Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

please help with possible infection [RESOLVED]


  • This topic is locked This topic is locked

#1
giadda

giadda

    Member

  • Member
  • PipPip
  • 16 posts
hi fellow geeks, a very good evening to all.. this is my first time posting a query regarding PC problems. I've read the "READ THIS..." topic, so I hope I wont be much of a time waster.

I've done most of what your "Malware how-to guides thingy" topic.. (i.e. Panda Online Scan, ATF Cleaner, MalwareBytes, etc..)

I'm a bit worried because my Kaspersky AV prompted me awhile ago regarding possible virus Heur.Trojan and Spy.Win.32.Banker.fzf infection.. I had it deleted it promptly.. but I am worried that it caused system damage or something because my PC suddenly froze, prompted me with a blue screen (which disappeared b4 i could read anything) and then restarted..

i am posting my HiJackThis Log in the hope that someone could help me with a possible problem or reassure me that nothing's wrong..

Thanks in advance,

giadda




Panda Online Scan : no malicious items
Malwarebytes : no malicious items


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:06:08 PM, on 5/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\DAP\DAP.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! ¤u¨ă¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Yahoo! ¤u¨ă¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1210057984828
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupga...crypt/npkcx.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 8101 bytes


Uninstall List

Adobe Flash Player ActiveX
Adobe Reader 7.0.9
Adobe Shockwave Player
Atheros Communications Inc.® L2 Fast Ethernet Driver
BlueSoleil
CA Yahoo! Anti-Spy (remove only)
Call of Duty® 4 - Modern Warfare™
Command & Conquer Generals
Command and ConquerTM Generals Zero Hour
Counter-Strike Source
Crysis®
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Download Accelerator Plus (DAP)
EPSON Printer Software
EPSON Stylus C90_91_D92 Manual
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB921411)
Hotfix for Windows XP (KB926239)
Java™ 6 Update 5
KaraFun 1.18
Kaspersky Internet Security 7.0
Kaspersky Internet Security 7.0
Kaspersky Online Scanner
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.14)
Nero 7 Essentials
nProtect KeyCrypt
NVIDIA Drivers
Panda ActiveScan 2.0
Perfect World
PowerISO
PunkBuster Services
RealPlayer
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 7 (KB944533)
System Requirements Lab
Update for Windows XP (KB898461)
Update for Windows XP (KB904942)
VDOTool 5.9
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
WinRAR archiver
Yahoo! ¤u¨ă¦C
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Zero Hour Reborn The Last Stand

Edited by giadda, 15 May 2008 - 09:13 AM.

  • 0

Advertisements


#2
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Hello giadda and Welcome to Geeks to Go!

Sorry for the delay, It has been a busy week. :)

I didn't find anything unusual on your HijackThis log. But just to be sure we didn't miss any, let's have you do another online.

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#3
giadda

giadda

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
yay! thanks for the response and the reassurance that my PC seems to be fine koko :)
my PC still spikes up to 70%+ CPU usage though, so im still concerned..

i'm posting the kaspersky online results as adviced, as well as a new hijackthis log, just in case..

thanks again in advance for the help,

giadda


Attached File  hijackthislog.txt   8.57KB   60 downloads


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, May 21, 2008 4:38:30 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 21/05/2008
Kaspersky Anti-Virus database records: 789759
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 88085
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 01:45:46

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Application Data\IDM\DwnlData\Administrator\dev-baw2_55\dev-baw2.iso Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\IDM\DwnlData\Administrator\dev-baw2_55\dev-baw2.iso1 Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\IDM\DwnlData\Administrator\dev-baw2_55\dev-baw2.iso2 Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\IDM\DwnlData\Administrator\dev-baw2_55\dev-baw2.iso3 Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\IDM\DwnlData\Administrator\SNIPERELITE-20-20-20-20maya-em_117\SNIPERELITE-20-20-20-20maya-em Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\IDM\DwnlData\Administrator\SNIPERELITE-20-20-20-20maya-em_117\SNIPERELITE-20-20-20-20maya-em1 Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\IDM\DwnlData\Administrator\SNIPERELITE-20-20-20-20maya-em_117\SNIPERELITE-20-20-20-20maya-em2 Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\IDM\DwnlData\Administrator\SNIPERELITE-20-20-20-20maya-em_117\SNIPERELITE-20-20-20-20maya-em3 Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012008052120080522\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF1C2.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF4AC1.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\detected.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\detected.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\report.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{256DA1D6-D229-4B8C-95B9-AD302E8BAC62}\RP198\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{256DA1D6-D229-4B8C-95B9-AD302E8BAC62}\RP198\change.log Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
  • 0

#4
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
No problem.
Nothing seem to be wrong with your log. Let's run another tool to check. :)

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#5
giadda

giadda

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
phew! thats very good to hear ^^

i'm now posting the combofix log, as well as a new hijackthis log :)


thanks again for the speedy reply koko :)

giadda




Attached File  hijackthislog.txt   8.44KB   64 downloads


ComboFix 08-05-21.2 - Administrator 2008-05-22 10:44:31.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.669 [GMT 8:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Service_6to4


((((((((((((((((((((((((( Files Created from 2008-04-22 to 2008-05-22 )))))))))))))))))))))))))))))))
.

2008-05-21 00:18 . 2008-05-21 00:18 68 --a------ C:\WINDOWS\MyProg.ini
2008-05-20 16:10 . 2008-05-20 16:10 <DIR> d--h----- C:\WINDOWS\PIF
2008-05-20 16:08 . 2008-05-20 16:08 155,648 --a------ C:\WINDOWS\system32\libssl32.dll
2008-05-20 13:19 . 2008-05-20 19:47 <DIR> d-------- C:\Program Files\Internet Download Manager
2008-05-20 13:19 . 2008-05-20 13:57 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\IDM
2008-05-20 09:08 . 2008-05-20 09:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-05-18 19:43 . 2008-05-20 13:09 <DIR> d--hs---- C:\found.000
2008-05-18 13:05 . 2008-05-18 13:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
2008-05-18 13:04 . 2008-05-18 13:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\GlobalSCAPE
2008-05-17 17:35 . 2008-05-17 17:37 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\RapidGet
2008-05-16 21:51 . 2008-05-18 13:21 740 --a------ C:\temp.html
2008-05-16 09:14 . 2008-05-16 09:14 <DIR> d-------- C:\WINDOWS\Caps
2008-05-15 18:22 . 2008-05-15 18:40 96,645 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-05-15 18:22 . 2008-05-15 18:40 87,941 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-05-15 18:21 . 2008-05-15 18:21 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-05-15 18:21 . 2008-05-22 10:47 8,791,584 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-15 18:21 . 2008-05-22 10:47 327,200 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-15 18:21 . 2008-05-22 10:46 122,948 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-15 18:21 . 2008-05-22 10:46 33,788 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-15 16:13 . 2008-05-22 10:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DMCache
2008-05-15 10:05 . 2008-05-15 10:05 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-05-15 10:05 . 2008-05-15 10:05 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-15 00:20 . 2008-05-15 00:21 <DIR> d-------- C:\Program Files\Panda Security
2008-05-14 22:12 . 2008-05-14 22:12 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-14 22:12 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-14 22:12 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-13 15:15 . 2008-05-13 15:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-05-13 15:12 . 2004-09-21 18:18 148,830 --a------ C:\WINDOWS\system32\drivers\bcbthub.sys
2008-05-13 15:11 . 2008-05-13 15:11 <DIR> d-------- C:\Program Files\IVT Corporation
2008-05-13 15:11 . 2005-04-08 17:19 49,152 --a------ C:\WINDOWS\system32\btfunc.dll
2008-05-13 15:11 . 2005-05-31 09:42 23,000 --a------ C:\WINDOWS\system32\drivers\btcusb.sys
2008-05-13 15:11 . 2004-09-21 18:18 7,680 --a------ C:\WINDOWS\system32\btinstall.dll
2008-05-13 14:48 . 2004-08-03 23:10 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys
2008-05-13 14:48 . 2004-08-03 23:10 38,016 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys
2008-05-13 14:44 . 2004-08-03 23:10 274,304 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2008-05-13 14:44 . 2004-08-03 23:10 274,304 --a--c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-13 14:44 . 2004-08-03 23:10 18,944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS
2008-05-13 14:44 . 2004-08-03 23:10 18,944 --a--c--- C:\WINDOWS\system32\dllcache\bthusb.sys
2008-05-11 23:44 . 2008-05-11 23:44 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-10 18:49 . 2008-05-10 18:49 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-05-10 18:48 . 2008-05-10 18:48 <DIR> d-------- C:\WINDOWS\nview
2008-05-10 18:48 . 2008-05-10 18:48 <DIR> d-------- C:\Program Files\ACW
2008-05-10 17:58 . 2008-05-10 18:50 <DIR> d-------- C:\WINDOWS\NV26682672.TMP
2008-05-10 17:49 . 2008-05-10 17:49 <DIR> d-------- C:\WINDOWS\Sun
2008-05-10 17:49 . 2008-05-21 11:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-05-10 17:48 . 2008-05-10 17:48 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-05-10 17:48 . 2008-05-10 17:48 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-05-10 17:47 . 2008-05-10 17:47 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-05-10 17:47 . 2008-05-10 17:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-05-10 17:46 . 2008-05-10 17:46 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-05-10 17:46 . 2008-05-10 17:46 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-10 17:46 . 2008-05-10 17:46 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-05-10 17:46 . 2008-05-10 17:46 <DIR> d-------- C:\Program Files\Common Files\EasyInfo
2008-05-10 14:17 . 2008-05-10 14:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-10 14:17 . 2008-05-10 14:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-05-10 10:11 . 2008-05-10 10:11 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-05-10 09:57 . 2008-05-10 09:57 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-05-10 09:55 . 2008-05-10 18:50 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-05-10 08:32 . 2008-05-10 08:32 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-10 08:23 . 2008-05-10 08:23 <DIR> d-------- C:\Deckard
2008-05-08 17:57 . 2008-05-10 18:49 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-05-07 21:53 . 2008-05-13 15:46 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
2008-05-07 21:48 . 2005-05-03 18:43 69,632 --a------ C:\WINDOWS\Alcmtr.exe
2008-05-07 21:48 . 2007-11-14 15:18 553 --a------ C:\WINDOWS\USetup.iss
2008-05-07 21:18 . 2008-05-10 17:35 <DIR> d-------- C:\WINDOWS\NV3152432.TMP
2008-05-07 21:18 . 2007-12-10 14:24 159,458 --------- C:\WINDOWS\system32\nvapps.nvb
2008-05-07 21:17 . 2008-05-07 21:17 <DIR> d-------- C:\NVIDIA
2008-05-07 10:18 . 2008-05-10 17:36 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-05-06 17:36 . 2008-05-10 17:49 <DIR> d-------- C:\Program Files\Valve
2008-05-06 14:58 . 2008-03-01 21:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-06 14:58 . 2007-04-17 17:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-06 14:58 . 2007-03-08 13:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-06 14:58 . 2008-03-01 21:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-06 14:58 . 2008-03-01 21:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-06 14:58 . 2008-03-01 21:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-06 14:58 . 2008-03-01 21:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-06 14:58 . 2008-03-01 21:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-06 14:58 . 2008-02-22 18:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-06 14:54 . 2008-05-06 14:54 <DIR> d-------- C:\Program Files\Java
2008-05-06 14:54 . 2008-05-10 17:48 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-06 14:54 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-04 14:56 . 2008-05-04 14:56 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-05-03 15:23 . 2008-05-03 15:23 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-05-03 15:23 . 2003-07-17 08:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-05-03 15:23 . 2004-12-31 23:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-05-03 11:43 . 2008-05-22 10:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-27 15:29 . 2008-05-10 17:42 <DIR> d-------- C:\Program Files\KaraFun
2008-04-27 15:29 . 2008-04-27 15:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Recisio
2008-04-27 14:56 . 2008-05-15 10:05 22,328 --a------ C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
2008-04-27 14:55 . 2008-05-15 10:05 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-04-27 14:55 . 2008-04-27 14:55 319 --a------ C:\WINDOWS\game.ini
2008-04-27 14:24 . 2008-05-10 17:47 <DIR> d-------- C:\Program Files\PowerISO
2008-04-24 08:29 . 2008-04-24 08:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LightScribe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-21 11:38 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-21 11:37 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-05-20 05:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-19 12:13 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Wildfire
2008-05-17 04:09 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-16 13:22 --------- d-----w C:\Program Files\Yahoo!
2008-05-13 07:11 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-10 10:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-10 10:48 --------- d-----w C:\Program Files\EA GAMES
2008-05-10 10:35 --------- d-----w C:\Program Files\Realtek
2008-05-10 09:47 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-10 09:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-10 09:46 --------- d--h--r C:\Documents and Settings\Administrator\Application Data\yahoo!
2008-05-10 09:46 --------- d-----w C:\Program Files\CA Yahoo! Anti-Spy
2008-05-10 09:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-05-10 09:45 --------- d-----w C:\Program Files\DivX
2008-05-10 09:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-10 09:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-04 07:12 12,464 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-04-24 00:30 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Ahead
2008-04-24 00:25 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-20 07:00 --------- d--h--r C:\Documents and Settings\Administrator\Application Data\SecuROM
2008-04-17 08:33 4,707,328 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-04-10 08:52 16,861,184 ----a-w C:\WINDOWS\RTHDCPL.exe
2008-04-08 06:02 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-04-04 13:11 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DivX
2008-04-02 01:27 1,196,032 ----a-w C:\WINDOWS\RtlUpd.exe
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-31 15:18 --------- d-----w C:\Program Files\Common Files\xing shared
2008-03-31 15:18 --------- d-----w C:\Program Files\Common Files\Real
2008-03-28 13:58 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-03-28 13:39 --------- d-----w C:\Program Files\Windows Desktop Search
2008-03-27 14:04 --------- d-----w C:\Program Files\Real
2008-03-24 09:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Oberon Media
2008-03-23 04:04 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Talkback
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 13:34 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-03-05 10:07 520,192 ----a-w C:\WINDOWS\RtlExUpd.dll
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-05-20 13:19 2594224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 20:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Registration Dogz2.LNK]
backup=C:\WINDOWS\pss\Registration Dogz2.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-07-04 14:01 148776 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-04 00:56 110592 C:\WINDOWS\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 20:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
--a------ 2006-10-26 19:48 434528 C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward]
--a------ 2007-11-27 14:36 2169368 C:\Program Files\VDOTool\TBPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 2008-05-20 13:19 2594224 C:\Program Files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-04 20:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kav]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2007-06-20 12:49 451872 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-07-04 14:20 161064 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 01:41 8523776 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 01:41 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-04 20:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-04 20:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2006-03-18 10:24 184320 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2008-04-10 16:52 16861184 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2007-11-20 18:15 1826816 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-03-31 23:18 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Perfect World\\launcher\\Launcher.exe"=
"C:\\Program Files\\Perfect World\\element\\elementclient.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\Valve\\Counter-Strike Source\\hl2.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Valve\\Counter-Strike Source\\srcds.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"D:\\downloads\\setup.exe"=
"C:\\Program Files\\Internet Download Manager\\IDMan.exe"=

R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-06-21 10:44]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\autorun.exe
\Shell\directx\command - Support\DirectX\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\Autorun.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-05-12 12:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Administrator.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-22 10:47:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 2008-05-22 10:50:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-22 02:50:05

Pre-Run: 54,751,371,264 bytes free
Post-Run: 54,711,644,160 bytes free

312
  • 0

#6
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Based on your latest log, I did find malware on your system. Please stick with me until we get you cleaned up. :)

Please read this post completely before proceeding with the fix.
If you have questions, don't hesitate to ask.

Let's begin.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    [list]
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------

  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Then,

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Service_6to4]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_6TO4]



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt

  • 0

#7
giadda

giadda

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
oh okay. :)

i did as adviced :) and i'm posting the results of the 2nd ComboFix run.. :)

thanks,

giadda





ComboFix 08-05-21.2 - Administrator 2008-05-23 8:32:29.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.646 [GMT 8:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-23 to 2008-05-23 )))))))))))))))))))))))))))))))
.

2008-05-22 12:59 . 2008-05-22 15:24 <DIR> d-------- C:\Program Files\DURIE
2008-05-21 00:18 . 2008-05-21 00:18 68 --a------ C:\WINDOWS\MyProg.ini
2008-05-20 16:10 . 2008-05-20 16:10 <DIR> d--h----- C:\WINDOWS\PIF
2008-05-20 16:08 . 2008-05-20 16:08 155,648 --a------ C:\WINDOWS\system32\libssl32.dll
2008-05-20 13:19 . 2008-05-20 19:47 <DIR> d-------- C:\Program Files\Internet Download Manager
2008-05-20 13:19 . 2008-05-20 13:57 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\IDM
2008-05-20 09:08 . 2008-05-20 09:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-05-18 19:43 . 2008-05-20 13:09 <DIR> d--hs---- C:\found.000
2008-05-18 13:05 . 2008-05-18 13:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
2008-05-18 13:04 . 2008-05-18 13:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\GlobalSCAPE
2008-05-17 17:35 . 2008-05-17 17:37 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\RapidGet
2008-05-16 21:51 . 2008-05-18 13:21 740 --a------ C:\temp.html
2008-05-16 09:14 . 2008-05-16 09:14 <DIR> d-------- C:\WINDOWS\Caps
2008-05-15 18:22 . 2008-05-15 18:40 96,645 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-05-15 18:22 . 2008-05-15 18:40 87,941 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-05-15 18:21 . 2008-05-15 18:21 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-05-15 18:21 . 2008-05-23 08:33 10,031,648 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-15 18:21 . 2008-05-23 08:33 436,000 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-15 18:21 . 2008-05-23 08:08 139,856 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-15 18:21 . 2008-05-23 08:08 43,628 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-15 16:13 . 2008-05-23 08:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DMCache
2008-05-15 10:05 . 2008-05-15 10:05 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-05-15 10:05 . 2008-05-15 10:05 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-15 00:20 . 2008-05-15 00:21 <DIR> d-------- C:\Program Files\Panda Security
2008-05-14 22:12 . 2008-05-14 22:12 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-14 22:12 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-14 22:12 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-13 15:15 . 2008-05-13 15:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-05-13 15:12 . 2004-09-21 18:18 148,830 --a------ C:\WINDOWS\system32\drivers\bcbthub.sys
2008-05-13 15:11 . 2008-05-13 15:11 <DIR> d-------- C:\Program Files\IVT Corporation
2008-05-13 15:11 . 2005-04-08 17:19 49,152 --a------ C:\WINDOWS\system32\btfunc.dll
2008-05-13 15:11 . 2005-05-31 09:42 23,000 --a------ C:\WINDOWS\system32\drivers\btcusb.sys
2008-05-13 15:11 . 2004-09-21 18:18 7,680 --a------ C:\WINDOWS\system32\btinstall.dll
2008-05-13 14:48 . 2004-08-03 23:10 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys
2008-05-13 14:48 . 2004-08-03 23:10 38,016 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys
2008-05-13 14:44 . 2004-08-03 23:10 274,304 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2008-05-13 14:44 . 2004-08-03 23:10 274,304 --a--c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-13 14:44 . 2004-08-03 23:10 18,944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS
2008-05-13 14:44 . 2004-08-03 23:10 18,944 --a--c--- C:\WINDOWS\system32\dllcache\bthusb.sys
2008-05-11 23:44 . 2008-05-11 23:44 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-10 18:49 . 2008-05-10 18:49 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-05-10 18:48 . 2008-05-10 18:48 <DIR> d-------- C:\WINDOWS\nview
2008-05-10 18:48 . 2008-05-10 18:48 <DIR> d-------- C:\Program Files\ACW
2008-05-10 17:58 . 2008-05-10 18:50 <DIR> d-------- C:\WINDOWS\NV26682672.TMP
2008-05-10 17:49 . 2008-05-10 17:49 <DIR> d-------- C:\WINDOWS\Sun
2008-05-10 17:49 . 2008-05-21 11:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-05-10 17:48 . 2008-05-10 17:48 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-05-10 17:48 . 2008-05-10 17:48 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-05-10 17:47 . 2008-05-10 17:47 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-05-10 17:47 . 2008-05-10 17:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-05-10 17:46 . 2008-05-10 17:46 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-05-10 17:46 . 2008-05-10 17:46 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-10 17:46 . 2008-05-10 17:46 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-05-10 17:46 . 2008-05-10 17:46 <DIR> d-------- C:\Program Files\Common Files\EasyInfo
2008-05-10 14:17 . 2008-05-10 14:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-10 14:17 . 2008-05-10 14:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-05-10 10:11 . 2008-05-10 10:11 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-05-10 09:57 . 2008-05-10 09:57 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-05-10 09:55 . 2008-05-10 18:50 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-05-10 08:32 . 2008-05-10 08:32 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-10 08:23 . 2008-05-10 08:23 <DIR> d-------- C:\Deckard
2008-05-08 17:57 . 2008-05-10 18:49 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-05-07 21:53 . 2008-05-13 15:46 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
2008-05-07 21:48 . 2005-05-03 18:43 69,632 --a------ C:\WINDOWS\Alcmtr.exe
2008-05-07 21:48 . 2007-11-14 15:18 553 --a------ C:\WINDOWS\USetup.iss
2008-05-07 21:18 . 2008-05-10 17:35 <DIR> d-------- C:\WINDOWS\NV3152432.TMP
2008-05-07 21:18 . 2007-12-10 14:24 159,458 --------- C:\WINDOWS\system32\nvapps.nvb
2008-05-07 21:17 . 2008-05-07 21:17 <DIR> d-------- C:\NVIDIA
2008-05-07 10:18 . 2008-05-10 17:36 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-05-06 17:36 . 2008-05-10 17:49 <DIR> d-------- C:\Program Files\Valve
2008-05-06 14:58 . 2008-03-01 21:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-06 14:58 . 2007-04-17 17:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-06 14:58 . 2007-03-08 13:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-06 14:58 . 2008-03-01 21:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-06 14:58 . 2008-03-01 21:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-06 14:58 . 2008-03-01 21:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-06 14:58 . 2008-03-01 21:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-06 14:58 . 2008-03-01 21:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-06 14:58 . 2008-02-22 18:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-06 14:54 . 2008-05-06 14:54 <DIR> d-------- C:\Program Files\Java
2008-05-06 14:54 . 2008-05-10 17:48 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-06 14:54 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-04 14:56 . 2008-05-04 14:56 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-05-03 15:23 . 2008-05-03 15:23 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-05-03 15:23 . 2003-07-17 08:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-05-03 15:23 . 2004-12-31 23:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-05-03 11:43 . 2008-05-23 08:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-27 15:29 . 2008-05-10 17:42 <DIR> d-------- C:\Program Files\KaraFun
2008-04-27 15:29 . 2008-04-27 15:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Recisio
2008-04-27 14:56 . 2008-05-15 10:05 22,328 --a------ C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
2008-04-27 14:55 . 2008-05-15 10:05 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-04-27 14:55 . 2008-04-27 14:55 319 --a------ C:\WINDOWS\game.ini
2008-04-27 14:24 . 2008-05-10 17:47 <DIR> d-------- C:\Program Files\PowerISO
2008-04-24 08:29 . 2008-04-24 08:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LightScribe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-21 11:38 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-21 11:37 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-05-20 05:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-19 12:13 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Wildfire
2008-05-17 04:09 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-16 13:22 --------- d-----w C:\Program Files\Yahoo!
2008-05-13 07:11 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-10 10:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-10 10:48 --------- d-----w C:\Program Files\EA GAMES
2008-05-10 10:35 --------- d-----w C:\Program Files\Realtek
2008-05-10 09:47 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-10 09:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-10 09:46 --------- d--h--r C:\Documents and Settings\Administrator\Application Data\yahoo!
2008-05-10 09:46 --------- d-----w C:\Program Files\CA Yahoo! Anti-Spy
2008-05-10 09:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-05-10 09:45 --------- d-----w C:\Program Files\DivX
2008-05-10 09:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-10 09:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-04 07:12 12,464 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-04-24 00:30 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Ahead
2008-04-24 00:25 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-20 07:00 --------- d--h--r C:\Documents and Settings\Administrator\Application Data\SecuROM
2008-04-17 08:33 4,707,328 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys
2008-04-10 08:52 16,861,184 ----a-w C:\WINDOWS\RTHDCPL.exe
2008-04-08 06:02 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-04-04 13:11 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DivX
2008-04-02 01:27 1,196,032 ----a-w C:\WINDOWS\RtlUpd.exe
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-31 15:18 --------- d-----w C:\Program Files\Common Files\xing shared
2008-03-31 15:18 --------- d-----w C:\Program Files\Common Files\Real
2008-03-28 13:58 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-03-28 13:39 --------- d-----w C:\Program Files\Windows Desktop Search
2008-03-27 14:04 --------- d-----w C:\Program Files\Real
2008-03-24 09:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Oberon Media
2008-03-23 04:04 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Talkback
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 13:34 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-03-05 10:07 520,192 ----a-w C:\WINDOWS\RtlExUpd.dll
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((( [email protected]_10.49.36.65 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-22 02:47:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-23 00:09:05 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-20 03:59:42 267,568 ----a-w C:\WINDOWS\Downloaded Program Files\sysreqlab3.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-05-20 13:19 2594224]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-31 23:18 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 20:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Registration Dogz2.LNK]
backup=C:\WINDOWS\pss\Registration Dogz2.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-07-04 14:01 148776 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-04 00:56 110592 C:\WINDOWS\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 20:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
--a------ 2006-10-26 19:48 434528 C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward]
--a------ 2007-11-27 14:36 2169368 C:\Program Files\VDOTool\TBPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 2008-05-20 13:19 2594224 C:\Program Files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-04 20:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kav]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2007-06-20 12:49 451872 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-07-04 14:20 161064 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 01:41 8523776 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 01:41 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-04 20:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-04 20:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2006-03-18 10:24 184320 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2008-04-10 16:52 16861184 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2007-11-20 18:15 1826816 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-03-31 23:18 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA"=2 (0x2)
"NMIndexingService"=3 (0x3)
"NBService"=3 (0x3)
"LightScribeService"=2 (0x2)
"EPSON_PM_RPCV4_01"=2 (0x2)
"BthServ"=2 (0x2)
"BlueSoleil Hid Service"=2 (0x2)
"wuauserv"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Perfect World\\launcher\\Launcher.exe"=
"C:\\Program Files\\Perfect World\\element\\elementclient.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\Valve\\Counter-Strike Source\\hl2.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Valve\\Counter-Strike Source\\srcds.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"D:\\downloads\\setup.exe"=
"C:\\Program Files\\Internet Download Manager\\IDMan.exe"=

R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-06-21 10:44]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\autorun.exe
\Shell\directx\command - G:\DirectX9\dxsetup.exe
\Shell\setup\command - G:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\CDCheck.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\CDCheck.exe

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-05-12 12:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Administrator.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-23 08:33:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-23 8:33:48
ComboFix-quarantined-files.txt 2008-05-23 00:33:42
ComboFix2.txt 2008-05-23 00:29:34
ComboFix3.txt 2008-05-22 02:50:09

Pre-Run: 42,554,322,944 bytes free
Post-Run: 42,541,469,696 bytes free

316
  • 0

#8
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
We're almost done. How's your computer running now? Still having issues?
  • 0

#9
giadda

giadda

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
yay!! thanks a lot for the help koko :) my PC's completely okay now, thanks to you ^.^

*hugs koko*

the CPU usage still spikes to 60%+ every now and then, but maybe i just need more RAM, hehe :)

again, can't thank you enough for the help ^.^
  • 0

#10
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
That is possible. Will look in to that. Other than CPU usage spiking to 60+? Are there other issues you would like to address?

Next,


Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Edited by koko_crunch, 23 May 2008 - 06:23 PM.

  • 0

Advertisements


#11
giadda

giadda

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
hi koko :) i'm sorry for the delayed reply, was out during the weekend :)

anyway, other than the spiking of my CPU usage, i believe i've no other problems..

i downloaded DSS as adviced, followed all the prompts, but for some reason, it didn't give me any other log file except main.txt.. i looked for it in the Deckard folder but found no extra.txt.. i tried deleting the folder, and had my Registry Mechanic clean out the reg entries, then redownload DSS, but still no extra.txt :)


Deckard's System Scanner v20071014.68
Run by Administrator on 2008-05-27 13:12:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:13:25 PM, on 5/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! ¤u¨ă¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Yahoo! ¤u¨ă¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: RapidShare-Download - res://D:\Program Files\RapidShare\RapidShare - the way YOU like it!\RapidShare - the way YOU like it!\more-rapid.exe/RsMenExt.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.co.../sysreqlab3.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1210057984828
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupga...crypt/npkcx.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7003 bytes

-- Files created between 2008-04-27 and 2008-05-27 -----------------------------

2008-05-27 13:13:12 0 d-------- C:\Program Files\Trend Micro
2008-05-27 12:07:57 262144 --a------ C:\ntuser.dat
2008-05-23 16:44:36 0 d-------- C:\Program Files\Lionhead Studios
2008-05-22 15:47:57 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-05-22 12:59:02 0 d-------- C:\Program Files\DURIE
2008-05-22 10:43:47 68096 --a------ C:\WINDOWS\zip.exe
2008-05-22 10:43:47 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-22 10:43:47 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-22 10:43:47 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-22 10:43:47 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-22 10:43:47 98816 --a------ C:\WINDOWS\sed.exe
2008-05-22 10:43:47 80412 --a------ C:\WINDOWS\grep.exe
2008-05-22 10:43:47 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-20 16:10:37 0 d--h----- C:\WINDOWS\PIF
2008-05-20 16:08:37 155648 --a------ C:\WINDOWS\system32\libssl32.dll
2008-05-18 19:43:43 0 d--hs---- C:\found.000
2008-05-16 09:14:57 0 d-------- C:\WINDOWS\Caps
2008-05-15 18:22:07 96645 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-05-15 18:22:07 87941 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-05-15 18:21:36 508704 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-15 18:21:36 11142688 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-15 18:21:36 0 d-------- C:\Program Files\Kaspersky Lab
2008-05-15 16:13:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\DMCache
2008-05-15 00:20:40 0 d-------- C:\Program Files\Panda Security
2008-05-14 22:12:24 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-13 15:15:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-05-13 15:12:22 63488 -ra------ C:\WINDOWS\system32\drivers\wssbtr1f.sys <Not Verified; National Semiconductor Sweden AB; National Semiconductor Sweden AB BlueCard PCMCIA driver>
2008-05-13 15:12:22 48556 -ra------ C:\WINDOWS\system32\drivers\SktBt2k.sys <Not Verified; Socket Communications, Inc.; SIO9502K>
2008-05-13 15:12:22 77824 -ra------ C:\WINDOWS\system32\drivers\SioUi2k.dll <Not Verified; Socket Communications Inc.; 16C950>
2008-05-13 15:12:21 48076 -ra------ C:\WINDOWS\system32\drivers\Sio9502k.sys <Not Verified; Socket Communications, Inc.; SIO9502K>
2008-05-13 15:12:21 40960 -ra------ C:\WINDOWS\system32\drivers\SCTray.exe <Not Verified; Socket Communications Inc.; SCTray>
2008-05-13 15:12:21 51169 -ra------ C:\WINDOWS\system32\drivers\OXSER.SYS <Not Verified; OEM; OX16C95x>
2008-05-13 15:12:00 11736 --a------ C:\WINDOWS\system32\drivers\VHIDMini.sys <Not Verified; IVT Corporation; IVT BlueSoleil>
2008-05-13 15:12:00 82148 --a------ C:\WINDOWS\system32\drivers\VcommMgr.sys <Not Verified; IVT Corporation; BlueSoleil>
2008-05-13 15:12:00 61312 --a------ C:\WINDOWS\system32\drivers\VComm.sys <Not Verified; IVT Corporation; BlueSoleil>
2008-05-13 15:12:00 11860 --a------ C:\WINDOWS\system32\drivers\vbtenum.sys
2008-05-13 15:12:00 116021 --a------ C:\WINDOWS\system32\drivers\fw203x.sys <Not Verified; Broadcom; >
2008-05-13 15:12:00 13304 --a------ C:\WINDOWS\system32\drivers\BTNetFilter.sys
2008-05-13 15:12:00 10804 --a------ C:\WINDOWS\system32\drivers\BtNetDrv.sys <Not Verified; IVT Corporation; BlueSoleil>
2008-05-13 15:12:00 28271 --a------ C:\WINDOWS\system32\drivers\BTHidMgr.sys <Not Verified; IVT Corporation; BlueSoleil©>
2008-05-13 15:12:00 20480 --a------ C:\WINDOWS\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver>
2008-05-13 15:11:59 23000 --a------ C:\WINDOWS\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
2008-05-13 15:11:59 7680 --a------ C:\WINDOWS\system32\btinstall.dll <Not Verified; IVT Corporation; BlueSoleil>
2008-05-13 15:11:59 49152 --a------ C:\WINDOWS\system32\btfunc.dll <Not Verified; IVT Corporation; BlueSoleil>
2008-05-13 15:11:59 0 d-------- C:\Program Files\IVT Corporation
2008-05-11 23:44:38 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-10 18:49:53 0 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-05-10 18:48:51 0 d-------- C:\Program Files\ACW
2008-05-10 18:48:18 0 d-------- C:\WINDOWS\nview
2008-05-10 17:58:23 0 d-------- C:\WINDOWS\NV26682672.TMP
2008-05-10 17:49:05 0 d-------- C:\WINDOWS\Sun
2008-05-10 17:48:40 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-05-10 17:48:40 0 d-------- C:\WINDOWS\system32\PreInstall
2008-05-10 17:48:39 0 d-------- C:\Program Files\SystemRequirementsLab
2008-05-10 17:48:21 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-05-10 17:47:21 0 d--hs---- C:\WINDOWS\ftpcache
2008-05-10 17:46:40 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-05-10 17:46:37 0 d-------- C:\Program Files\Common Files\Scanner
2008-05-10 17:46:37 0 d-------- C:\Program Files\Common Files\EasyInfo
2008-05-10 17:46:04 0 d-------- C:\WINDOWS\Downloaded Installations
2008-05-10 14:17:23 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-05-10 14:17:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-10 09:57:15 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-05-10 09:55:44 0 d-------- C:\WINDOWS\Internet Logs
2008-05-09 22:53:13 0 d--hs---- C:\WINDOWS\CSC
2008-05-08 17:57:36 0 d-------- C:\WINDOWS\system32\URTTemp
2008-05-07 21:48:00 7602176 --a------ C:\Documents and Settings\Administrator\ntuser.dat
2008-05-07 21:18:57 0 d-------- C:\WINDOWS\NV3152432.TMP
2008-05-07 21:17:42 0 d-------- C:\NVIDIA
2008-05-07 10:18:04 0 d-------- C:\WINDOWS\system32\Adobe
2008-05-06 17:36:46 0 d-------- C:\Program Files\Valve
2008-05-06 15:00:52 0 d-------- C:\WINDOWS\network diagnostic
2008-05-06 14:54:11 0 d-------- C:\Program Files\Java
2008-05-06 14:54:10 0 d-------- C:\Program Files\Common Files\Java
2008-05-06 14:53:49 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-05-03 19:48:08 153312 --a------ C:\WINDOWS\system\TYPELIB.DLL <Not Verified; Microsoft Corporation; Microsoft OLE 2.01 for Windows>
2008-05-03 19:48:08 157184 --a------ C:\WINDOWS\system\STORAGE.DLL
2008-05-03 19:48:08 55808 --a------ C:\WINDOWS\system\OLE2PROX.DLL <Not Verified; Microsoft Corporation; Microsoft OLE 2.01 for Windows>
2008-05-03 19:48:07 147440 --a------ C:\WINDOWS\system\OLE2NLS.DLL <Not Verified; Microsoft Corporation; Microsoft OLE 2.01 for Windows>
2008-05-03 19:48:07 98336 --a------ C:\WINDOWS\system\OLE2DISP.DLL <Not Verified; Microsoft Corporation; Microsoft OLE 2.01 for Windows>
2008-05-03 19:48:07 57328 --a------ C:\WINDOWS\system\OLE2CONV.DLL <Not Verified; Microsoft Corporation; Microsoft Graphic Filters>
2008-05-03 19:48:07 24606 --a------ C:\WINDOWS\system\OLE2.REG
2008-05-03 19:48:07 313344 --a------ C:\WINDOWS\system\OLE2.DLL <Not Verified; Microsoft Corporation; Microsoft OLE 2.01 for Windows>
2008-05-03 19:48:07 49616 --a------ C:\WINDOWS\system\MSACM.DLL <Not Verified; Microsoft Corporation; Microsoft Audio Compression Manager>
2008-05-03 19:48:07 49728 --a------ C:\WINDOWS\system\IYVU9.DLL
2008-05-03 19:48:06 151040 --a------ C:\WINDOWS\system\IR32.DLL
2008-05-03 19:48:06 77664 --a------ C:\WINDOWS\system\IR21_R.DLL
2008-05-03 19:48:06 7168 --a------ C:\WINDOWS\system\DISPDIB.DLL <Not Verified; Microsoft Corporation; Microsoft Video for Windows>
2008-05-03 19:48:06 14208 --a------ C:\WINDOWS\system\CTL3D.DLL <Not Verified; Microsoft Corporation; 3d Windows Control>
2008-05-03 19:48:06 102400 --a------ C:\WINDOWS\system\COMPOBJ.DLL <Not Verified; Microsoft Corporation; Microsoft OLE 2.01 for Windows>
2008-05-03 19:48:06 87 --a------ C:\WINDOWS\system\CLEANUP.REG
2008-05-03 19:48:06 12800 --a------ C:\WINDOWS\system\ACMCMPRS.DLL <Not Verified; Microsoft Corporation; Microsoft Video for Windows>
2008-05-03 19:48:05 398416 --a------ C:\WINDOWS\system\VBRUN300.DLL <Not Verified; Microsoft Corporation; Visual Basic 3.0>
2008-05-03 19:48:05 356992 --a------ C:\WINDOWS\system\VBRUN200.DLL <Not Verified; Microsoft Corporation; Visual Basic 2.0>
2008-05-03 19:48:05 124832 --a------ C:\WINDOWS\system\MFCO250.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual C++>
2008-05-03 19:48:05 51440 --a------ C:\WINDOWS\system\MFCD250.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual C++>
2008-05-03 19:48:05 298512 --a------ C:\WINDOWS\system\MFC250.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual C++>
2008-05-03 19:48:05 21648 --a------ C:\WINDOWS\system\CTL3DV2.DLL <Not Verified; Microsoft Corporation; 3d Windows Control>
2008-05-03 19:48:05 0 d-------- C:\MOSBY
2008-05-03 15:23:50 4682 --a------ C:\WINDOWS\system32\npptNT2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
2008-05-03 15:23:10 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-05-03 11:43:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-27 15:29:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Recisio
2008-04-27 15:29:09 0 d-------- C:\Program Files\KaraFun
2008-04-27 14:24:50 0 d-------- C:\Program Files\PowerISO


-- Find3M Report ---------------------------------------------------------------

2008-05-26 20:56:25 40 --a------ C:\WINDOWS\popcinfo.dat
2008-05-26 11:03:33 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-21 19:38:18 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-21 19:37:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-05-19 20:13:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Wildfire
2008-05-16 21:22:08 0 d-------- C:\Program Files\Yahoo!
2008-05-13 15:11:47 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-10 18:48:35 0 d-------- C:\Program Files\EA GAMES
2008-05-10 18:35:09 0 d-------- C:\Program Files\Realtek
2008-05-10 17:48:42 0 d-------- C:\Program Files\Common Files
2008-05-10 17:47:52 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-10 17:46:37 0 dr-h----- C:\Documents and Settings\Administrator\Application Data\yahoo!
2008-05-10 17:45:55 0 d-------- C:\Program Files\DivX
2008-05-07 10:20:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-05-07 10:20:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-05-04 15:21:21 1001 --a------ C:\WINDOWS\eReg.dat
2008-04-24 08:30:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\Ahead
2008-04-24 08:25:37 0 d-------- C:\Program Files\Common Files\Ahead
2008-04-20 15:00:48 0 dr-h----- C:\Documents and Settings\Administrator\Application Data\SecuROM
2008-04-18 10:17:55 1370 --a------ C:\WINDOWS\mozver.dat
2008-04-04 21:11:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\DivX
2008-04-01 05:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-04-01 05:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-04-01 05:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-04-01 05:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-04-01 05:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 23:19:58 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-03-31 23:18:31 0 d-------- C:\Program Files\Common Files\xing shared
2008-03-31 23:18:28 0 d-------- C:\Program Files\Common Files\Real
2008-03-28 21:58:37 0 d-------- C:\Program Files\Windows Media Connect 2
2008-03-28 21:39:15 0 d-------- C:\Program Files\Windows Desktop Search
2008-03-27 22:04:28 0 d-------- C:\Program Files\Real
2008-03-23 12:03:49 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-22 04:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-22 04:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-22 04:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-22 04:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-21 17:47:24 1756 --a------ C:\WINDOWS\EReg196.dat
2008-03-21 05:18:01 62 --ahs---- C:\Documents and Settings\Administrator\Application Data\desktop.ini
2008-03-21 02:42:00 4096 --a------ C:\WINDOWS\d3dx.dat
2008-03-20 21:34:55 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-03-20 21:27:44 0 -rahs---- C:\MSDOS.SYS
2008-03-20 21:27:44 0 -rahs---- C:\IO.SYS
2008-03-20 21:27:44 0 --a------ C:\CONFIG.SYS
2008-03-20 21:27:44 0 --a------ C:\AUTOEXEC.BAT
2008-03-20 21:25:31 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-03-05 18:07:48 520192 --a------ C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [02/08/2008 06:36 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/31/2008 11:18 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Registration Dogz2.LNK]
backup=C:\WINDOWS\pss\Registration Dogz2.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward]
C:\Program Files\VDOTool\TBPanel.exe /A

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kav]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
SkyTel.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA"=2 (0x2)
"NMIndexingService"=3 (0x3)
"NBService"=3 (0x3)
"LightScribeService"=2 (0x2)
"EPSON_PM_RPCV4_01"=2 (0x2)
"BthServ"=2 (0x2)
"BlueSoleil Hid Service"=2 (0x2)
"wuauserv"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\CDCheck.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
AutoRun\command- I:\CDCheck.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"



-- End of Deckard's System Scanner: finished at 2008-05-27 13:13:52 ------------
  • 0

#12
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Ok...

Click on Start >> Run >> then paste

"%userprofile%\desktop\dss.exe" /config

This will open DSS's configuration utility. Just Click on "Check All" then "Scan!"


Postback with Extra.txt
  • 0

#13
giadda

giadda

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
hi koko :) i did as adviced and came up with the extra.txt ^.^ thanks for the info :)

here's the extra.txt log as requested ^.^




Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU E4500 @ 2.20GHz
CPU 1: Intel® Core™2 Duo CPU E4500 @ 2.20GHz
Percentage of Memory in Use: 36%
Physical Memory (total/avail): 1023.17 MiB / 653.14 MiB
Pagefile Memory (total/avail): 2460.29 MiB / 2210.84 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1917.14 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 78.13 GiB total, 54.15 GiB free.
D: is Fixed (NTFS) - 39.06 GiB total, 18.27 GiB free.
E: is Fixed (NTFS) - 31.85 GiB total, 9.06 GiB free.
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG HD161HJ - 149.05 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 78.13 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 70.91 GiB - D: - E:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Kaspersky Internet Security v7.0.1.325 (Kaspersky Lab)
AV: Kaspersky Internet Security v7.0.1.325 (Kaspersky Lab)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Perfect World\\launcher\\Launcher.exe"="C:\\Program Files\\Perfect World\\launcher\\Launcher.exe:*:Enabled:Launcher"
"C:\\Program Files\\Perfect World\\element\\elementclient.exe"="C:\\Program Files\\Perfect World\\element\\elementclient.exe:*:Enabled:elementclient"
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"="C:\\WINDOWS\\system32\\usmt\\migwiz.exe:*:Disabled:Files and Settings Transfer Wizard"
"C:\\Program Files\\Valve\\Counter-Strike Source\\hl2.exe"="C:\\Program Files\\Valve\\Counter-Strike Source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Valve\\Counter-Strike Source\\srcds.exe"="C:\\Program Files\\Valve\\Counter-Strike Source\\srcds.exe:*:Enabled:srcds"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"D:\\downloads\\setup.exe"="D:\\downloads\\setup.exe:*:Enabled:Kaspersky Internet Security 7.0 Setup"
"C:\\Program Files\\Internet Download Manager\\IDMan.exe"="C:\\Program Files\\Internet Download Manager\\IDMan.exe:*:Enabled:Internet Download Manager"
"C:\\Documents and Settings\\Administrator\\Desktop\\dss.exe"="C:\\Documents and Settings\\Administrator\\Desktop\\dss.exe:*:Enabled:dss.exe"
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 7.0\\avp.exe"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 7.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ERIN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\ERIN
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=ERIN
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Administrator (admin)
(guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Atheros Communications Inc.® L2 Fast Ethernet Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0A755762-EED8-47AB-A446-505766F93D43}\Setup.exe" -l0x9 -removeonly
BlueSoleil --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\Setup.exe" -l0x9
Command & Conquer Generals --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32}
Command and ConquerTM Generals Zero Hour --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}
Counter-Strike Source --> C:\WINDOWS\unvise32.exe C:\PROGRA~1\Valve\Counter-Strike Source\uninstal.log
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DURIE 1.0.2.3 --> C:\Program Files\DURIE\uninst.exe
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Stylus C90_91_D92 Manual --> C:\Program Files\EPSON\TPMANUAL\ESC90 91 D92\ENG\USE_G\DOCUNINS.EXE
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
KaraFun 1.18 --> "C:\Program Files\KaraFun\unins000.exe"
Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 7 Essentials --> MsiExec.exe /X{3BDEE284-1516-40E8-B784-00FEBE1B1033}
nProtect KeyCrypt --> C:\WINDOWS\system32\npkuninst.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Perfect World --> "C:\WINDOWS\Perfect World\uninstall.exe" "/U:C:\Program Files\Perfect World\Uninstall\uninstall.xml"
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Registry Mechanic 7.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
Ricochet Infinity --> "D:\Program Files\GameHouse\Ricochet Infinity\unins000.exe"
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
VDOTool 5.9 --> "C:\Program Files\VDOTool\unins000.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> E:\Program Files\WinRAR\uninstall.exe
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! ¤u¨ă¦C --> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Zero Hour Reborn The Last Stand --> MsiExec.exe /I{24AEE00B-90C1-4254-8D1E-53CDBAE2187C}


-- Application Event Log -------------------------------------------------------

Event Record #/Type2821 / Error
Event Submitted/Written: 05/28/2008 04:27:11 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application white.exe, version 1.2.0.0, faulting module unknown, version 0.0.0.0, fault address 0x796d7241.
Processing media-specific event for [white.exe!ws!]

Event Record #/Type2820 / Error
Event Submitted/Written: 05/28/2008 02:12:02 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16640, faulting module ieui.dll, version 7.0.5730.13, fault address 0x000061b1.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type2817 / Error
Event Submitted/Written: 05/28/2008 01:09:10 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application white.exe, version 1.2.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00005846.
Processing media-specific event for [white.exe!ws!]

Event Record #/Type2814 / Error
Event Submitted/Written: 05/27/2008 09:12:29 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application white.exe, version 1.2.0.0, faulting module white.exe, version 1.2.0.0, fault address 0x0084041e.
Processing media-specific event for [white.exe!ws!]

Event Record #/Type2812 / Error
Event Submitted/Written: 05/27/2008 03:19:13 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application white.exe, version 1.2.0.0, faulting module white.exe, version 1.2.0.0, fault address 0x001deb22.
Processing media-specific event for [white.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type9445 / Error
Event Submitted/Written: 05/29/2008 11:27:55 AM
Event ID/Source: 8032 / BROWSER
Event Description:
The browser service has failed to retrieve the backup list too many times on transport \Device\NwlnkNb.
The backup browser is stopping.

Event Record #/Type9429 / Error
Event Submitted/Written: 05/29/2008 11:24:51 AM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.1.37 for the Network Card with network address 001D6024EF0B has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type9364 / Error
Event Submitted/Written: 05/28/2008 04:41:17 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type9294 / Error
Event Submitted/Written: 05/28/2008 11:32:34 AM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.1.35 for the Network Card with network address 001D6024EF0B has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type9271 / Error
Event Submitted/Written: 05/27/2008 07:03:20 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}



-- End of Deckard's System Scanner: finished at 2008-05-29 11:31:55 ------------
  • 0

#14
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Hey giadda,

I didn't find anything wrong with your log so I consulted with an expert - Metallica and he agrees.

The problem you're experiencing is no longer malware related. May be something to do with XP? Since my area is malware infections, I can't really help you much with your current issue. I suggest you start a topic in our Windows XP forum . Surely one of our experts would be glad to help you out.

With that said.....


Congratulations, your log is clean! :)
We have a couple of last steps to perform and then you're all set.

First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.

* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
* CHECK the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.

Next, let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Restart your computer.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]
System Restore will now be active again.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.

To keep your operating system up to date visit
monthly. And to keep your system clean run these free malware scanners
weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Have a nice day!!! :)
  • 0

#15
giadda

giadda

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
yipeeee!!! phew!~ finally cleared of malware ^^

thanks alot for the time and effort you spent helping me koko :)

i'll definitely note down everything you recommended ^^

and yup, i will definitely visit the XP forums :) all in all, i'm glad i don't have any malware ^^

thanks too metallica ^^



thanks so mch once again koko ^^
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP