.06 MiB

C: is Fixed (NTFS) - 108.59 GiB total, 30.92 GiB free.
D: is Fixed (NTFS) - 37.24 GiB total, 1.97 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3160812A - 149.01 GiB - 4 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 108.59 GiB - C:
\PARTITION2 - Installable File System - 37.24 GiB - D:
\PARTITION3 - Unknown - 3.15 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntivirusOverride is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\WINDOWS\\system32\\winver.exe"="C:\\WINDOWS\\system32\\winver.exe:*:Enabled:winver"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Dwayne\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DBWNGCB1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Dwayne
LOGONSERVER=\\DBWNGCB1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0409
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Dwayne\LOCALS~1\Temp
TMP=C:\DOCUME~1\Dwayne\LOCALS~1\Temp
USERDOMAIN=DBWNGCB1
USERNAME=Dwayne
USERPROFILE=C:\Documents and Settings\Dwayne
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Dwayne (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Belkin Wireless Utility --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{5314FAC0-F8A5-4432-8980-251D055B2C5B}
Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Dell CinePlayer --> MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Support 3.1 --> MsiExec.exe /X{548EEA8E-8299-497F-8057-811D2D7097DC}
Digital Content Portal --> MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Documentation & Support Launcher --> MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
ELIcon --> MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}
Finale NotePad 2007 --> C:\Program Files\Finale NotePad 2007\uninstallNP.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intel® PROSet for Wired Connections --> MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}
Internet Service Offers Launcher --> MsiExec.exe /X{E42BD75A-FC23-4E3F-9F91-2658334C644F}
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
L&H TTS3000 British English --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSENG.inf, Uninstall
L&H TTS3000 Espaol --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSSPE.inf, Uninstall
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LimeWire 4.16.7 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate (Symantec Corporation) --> MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate"
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MCU --> MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Standard 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall STANDARDR /dll OSETUP.DLL
Microsoft Office Standard 2007 --> MsiExec.exe /X{91120000-0012-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Dwayne\Application Data\Move Networks\ie_bin\Uninst.exe
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Public Messenger ver 2.03 --> "C:\Program Files\IntCodec\pmuninst.exe"
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Roxio DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Roxio RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Search Assist --> MsiExec.exe /X{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}
Search Settings --> MsiExec.exe /X{90529245-9C54-45B5-BBB3-B180CA04F248}
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sonic Activation Module --> MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
The Sims 2 --> C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
Update for Office 2007 (KB946691) --> msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb949037) --> msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {B4F188C6-6DBF-42A5-A8A3-3086D1A384F2}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {91120000-0012-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
URL Assistant --> regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
Videora iPod Converter 3.07 --> C:\Program Files\Red Kawa\Video Converter 3\uninstaller.exe
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type35738 / Warning
Event Submitted/Written: 05/18/2008 08:21:28 AM
Event ID/Source: 63 / WinMgmt
Event Description:
A provider, OffProv12, has been registered in the WMI namespace, Root\MSAPPS12, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Event Record #/Type35737 / Warning
Event Submitted/Written: 05/18/2008 08:21:28 AM
Event ID/Source: 63 / WinMgmt
Event Description:
A provider, OffProv12, has been registered in the WMI namespace, Root\MSAPPS12, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Event Record #/Type35735 / Error
Event Submitted/Written: 05/18/2008 08:19:27 AM
Event ID/Source: 11306 / MsiInstaller
Event Description:
Product: Norton AntiVirus Parent MSI -- Error 1306. Another application has exclusive access to the file 'C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx'. Please shut down all other applications, then click Retry.

Event Record #/Type35651 / Warning
Event Submitted/Written: 05/17/2008 10:34:33 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type35536 / Warning
Event Submitted/Written: 05/14/2008 05:10:10 PM
Event ID/Source: 101 / Automatic LiveUpdate Scheduler
Event Description:
warningAutomatic LiveUpdate produced an unexpected exit code: -1073741502; advancing schedule...



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type46699 / Warning
Event Submitted/Written: 05/22/2008 09:01:09 AM / 05/22/2008 09:01:10 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type46696 / Warning
Event Submitted/Written: 05/21/2008 06:40:09 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type46695 / Error
Event Submitted/Written: 05/21/2008 05:00:52 AM
Event ID/Source: 1000 / Dhcp
Event Description:
Your computer has lost the lease to its IP address 192.168.1.100 on the
Network Card with network address 001150D3EE90.

Event Record #/Type46694 / Warning
Event Submitted/Written: 05/21/2008 05:00:52 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001150D3EE90. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type46648 / Error
Event Submitted/Written: 05/20/2008 04:57:06 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).



-- End of Deckard's System Scanner: finished at 2008-05-22 21:33:59 ------------
  • 0

#13
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, thanks for the reply... Firstly, please tell me, have you uninstall your Norton before?


Now, lets do the following..


Please go to Start >> Run and type or copy/paste the following in the run box: "%userprofile%\desktop\dss.exe" /daft . Then press Enter
  • Click on the Scan button.
  • Select everything it is displaying there
  • Click the Fix button.
  • Then rescan with DAFT again - it should say now that "All associations are OK"
  • Close DAFT if you receive that message. This means that it is fixed now.




NEXT


Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)

Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.




NEXT


1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Folder::
C:\Program Files\AntivirusGolden

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.



NEXT



Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.



Please include the following in your next reply.. Please post each log in separate post

1. Have you uninstall Norton before?
2. ComboFix log
3. Kaspersky Online Report
4. A fresh HijackThis log..


Regards
fenzodahl512
  • 0

#14
die another day

die another day

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
1:no but i found my disc so im good now


2:

ComboFix 08-05-19.4 - Dwayne 2008-05-23 22:00:12.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.169 [GMT -7:00]
Running from: C:\Documents and Settings\Dwayne\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Dwayne\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\AntivirusGolden
C:\Program Files\AntivirusGolden\Logs\scan_log_08082006-131644.html

.
((((((((((((((((((((((((( Files Created from 2008-04-24 to 2008-05-24 )))))))))))))))))))))))))))))))
.

2008-05-22 21:46 . 2008-05-22 22:25 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-22 21:46 . 2008-05-22 22:25 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-05-22 21:45 . 2008-05-22 22:25 <DIR> d-------- C:\Program Files\Symantec
2008-05-22 21:31 . 2008-05-22 21:31 <DIR> d-------- C:\Deckard
2008-05-21 20:58 . 2008-05-21 20:59 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-21 20:58 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-21 20:58 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-18 07:53 . 2008-05-18 07:53 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-05-18 07:19 . 2008-05-18 07:19 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-17 19:39 . 2008-05-18 15:52 <DIR> d-------- C:\Program Files\Panda Security
2008-05-17 08:40 . 2008-05-17 08:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-17 08:39 . 2008-05-18 15:52 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-17 08:39 . 2008-05-18 15:54 <DIR> d-------- C:\Documents and Settings\Dwayne\Application Data\SUPERAntiSpyware.com
2008-05-15 21:40 . 2008-05-15 21:40 <DIR> d-------- C:\Documents and Settings\Dwayne\Application Data\Malwarebytes
2008-05-15 21:38 . 2008-05-15 21:38 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-15 21:38 . 2008-05-15 21:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-10 19:15 . 2008-05-23 21:47 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-10 19:15 . 2008-05-10 19:15 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-04 13:23 . 2008-05-04 13:23 <DIR> d-------- C:\Program Files\EA GAMES
2008-05-04 13:23 . 2004-08-17 19:14 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-04-26 11:33 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-26 11:33 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-26 11:33 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-26 09:49 . 2008-04-26 09:49 <DIR> d-------- C:\Program Files\Microsoft Works
2008-04-26 09:47 . 2008-04-26 09:47 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-04-26 09:41 . 2008-04-26 09:41 <DIR> dr-h----- C:\MSOCache
2008-04-26 09:41 . 2008-05-15 19:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-23 12:35 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-23 12:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-23 05:31 --------- d-----w C:\Program Files\Norton AntiVirus
2008-05-23 05:25 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-23 05:25 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-18 22:52 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-16 03:38 --------- d--h--w C:\Program Files\LimeWire
2008-05-09 00:46 --------- d-----w C:\Program Files\Common Files\AOL
2008-05-09 00:31 --------- d-----w C:\Program Files\Project64 1.6
2008-05-09 00:28 --------- d-----w C:\Program Files\AIM Gadgets
2008-05-09 00:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-05-03 02:52 --------- d-----w C:\Program Files\Apple Software Update
2008-04-05 16:18 --------- d-----w C:\Documents and Settings\Dwayne\Application Data\Apple Computer
2008-04-05 01:52 --------- d-----w C:\Program Files\iTunes
2008-04-05 01:52 --------- d-----w C:\Program Files\iPod
2008-04-05 01:48 --------- d-----w C:\Program Files\QuickTime
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-24 18:08 --------- d--h--w C:\Program Files\New Folder
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-02 01:36 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-19 03:18 6,994,886 ----a-w C:\Documents and Settings\gameboy advance\Pokemon_Emerald_-_GBA.zip
2008-02-19 03:15 4,952,405 ----a-w C:\Documents and Settings\gameboy advance\Pokemon_Sapphire_-_GBA.zip
2008-02-19 03:13 4,952,282 ----a-w C:\Documents and Settings\gameboy advance\Pokemon_Ruby_-_GBA.zip
2008-02-19 03:11 5,341,251 ----a-w C:\Documents and Settings\gameboy advance\Pokemon_-_Leaf_Green_-_GBA.zip
2008-02-19 03:09 5,341,129 ----a-w C:\Documents and Settings\gameboy advance\Pokemon_-_Fire_Red_-_GBA.zip
2008-02-19 01:10 164,531,336 ----a-w C:\Documents and Settings\4\zsnesw151.zip
2008-02-18 21:11 163,663,395 ----a-w C:\Documents and Settings\4\127 super nintendo games (SNES roms).zip
2008-02-16 17:54 10,762,816 ----a-w C:\Documents and Settings\1\GoldenEye_007_(E)_[!].zip
2008-02-16 16:35 12,535,577 ----a-w C:\Documents and Settings\1\Super_Smash_Bros._(A)_[!].zip
2008-02-16 16:23 11,819,370 ----a-w C:\Documents and Settings\1\Star_Wars_-_Shadows_of_the_Empire_(E)_[!].zip
2008-02-16 16:14 48,284,630 ----a-w C:\Documents and Settings\1\Pokemon_Stadium_2_(F)_[!].zip
2008-02-16 16:03 17,327,098 ----a-w C:\Documents and Settings\1\Mario_Golf_(E)_[!].zip
2008-02-16 15:54 27,959,031 ----a-w C:\Documents and Settings\1\Turok_3_-_Shadow_of_Oblivion_(E)_[!].zip
2008-02-16 15:47 45,971 ----a-w C:\Documents and Settings\1\Turok_2_-_Seeds_of_Evil_(E)_[!].zip
2008-02-16 15:45 7,591,184 ----a-w C:\Documents and Settings\1\Turok_-_Dinosaur_Hunter_(E)_(V1.0)_[!].zip
2008-02-16 15:43 10,044,131 ----a-w C:\Documents and Settings\1\Toy_Story_2_(E)_[!].zip
2008-02-11 16:58 61,353,425 ----a-w C:\Documents and Settings\1\Conker's_Bad_Fur_Day.zip
2008-02-11 16:38 6,268,366 ----a-w C:\Documents and Settings\1\Super_Mario_64_(U)_[!].zip
2008-02-11 03:55 9,569,688 ----a-w C:\Documents and Settings\2\mame0123s.exe
2008-02-11 02:29 11,173,904 ----a-w C:\Documents and Settings\1\NBA_Jam_99_(E)_[!].zip
2008-02-11 00:08 26,666,375 ----a-w C:\Documents and Settings\1\Legend_of_Zelda,_The_-_Ocarina_of_Time_(U)_(V1.1)_[!].zip
2008-02-10 23:55 27,733,155 ----a-w C:\Documents and Settings\1\Pokemon_Stadium_(E)_(V1.1)_[!].zip
2008-02-10 23:43 13,668,873 ----a-w C:\Documents and Settings\1\Mortal_Kombat_4_(E)_[!].zip
2008-02-10 19:19 111,988 ----a-w C:\Documents and Settings\game\SuperMarioForever.zip
2007-12-24 23:17 177,664 ----a-w C:\Documents and Settings\game\Jnes.exe
2007-11-19 03:12 31,937,536 ----a-w C:\Documents and Settings\2\mamepp.exe
2007-11-19 03:11 49,152 ----a-w C:\Documents and Settings\2\romcmp.exe
2007-11-19 03:11 190,464 ----a-w C:\Documents and Settings\2\chdman.exe
2007-11-19 03:11 11,776 ----a-w C:\Documents and Settings\2\jedutil.exe
2007-11-19 03:11 10,752 ----a-w C:\Documents and Settings\2\ledutil.exe
2007-11-19 03:03 31,892,992 ----a-w C:\Documents and Settings\2\mame.exe
2005-10-31 15:56 700,416 ---ha-w C:\Program Files\StubInstaller.exe
2002-02-13 21:52 32,256 ----a-w C:\Documents and Settings\game\kailleraclient.dll
2007-05-09 02:54 952 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( [email protected]_19.12.09.76 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-20 02:08:31 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-24 04:46:58 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2007-12-01 06:57:12 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
+ 2007-12-01 06:57:12 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
+ 2007-12-01 06:57:12 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
+ 2007-01-09 22:32:13 12,984 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
+ 2007-01-09 22:32:13 145,976 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
+ 2007-01-09 22:32:13 40,120 ----a-w C:\WINDOWS\system32\drivers\symids.sys
+ 2007-01-09 22:32:13 35,256 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
+ 2007-01-09 22:32:13 38,200 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
+ 2007-01-09 22:32:13 27,576 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
+ 2007-01-09 22:32:13 191,544 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
- 2008-02-19 05:22:40 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
+ 2007-03-22 03:33:00 348,160 ----a-w C:\WINDOWS\system32\MSVCR71.DLL
+ 2007-01-10 02:47:37 624,784 ----a-w C:\WINDOWS\system32\SymNeti.dll
+ 2007-01-10 02:47:37 242,320 ----a-w C:\WINDOWS\system32\SymRedir.dll
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 1,404,928 2004-10-15 00:42:54 C:\Program Files\Analog Devices\Core\bak\smax4pnp.exe

----a-w 81,920 2004-07-27 21:50:18 C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe

----a-w 221,184 2004-07-27 21:50:42 C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe

----a-w 59,040 2006-04-13 20:20:52 C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe
----a-w 115,816 2007-01-10 05:59:52 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

----a-w 94,208 2005-10-05 08:12:00 C:\Program Files\Dell\Media Experience\bak\DMXLauncher.exe

----a-w 332,800 2005-05-15 07:04:12 C:\Program Files\Dell Support\bak\DSAgnt.exe

----a-w 36,975 2005-04-13 10:48:52 C:\Program Files\Java\jre1.5.0_03\bin\bak\jusched.exe

----a-w 1,694,208 2004-10-13 16:24:37 C:\Program Files\Messenger\bak\msmsgs.exe

----a-w 77,824 2005-04-06 00:19:18 C:\WINDOWS\system32\bak\hkcmd.exe

----a-w 114,688 2005-04-06 00:23:14 C:\WINDOWS\system32\bak\igfxpers.exe

----a-w 94,208 2005-04-06 00:22:32 C:\WINDOWS\system32\bak\igfxtray.exe

----a-w 122,940 2005-09-08 10:20:00 C:\WINDOWS\system32\DLA\bak\DLACTRLW.EXE

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 18:43 4670704]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 00:33 8720384]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [ ]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 03:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 03:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 03:00 455168]
"Anti Trojan Elite"="C:\Program Files\Anti Trojan Elite\TJEnder.exe" [ ]
"SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [2007-12-06 12:58 1069920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-18 22:21 185896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-01-14 00:11 771704]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 00:33 8720384]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-02-18 19:44:16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\WINDOWS\\system32\\winver.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

R3 BLKWGD;Belkin Wireless G Desktop Card Service;C:\WINDOWS\system32\DRIVERS\BLKWGD.sys [2005-06-01 20:37]
S3 ATE_PROCMON;ATE_PROCMON;C:\Program Files\Anti Trojan Elite\ATEPMon.sys []
S3 Fadpu16E;Fadpu16E;C:\DOCUME~1\Dwayne\LOCALS~1\Temp\Fadpu16E.sys []
S3 wlanndi5;wlanndi5 NDIS Protocol Driver;C:\WINDOWS\system32\wlanndi5.SYS [2004-04-21 17:51]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0adca56-fe31-11db-b50a-001676880864}]
\Shell\AutoRun\command - F:\setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-05-21 15:56:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-23 05:15:58 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Dwayne.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-23 22:03:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-23 22:04:49
ComboFix-quarantined-files.txt 2008-05-24 05:04:41
ComboFix2.txt 2008-05-21 00:06:05
ComboFix3.txt 2008-05-20 02:12:47

Pre-Run: 32,771,809,280 bytes free
Post-Run: 32,776,183,808 bytes free

218 --- E O F --- 2008-05-16 10:03:50



3. everytime i did this scan it would go to about an hour and 40 minutes and itd b done but the stop scan was the only option itd give me.


4:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:29:42 AM, on 5/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.f578.mail....d=3n61lvhvsrkd7
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Dwayne\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1153584659031
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6a344d34-5231-452a-8a57-d064ac9b7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driverage...driveragent.cab
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 11192 bytes
  • 0

#15
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, thanks for the reply.. lets do the following...

1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

AWF::
C:\Program Files\Analog Devices\Core\bak\smax4pnp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe
C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe
C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe
C:\Program Files\Dell\Media Experience\bak\DMXLauncher.exe
C:\Program Files\Dell Support\bak\DSAgnt.exe
C:\Program Files\Java\jre1.5.0_03\bin\bak\jusched.exe
C:\Program Files\Messenger\bak\msmsgs.exe
C:\WINDOWS\system32\bak\hkcmd.exe
C:\WINDOWS\system32\bak\igfxpers.exe
C:\WINDOWS\system32\bak\igfxtray.exe
C:\WINDOWS\system32\DLA\bak\DLACTRLW.EXE

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.


NEXT



Lets run F-Secure online scan for Viruses, Spyware and RootKits:
  • Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
  • Allow the Active X control to be installed on your computer, then click the Accept button
  • Click Full System Scan and allow the components to download and the scan to complete.
  • If malware is found, check Submit samples to F-Secure then select Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan
  • When the cleaning option is presented, Uncheck Submit samples to F-Secure
  • Click Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
Notes:
  • This scan will only work with Internet Explorer
  • You must have administrator rights to run this scan
  • This scan can take several hours, so please be patient



Please post the followings in your next reply..

1. ComboFix log
2. F-Secure Online Report
3. A fresh HijackThis log (after F-Secure step)


Regards
fenzodahl512
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP