Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Heavily Infected with Viruses [RESOLVED]

Started by abryenton , May 19 2008 05:24 PM

  • This topic is locked This topic is locked

#16
abryenton
Posted 01 June 2008 - 09:28 PM

abryenton

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
CF_RC.txt:

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /usepmtimer /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons




ComboFix:

ComboFix 08-05-21.3 - Nitro 2008-06-01 0:58:40.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1281 [GMT -3:00]
Running from: C:\Documents and Settings\Nitro\Desktop\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\Nitro\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


FILE ::
C:\WINDOWS\system32\SET30C.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\SET30C.tmp

.
((((((((((((((((((((((((( Files Created from 2008-05-01 to 2008-06-01 )))))))))))))))))))))))))))))))
.

2008-05-29 17:14 . 2008-05-29 17:14 268 --ah----- C:\sqmdata01.sqm
2008-05-29 17:14 . 2008-05-29 17:14 244 --ah----- C:\sqmnoopt01.sqm
2008-05-26 21:13 . 2008-05-27 17:55 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-26 21:11 . 2008-05-26 21:11 268 --ah----- C:\sqmdata00.sqm
2008-05-26 21:11 . 2008-05-26 21:11 244 --ah----- C:\sqmnoopt00.sqm
2008-05-23 01:55 . 2008-05-29 18:55 250 --a------ C:\WINDOWS\gmer.ini
2008-05-21 21:26 . 2008-05-21 21:26 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-21 21:25 . 2008-05-21 21:25 <DIR> d-------- C:\SDfix
2008-05-21 03:04 . 2008-05-21 03:04 <DIR> d-------- C:\Documents and Settings\Nitro\Application Data\TrojanHunter
2008-05-20 23:31 . 2008-05-20 23:32 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2008-05-19 22:34 . 2008-05-19 22:34 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-19 22:34 . 2008-05-19 22:34 <DIR> d-------- C:\Documents and Settings\Nitro\Application Data\SUPERAntiSpyware.com
2008-05-19 22:34 . 2008-05-19 22:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-19 22:32 . 2008-05-22 22:45 326 --a------ C:\WINDOWS\wininit.ini
2008-05-18 20:21 . 2008-05-18 20:21 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-18 20:20 . 2008-05-18 20:20 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-18 20:20 . 2008-05-18 20:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-18 16:29 . 2008-05-18 16:29 <DIR> d-------- C:\Program Files\CCleaner
2008-05-18 16:15 . 2004-08-04 00:56 10,752 --a------ C:\WINDOWS\system32\smtpapi.dll
2008-05-18 16:15 . 2004-08-04 00:56 9,728 --a------ C:\WINDOWS\system32\rwnh.dll
2008-05-18 16:02 . 2008-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-05-18 16:02 . 2008-05-18 16:02 <DIR> d-------- C:\WINDOWS\system32\en
2008-05-18 16:02 . 2008-05-18 16:05 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-18 16:02 . 2008-05-18 16:02 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-18 16:00 . 2008-04-14 05:42 727,040 --a------ C:\WINDOWS\system32\SET15A.tmp
2008-05-18 15:59 . 2007-10-26 00:36 8,454,656 --a------ C:\WINDOWS\system32\dllcache\shell32.dll
2008-05-18 15:56 . 2008-05-18 16:04 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-05-18 01:17 . 2001-08-23 09:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-05-18 01:16 . 2008-05-18 01:16 4 --a------ C:\WINDOWS\system32\hljwugsf.bin
2008-05-18 01:15 . 2008-05-18 01:15 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-18 01:15 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-18 01:15 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-17 00:30 . 2008-05-17 00:30 <DIR> d-------- C:\Deckard
2008-05-17 00:24 . 2008-05-29 19:09 <DIR> d-------- C:\HJT
2008-05-17 00:17 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-05-17 00:16 . 2008-05-17 00:16 <DIR> d-------- C:\Program Files\MSBuild
2008-05-17 00:16 . 2008-05-17 00:16 <DIR> d-------- C:\Program Files\Microsoft Works
2008-05-17 00:15 . 2008-05-17 00:15 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-05-17 00:13 . 2008-05-17 00:13 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-17 00:12 . 2008-05-17 00:15 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-05-17 00:12 . 2008-05-17 00:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-17 00:11 . 2008-05-17 00:11 <DIR> dr-h----- C:\MSOCache
2008-05-16 21:24 . 2008-05-17 15:46 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-16 21:24 . 2008-05-16 21:24 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-16 03:57 . 2008-05-16 03:57 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-05-15 20:53 . 2008-05-15 20:53 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-05-15 19:53 . 2008-05-15 19:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
2008-05-15 19:33 . 2008-05-15 19:33 1,160 --a------ C:\WINDOWS\mozver.dat
2008-05-15 15:21 . 2008-05-15 15:21 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Nero
2008-05-15 15:21 . 2008-05-15 15:21 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-15 01:52 . 2008-05-15 01:52 <DIR> d-------- C:\WINDOWS\Application Data
2008-05-15 00:16 . 2008-05-15 01:03 41,776,360 --a------ C:\WINDOWS\system32\amtmp.wav
2008-05-15 00:16 . 2008-05-15 01:03 326,368 --a------ C:\amt1
2008-05-15 00:14 . 2008-05-15 01:03 521 --a------ C:\WINDOWS\MP3trtg.ini
2008-05-15 00:08 . 2008-05-15 00:12 <DIR> d-------- C:\Program Files\Coding Workshop Ringtone Converter
2008-05-15 00:08 . 2004-02-19 05:11 511,488 --a------ C:\WINDOWS\system32\cwmdtl50a.dll
2008-05-15 00:08 . 1998-10-07 05:53 305,432 --a------ C:\WINDOWS\system32\Threed20.ocx
2008-05-15 00:08 . 2003-06-30 16:39 102,400 --a------ C:\WINDOWS\system32\cwsmaf40.dll
2008-05-12 20:02 . 2008-05-12 20:02 <DIR> d-------- C:\Documents and Settings\Nitro\Application Data\CSOdessa
2008-05-12 20:01 . 2008-05-13 00:46 <DIR> d-------- C:\Program Files\CS Odessa
2008-05-11 15:22 . 2008-05-11 15:22 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-05-11 15:22 . 2008-05-11 15:22 <DIR> d-------- C:\Program Files\Common Files\TechSmith Shared
2008-05-11 15:22 . 2008-05-11 15:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2008-05-11 15:22 . 2007-08-27 10:53 107,864 --a------ C:\WINDOWS\system32\tsccvid.dll
2008-05-11 15:21 . 2008-05-11 15:21 <DIR> d-------- C:\Program Files\TechSmith
2008-05-10 21:57 . 2008-05-10 22:54 <DIR> d-------- C:\Program Files\EDraw Max
2008-05-10 20:32 . 2004-03-05 01:13 644,400 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-05-10 20:29 . 2008-05-10 20:29 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-05-10 19:42 . 2008-05-10 19:42 <DIR> d-------- C:\Program Files\IGC
2008-05-10 18:52 . 2008-05-10 18:52 <DIR> d-------- C:\Documents and Settings\Nitro\Application Data\Apple Computer
2008-05-10 18:50 . 2008-05-10 18:50 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-10 18:50 . 2008-05-10 18:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-10 18:50 . 2008-05-10 18:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-10 17:13 . 2008-05-10 17:17 <DIR> d-------- C:\Documents and Settings\Nitro\Application Data\DivX
2008-05-10 17:12 . 2008-05-10 19:47 <DIR> d-------- C:\Program Files\DivX
2008-05-10 17:12 . 2008-01-04 18:58 120,056 --a------ C:\WINDOWS\system32\pxcpyi64.exe
2008-05-10 17:12 . 2008-01-04 18:58 118,520 --a------ C:\WINDOWS\system32\pxinsi64.exe
2008-05-09 00:04 . 2008-05-09 00:04 <DIR> d-------- C:\Program Files\IMSI
2008-05-08 23:58 . 2008-05-09 21:55 <DIR> d-------- C:\Program Files\MagicISO
2008-05-08 20:08 . 2008-05-08 20:08 22,328 --a------ C:\Documents and Settings\Nitro\Application Data\PnkBstrK.sys
2008-05-08 19:50 . 2008-05-08 19:50 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-05-07 19:53 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-05-07 19:53 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-05-07 19:53 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-05-06 22:15 . 2008-05-06 22:15 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-01 21:33 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-05-01 21:33 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-05-01 21:33 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-05-01 21:33 . 2007-05-31 19:30 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-05-01 21:33 . 2007-05-31 19:29 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2008-05-01 21:32 . 2008-05-01 21:32 319 --a------ C:\WINDOWS\game.ini
2008-05-01 21:22 . 2008-05-01 21:22 <DIR> d--hs---- C:\WINDOWS\ftpcache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-01 04:08 --------- d-----w C:\Documents and Settings\Nitro\Application Data\uTorrent
2008-05-31 05:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-29 02:50 --------- d-----w C:\Documents and Settings\Nitro\Application Data\Vso
2008-05-23 04:43 --------- d-----w C:\Program Files\SiteAdvisor
2008-05-23 04:24 --------- d-----w C:\Program Files\Google
2008-05-18 04:19 --------- d-----w C:\Program Files\Driver Magician
2008-05-15 22:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-10 22:48 --------- d-----w C:\Documents and Settings\Nitro\Application Data\Microsoft Games
2008-05-10 21:51 --------- d-----w C:\Program Files\QuickTime
2008-05-10 00:58 --------- d-----w C:\Program Files\SmartDraw 2008
2008-05-01 02:45 --------- d-----w C:\Documents and Settings\Nitro\Application Data\HP
2008-05-01 02:26 --------- d-----w C:\Program Files\HP
2008-05-01 02:26 --------- d-----w C:\Program Files\Common Files\HP
2008-05-01 02:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-05-01 02:23 --------- d-----w C:\Program Files\Hewlett-Packard
2008-05-01 02:23 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-04-29 23:53 --------- d-----w C:\Documents and Settings\Nitro\Application Data\SiteAdvisor
2008-04-29 03:23 --------- d-----w C:\Documents and Settings\Nitro\Application Data\SmartDraw
2008-04-27 17:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-26 22:57 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-26 22:54 --------- d-----w C:\Program Files\Common Files\Control Panels
2008-04-26 22:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\ALM
2008-04-26 22:33 --------- d-----w C:\Program Files\Bonjour
2008-04-26 22:23 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-04-25 22:40 --------- d-----w C:\Program Files\VID_0E8F&PID_0003
2008-04-25 22:38 81,920 ------r C:\WINDOWS\bwUnin-6.1.4.36-8876480L.exe
2008-04-25 22:38 --------- d-----w C:\Program Files\Logitech
2008-04-25 22:37 --------- d-----w C:\Program Files\Common Files\Logitech
2008-04-25 21:43 --------- d-----w C:\Program Files\Notepad++
2008-04-25 21:43 --------- d-----w C:\Documents and Settings\Nitro\Application Data\Notepad++
2008-04-25 21:00 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-25 21:00 --------- d-----w C:\Program Files\Windows Live
2008-04-25 20:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-24 23:10 --------- d-----w C:\Program Files\Microsoft Plus!
2008-04-24 22:25 --------- d-----w C:\Documents and Settings\Nitro\Application Data\Malwarebytes
2008-04-24 22:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-24 04:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\vsosdk
2008-04-24 03:39 --------- d-----w C:\Program Files\McAfee
2008-04-24 00:27 --------- d-----w C:\Documents and Settings\Nitro\Application Data\Nero
2008-04-24 00:26 --------- d-----w C:\Program Files\Common Files\Nero
2008-04-24 00:24 --------- d-----w C:\Program Files\Nero
2008-04-24 00:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-04-23 22:51 --------- d-----w C:\Program Files\Trend Micro
2008-04-23 22:22 --------- d-----w C:\Documents and Settings\Nitro\Application Data\Winamp
2008-04-23 22:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-04-23 22:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-04-23 22:19 --------- d-----w C:\Program Files\McAfee.com
2008-04-23 22:19 --------- d-----w C:\Program Files\Common Files\McAfee
2008-04-23 22:17 --------- d-----w C:\Program Files\Winamp
2008-04-23 22:07 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-04-23 22:07 47,360 ----a-w C:\Documents and Settings\Nitro\Application Data\pcouffin.sys
2008-04-23 22:07 --------- d-----w C:\Program Files\VSO
2008-04-23 21:49 --------- d-----w C:\Program Files\PowerISO
2008-04-23 21:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-04-23 04:47 --------- d-----w C:\Program Files\GlobalSCAPE
2008-04-23 04:47 --------- d-----w C:\Documents and Settings\Nitro\Application Data\GlobalSCAPE
2008-04-23 04:00 --------- d-----w C:\Program Files\CONEXANT
2008-04-23 03:55 --------- d-----w C:\Program Files\WinTV
2008-04-23 02:47 --------- d-----w C:\Program Files\DIFX
2008-04-23 02:42 --------- d-----w C:\Program Files\NVIDIA Corporation
2008-04-23 01:53 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-23 01:05 --------- d-----w C:\Documents and Settings\Nitro\Application Data\InstallShield
2008-04-22 23:25 --------- d-----w C:\Program Files\uTorrent
2008-04-22 22:27 --------- d-----w C:\Program Files\XPC Tools
2008-04-22 21:43 --------- d-----w C:\Program Files\Realtek
2008-04-22 21:11 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-04-22 08:58 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-14 08:42 1,033,728 ----a-w C:\WINDOWS\SET427.tmp
2008-04-14 08:41 451,072 ----a-w C:\WINDOWS\AppPatch\SET500.tmp
2008-04-14 08:41 245,248 ----a-w C:\WINDOWS\AppPatch\SET4FE.tmp
2008-04-14 08:41 141,312 ----a-w C:\WINDOWS\AppPatch\SET4FF.tmp
2008-04-14 08:41 116,224 ----a-w C:\WINDOWS\AppPatch\SET4FD.tmp
2008-04-14 08:41 1,852,928 ----a-w C:\WINDOWS\AppPatch\SET501.tmp
2008-03-26 19:14 16,859,136 ----a-w C:\WINDOWS\RTHDCPL.exe
2008-03-05 21:07 520,192 ----a-w C:\WINDOWS\RtlExUpd.dll
.

((((((((((((((((((((((((((((( snapshot@2008-05-23_ 1.37.00.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-23 04:31:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-01 04:10:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-23 04:54:59 819,200 ----a-w C:\WINDOWS\gmer.dll
+ 2008-03-03 23:29:06 761,856 ----a-w C:\WINDOWS\gmer.exe
- 2008-05-23 04:09:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-06-01 00:30:39 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-05-23 04:09:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-06-01 00:30:39 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-05-23 04:54:59 86,097 ----a-w C:\WINDOWS\system32\drivers\gmer.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-22 18:15 68856]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 12:43 1510640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-26 16:14 16859136 C:\WINDOWS\RTHDCPL.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 09:23 200704]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-03-27 03:35 36352]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-24 18:57 36640]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2002-11-23 02:15 631362]
"Acrobat Assistant 8.0"="M:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 23:24 620152]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2008-03-25 19:08 1047712]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2008-04-26 19:44:04 295606]
Adobe Acrobat Synchronizer.lnk - M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 00:01:50 734872]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-04-25 19:38:39 169472]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 13:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-04-22 18:15 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R2 MBAMDrvService;MBAMDrvService;C:\WINDOWS\system32\drivers\mbam.sys [2008-05-05 20:46]
R2 mbamservice;MBAMService;"C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [2008-05-05 20:46]
R3 hcw18bda;Hauppauge WinTV 418 Driver;C:\WINDOWS\system32\drivers\hcw18bda.sys [2007-04-18 16:30]
R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2003-12-17 09:50]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-15 04:07:21 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-06-01 04:00:18 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-01 01:10:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2008-06-01 1:16:12 - machine was rebooted [Nitro]
ComboFix-quarantined-files.txt 2008-06-01 04:15:39
ComboFix2.txt 2008-05-27 04:32:56
ComboFix3.txt 2008-05-25 22:38:19
ComboFix4.txt 2008-05-23 04:37:55

Pre-Run: 36,135,931,904 bytes free
Post-Run: 36,116,041,728 bytes free

338 --- E O F --- 2008-04-23 21:52:47





HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:34 AM, on 6/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
M:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.forceunleashed.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "M:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Append to existing PDF - res://M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MBAMService (mbamservice) - Malwarebytes - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

--
End of file - 10661 bytes
  • 0

Advertisements

#17
fenzodahl512
Posted 01 June 2008 - 11:08 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello abryenton, thanks for the reply.. Please do the following...

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
C:\WINDOWS\SET???.tmp /s
EmptyTemp
purity
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




NEXT


Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • Please let your firewall allow the scanning/downloading process.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.




Please post the following logs in your next reply.. Please post each log in separate post..

1. OTMoveIt2
2. Deckard System Scanner (main.txt and extra.txt)


Regards
fenzodahl512
  • 0

#18
abryenton
Posted 05 June 2008 - 09:59 PM

abryenton

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi, sorry for the delay, I was out of town for a few days.

I did both. The DSS only opened main.txt after it finished, there was no extra.txt.




OT Move it:

Explorer killed successfully
< C:\WINDOWS\SET???.tmp /s >
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET427.tmp moved successfully.
C:\WINDOWS\SET7.tmp moved successfully.
C:\WINDOWS\AppPatch\SET4FD.tmp moved successfully.
C:\WINDOWS\AppPatch\SET4FE.tmp moved successfully.
C:\WINDOWS\AppPatch\SET4FF.tmp moved successfully.
C:\WINDOWS\AppPatch\SET500.tmp moved successfully.
C:\WINDOWS\AppPatch\SET501.tmp moved successfully.
C:\WINDOWS\Fonts\SET431.tmp moved successfully.
C:\WINDOWS\Fonts\SET432.tmp moved successfully.
C:\WINDOWS\Fonts\SET433.tmp moved successfully.
C:\WINDOWS\Fonts\SET434.tmp moved successfully.
C:\WINDOWS\Fonts\SET435.tmp moved successfully.
C:\WINDOWS\Fonts\SET436.tmp moved successfully.
C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\SET544.tmp moved successfully.
C:\WINDOWS\system32\SET117.tmp moved successfully.
C:\WINDOWS\system32\SET119.tmp moved successfully.
C:\WINDOWS\system32\SET11B.tmp moved successfully.
C:\WINDOWS\system32\SET122.tmp moved successfully.
C:\WINDOWS\system32\SET123.tmp moved successfully.
C:\WINDOWS\system32\SET126.tmp moved successfully.
C:\WINDOWS\system32\SET132.tmp moved successfully.
C:\WINDOWS\system32\SET133.tmp moved successfully.
C:\WINDOWS\system32\SET135.tmp moved successfully.
C:\WINDOWS\system32\SET136.tmp moved successfully.
C:\WINDOWS\system32\SET137.tmp moved successfully.
C:\WINDOWS\system32\SET138.tmp moved successfully.
C:\WINDOWS\system32\SET139.tmp moved successfully.
C:\WINDOWS\system32\SET13B.tmp moved successfully.
C:\WINDOWS\system32\SET13C.tmp moved successfully.
C:\WINDOWS\system32\SET149.tmp moved successfully.
C:\WINDOWS\system32\SET14C.tmp moved successfully.
C:\WINDOWS\system32\SET14E.tmp moved successfully.
C:\WINDOWS\system32\SET150.tmp moved successfully.
C:\WINDOWS\system32\SET157.tmp moved successfully.
C:\WINDOWS\system32\SET15A.tmp moved successfully.
C:\WINDOWS\system32\SET15B.tmp moved successfully.
C:\WINDOWS\system32\SET163.tmp moved successfully.
C:\WINDOWS\system32\SET164.tmp moved successfully.
C:\WINDOWS\system32\SET165.tmp moved successfully.
C:\WINDOWS\system32\SET166.tmp moved successfully.
C:\WINDOWS\system32\SET171.tmp moved successfully.
C:\WINDOWS\system32\SET179.tmp moved successfully.
C:\WINDOWS\system32\SET180.tmp moved successfully.
C:\WINDOWS\system32\SET181.tmp moved successfully.
C:\WINDOWS\system32\SET195.tmp moved successfully.
C:\WINDOWS\system32\SET198.tmp moved successfully.
C:\WINDOWS\system32\SET19A.tmp moved successfully.
C:\WINDOWS\system32\SET1AC.tmp moved successfully.
C:\WINDOWS\system32\SET1B1.tmp moved successfully.
C:\WINDOWS\system32\SET1B2.tmp moved successfully.
C:\WINDOWS\system32\SET1B3.tmp moved successfully.
C:\WINDOWS\system32\SET1B5.tmp moved successfully.
C:\WINDOWS\system32\SET1BA.tmp moved successfully.
C:\WINDOWS\system32\SET1BB.tmp moved successfully.
C:\WINDOWS\system32\SET1BF.tmp moved successfully.
C:\WINDOWS\system32\SET1C3.tmp moved successfully.
C:\WINDOWS\system32\SET1C4.tmp moved successfully.
C:\WINDOWS\system32\SET1CC.tmp moved successfully.
C:\WINDOWS\system32\SET1CD.tmp moved successfully.
C:\WINDOWS\system32\SET1D5.tmp moved successfully.
C:\WINDOWS\system32\SET1DC.tmp moved successfully.
C:\WINDOWS\system32\SET1DD.tmp moved successfully.
C:\WINDOWS\system32\SET1E0.tmp moved successfully.
C:\WINDOWS\system32\SET1E6.tmp moved successfully.
C:\WINDOWS\system32\SET1F8.tmp moved successfully.
C:\WINDOWS\system32\SET208.tmp moved successfully.
C:\WINDOWS\system32\SET20B.tmp moved successfully.
C:\WINDOWS\system32\SET20D.tmp moved successfully.
C:\WINDOWS\system32\SET222.tmp moved successfully.
C:\WINDOWS\system32\SET223.tmp moved successfully.
C:\WINDOWS\system32\SET22A.tmp moved successfully.
C:\WINDOWS\system32\SET22F.tmp moved successfully.
C:\WINDOWS\system32\SET230.tmp moved successfully.
C:\WINDOWS\system32\SET231.tmp moved successfully.
C:\WINDOWS\system32\SET232.tmp moved successfully.
C:\WINDOWS\system32\SET234.tmp moved successfully.
C:\WINDOWS\system32\SET235.tmp moved successfully.
C:\WINDOWS\system32\SET236.tmp moved successfully.
C:\WINDOWS\system32\SET238.tmp moved successfully.
C:\WINDOWS\system32\SET239.tmp moved successfully.
C:\WINDOWS\system32\SET23A.tmp moved successfully.
C:\WINDOWS\system32\SET23F.tmp moved successfully.
C:\WINDOWS\system32\SET244.tmp moved successfully.
C:\WINDOWS\system32\SET245.tmp moved successfully.
C:\WINDOWS\system32\SET246.tmp moved successfully.
C:\WINDOWS\system32\SET24B.tmp moved successfully.
C:\WINDOWS\system32\SET24C.tmp moved successfully.
C:\WINDOWS\system32\SET24D.tmp moved successfully.
C:\WINDOWS\system32\SET24F.tmp moved successfully.
C:\WINDOWS\system32\SET252.tmp moved successfully.
C:\WINDOWS\system32\SET255.tmp moved successfully.
C:\WINDOWS\system32\SET259.tmp moved successfully.
C:\WINDOWS\system32\SET25F.tmp moved successfully.
C:\WINDOWS\system32\SET260.tmp moved successfully.
C:\WINDOWS\system32\SET269.tmp moved successfully.
C:\WINDOWS\system32\SET26E.tmp moved successfully.
C:\WINDOWS\system32\SET275.tmp moved successfully.
C:\WINDOWS\system32\SET276.tmp moved successfully.
C:\WINDOWS\system32\SET278.tmp moved successfully.
C:\WINDOWS\system32\SET279.tmp moved successfully.
C:\WINDOWS\system32\SET288.tmp moved successfully.
C:\WINDOWS\system32\SET28E.tmp moved successfully.
C:\WINDOWS\system32\SET294.tmp moved successfully.
C:\WINDOWS\system32\SET297.tmp moved successfully.
C:\WINDOWS\system32\SET298.tmp moved successfully.
C:\WINDOWS\system32\SET299.tmp moved successfully.
C:\WINDOWS\system32\SET29D.tmp moved successfully.
C:\WINDOWS\system32\SET2A0.tmp moved successfully.
C:\WINDOWS\system32\SET2AD.tmp moved successfully.
C:\WINDOWS\system32\SET2AF.tmp moved successfully.
C:\WINDOWS\system32\SET2B0.tmp moved successfully.
C:\WINDOWS\system32\SET2B5.tmp moved successfully.
C:\WINDOWS\system32\SET2BA.tmp moved successfully.
C:\WINDOWS\system32\SET2BC.tmp moved successfully.
C:\WINDOWS\system32\SET2BD.tmp moved successfully.
C:\WINDOWS\system32\SET2C4.tmp moved successfully.
C:\WINDOWS\system32\SET2CF.tmp moved successfully.
C:\WINDOWS\system32\SET2D7.tmp moved successfully.
C:\WINDOWS\system32\SET2DF.tmp moved successfully.
C:\WINDOWS\system32\SET2E8.tmp moved successfully.
C:\WINDOWS\system32\SET2EA.tmp moved successfully.
C:\WINDOWS\system32\SET2F3.tmp moved successfully.
C:\WINDOWS\system32\SET318.tmp moved successfully.
C:\WINDOWS\system32\SET32C.tmp moved successfully.
C:\WINDOWS\system32\SET33A.tmp moved successfully.
C:\WINDOWS\system32\SET343.tmp moved successfully.
C:\WINDOWS\system32\SET348.tmp moved successfully.
C:\WINDOWS\system32\SET34A.tmp moved successfully.
C:\WINDOWS\system32\SET363.tmp moved successfully.
C:\WINDOWS\system32\SET374.tmp moved successfully.
C:\WINDOWS\system32\SET379.tmp moved successfully.
C:\WINDOWS\system32\SET3A0.tmp moved successfully.
C:\WINDOWS\system32\SET3A7.tmp moved successfully.
C:\WINDOWS\system32\SET3A8.tmp moved successfully.
C:\WINDOWS\system32\SET3A9.tmp moved successfully.
C:\WINDOWS\system32\SET3AB.tmp moved successfully.
C:\WINDOWS\system32\SET3AC.tmp moved successfully.
C:\WINDOWS\system32\SET3AD.tmp moved successfully.
C:\WINDOWS\system32\SET3AE.tmp moved successfully.
C:\WINDOWS\system32\SET3B0.tmp moved successfully.
C:\WINDOWS\system32\SET3B2.tmp moved successfully.
C:\WINDOWS\system32\SET3B3.tmp moved successfully.
C:\WINDOWS\system32\SET3B5.tmp moved successfully.
C:\WINDOWS\system32\SET3BA.tmp moved successfully.
C:\WINDOWS\system32\SET3C8.tmp moved successfully.
C:\WINDOWS\system32\SET3D5.tmp moved successfully.
C:\WINDOWS\system32\SET3DE.tmp moved successfully.
C:\WINDOWS\system32\SET3E0.tmp moved successfully.
C:\WINDOWS\system32\SET3E7.tmp moved successfully.
C:\WINDOWS\system32\SET3EB.tmp moved successfully.
C:\WINDOWS\system32\SET3F1.tmp moved successfully.
C:\WINDOWS\system32\SET3F7.tmp moved successfully.
C:\WINDOWS\system32\SET3FE.tmp moved successfully.
C:\WINDOWS\system32\SET402.tmp moved successfully.
C:\WINDOWS\system32\SET591.tmp moved successfully.
C:\WINDOWS\system32\Setup\SET44B.tmp moved successfully.
C:\WINDOWS\system32\Setup\SET44C.tmp moved successfully.
C:\WINDOWS\system32\Setup\SET44D.tmp moved successfully.
C:\WINDOWS\system32\Setup\SET44E.tmp moved successfully.
C:\WINDOWS\system32\Setup\SET44F.tmp moved successfully.
C:\WINDOWS\system32\Setup\SET450.tmp moved successfully.
C:\WINDOWS\system32\Setup\SET451.tmp moved successfully.
C:\WINDOWS\system32\Setup\SET452.tmp moved successfully.
C:\WINDOWS\system32\Setup\SET453.tmp moved successfully.
C:\WINDOWS\system32\Setup\SET454.tmp moved successfully.
C:\WINDOWS\system32\Setup\SET455.tmp moved successfully.
C:\WINDOWS\system32\Setup\SET456.tmp moved successfully.
C:\WINDOWS\system32\Setup\SET457.tmp moved successfully.
C:\WINDOWS\system32\Setup\SET5B4.tmp moved successfully.
C:\WINDOWS\system32\wbem\SET458.tmp moved successfully.
C:\WINDOWS\system32\wbem\SET459.tmp moved successfully.
C:\WINDOWS\system32\wbem\SET45B.tmp moved successfully.
C:\WINDOWS\system32\wbem\SET45C.tmp moved successfully.
C:\WINDOWS\system32\wbem\SET45D.tmp moved successfully.
C:\WINDOWS\system32\wbem\SET46A.tmp moved successfully.
C:\WINDOWS\system32\wbem\SET46B.tmp moved successfully.
C:\WINDOWS\system32\wbem\SET46D.tmp moved successfully.
C:\WINDOWS\system32\wbem\SET46F.tmp moved successfully.
C:\WINDOWS\system32\wbem\SET471.tmp moved successfully.
C:\WINDOWS\system32\wbem\SET476.tmp moved successfully.
C:\WINDOWS\system32\wbem\SET479.tmp moved successfully.
C:\WINDOWS\system32\wbem\SET47A.tmp moved successfully.
C:\WINDOWS\system32\wbem\SET47B.tmp moved successfully.
C:\WINDOWS\system32\wbem\SET47E.tmp moved successfully.
C:\WINDOWS\system32\wbem\SET480.tmp moved successfully.
< EmptyTemp >
File delete failed. C:\WINDOWS\temp\mcmsc_2xKj2bSZPaXSln2 scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06062008_004012

Files moved on Reboot...
C:\WINDOWS\temp\mcmsc_2xKj2bSZPaXSln2 moved successfully.




DSS:

main.txt

Deckard's System Scanner v20071014.68
Run by Nitro on 2008-06-06 00:56:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Nitro.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:30 AM, on 6/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\notepad.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
M:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nitro\Desktop\dss.exe
C:\HJT\Nitro.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.forceunleashed.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "M:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Append to existing PDF - res://M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MBAMService (mbamservice) - Malwarebytes - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

--
End of file - 10132 bytes

-- Files created between 2008-05-06 and 2008-06-06 -----------------------------

2008-06-01 00:25:27 0 d-------- C:\cmdcons
2008-05-26 21:13:33 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-23 01:23:02 68096 --a------ C:\WINDOWS\zip.exe
2008-05-23 01:23:02 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-23 01:23:02 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-23 01:23:02 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-23 01:23:02 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-23 01:23:02 98816 --a------ C:\WINDOWS\sed.exe
2008-05-23 01:23:02 80412 --a------ C:\WINDOWS\grep.exe
2008-05-23 01:23:02 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-21 21:26:18 0 d-------- C:\WINDOWS\ERUNT
2008-05-21 03:04:41 0 d-------- C:\Documents and Settings\Nitro\Application Data\TrojanHunter
2008-05-20 23:31:44 0 d-------- C:\Program Files\TrojanHunter 5.0
2008-05-19 22:34:40 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-19 22:34:13 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-19 22:34:13 0 d-------- C:\Documents and Settings\Nitro\Application Data\SUPERAntiSpyware.com
2008-05-19 21:57:12 0 dr-h----- C:\Documents and Settings\Nitro\Recent
2008-05-19 19:41:01 0 d-------- C:\WINDOWS\Prefetch
2008-05-18 20:20:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-18 16:02:56 0 d-------- C:\WINDOWS\system32\scripting
2008-05-18 16:02:55 0 d-------- C:\WINDOWS\system32\en
2008-05-18 16:02:55 0 d-------- C:\WINDOWS\system32\bits
2008-05-18 16:02:55 0 d-------- C:\WINDOWS\l2schemas
2008-05-18 15:56:44 0 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-05-18 01:54:34 24064 --a------ C:\WINDOWS\time.exe
2008-05-18 01:54:33 15104 --a------ C:\WINDOWS\svcinit.exe
2008-05-18 01:54:33 30464 --a------ C:\WINDOWS\sistem.exe
2008-05-18 01:54:33 10496 --a------ C:\WINDOWS\searchword.dll
2008-05-18 01:54:33 22272 --a------ C:\WINDOWS\rundll16.exe
2008-05-18 01:54:33 10496 --a------ C:\WINDOWS\quicken.exe
2008-05-18 01:54:33 27136 --a------ C:\WINDOWS\qttasks.exe
2008-05-18 01:54:32 29184 --a------ C:\WINDOWS\mswsc20.dll
2008-05-18 01:54:32 20736 --a------ C:\WINDOWS\mswsc10.dll
2008-05-18 01:54:32 8192 --a------ C:\WINDOWS\msspi.dll
2008-05-18 01:54:32 11776 --a------ C:\WINDOWS\msconfd.dll
2008-05-18 01:54:31 21760 --a------ C:\WINDOWS\inetinf.exe
2008-05-18 01:54:31 19200 --a------ C:\WINDOWS\helpcvs.exe
2008-05-18 01:54:31 9216 --a------ C:\WINDOWS\gfmnaaa.dll
2008-05-18 01:54:31 14336 --a------ C:\WINDOWS\funny.exe
2008-05-18 01:54:31 29696 --a------ C:\WINDOWS\funniest.exe
2008-05-18 01:54:31 20224 --a------ C:\WINDOWS\editpad.exe
2008-05-18 01:54:30 25344 --a------ C:\WINDOWS\dnsrelay.dll
2008-05-18 01:54:30 9472 --a------ C:\WINDOWS\directx32.exe
2008-05-18 01:54:30 22272 --a------ C:\WINDOWS\ctrlpan.dll
2008-05-18 01:54:30 23296 --a------ C:\WINDOWS\ctfmon32.exe
2008-05-18 01:54:30 18944 --a------ C:\WINDOWS\cpan.dll
2008-05-18 01:16:15 4 --a------ C:\WINDOWS\system32\hljwugsf.bin
2008-05-18 01:15:48 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-17 00:24:27 0 d-------- C:\HJT
2008-05-17 00:16:31 0 d-------- C:\Program Files\Microsoft Works
2008-05-17 00:16:21 0 d-------- C:\Program Files\MSBuild
2008-05-17 00:15:16 0 d-------- C:\Program Files\Microsoft.NET
2008-05-17 00:13:16 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-17 00:12:31 0 d-------- C:\WINDOWS\SHELLNEW
2008-05-17 00:12:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-17 00:11:51 0 dr-h----- C:\MSOCache
2008-05-16 03:57:10 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-05-15 20:53:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-05-15 19:53:12 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
2008-05-15 19:33:31 1160 --a------ C:\WINDOWS\mozver.dat
2008-05-15 15:28:18 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-05-15 15:21:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\Nero
2008-05-15 15:21:27 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-15 15:21:27 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-15 15:21:27 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-15 15:21:27 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-05-15 15:21:27 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-05-15 15:21:27 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-15 15:21:27 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-05-15 15:21:27 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-05-15 15:21:27 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-15 15:21:27 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-05-15 15:21:27 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-15 15:21:27 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-05-15 15:21:27 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-15 15:21:27 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-15 01:52:46 0 d-------- C:\WINDOWS\Application Data
2008-05-15 00:16:41 326368 --a------ C:\amt1
2008-05-15 00:08:08 102400 --a------ C:\WINDOWS\system32\cwsmaf40.dll
2008-05-15 00:08:08 511488 --a------ C:\WINDOWS\system32\cwmdtl50a.dll
2008-05-15 00:08:08 0 d-------- C:\Program Files\Coding Workshop Ringtone Converter
2008-05-14 22:35:11 0 d-------- C:\WINDOWS\system32\appmgmt
2008-05-12 20:02:11 0 d-------- C:\Documents and Settings\Nitro\Application Data\CSOdessa
2008-05-12 20:01:24 0 d-------- C:\Program Files\CS Odessa
2008-05-11 15:22:19 0 d-------- C:\WINDOWS\system32\QuickTime
2008-05-11 15:22:12 0 d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2008-05-11 15:22:02 0 d-------- C:\Program Files\Common Files\TechSmith Shared
2008-05-11 15:21:59 0 d-------- C:\Program Files\TechSmith
2008-05-10 21:57:23 0 d-------- C:\Program Files\EDraw Max
2008-05-10 20:29:16 0 d-------- C:\WINDOWS\system32\URTTemp
2008-05-10 19:42:51 0 d-------- C:\Program Files\IGC
2008-05-10 18:52:53 0 d-------- C:\Documents and Settings\Nitro\Application Data\Apple Computer
2008-05-10 18:50:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-10 18:50:40 0 d-------- C:\Program Files\Apple Software Update
2008-05-10 18:50:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-10 17:13:23 0 d-------- C:\Documents and Settings\Nitro\Application Data\DivX
2008-05-10 17:12:49 0 d-------- C:\Program Files\DivX
2008-05-09 00:04:01 0 d-------- C:\Program Files\IMSI
2008-05-08 23:58:49 0 d-------- C:\Program Files\MagicISO
2008-05-08 19:50:18 0 d-------- C:\WINDOWS\system32\LogFiles
2008-05-06 22:15:14 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-06 22:15:11 0 d-------- C:\Documents and Settings\Nitro\Application Data\Mozilla


-- Find3M Report ---------------------------------------------------------------

2008-06-02 18:10:49 0 d-------- C:\Documents and Settings\Nitro\Application Data\uTorrent
2008-06-02 00:42:05 0 d-------- C:\Program Files\Common Files
2008-06-02 00:39:50 0 d-------- C:\Program Files\Google
2008-05-29 18:49:01 0 d-------- C:\Documents and Settings\Nitro\Application Data\Adobe
2008-05-28 23:50:35 0 d-------- C:\Documents and Settings\Nitro\Application Data\Vso
2008-05-23 01:43:10 0 d-------- C:\Program Files\SiteAdvisor
2008-05-18 16:06:32 0 d-------- C:\Program Files\Messenger
2008-05-18 16:05:38 0 d-------- C:\Program Files\Windows NT
2008-05-18 16:05:37 0 d-------- C:\Program Files\Movie Maker
2008-05-18 01:19:46 0 d-------- C:\Program Files\Driver Magician
2008-05-15 19:53:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-10 19:48:43 0 d-------- C:\Documents and Settings\Nitro\Application Data\Microsoft Games
2008-05-10 18:51:15 0 d-------- C:\Program Files\QuickTime
2008-05-09 21:58:09 0 d-------- C:\Program Files\SmartDraw 2008
2008-04-30 23:45:22 0 d-------- C:\Documents and Settings\Nitro\Application Data\HP
2008-04-30 23:40:22 117132 --a------ C:\WINDOWS\hpoins11.dat
2008-04-30 23:26:16 0 d-------- C:\Program Files\Common Files\HP
2008-04-30 23:26:13 0 d-------- C:\Program Files\HP
2008-04-30 23:23:56 0 d-------- C:\Program Files\Hewlett-Packard
2008-04-30 23:23:05 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-04-29 20:53:37 0 d-------- C:\Documents and Settings\Nitro\Application Data\SiteAdvisor
2008-04-29 00:23:53 0 d-------- C:\Documents and Settings\Nitro\Application Data\SmartDraw
2008-04-26 19:57:01 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-26 19:54:36 0 d-------- C:\Program Files\Common Files\Control Panels
2008-04-26 19:33:46 0 d-------- C:\Program Files\Bonjour
2008-04-26 19:23:37 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-25 19:40:43 0 d-------- C:\Program Files\VID_0E8F&PID_0003
2008-04-25 19:38:30 0 d-------- C:\Program Files\Logitech
2008-04-25 19:37:42 0 d-------- C:\Program Files\Common Files\Logitech
2008-04-25 18:43:41 0 d-------- C:\Documents and Settings\Nitro\Application Data\Notepad++
2008-04-25 18:43:37 0 d-------- C:\Program Files\Notepad++
2008-04-25 18:00:20 0 d-------- C:\Program Files\Windows Live
2008-04-25 18:00:07 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-24 19:25:01 0 d-------- C:\Documents and Settings\Nitro\Application Data\Malwarebytes
2008-04-24 00:39:34 0 d-------- C:\Program Files\McAfee
2008-04-23 21:27:13 0 d-------- C:\Documents and Settings\Nitro\Application Data\Nero
2008-04-23 21:26:05 0 d-------- C:\Program Files\Common Files\Nero
2008-04-23 21:24:41 0 d-------- C:\Program Files\Nero
2008-04-23 19:51:50 0 d-------- C:\Program Files\Trend Micro
2008-04-23 19:22:48 0 d-------- C:\Documents and Settings\Nitro\Application Data\Winamp
2008-04-23 19:19:57 0 d-------- C:\Program Files\Common Files\McAfee
2008-04-23 19:19:46 0 d-------- C:\Program Files\McAfee.com
2008-04-23 19:17:58 0 d-------- C:\Program Files\Winamp
2008-04-23 19:07:51 34 --a------ C:\Documents and Settings\Nitro\Application Data\pcouffin.log
2008-04-23 19:07:50 47360 --a------ C:\Documents and Settings\Nitro\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-04-23 19:07:50 1144 --a------ C:\Documents and Settings\Nitro\Application Data\pcouffin.inf
2008-04-23 19:07:50 7887 --a------ C:\Documents and Settings\Nitro\Application Data\pcouffin.cat
2008-04-23 19:07:47 0 d-------- C:\Program Files\VSO
2008-04-23 18:49:04 0 d-------- C:\Program Files\PowerISO
2008-04-23 18:48:08 0 d-------- C:\Documents and Settings\Nitro\Application Data\WinRAR
2008-04-23 01:47:53 0 d-------- C:\Documents and Settings\Nitro\Application Data\GlobalSCAPE
2008-04-23 01:47:46 0 d-------- C:\Program Files\GlobalSCAPE
2008-04-23 01:00:36 0 d-------- C:\Program Files\CONEXANT
2008-04-23 00:55:24 0 d-------- C:\Program Files\WinTV
2008-04-22 23:47:27 0 d-------- C:\Program Files\DIFX
2008-04-22 23:42:03 0 d-------- C:\Program Files\NVIDIA Corporation
2008-04-22 22:53:20 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-22 22:05:02 0 d-------- C:\Documents and Settings\Nitro\Application Data\InstallShield
2008-04-22 20:25:17 0 d-------- C:\Program Files\uTorrent
2008-04-22 19:33:09 0 d-------- C:\Documents and Settings\Nitro\Application Data\Macromedia
2008-04-22 19:27:56 0 d-------- C:\Program Files\XPC Tools
2008-04-22 18:43:22 0 d-------- C:\Program Files\Realtek
2008-04-22 18:41:20 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-22 18:16:27 0 d-------- C:\Documents and Settings\Nitro\Application Data\Google
2008-04-22 18:11:29 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-04-22 06:01:44 0 d-------- C:\Documents and Settings\Nitro\Application Data\Identities
2008-04-22 05:58:36 0 d-------- C:\Program Files\microsoft frontpage
2008-04-22 05:58:26 0 -rahs---- C:\MSDOS.SYS
2008-04-22 05:58:26 0 -rahs---- C:\IO.SYS
2008-04-22 05:58:26 0 --a------ C:\CONFIG.SYS
2008-04-22 05:58:26 0 --a------ C:\AUTOEXEC.BAT
2008-04-22 05:56:45 0 d-------- C:\Program Files\Common Files\MSSoap
2008-04-22 05:56:26 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-22 05:56:13 0 d-------- C:\Program Files\Online Services
2008-04-22 05:56:01 0 d-------- C:\Program Files\MSN Gaming Zone
2008-04-21 22:51:18 0 d-------- C:\Program Files\Common Files\ODBC
2008-04-21 22:51:16 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-04-21 22:50:57 62 --ahs---- C:\Documents and Settings\Nitro\Application Data\desktop.ini
2008-03-19 06:47:00 1845248 --a------ C:\WINDOWS\system32\win32k.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [03/26/2008 04:14 PM C:\WINDOWS\RTHDCPL.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM]
"nwiz"="nwiz.exe" [12/05/2007 01:41 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 01:41 AM]
"Logitech Utility"="Logi_MwX.Exe" [12/17/2003 09:50 AM C:\WINDOWS\LOGI_MWX.EXE]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [04/09/2007 09:23 AM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [03/27/2008 03:35 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [08/24/2007 06:57 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 02:57 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [12/03/2007 02:21 PM]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [11/23/2002 02:15 AM]
"Acrobat Assistant 8.0"="M:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [10/22/2006 11:24 PM]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [03/20/2007 04:40 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 02:41 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/31/2008 11:13 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04/22/2008 06:15 PM]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [12/13/2007 07:10 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [4/26/2008 7:44:04 PM]
Adobe Acrobat Synchronizer.lnk - M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [10/23/2006 12:01:50 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2/19/2006 4:21:22 AM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [4/25/2008 7:38:39 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe




-- End of Deckard's System Scanner: finished at 2008-06-06 00:57:41 ------------
  • 0

#19
fenzodahl512
Posted 06 June 2008 - 06:58 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts

Looking at your system now, one or more of the identified infections is a backdoor Trojan. If this computer is ever used for on-line banking, I suggest you do the following IMMEDIATELY:

  • Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
  • From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.
Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information. Please refrain from using this computer for online-banking/financial purpose until we give it all clear



Hello, thanks for the reply.. Please do the following...

Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
C:\WINDOWS\time.exe
C:\WINDOWS\svcinit.exe
C:\WINDOWS\sistem.exe
C:\WINDOWS\searchword.dll
C:\WINDOWS\rundll16.exe
C:\WINDOWS\quicken.exe
C:\WINDOWS\qttasks.exe
C:\WINDOWS\mswsc20.dll
C:\WINDOWS\mswsc10.dll
C:\WINDOWS\msspi.dll
C:\WINDOWS\msconfd.dll
C:\WINDOWS\inetinf.exe
C:\WINDOWS\helpcvs.exe
C:\WINDOWS\gfmnaaa.dll
C:\WINDOWS\funny.exe
C:\WINDOWS\funniest.exe
C:\WINDOWS\editpad.exe
C:\WINDOWS\dnsrelay.dll
C:\WINDOWS\directx32.exe
C:\WINDOWS\ctrlpan.dll
C:\WINDOWS\ctfmon32.exe
C:\WINDOWS\cpan.dll
EmptyTemp
purity
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Please post the following logs in your next reply..

1. OTMoveIt2
2. A fresh Deckard System Scanner (after OTMoveIt2 step)

Regards
fenzodahl512
  • 0

#20
abryenton
Posted 06 June 2008 - 06:42 PM

abryenton

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
OTmove log:

Explorer killed successfully
File/Folder C:\WINDOWS\time.exe not found.
File/Folder C:\WINDOWS\svcinit.exe not found.
File/Folder C:\WINDOWS\sistem.exe not found.
File/Folder C:\WINDOWS\searchword.dll not found.
File/Folder C:\WINDOWS\rundll16.exe not found.
File/Folder C:\WINDOWS\quicken.exe not found.
File/Folder C:\WINDOWS\qttasks.exe not found.
File/Folder C:\WINDOWS\mswsc20.dll not found.
File/Folder C:\WINDOWS\mswsc10.dll not found.
File/Folder C:\WINDOWS\msspi.dll not found.
File/Folder C:\WINDOWS\msconfd.dll not found.
File/Folder C:\WINDOWS\inetinf.exe not found.
File/Folder C:\WINDOWS\helpcvs.exe not found.
File/Folder C:\WINDOWS\gfmnaaa.dll not found.
File/Folder C:\WINDOWS\funny.exe not found.
File/Folder C:\WINDOWS\funniest.exe not found.
File/Folder C:\WINDOWS\editpad.exe not found.
File/Folder C:\WINDOWS\dnsrelay.dll not found.
File/Folder C:\WINDOWS\directx32.exe not found.
LoadLibrary failed for C:\WINDOWS\ctrlpan.dll
C:\WINDOWS\ctrlpan.dll NOT unregistered.
C:\WINDOWS\ctrlpan.dll moved successfully.
C:\WINDOWS\ctfmon32.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\cpan.dll
C:\WINDOWS\cpan.dll NOT unregistered.
C:\WINDOWS\cpan.dll moved successfully.
< EmptyTemp >
File delete failed. C:\DOCUME~1\Nitro\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_VdJAwHPTCsNKPJS scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_830.dat scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06062008_213351

Files moved on Reboot...
C:\DOCUME~1\Nitro\LOCALS~1\Temp\hpodvd09.log moved successfully.
C:\WINDOWS\temp\mcmsc_VdJAwHPTCsNKPJS moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_830.dat moved successfully.



DSS Log:

facDeckard's System Scanner v20071014.68
Run by Nitro on 2008-06-06 21:42:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Nitro.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:42:25 PM, on 6/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\notepad.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
M:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Documents and Settings\Nitro\Desktop\dss.exe
C:\HJT\Nitro.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.forceunleashed.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "M:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Append to existing PDF - res://M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MBAMService (mbamservice) - Malwarebytes - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

--
End of file - 10164 bytes

-- Files created between 2008-05-06 and 2008-06-06 -----------------------------

2008-06-01 00:25:27 0 d-------- C:\cmdcons
2008-05-26 21:13:33 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-23 01:23:02 68096 --a------ C:\WINDOWS\zip.exe
2008-05-23 01:23:02 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-23 01:23:02 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-23 01:23:02 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-23 01:23:02 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-23 01:23:02 98816 --a------ C:\WINDOWS\sed.exe
2008-05-23 01:23:02 80412 --a------ C:\WINDOWS\grep.exe
2008-05-23 01:23:02 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-21 21:26:18 0 d-------- C:\WINDOWS\ERUNT
2008-05-21 03:04:41 0 d-------- C:\Documents and Settings\Nitro\Application Data\TrojanHunter
2008-05-20 23:31:44 0 d-------- C:\Program Files\TrojanHunter 5.0
2008-05-19 22:34:40 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-19 22:34:13 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-19 22:34:13 0 d-------- C:\Documents and Settings\Nitro\Application Data\SUPERAntiSpyware.com
2008-05-19 21:57:12 0 dr-h----- C:\Documents and Settings\Nitro\Recent
2008-05-19 19:41:01 0 d-------- C:\WINDOWS\Prefetch
2008-05-18 20:20:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-18 16:02:56 0 d-------- C:\WINDOWS\system32\scripting
2008-05-18 16:02:55 0 d-------- C:\WINDOWS\system32\en
2008-05-18 16:02:55 0 d-------- C:\WINDOWS\system32\bits
2008-05-18 16:02:55 0 d-------- C:\WINDOWS\l2schemas
2008-05-18 15:56:44 0 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-05-18 01:16:15 4 --a------ C:\WINDOWS\system32\hljwugsf.bin
2008-05-18 01:15:48 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-17 00:24:27 0 d-------- C:\HJT
2008-05-17 00:16:31 0 d-------- C:\Program Files\Microsoft Works
2008-05-17 00:16:21 0 d-------- C:\Program Files\MSBuild
2008-05-17 00:15:16 0 d-------- C:\Program Files\Microsoft.NET
2008-05-17 00:13:16 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-17 00:12:31 0 d-------- C:\WINDOWS\SHELLNEW
2008-05-17 00:12:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-17 00:11:51 0 dr-h----- C:\MSOCache
2008-05-16 03:57:10 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-05-15 20:53:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-05-15 19:53:12 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
2008-05-15 19:33:31 1160 --a------ C:\WINDOWS\mozver.dat
2008-05-15 15:28:18 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-05-15 15:21:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\Nero
2008-05-15 15:21:27 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-15 15:21:27 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-15 15:21:27 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-15 15:21:27 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-05-15 15:21:27 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-05-15 15:21:27 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-15 15:21:27 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-05-15 15:21:27 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-05-15 15:21:27 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-15 15:21:27 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-05-15 15:21:27 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-15 15:21:27 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-05-15 15:21:27 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-15 15:21:27 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-15 01:52:46 0 d-------- C:\WINDOWS\Application Data
2008-05-15 00:16:41 326368 --a------ C:\amt1
2008-05-15 00:08:08 102400 --a------ C:\WINDOWS\system32\cwsmaf40.dll
2008-05-15 00:08:08 511488 --a------ C:\WINDOWS\system32\cwmdtl50a.dll
2008-05-15 00:08:08 0 d-------- C:\Program Files\Coding Workshop Ringtone Converter
2008-05-14 22:35:11 0 d-------- C:\WINDOWS\system32\appmgmt
2008-05-12 20:02:11 0 d-------- C:\Documents and Settings\Nitro\Application Data\CSOdessa
2008-05-12 20:01:24 0 d-------- C:\Program Files\CS Odessa
2008-05-11 15:22:19 0 d-------- C:\WINDOWS\system32\QuickTime
2008-05-11 15:22:12 0 d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2008-05-11 15:22:02 0 d-------- C:\Program Files\Common Files\TechSmith Shared
2008-05-11 15:21:59 0 d-------- C:\Program Files\TechSmith
2008-05-10 21:57:23 0 d-------- C:\Program Files\EDraw Max
2008-05-10 20:29:16 0 d-------- C:\WINDOWS\system32\URTTemp
2008-05-10 19:42:51 0 d-------- C:\Program Files\IGC
2008-05-10 18:52:53 0 d-------- C:\Documents and Settings\Nitro\Application Data\Apple Computer
2008-05-10 18:50:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-10 18:50:40 0 d-------- C:\Program Files\Apple Software Update
2008-05-10 18:50:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-10 17:13:23 0 d-------- C:\Documents and Settings\Nitro\Application Data\DivX
2008-05-10 17:12:49 0 d-------- C:\Program Files\DivX
2008-05-09 00:04:01 0 d-------- C:\Program Files\IMSI
2008-05-08 23:58:49 0 d-------- C:\Program Files\MagicISO
2008-05-08 19:50:18 0 d-------- C:\WINDOWS\system32\LogFiles
2008-05-06 22:15:14 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-06 22:15:11 0 d-------- C:\Documents and Settings\Nitro\Application Data\Mozilla


-- Find3M Report ---------------------------------------------------------------

2008-06-02 18:10:49 0 d-------- C:\Documents and Settings\Nitro\Application Data\uTorrent
2008-06-02 00:42:05 0 d-------- C:\Program Files\Common Files
2008-06-02 00:39:50 0 d-------- C:\Program Files\Google
2008-05-29 18:49:01 0 d-------- C:\Documents and Settings\Nitro\Application Data\Adobe
2008-05-28 23:50:35 0 d-------- C:\Documents and Settings\Nitro\Application Data\Vso
2008-05-23 01:43:10 0 d-------- C:\Program Files\SiteAdvisor
2008-05-18 16:06:32 0 d-------- C:\Program Files\Messenger
2008-05-18 16:05:38 0 d-------- C:\Program Files\Windows NT
2008-05-18 16:05:37 0 d-------- C:\Program Files\Movie Maker
2008-05-18 01:19:46 0 d-------- C:\Program Files\Driver Magician
2008-05-15 19:53:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-10 19:48:43 0 d-------- C:\Documents and Settings\Nitro\Application Data\Microsoft Games
2008-05-10 18:51:15 0 d-------- C:\Program Files\QuickTime
2008-05-09 21:58:09 0 d-------- C:\Program Files\SmartDraw 2008
2008-04-30 23:45:22 0 d-------- C:\Documents and Settings\Nitro\Application Data\HP
2008-04-30 23:40:22 117132 --a------ C:\WINDOWS\hpoins11.dat
2008-04-30 23:26:16 0 d-------- C:\Program Files\Common Files\HP
2008-04-30 23:26:13 0 d-------- C:\Program Files\HP
2008-04-30 23:23:56 0 d-------- C:\Program Files\Hewlett-Packard
2008-04-30 23:23:05 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-04-29 20:53:37 0 d-------- C:\Documents and Settings\Nitro\Application Data\SiteAdvisor
2008-04-29 00:23:53 0 d-------- C:\Documents and Settings\Nitro\Application Data\SmartDraw
2008-04-26 19:57:01 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-26 19:54:36 0 d-------- C:\Program Files\Common Files\Control Panels
2008-04-26 19:33:46 0 d-------- C:\Program Files\Bonjour
2008-04-26 19:23:37 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-25 19:40:43 0 d-------- C:\Program Files\VID_0E8F&PID_0003
2008-04-25 19:38:30 0 d-------- C:\Program Files\Logitech
2008-04-25 19:37:42 0 d-------- C:\Program Files\Common Files\Logitech
2008-04-25 18:43:41 0 d-------- C:\Documents and Settings\Nitro\Application Data\Notepad++
2008-04-25 18:43:37 0 d-------- C:\Program Files\Notepad++
2008-04-25 18:00:20 0 d-------- C:\Program Files\Windows Live
2008-04-25 18:00:07 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-24 19:25:01 0 d-------- C:\Documents and Settings\Nitro\Application Data\Malwarebytes
2008-04-24 00:39:34 0 d-------- C:\Program Files\McAfee
2008-04-23 21:27:13 0 d-------- C:\Documents and Settings\Nitro\Application Data\Nero
2008-04-23 21:26:05 0 d-------- C:\Program Files\Common Files\Nero
2008-04-23 21:24:41 0 d-------- C:\Program Files\Nero
2008-04-23 19:51:50 0 d-------- C:\Program Files\Trend Micro
2008-04-23 19:22:48 0 d-------- C:\Documents and Settings\Nitro\Application Data\Winamp
2008-04-23 19:19:57 0 d-------- C:\Program Files\Common Files\McAfee
2008-04-23 19:19:46 0 d-------- C:\Program Files\McAfee.com
2008-04-23 19:17:58 0 d-------- C:\Program Files\Winamp
2008-04-23 19:07:51 34 --a------ C:\Documents and Settings\Nitro\Application Data\pcouffin.log
2008-04-23 19:07:50 47360 --a------ C:\Documents and Settings\Nitro\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-04-23 19:07:50 1144 --a------ C:\Documents and Settings\Nitro\Application Data\pcouffin.inf
2008-04-23 19:07:50 7887 --a------ C:\Documents and Settings\Nitro\Application Data\pcouffin.cat
2008-04-23 19:07:47 0 d-------- C:\Program Files\VSO
2008-04-23 18:49:04 0 d-------- C:\Program Files\PowerISO
2008-04-23 18:48:08 0 d-------- C:\Documents and Settings\Nitro\Application Data\WinRAR
2008-04-23 01:47:53 0 d-------- C:\Documents and Settings\Nitro\Application Data\GlobalSCAPE
2008-04-23 01:47:46 0 d-------- C:\Program Files\GlobalSCAPE
2008-04-23 01:00:36 0 d-------- C:\Program Files\CONEXANT
2008-04-23 00:55:24 0 d-------- C:\Program Files\WinTV
2008-04-22 23:47:27 0 d-------- C:\Program Files\DIFX
2008-04-22 23:42:03 0 d-------- C:\Program Files\NVIDIA Corporation
2008-04-22 22:53:20 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-22 22:05:02 0 d-------- C:\Documents and Settings\Nitro\Application Data\InstallShield
2008-04-22 20:25:17 0 d-------- C:\Program Files\uTorrent
2008-04-22 19:33:09 0 d-------- C:\Documents and Settings\Nitro\Application Data\Macromedia
2008-04-22 19:27:56 0 d-------- C:\Program Files\XPC Tools
2008-04-22 18:43:22 0 d-------- C:\Program Files\Realtek
2008-04-22 18:41:20 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-22 18:16:27 0 d-------- C:\Documents and Settings\Nitro\Application Data\Google
2008-04-22 18:11:29 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-04-22 06:01:44 0 d-------- C:\Documents and Settings\Nitro\Application Data\Identities
2008-04-22 05:58:36 0 d-------- C:\Program Files\microsoft frontpage
2008-04-22 05:58:26 0 -rahs---- C:\MSDOS.SYS
2008-04-22 05:58:26 0 -rahs---- C:\IO.SYS
2008-04-22 05:58:26 0 --a------ C:\CONFIG.SYS
2008-04-22 05:58:26 0 --a------ C:\AUTOEXEC.BAT
2008-04-22 05:56:45 0 d-------- C:\Program Files\Common Files\MSSoap
2008-04-22 05:56:26 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-22 05:56:13 0 d-------- C:\Program Files\Online Services
2008-04-22 05:56:01 0 d-------- C:\Program Files\MSN Gaming Zone
2008-04-21 22:51:18 0 d-------- C:\Program Files\Common Files\ODBC
2008-04-21 22:51:16 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-04-21 22:50:57 62 --ahs---- C:\Documents and Settings\Nitro\Application Data\desktop.ini
2008-03-19 06:47:00 1845248 --a------ C:\WINDOWS\system32\win32k.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [03/26/2008 04:14 PM C:\WINDOWS\RTHDCPL.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM]
"nwiz"="nwiz.exe" [12/05/2007 01:41 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 01:41 AM]
"Logitech Utility"="Logi_MwX.Exe" [12/17/2003 09:50 AM C:\WINDOWS\LOGI_MWX.EXE]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [04/09/2007 09:23 AM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [03/27/2008 03:35 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [08/24/2007 06:57 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 02:57 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [12/03/2007 02:21 PM]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [11/23/2002 02:15 AM]
"Acrobat Assistant 8.0"="M:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [10/22/2006 11:24 PM]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [03/20/2007 04:40 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 02:41 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/31/2008 11:13 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04/22/2008 06:15 PM]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [12/13/2007 07:10 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [4/26/2008 7:44:04 PM]
Adobe Acrobat Synchronizer.lnk - M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [10/23/2006 12:01:50 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2/19/2006 4:21:22 AM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [4/25/2008 7:38:39 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe




-- End of Deckard's System Scanner: finished at 2008-06-06 21:43:27 ------------
  • 0

#21
fenzodahl512
Posted 07 June 2008 - 01:15 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Also tell me about your computer condition..


Regards
fenzodahl512
  • 0

#22
abryenton
Posted 08 June 2008 - 05:55 PM

abryenton

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
That scanner picked up a bunch. A lot of good it was of me buying McAfee Internet Security....

My condition is better than it was, but a lot of programs are still freezing when I try to open them.

Online Scanner log:

KASPERSKY ONLINE SCANNER REPORT
Sunday, June 08, 2008 8:52:44 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 8/06/2008
Kaspersky Anti-Virus database records: 838608
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\
N:\
O:\
Scan Statistics
Total number of scanned objects 539965
Number of viruses found 17
Number of infected objects 31
Number of suspicious objects 6
Duration of the scan process 07:20:47

Infected Object Name Virus Name Last Action
C:\Deckard\System Scanner\20080606005616\backup\DOCUME~1\Nitro\LOCALS~1\Temp\FlashInstaller.exe Infected: not-a-virus:AdWare.Win32.Agent.adt skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC13.zip/win64.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC13.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC4.zip/systemcritical.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC4.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC9.zip/y.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC9.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Nitro\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Nitro\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\Nitro\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\Nitro\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Nitro\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Nitro\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Nitro\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Nitro\Local Settings\History\History.IE5\MSHist012008060820080609\index.dat Object is locked skipped
C:\Documents and Settings\Nitro\Local Settings\temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Nitro\Local Settings\temp\~DF635A.tmp Object is locked skipped
C:\Documents and Settings\Nitro\Local Settings\temp\~DF6371.tmp Object is locked skipped
C:\Documents and Settings\Nitro\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Nitro\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Nitro\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Nitro\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Nero\Nero8\Nero BackItUp\BIU1.txt Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\dwsxleot.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.trg skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\elqdiwao.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.srg skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\noeujqfw.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.srg skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ruscvrau.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\catchme2008-05-23_ 13015.93.zip/clbdriver.sys Infected: Trojan.Win32.DNSChanger.dds skipped
C:\QooBox\Quarantine\catchme2008-05-23_ 13015.93.zip/clbdll.dll Infected: Trojan.Win32.Agent.gna skipped
C:\QooBox\Quarantine\catchme2008-05-23_ 13015.93.zip/awtqoMdd.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.rcq skipped
C:\QooBox\Quarantine\catchme2008-05-23_ 13015.93.zip ZIP: infected - 3 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP10\A0022060.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP13\A0024213.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.trg skipped
C:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP13\A0024214.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.srg skipped
C:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP13\A0024217.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.srg skipped
C:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP13\A0024219.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP26\change.log Object is locked skipped
C:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP9\A0001353.exe Infected: Trojan-Downloader.Win32.Agent.pes skipped
C:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP9\A0007358.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.sbz skipped
C:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP9\A0007360.exe Infected: Trojan-Downloader.Win32.Agent.plz skipped
C:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP9\A0007361.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.sce skipped
C:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP9\A0007362.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.rcq skipped
C:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP9\A0022010.exe Infected: Trojan-Downloader.Win32.Small.vla skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcmsc_MjGMgkg6x2r0Fu0 Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_7c0.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
K:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
L:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
M:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
M:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP1\A0000011.exe/data0000.cab/001.exe Infected: Trojan-Downloader.Win32.Agent.phr skipped
M:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP1\A0000011.exe/data0000.cab Infected: Trojan-Downloader.Win32.Agent.phr skipped
M:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP1\A0000011.exe Rsrc-Package: infected - 2 skipped
M:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP25\A0040480.exe/update.exe Infected: Trojan.Win32.Monder.ld skipped
M:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP25\A0040480.exe CAB: infected - 1 skipped
O:\Program Zips\Ahead.Nero.v8.2.8.0-EMBRACE\Nero-8.2.8.0_eng_trial.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
O:\Program Zips\Ahead.Nero.v8.2.8.0-EMBRACE\Nero-8.2.8.0_eng_trial.exe 7-Zip: infected - 1 skipped
O:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
O:\Web Design\19 GB Templates\15,000_ebooks.zip/ebooks_b/ADWIZARD.zip/ADWIZARD.exe/advert.dll Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
O:\Web Design\19 GB Templates\15,000_ebooks.zip/ebooks_b/ADWIZARD.zip/ADWIZARD.exe Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
O:\Web Design\19 GB Templates\15,000_ebooks.zip/ebooks_b/ADWIZARD.zip Infected: not-a-virus:AdWare.Win32.Aureate.a skipped
O:\Web Design\19 GB Templates\15,000_ebooks.zip ZIP: infected - 3 skipped
Scan process completed.
  • 0

#23
fenzodahl512
Posted 09 June 2008 - 11:44 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC13.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC4.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC9.zip
O:\Program Zips\Ahead.Nero.v8.2.8.0-EMBRACE\Nero-8.2.8.0_eng_trial.exe
O:\Web Design\19 GB Templates\15,000_ebooks.zip
EmptyTemp
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




NEXT


Please download Dr.Web CureIt to the Desktop:
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, please do a re-scan.. This time, choose Complete Scan
  • Click the green arrow button at the right, and the scan will start.
  • After the scan finished, click Select all
  • Click on Cure and choose Move incurable
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your Desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.



Please post the following logs in your next reply..

1. OTMoveIt2
2. Dr.Web
3. A fresh Deckard System Scanner (after Dr.Web step)


Regards
fenzodahl512

Edited by fenzodahl512, 09 June 2008 - 11:44 AM.

  • 0

#24
abryenton
Posted 11 June 2008 - 10:42 PM

abryenton

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Things are still freezing on me. I can't seem to play any music at all, everytime I try to play a song the program freezes, this happens with a bunch of programs.

OT log:

Explorer killed successfully
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC13.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC4.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC9.zip moved successfully.
O:\Program Zips\Ahead.Nero.v8.2.8.0-EMBRACE\Nero-8.2.8.0_eng_trial.exe moved successfully.
O:\Web Design\19 GB Templates\15,000_ebooks.zip moved successfully.
< EmptyTemp >
File delete failed. C:\DOCUME~1\Nitro\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nitro\LOCALS~1\Temp\~DF51FC.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nitro\LOCALS~1\Temp\~DF635A.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nitro\LOCALS~1\Temp\~DF6371.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_MjGMgkg6x2r0Fu0 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7c0.dat scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06102008_002341

Files moved on Reboot...
C:\DOCUME~1\Nitro\LOCALS~1\Temp\hpodvd09.log moved successfully.
C:\DOCUME~1\Nitro\LOCALS~1\Temp\~DF51FC.tmp moved successfully.
File C:\DOCUME~1\Nitro\LOCALS~1\Temp\~DF635A.tmp not found!
File C:\DOCUME~1\Nitro\LOCALS~1\Temp\~DF6371.tmp not found!
File C:\WINDOWS\temp\mcmsc_MjGMgkg6x2r0Fu0 not found!
File C:\WINDOWS\temp\Perflib_Perfdata_7c0.dat not found!




Cureit log:

14846.dll;C:\Documents and Settings\Nitro\Application Data\Microsoft\dtsc;Trojan.Uploader.24578;Deleted.;
20694.dll;C:\Documents and Settings\Nitro\Application Data\Microsoft\dtsc;Trojan.Uploader.24579;Deleted.;
27913.dll;C:\Documents and Settings\Nitro\Application Data\Microsoft\dtsc;Trojan.Uploader.24577;Deleted.;
Combo-Fix.exe\327882R2FWJFW\FIND3M.bat;C:\Documents and Settings\Nitro\Desktop\Combo-Fix.exe;Probably SCRIPT.Virus;;
Combo-Fix.exe\327882R2FWJFW\psexec.cfexe;C:\Documents and Settings\Nitro\Desktop\Combo-Fix.exe;Program.PsExec.171;;
Combo-Fix.exe;C:\Documents and Settings\Nitro\Desktop;Archive contains infected objects;Moved.;
SDFix.exe\SDFix\apps\Process.exe;C:\Documents and Settings\Nitro\Desktop\SDFix.exe;Tool.Prockill;;
SDFix.exe;C:\Documents and Settings\Nitro\Desktop;Archive contains infected objects;Moved.;
catchme2008-05-23_ 13015.93.zip\clbdriver.sys;C:\QooBox\Quarantine\catchme2008-05-23_ 13015.93.zip;Trojan.NtRootKit.1156;;
catchme2008-05-23_ 13015.93.zip\awtqoMdd.dll;C:\QooBox\Quarantine\catchme2008-05-23_ 13015.93.zip;Trojan.Virtumod.based.11;;
catchme2008-05-23_ 13015.93.zip;C:\QooBox\Quarantine;Archive contains infected objects;Moved.;
dwsxleot.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.based.11;Incurable.Moved.;
elqdiwao.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.based.11;Incurable.Moved.;
noeujqfw.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.based.11;Incurable.Moved.;
ruscvrau.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.based.11;Incurable.Moved.;
A0022060.dll;C:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP10;Trojan.Virtumod.402;Deleted.;
A0024213.dll;C:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP13;Trojan.Virtumod.based.11;Incurable.Moved.;
A0024214.dll;C:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP13;Trojan.Virtumod.based.11;Incurable.Moved.;
A0024217.dll;C:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP13;Trojan.Virtumod.based.11;Incurable.Moved.;
A0024219.dll;C:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP13;Trojan.Virtumod.based.11;Incurable.Moved.;
A0024248.exe\327882R2FWJFW\FIND3M.bat;C:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP13\A0024248.exe;Probably SCRIPT.Virus;;
A0024248.exe\327882R2FWJFW\psexec.cfexe;C:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP13\A0024248.exe;Program.PsExec.171;;
A0024248.exe;C:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP13;Archive contains infected objects;Moved.;
A0024249.exe\327882R2FWJFW\FIND3M.bat;C:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP13\A0024249.exe;Probably SCRIPT.Virus;;
A0024249.exe\327882R2FWJFW\psexec.cfexe;C:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP13\A0024249.exe;Program.PsExec.171;;
A0024249.exe;C:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP13;Archive contains infected objects;Moved.;
A0024255.EXE;C:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP13;Program.PsExec.170;Incurable.Deleted.;
A0024264.bat;C:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP13;Probably SCRIPT.Virus;Incurable.Deleted.;
A0027241.bat;C:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP16;Probably SCRIPT.Virus;Incurable.Deleted.;
A0027295.EXE;C:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP16;Program.PsExec.170;Incurable.Deleted.;
A0027318.EXE;C:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP16;Program.PsExec.170;Incurable.Deleted.;
A0027327.bat;C:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP16;Probably SCRIPT.Virus;Incurable.Deleted.;
A0031333.EXE;C:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP17;Program.PsExec.170;Incurable.Deleted.;
A0031342.bat;C:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP17;Probably SCRIPT.Virus;Incurable.Deleted.;
A0036347.exe;C:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP19;Tool.Prockill;Incurable.Deleted.;
A0036387.bat;C:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP21;Probably SCRIPT.Virus;Incurable.Deleted.;
A0036472.EXE;C:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP22;Program.PsExec.170;Incurable.Deleted.;
A0036481.bat;C:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP22;Probably SCRIPT.Virus;Incurable.Deleted.;
A0048594.dll;C:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP29;Trojan.Uploader.24578;Deleted.;
A0048595.dll;C:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP29;Trojan.Uploader.24579;Deleted.;
A0048596.dll;C:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP29;Trojan.Uploader.24577;Deleted.;
A0048597.exe\327882R2FWJFW\FIND3M.bat;C:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP29\A0048597.exe;Probably SCRIPT.Virus;;
A0048597.exe\327882R2FWJFW\psexec.cfexe;C:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP29\A0048597.exe;Program.PsExec.171;;
A0048597.exe;C:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP29;Archive contains infected objects;Moved.;
A0048598.exe\SDFix\apps\Process.exe;C:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP29\A0048598.exe;Tool.Prockill;;
A0048598.exe;C:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP29;Archive contains infected objects;Moved.;
A0007360.exe;C:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP9;Trojan.DownLoader.61691;Deleted.;
A0007361.dll;C:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP9;Trojan.Virtumod.based.11;Incurable.Moved.;
A0007362.dll;C:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP9;Trojan.Virtumod.based.11;Incurable.Moved.;
A0022010.exe;C:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP9;Trojan.DownLoader.47443;Deleted.;
ADWIZARD.exe\advert.dll;C:\_OTMoveIt\MovedFiles\06102008_002341\Web Design\19 GB Templates\15 000_ebooks.zip\ebooks_b/ADWIZARD.zip\ADWIZARD.exe;Adware.Aureate;;
ADWIZARD.exe;C:\_OTMoveIt\MovedFiles\06102008_002341\Web Design\19 GB Templates\15 000_ebooks.zip\ebooks_b/ADWIZARD.zip;Archive contains infected objects;;
ebooks_b/ADWIZARD.zip;C:\_OTMoveIt\MovedFiles\06102008_002341\Web Design\19 GB Templates\15 000_ebooks.zip;Archive contains infected objects;;
webgold.exe\data035;C:\_OTMoveIt\MovedFiles\06102008_002341\Web Design\19 GB Templates\15 000_ebooks.zip\ebooks_b/bonuses2.zip\webgold.exe;Win32.HLLM.Graz;;
webgold.exe;C:\_OTMoveIt\MovedFiles\06102008_002341\Web Design\19 GB Templates\15 000_ebooks.zip\ebooks_b/bonuses2.zip;Archive contains infected objects;;
ebooks_b/bonuses2.zip;C:\_OTMoveIt\MovedFiles\06102008_002341\Web Design\19 GB Templates\15 000_ebooks.zip;Archive contains infected objects;;
15 000_ebooks.zip;C:\_OTMoveIt\MovedFiles\06102008_002341\Web Design\19 GB Templates;Archive contains infected objects;Moved.;
A0000011.exe\001.exe;M:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP1\A0000011.exe;Trojan.Virtumod.based.11;;
A0000011.exe;M:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP1;Archive contains infected objects;Moved.;
WinAVI.Video.Converter.v8.0.Incl.Keymaker-CORE.rar\keygen.exe;O:\Program Zips\WinAVI.Video.Converter.v8.0-CORE\WinAVI.Video.Converter.v8.0.Incl.Keymaker-CORE.rar;Trojan.Baram.2;;
WinAVI.Video.Converter.v8.0.Incl.Keymaker-CORE.rar;O:\Program Zips\WinAVI.Video.Converter.v8.0-CORE;Archive contains infected objects;Moved.;
A0048600.exe;O:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP29;BackDoor.IRC.Sdbot.3564;Deleted.;
A0048601.exe;O:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP29;BackDoor.IRC.Sdbot.3564;Deleted.;
A0048602.exe;O:\System Volume Information\_restore{3AE34D90-0539-47CD-A219-BCD6A54BCC8B}\RP29;BackDoor.IRC.Sdbot.3564;Deleted.;




Deckards log:

Deckard's System Scanner v20071014.68
Run by Nitro on 2008-06-12 01:42:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Nitro.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:42:16 AM, on 6/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
M:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Documents and Settings\Nitro\Desktop\dss.exe
C:\HJT\Nitro.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.forceunleashed.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "M:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Append to existing PDF - res://M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MBAMService (mbamservice) - Malwarebytes - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

--
End of file - 10411 bytes

-- Files created between 2008-05-12 and 2008-06-12 -----------------------------

2008-06-10 18:14:35 0 d-------- C:\Documents and Settings\Nitro\DoctorWeb
2008-06-08 00:54:47 0 d-------- C:\WINDOWS\Prefetch
2008-06-07 21:37:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-07 21:36:57 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-06 21:56:26 0 d-------- C:\Program Files\Video Watermark Factory
2008-06-01 00:25:27 0 d-------- C:\cmdcons
2008-05-26 21:13:33 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-23 01:23:02 68096 --a------ C:\WINDOWS\zip.exe
2008-05-23 01:23:02 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-23 01:23:02 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-23 01:23:02 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-23 01:23:02 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-23 01:23:02 98816 --a------ C:\WINDOWS\sed.exe
2008-05-23 01:23:02 80412 --a------ C:\WINDOWS\grep.exe
2008-05-23 01:23:02 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-21 21:26:18 0 d-------- C:\WINDOWS\ERUNT
2008-05-21 03:04:41 0 d-------- C:\Documents and Settings\Nitro\Application Data\TrojanHunter
2008-05-20 23:31:44 0 d-------- C:\Program Files\TrojanHunter 5.0
2008-05-19 22:34:40 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-19 22:34:13 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-19 22:34:13 0 d-------- C:\Documents and Settings\Nitro\Application Data\SUPERAntiSpyware.com
2008-05-19 21:57:12 0 dr-h----- C:\Documents and Settings\Nitro\Recent
2008-05-18 20:20:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-18 16:02:56 0 d-------- C:\WINDOWS\system32\scripting
2008-05-18 16:02:55 0 d-------- C:\WINDOWS\system32\en
2008-05-18 16:02:55 0 d-------- C:\WINDOWS\system32\bits
2008-05-18 16:02:55 0 d-------- C:\WINDOWS\l2schemas
2008-05-18 15:56:44 0 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-05-18 01:16:15 4 --a------ C:\WINDOWS\system32\hljwugsf.bin
2008-05-18 01:15:48 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-17 00:24:27 0 d-------- C:\HJT
2008-05-17 00:16:31 0 d-------- C:\Program Files\Microsoft Works
2008-05-17 00:16:21 0 d-------- C:\Program Files\MSBuild
2008-05-17 00:15:16 0 d-------- C:\Program Files\Microsoft.NET
2008-05-17 00:13:16 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-17 00:12:31 0 d-------- C:\WINDOWS\SHELLNEW
2008-05-17 00:12:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-17 00:11:51 0 dr-h----- C:\MSOCache
2008-05-16 03:57:10 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-05-15 20:53:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-05-15 19:53:12 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
2008-05-15 19:33:31 1160 --a------ C:\WINDOWS\mozver.dat
2008-05-15 15:28:18 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-05-15 15:21:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\Nero
2008-05-15 15:21:27 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-15 15:21:27 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-15 15:21:27 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-15 15:21:27 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-05-15 15:21:27 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-05-15 15:21:27 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-15 15:21:27 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-05-15 15:21:27 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-05-15 15:21:27 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-15 15:21:27 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-05-15 15:21:27 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-15 15:21:27 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-05-15 15:21:27 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-15 15:21:27 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-15 01:52:46 0 d-------- C:\WINDOWS\Application Data
2008-05-15 00:16:41 326368 --a------ C:\amt1
2008-05-15 00:08:08 102400 --a------ C:\WINDOWS\system32\cwsmaf40.dll
2008-05-15 00:08:08 511488 --a------ C:\WINDOWS\system32\cwmdtl50a.dll
2008-05-15 00:08:08 0 d-------- C:\Program Files\Coding Workshop Ringtone Converter
2008-05-14 22:35:11 0 d-------- C:\WINDOWS\system32\appmgmt
2008-05-12 20:02:11 0 d-------- C:\Documents and Settings\Nitro\Application Data\CSOdessa
2008-05-12 20:01:24 0 d-------- C:\Program Files\CS Odessa


-- Find3M Report ---------------------------------------------------------------

2008-06-07 21:51:01 0 d-------- C:\Documents and Settings\Nitro\Application Data\Adobe
2008-06-02 18:10:49 0 d-------- C:\Documents and Settings\Nitro\Application Data\uTorrent
2008-06-02 00:42:05 0 d-------- C:\Program Files\Common Files
2008-06-02 00:39:50 0 d-------- C:\Program Files\Google
2008-05-28 23:50:35 0 d-------- C:\Documents and Settings\Nitro\Application Data\Vso
2008-05-23 01:43:10 0 d-------- C:\Program Files\SiteAdvisor
2008-05-18 16:06:32 0 d-------- C:\Program Files\Messenger
2008-05-18 16:05:38 0 d-------- C:\Program Files\Windows NT
2008-05-18 16:05:37 0 d-------- C:\Program Files\Movie Maker
2008-05-18 01:19:46 0 d-------- C:\Program Files\Driver Magician
2008-05-15 19:53:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-11 15:22:02 0 d-------- C:\Program Files\Common Files\TechSmith Shared
2008-05-11 15:21:59 0 d-------- C:\Program Files\TechSmith
2008-05-10 22:54:07 0 d-------- C:\Program Files\EDraw Max
2008-05-10 19:48:43 0 d-------- C:\Documents and Settings\Nitro\Application Data\Microsoft Games
2008-05-10 19:47:23 0 d-------- C:\Program Files\DivX
2008-05-10 19:42:51 0 d-------- C:\Program Files\IGC
2008-05-10 18:52:53 0 d-------- C:\Documents and Settings\Nitro\Application Data\Apple Computer
2008-05-10 18:51:15 0 d-------- C:\Program Files\QuickTime
2008-05-10 18:50:41 0 d-------- C:\Program Files\Apple Software Update
2008-05-10 17:17:37 0 d-------- C:\Documents and Settings\Nitro\Application Data\DivX
2008-05-09 21:58:09 0 d-------- C:\Program Files\SmartDraw 2008
2008-05-09 21:55:31 0 d-------- C:\Program Files\MagicISO
2008-05-09 00:04:01 0 d-------- C:\Program Files\IMSI
2008-05-06 22:15:14 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-06 22:15:11 0 d-------- C:\Documents and Settings\Nitro\Application Data\Mozilla
2008-04-30 23:45:22 0 d-------- C:\Documents and Settings\Nitro\Application Data\HP
2008-04-30 23:40:22 117132 --a------ C:\WINDOWS\hpoins11.dat
2008-04-30 23:26:16 0 d-------- C:\Program Files\Common Files\HP
2008-04-30 23:26:13 0 d-------- C:\Program Files\HP
2008-04-30 23:23:56 0 d-------- C:\Program Files\Hewlett-Packard
2008-04-30 23:23:05 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-04-29 20:53:37 0 d-------- C:\Documents and Settings\Nitro\Application Data\SiteAdvisor
2008-04-29 00:23:53 0 d-------- C:\Documents and Settings\Nitro\Application Data\SmartDraw
2008-04-26 19:57:01 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-26 19:54:36 0 d-------- C:\Program Files\Common Files\Control Panels
2008-04-26 19:33:46 0 d-------- C:\Program Files\Bonjour
2008-04-26 19:23:37 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-25 19:40:43 0 d-------- C:\Program Files\VID_0E8F&PID_0003
2008-04-25 19:38:30 0 d-------- C:\Program Files\Logitech
2008-04-25 19:37:42 0 d-------- C:\Program Files\Common Files\Logitech
2008-04-25 18:43:41 0 d-------- C:\Documents and Settings\Nitro\Application Data\Notepad++
2008-04-25 18:43:37 0 d-------- C:\Program Files\Notepad++
2008-04-25 18:00:20 0 d-------- C:\Program Files\Windows Live
2008-04-25 18:00:07 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-24 19:25:01 0 d-------- C:\Documents and Settings\Nitro\Application Data\Malwarebytes
2008-04-24 00:39:34 0 d-------- C:\Program Files\McAfee
2008-04-23 21:27:13 0 d-------- C:\Documents and Settings\Nitro\Application Data\Nero
2008-04-23 21:26:05 0 d-------- C:\Program Files\Common Files\Nero
2008-04-23 21:24:41 0 d-------- C:\Program Files\Nero
2008-04-23 19:51:50 0 d-------- C:\Program Files\Trend Micro
2008-04-23 19:22:48 0 d-------- C:\Documents and Settings\Nitro\Application Data\Winamp
2008-04-23 19:19:57 0 d-------- C:\Program Files\Common Files\McAfee
2008-04-23 19:19:46 0 d-------- C:\Program Files\McAfee.com
2008-04-23 19:17:58 0 d-------- C:\Program Files\Winamp
2008-04-23 19:07:51 34 --a------ C:\Documents and Settings\Nitro\Application Data\pcouffin.log
2008-04-23 19:07:50 47360 --a------ C:\Documents and Settings\Nitro\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-04-23 19:07:50 1144 --a------ C:\Documents and Settings\Nitro\Application Data\pcouffin.inf
2008-04-23 19:07:50 7887 --a------ C:\Documents and Settings\Nitro\Application Data\pcouffin.cat
2008-04-23 19:07:47 0 d-------- C:\Program Files\VSO
2008-04-23 18:49:04 0 d-------- C:\Program Files\PowerISO
2008-04-23 18:48:08 0 d-------- C:\Documents and Settings\Nitro\Application Data\WinRAR
2008-04-23 01:47:53 0 d-------- C:\Documents and Settings\Nitro\Application Data\GlobalSCAPE
2008-04-23 01:47:46 0 d-------- C:\Program Files\GlobalSCAPE
2008-04-23 01:00:36 0 d-------- C:\Program Files\CONEXANT
2008-04-23 00:55:24 0 d-------- C:\Program Files\WinTV
2008-04-22 23:47:27 0 d-------- C:\Program Files\DIFX
2008-04-22 23:42:03 0 d-------- C:\Program Files\NVIDIA Corporation
2008-04-22 22:53:20 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-22 22:05:02 0 d-------- C:\Documents and Settings\Nitro\Application Data\InstallShield
2008-04-22 20:25:17 0 d-------- C:\Program Files\uTorrent
2008-04-22 19:33:09 0 d-------- C:\Documents and Settings\Nitro\Application Data\Macromedia
2008-04-22 19:27:56 0 d-------- C:\Program Files\XPC Tools
2008-04-22 18:43:22 0 d-------- C:\Program Files\Realtek
2008-04-22 18:41:20 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-22 18:16:27 0 d-------- C:\Documents and Settings\Nitro\Application Data\Google
2008-04-22 18:11:29 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-04-22 06:01:44 0 d-------- C:\Documents and Settings\Nitro\Application Data\Identities
2008-04-22 05:58:36 0 d-------- C:\Program Files\microsoft frontpage
2008-04-22 05:58:26 0 -rahs---- C:\MSDOS.SYS
2008-04-22 05:58:26 0 -rahs---- C:\IO.SYS
2008-04-22 05:58:26 0 --a------ C:\CONFIG.SYS
2008-04-22 05:58:26 0 --a------ C:\AUTOEXEC.BAT
2008-04-22 05:56:45 0 d-------- C:\Program Files\Common Files\MSSoap
2008-04-22 05:56:26 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-22 05:56:13 0 d-------- C:\Program Files\Online Services
2008-04-22 05:56:01 0 d-------- C:\Program Files\MSN Gaming Zone
2008-04-21 22:51:18 0 d-------- C:\Program Files\Common Files\ODBC
2008-04-21 22:51:16 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-04-21 22:50:57 62 --ahs---- C:\Documents and Settings\Nitro\Application Data\desktop.ini
2008-03-19 06:47:00 1845248 --a------ C:\WINDOWS\system32\win32k.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [03/26/2008 04:14 PM C:\WINDOWS\RTHDCPL.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM]
"nwiz"="nwiz.exe" [12/05/2007 01:41 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 01:41 AM]
"Logitech Utility"="Logi_MwX.Exe" [12/17/2003 09:50 AM C:\WINDOWS\LOGI_MWX.EXE]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [04/09/2007 09:23 AM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [03/27/2008 03:35 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [08/24/2007 06:57 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 02:57 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [12/03/2007 02:21 PM]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [11/23/2002 02:15 AM]
"Acrobat Assistant 8.0"="M:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [10/22/2006 11:24 PM]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [03/20/2007 04:40 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 02:41 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/31/2008 11:13 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04/22/2008 06:15 PM]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [12/13/2007 07:10 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [4/26/2008 7:44:04 PM]
Adobe Acrobat Synchronizer.lnk - M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [10/23/2006 12:01:50 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2/19/2006 4:21:22 AM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [4/25/2008 7:38:39 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe




-- End of Deckard's System Scanner: finished at 2008-06-12 01:43:00 ------------
  • 0

#25
fenzodahl512
Posted 12 June 2008 - 10:30 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts

Things are still freezing on me. I can't seem to play any music at all, everytime I try to play a song the program freezes, this happens with a bunch of programs.



Tell me which programs that are freezing on you..
  • 0

Advertisements

#26
abryenton
Posted 12 June 2008 - 10:44 AM

abryenton

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Winamp, Windows Media Player, I can't seem to play music at all. Nero, I can't burn anything. Sometimes even IE and Firefox freeze up on me. That's really all i've tried to open, I havn't been doing anything on my PC since we started thread.
  • 0

#27
fenzodahl512
Posted 12 June 2008 - 11:12 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Erm.. your logs look clean to my eyes.. But lets run another scan just to be sure...


Lets run F-Secure online scan for Viruses, Spyware and RootKits:
  • Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
  • Allow the Active X control to be installed on your computer, then click the Accept button
  • Click Full System Scan and allow the components to download and the scan to complete.
  • If malware is found, check Submit samples to F-Secure then select Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan
  • When the cleaning option is presented, Uncheck Submit samples to F-Secure
  • Click Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
Notes:
  • This scan will only work with Internet Explorer
  • You must have administrator rights to run this scan
  • This scan can take several hours, so please be patient
  • 0

#28
abryenton
Posted 14 June 2008 - 10:42 PM

abryenton

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Could one of the scanners have deleted an infected driver or something that would make those programs freeze?

Here is the scan from F-Secure Scan:

Scanning Report
Friday, June 13, 2008 21:04:21 - 01:58:08

Computer name: AARON
Scanning type: Scan system for malware, rootkits
Target: C:\ K:\ L:\ M:\
Result: 6 malware found
Trojan.Win32.Monder.gen (virus)

* C:\DOCUMENTS AND SETTINGS\NITRO\DOCTORWEB\QUARANTINE\A0024219.DLL (Renamed & Submitted)

Trojan:W32/Agent.FDN (virus)

* C:\DOCUMENTS AND SETTINGS\NITRO\DOCTORWEB\QUARANTINE\A0024213.DLL (Submitted)

Vundo.gen179 (virus)

* C:\DOCUMENTS AND SETTINGS\NITRO\DOCTORWEB\QUARANTINE\A0007361.DLL (Submitted)
* C:\DOCUMENTS AND SETTINGS\NITRO\DOCTORWEB\QUARANTINE\A0007362.DLL (Submitted)
* C:\DOCUMENTS AND SETTINGS\NITRO\DOCTORWEB\QUARANTINE\A0024214.DLL (Submitted)
* C:\DOCUMENTS AND SETTINGS\NITRO\DOCTORWEB\QUARANTINE\A0024217.DLL (Submitted)

Statistics
Scanned:

* Files: 117487
* System: 4016
* Not scanned: 9

Actions:

* Disinfected: 0
* Renamed: 1
* Deleted: 0
* None: 5
* Submitted: 6

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\TEMP\MCAFEE_CCLL00Z8SFC4Z3Q
* C:\WINDOWS\TEMP\MCMSC_OR414YEIORMEBNR
* C:\WINDOWS\TEMP\MCMSC_XC181MUPG0BVTTB
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

Options
Scanning engines:

* F-Secure USS: 2.30.0
* F-Secure Hydra: 2.8.8110, 2008-06-13
* F-Secure AVP: 7.0.171, 2008-06-13
* F-Secure Pegasus: 1.20.0, 2008-04-14
* F-Secure Blacklight: 1.0.68

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics

Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
  • 0

#29
fenzodahl512
Posted 15 June 2008 - 10:51 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Errmm.. I'm seeing a clean log from your F-Secure.. Initially, you have a rootkit infection and we've cleaned that off..

And about the tools used, no, I don't see any legit drivers removed..

I'd suggest you to try re-install Winamp, Windows Media player, Nero, and any other programs that affected and then tell me about it..

I'd give you several links to download those programs..

Windows Media Player: http://www.microsoft...10/default.aspx

Winamp: http://www.winamp.com/player/

Nero: http://www.nero.com/enu/downloads.html

Firefox: http://www.mozilla.com/en-US/firefox/


Please also post a fresh DSS log in your next reply for me to have another look..


Regards
fenzodahl512
  • 0

#30
abryenton
Posted 17 June 2008 - 05:54 PM

abryenton

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Winamp is working now. The rest are still the same after re-install. I uninstalled firefox and it worked, but once I reboot it does the same thing unless I uninstall and reinstall it again. Everything works in safemode, I successfully burnt a cd in safemode. I have no idea what's going on.

Fresh DSS:

vDeckard's System Scanner v20071014.68
Run by Nitro on 2008-06-17 20:52:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Nitro.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:52:14 PM, on 6/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
M:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Nitro\Desktop\dss.exe
C:\HJT\Nitro.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.forceunleashed.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "M:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Append to existing PDF - res://M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MBAMService (mbamservice) - Malwarebytes - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

--
End of file - 10539 bytes

-- Files created between 2008-05-17 and 2008-06-17 -----------------------------

2008-06-16 19:52:51 0 d-------- C:\Program Files\msn gaming zone
2008-06-16 19:01:48 0 d-------- C:\Program Files\Winamp
2008-06-16 19:01:48 0 d-------- C:\Documents and Settings\Nitro\Application Data\Winamp
2008-06-13 20:19:46 0 d-------- C:\fsaua.data
2008-06-10 18:14:35 0 d-------- C:\Documents and Settings\Nitro\DoctorWeb
2008-06-08 00:54:47 0 d-------- C:\WINDOWS\Prefetch
2008-06-07 21:37:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-07 21:36:57 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-01 00:25:27 0 d-------- C:\cmdcons
2008-05-26 21:13:33 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-23 01:23:02 68096 --a------ C:\WINDOWS\zip.exe
2008-05-23 01:23:02 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-23 01:23:02 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-23 01:23:02 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-23 01:23:02 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-23 01:23:02 98816 --a------ C:\WINDOWS\sed.exe
2008-05-23 01:23:02 80412 --a------ C:\WINDOWS\grep.exe
2008-05-23 01:23:02 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-21 21:26:18 0 d-------- C:\WINDOWS\ERUNT
2008-05-21 03:04:41 0 d-------- C:\Documents and Settings\Nitro\Application Data\TrojanHunter
2008-05-20 23:31:44 0 d-------- C:\Program Files\TrojanHunter 5.0
2008-05-19 22:34:40 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-19 22:34:13 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-19 22:34:13 0 d-------- C:\Documents and Settings\Nitro\Application Data\SUPERAntiSpyware.com
2008-05-19 21:57:12 0 dr-h----- C:\Documents and Settings\Nitro\Recent
2008-05-18 20:20:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-18 16:02:56 0 d-------- C:\WINDOWS\system32\scripting
2008-05-18 16:02:55 0 d-------- C:\WINDOWS\system32\en
2008-05-18 16:02:55 0 d-------- C:\WINDOWS\system32\bits
2008-05-18 16:02:55 0 d-------- C:\WINDOWS\l2schemas
2008-05-18 15:56:44 0 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-05-18 01:16:15 4 --a------ C:\WINDOWS\system32\hljwugsf.bin
2008-05-18 01:15:48 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-17 00:24:27 0 d-------- C:\HJT
2008-05-17 00:16:31 0 d-------- C:\Program Files\Microsoft Works
2008-05-17 00:16:21 0 d-------- C:\Program Files\MSBuild
2008-05-17 00:15:16 0 d-------- C:\Program Files\Microsoft.NET
2008-05-17 00:13:16 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-17 00:12:31 0 d-------- C:\WINDOWS\SHELLNEW
2008-05-17 00:12:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-17 00:11:51 0 dr-h----- C:\MSOCache


-- Find3M Report ---------------------------------------------------------------

2008-06-12 22:58:10 0 d-------- C:\Documents and Settings\Nitro\Application Data\uTorrent
2008-06-07 21:51:01 0 d-------- C:\Documents and Settings\Nitro\Application Data\Adobe
2008-06-02 00:42:05 0 d-------- C:\Program Files\Common Files
2008-06-02 00:39:50 0 d-------- C:\Program Files\Google
2008-05-28 23:50:35 0 d-------- C:\Documents and Settings\Nitro\Application Data\Vso
2008-05-23 01:43:10 0 d-------- C:\Program Files\SiteAdvisor
2008-05-18 16:06:32 0 d-------- C:\Program Files\Messenger
2008-05-18 16:05:38 0 d-------- C:\Program Files\Windows NT
2008-05-18 16:05:37 0 d-------- C:\Program Files\Movie Maker
2008-05-18 01:19:46 0 d-------- C:\Program Files\Driver Magician
2008-05-16 03:57:10 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-05-15 19:53:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-15 19:33:32 1160 --a------ C:\WINDOWS\mozver.dat
2008-05-15 01:03:11 326368 --a------ C:\amt1
2008-05-15 00:12:48 0 d-------- C:\Program Files\Coding Workshop Ringtone Converter
2008-05-13 00:46:29 0 d-------- C:\Program Files\CS Odessa
2008-05-12 20:02:11 0 d-------- C:\Documents and Settings\Nitro\Application Data\CSOdessa
2008-05-11 15:22:02 0 d-------- C:\Program Files\Common Files\TechSmith Shared
2008-05-11 15:21:59 0 d-------- C:\Program Files\TechSmith
2008-05-10 22:54:07 0 d-------- C:\Program Files\EDraw Max
2008-05-10 19:48:43 0 d-------- C:\Documents and Settings\Nitro\Application Data\Microsoft Games
2008-05-10 19:47:23 0 d-------- C:\Program Files\DivX
2008-05-10 19:42:51 0 d-------- C:\Program Files\IGC
2008-05-10 18:52:53 0 d-------- C:\Documents and Settings\Nitro\Application Data\Apple Computer
2008-05-10 18:51:15 0 d-------- C:\Program Files\QuickTime
2008-05-10 18:50:41 0 d-------- C:\Program Files\Apple Software Update
2008-05-10 17:17:37 0 d-------- C:\Documents and Settings\Nitro\Application Data\DivX
2008-05-09 21:58:09 0 d-------- C:\Program Files\SmartDraw 2008
2008-05-09 21:55:31 0 d-------- C:\Program Files\MagicISO
2008-05-09 00:04:01 0 d-------- C:\Program Files\IMSI
2008-05-06 22:15:14 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-06 22:15:11 0 d-------- C:\Documents and Settings\Nitro\Application Data\Mozilla
2008-04-30 23:45:22 0 d-------- C:\Documents and Settings\Nitro\Application Data\HP
2008-04-30 23:40:22 117132 --a------ C:\WINDOWS\hpoins11.dat
2008-04-30 23:26:16 0 d-------- C:\Program Files\Common Files\HP
2008-04-30 23:26:13 0 d-------- C:\Program Files\HP
2008-04-30 23:23:56 0 d-------- C:\Program Files\Hewlett-Packard
2008-04-30 23:23:05 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-04-29 20:53:37 0 d-------- C:\Documents and Settings\Nitro\Application Data\SiteAdvisor
2008-04-29 00:23:53 0 d-------- C:\Documents and Settings\Nitro\Application Data\SmartDraw
2008-04-26 19:57:01 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-26 19:54:36 0 d-------- C:\Program Files\Common Files\Control Panels
2008-04-26 19:33:46 0 d-------- C:\Program Files\Bonjour
2008-04-26 19:23:37 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-25 19:40:43 0 d-------- C:\Program Files\VID_0E8F&PID_0003
2008-04-25 19:38:30 0 d-------- C:\Program Files\Logitech
2008-04-25 19:37:42 0 d-------- C:\Program Files\Common Files\Logitech
2008-04-25 18:43:41 0 d-------- C:\Documents and Settings\Nitro\Application Data\Notepad++
2008-04-25 18:43:37 0 d-------- C:\Program Files\Notepad++
2008-04-25 18:00:20 0 d-------- C:\Program Files\Windows Live
2008-04-25 18:00:07 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-24 19:25:01 0 d-------- C:\Documents and Settings\Nitro\Application Data\Malwarebytes
2008-04-24 00:39:34 0 d-------- C:\Program Files\McAfee
2008-04-23 21:27:13 0 d-------- C:\Documents and Settings\Nitro\Application Data\Nero
2008-04-23 21:26:05 0 d-------- C:\Program Files\Common Files\Nero
2008-04-23 21:24:41 0 d-------- C:\Program Files\Nero
2008-04-23 19:51:50 0 d-------- C:\Program Files\Trend Micro
2008-04-23 19:19:57 0 d-------- C:\Program Files\Common Files\McAfee
2008-04-23 19:19:46 0 d-------- C:\Program Files\McAfee.com
2008-04-23 19:07:51 34 --a------ C:\Documents and Settings\Nitro\Application Data\pcouffin.log
2008-04-23 19:07:50 47360 --a------ C:\Documents and Settings\Nitro\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-04-23 19:07:50 1144 --a------ C:\Documents and Settings\Nitro\Application Data\pcouffin.inf
2008-04-23 19:07:50 7887 --a------ C:\Documents and Settings\Nitro\Application Data\pcouffin.cat
2008-04-23 19:07:47 0 d-------- C:\Program Files\VSO
2008-04-23 18:49:04 0 d-------- C:\Program Files\PowerISO
2008-04-23 18:48:08 0 d-------- C:\Documents and Settings\Nitro\Application Data\WinRAR
2008-04-23 01:47:53 0 d-------- C:\Documents and Settings\Nitro\Application Data\GlobalSCAPE
2008-04-23 01:47:46 0 d-------- C:\Program Files\GlobalSCAPE
2008-04-23 01:00:36 0 d-------- C:\Program Files\CONEXANT
2008-04-23 00:55:24 0 d-------- C:\Program Files\WinTV
2008-04-22 23:47:27 0 d-------- C:\Program Files\DIFX
2008-04-22 23:42:03 0 d-------- C:\Program Files\NVIDIA Corporation
2008-04-22 22:53:20 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-22 22:05:02 0 d-------- C:\Documents and Settings\Nitro\Application Data\InstallShield
2008-04-22 20:25:17 0 d-------- C:\Program Files\uTorrent
2008-04-22 19:33:09 0 d-------- C:\Documents and Settings\Nitro\Application Data\Macromedia
2008-04-22 19:27:56 0 d-------- C:\Program Files\XPC Tools
2008-04-22 18:43:22 0 d-------- C:\Program Files\Realtek
2008-04-22 18:41:20 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-22 18:16:27 0 d-------- C:\Documents and Settings\Nitro\Application Data\Google
2008-04-22 18:11:29 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-04-22 06:01:44 0 d-------- C:\Documents and Settings\Nitro\Application Data\Identities
2008-04-22 05:58:36 0 d-------- C:\Program Files\microsoft frontpage
2008-04-22 05:58:26 0 -rahs---- C:\MSDOS.SYS
2008-04-22 05:58:26 0 -rahs---- C:\IO.SYS
2008-04-22 05:58:26 0 --a------ C:\CONFIG.SYS
2008-04-22 05:58:26 0 --a------ C:\AUTOEXEC.BAT
2008-04-22 05:56:45 0 d-------- C:\Program Files\Common Files\MSSoap
2008-04-22 05:56:26 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-22 05:56:13 0 d-------- C:\Program Files\Online Services
2008-04-21 22:51:18 0 d-------- C:\Program Files\Common Files\ODBC
2008-04-21 22:51:16 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-04-21 22:50:57 62 --ahs---- C:\Documents and Settings\Nitro\Application Data\desktop.ini
2008-03-19 06:47:00 1845248 --a------ C:\WINDOWS\system32\win32k.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [03/26/2008 04:14 PM C:\WINDOWS\RTHDCPL.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM]
"nwiz"="nwiz.exe" [12/05/2007 01:41 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 01:41 AM]
"Logitech Utility"="Logi_MwX.Exe" [12/17/2003 09:50 AM C:\WINDOWS\LOGI_MWX.EXE]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [04/09/2007 09:23 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [08/24/2007 06:57 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 02:57 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [12/03/2007 02:21 PM]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [11/23/2002 02:15 AM]
"Acrobat Assistant 8.0"="M:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [10/22/2006 11:24 PM]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [03/20/2007 04:40 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 02:41 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/31/2008 11:13 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04/22/2008 06:15 PM]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [12/13/2007 07:10 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [4/26/2008 7:44:04 PM]
Adobe Acrobat Synchronizer.lnk - M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [10/23/2006 12:01:50 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2/19/2006 4:21:22 AM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [4/25/2008 7:38:39 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe




-- End of Deckard's System Scanner: finished at 2008-06-17 20:53:01 ------------
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP