Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Dr Watson Debugger [RESOLVED]


  • This topic is locked This topic is locked

#1
natnat08

natnat08

    Member

  • Member
  • PipPip
  • 11 posts
Hi, I was wondering if anyone would be able to help me get rid of this malware as soon as possible, here is me HJT log, unfortunately I had to run the scan in safe mode as my computer is totally unusable with all the errors and such...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28:51 PM, on 5/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O3 - Toolbar: gktxaspm - {AE7C2D7A-58B4-4DDD-904F-E089A9514E0F} - C:\DOCUME~1\KAMARA~1\LOCALS~1\Temp\ac8zt2\gktxaspm.dll (file missing)
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.co...IEGetPlugin.ocx
O16 - DPF: {483912CF-8995-4434-AD61-6163756E05DF} (AXTNS Control) - http://download.live...tivex/AXTNS.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.su...ows-i586-jc.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.aka...vex-2.2.1.6.cab
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Bluetooth\Bluetooth Software\bin\btwdins.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 8740 bytes

Edited by natnat08, 25 May 2008 - 02:28 PM.

  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello natnat08

Welcome to G2Go. :)
=====================
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
natnat08

natnat08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Once again I had to run the scans in safe mode:

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-05-25 23:48:39
Computer is in Safe Mode with Networking.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; computer is in safe mode.


-- Last 5 Restore Point(s) --
66: 2008-05-23 21:17:10 UTC - RP173 - Spyware Terminator - restore point
65: 2008-05-23 20:30:41 UTC - RP172 - System Checkpoint
64: 2008-05-22 14:07:19 UTC - RP171 - System Checkpoint
63: 2008-05-18 18:54:19 UTC - RP170 - System Checkpoint
62: 2008-05-17 15:09:12 UTC - RP169 - System Checkpoint


-- First Restore Point --
1: 2008-02-24 16:03:51 UTC - RP108 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 248 MiB (512 MiB recommended).


-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:50:32 PM, on 5/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O3 - Toolbar: gktxaspm - {AE7C2D7A-58B4-4DDD-904F-E089A9514E0F} - C:\DOCUME~1\KAMARA~1\LOCALS~1\Temp\ac8zt2\gktxaspm.dll (file missing)
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.co...IEGetPlugin.ocx
O16 - DPF: {483912CF-8995-4434-AD61-6163756E05DF} (AXTNS Control) - http://download.live...tivex/AXTNS.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.su...ows-i586-jc.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.aka...vex-2.2.1.6.cab
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Bluetooth\Bluetooth Software\bin\btwdins.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 8878 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S1 StarOpen - c:\windows\system32\drivers\staropen.sys
S3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S2 ProtexisLicensing - c:\windows\system32\psiservice.exe <Not Verified; ; PSIService>
S2 sp_rssrv (Spyware Terminator Realtime Shield Service) - "c:\program files\spyware terminator\sp_rsser.exe" <Not Verified; Crawler.com; Crawler Spyware Terminator>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller (VGA Compatible)
Device ID: PCI\VEN_8086&DEV_2592&SUBSYS_80481071&REV_04\3&B1BFB68&0&10
Manufacturer:
Name: Video Controller (VGA Compatible)
PNP Device ID: PCI\VEN_8086&DEV_2592&SUBSYS_80481071&REV_04\3&B1BFB68&0&10
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller
Device ID: PCI\VEN_8086&DEV_2792&SUBSYS_80481071&REV_04\3&B1BFB68&0&11
Manufacturer:
Name: Video Controller
PNP Device ID: PCI\VEN_8086&DEV_2792&SUBSYS_80481071&REV_04\3&B1BFB68&0&11
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_1050&DEV_0033&SUBSYS_00331050&REV_00\4&1D3F0FBB&0&28F0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_1050&DEV_0033&SUBSYS_00331050&REV_00\4&1D3F0FBB&0&28F0
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-01-30 11:02:07 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-25 and 2008-05-25 -----------------------------

2008-05-25 21:53:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-05-25 20:23:21 0 d-------- C:\Documents and Settings\Administrator\Contacts
2008-05-25 19:07:27 0 d-------- C:\Program Files\Panda Security
2008-05-25 19:07:25 0 d-------- C:\WINDOWS\LastGood
2008-05-25 18:55:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-05-25 18:55:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-25 18:55:45 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-25 18:55:20 0 d-------- C:\Program Files\Common Files\Download Manager
2008-05-25 18:39:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-05-25 18:35:27 0 d-------- C:\Program Files\Trend Micro
2008-05-24 14:40:33 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-24 14:40:33 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-24 14:40:33 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-24 14:40:33 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-05-24 14:40:33 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-05-24 14:40:33 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-05-24 14:40:33 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-05-24 14:40:33 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-24 14:40:33 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-05-24 14:40:33 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-24 14:40:33 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-05-24 14:40:33 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-24 14:40:32 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-23 22:06:25 141312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-05-23 22:06:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-05-23 22:06:21 0 d-------- C:\Documents and Settings\Kamara Work\Application Data\Spyware Terminator
2008-05-23 22:05:56 0 d-------- C:\Program Files\Spyware Terminator
2008-05-06 19:45:29 0 d-------- C:\Program Files\Function Grapher
2008-05-04 21:34:50 0 d-------- C:\Program Files\Common Files\GL
2008-05-04 21:33:58 0 d-------- C:\Program Files\Golden K star
2008-05-02 19:07:36 0 d-------- C:\Documents and Settings\Maureen\Application Data\NCH Swift Sound
2008-04-29 23:29:39 0 d-------- C:\Program Files\NCH Software
2008-04-29 19:50:20 0 d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-04-29 19:49:49 0 d-------- C:\Program Files\NCH Swift Sound
2008-04-29 19:49:49 0 d-------- C:\Documents and Settings\Kamara Work\Application Data\NCH Swift Sound
2008-04-29 19:22:27 0 d-------- C:\Program Files\TextAloud
2008-04-29 19:21:55 0 d-------- C:\WINDOWS\Lhsp


-- Find3M Report ---------------------------------------------------------------

2008-05-25 18:55:20 0 d-------- C:\Program Files\Common Files
2008-05-23 19:02:04 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-18 23:38:28 0 d-------- C:\Program Files\Microsoft Works
2008-04-18 17:48:17 0 d-------- C:\Program Files\Messenger
2008-04-18 17:48:15 0 d-------- C:\Program Files\Windows Media Connect 2
2008-03-13 20:15:26 4704 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-03-13 20:15:26 168 -r-hs---- C:\WINDOWS\system32\6A02C6F6D5.sys


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [08/08/2007 03:49 AM]
"PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [09/05/2007 11:10 PM]
"-FreedomNeedsReboot"="C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [09/05/2007 11:10 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 08:50 PM]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [01/08/2005 02:07 AM C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [08/09/2005 02:17 PM C:\WINDOWS\RTHDCPL.EXE]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 05:43 PM C:\WINDOWS\ALCMTR.EXE]
"RemoteControl"="C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" [11/03/2004 05:24 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 10:11 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/11/2007 04:51 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/11/2007 07:56 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [12/11/2007 09:10 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [10/02/2007 03:45 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:00 PM]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 12:34 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 05:24 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"IndexCleaner"="C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\Bluetooth\Bluetooth Software\BTTray.exe [10/2/2004 12:12:18 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 1:05:56 PM]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

*Newly Created Service* - MBAMCATCHME



-- End of Deckard's System Scanner: finished at 2008-05-25 23:51:17 ------------




Deckard's System Scanner v20071014.68
Run by Administrator on 2008-05-25 23:48:39
Computer is in Safe Mode with Networking.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; computer is in safe mode.


-- Last 5 Restore Point(s) --
66: 2008-05-23 21:17:10 UTC - RP173 - Spyware Terminator - restore point
65: 2008-05-23 20:30:41 UTC - RP172 - System Checkpoint
64: 2008-05-22 14:07:19 UTC - RP171 - System Checkpoint
63: 2008-05-18 18:54:19 UTC - RP170 - System Checkpoint
62: 2008-05-17 15:09:12 UTC - RP169 - System Checkpoint


-- First Restore Point --
1: 2008-02-24 16:03:51 UTC - RP108 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 248 MiB (512 MiB recommended).


-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:50:32 PM, on 5/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O3 - Toolbar: gktxaspm - {AE7C2D7A-58B4-4DDD-904F-E089A9514E0F} - C:\DOCUME~1\KAMARA~1\LOCALS~1\Temp\ac8zt2\gktxaspm.dll (file missing)
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.co...IEGetPlugin.ocx
O16 - DPF: {483912CF-8995-4434-AD61-6163756E05DF} (AXTNS Control) - http://download.live...tivex/AXTNS.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.su...ows-i586-jc.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.aka...vex-2.2.1.6.cab
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Bluetooth\Bluetooth Software\bin\btwdins.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 8878 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S1 StarOpen - c:\windows\system32\drivers\staropen.sys
S3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S2 ProtexisLicensing - c:\windows\system32\psiservice.exe <Not Verified; ; PSIService>
S2 sp_rssrv (Spyware Terminator Realtime Shield Service) - "c:\program files\spyware terminator\sp_rsser.exe" <Not Verified; Crawler.com; Crawler Spyware Terminator>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller (VGA Compatible)
Device ID: PCI\VEN_8086&DEV_2592&SUBSYS_80481071&REV_04\3&B1BFB68&0&10
Manufacturer:
Name: Video Controller (VGA Compatible)
PNP Device ID: PCI\VEN_8086&DEV_2592&SUBSYS_80481071&REV_04\3&B1BFB68&0&10
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller
Device ID: PCI\VEN_8086&DEV_2792&SUBSYS_80481071&REV_04\3&B1BFB68&0&11
Manufacturer:
Name: Video Controller
PNP Device ID: PCI\VEN_8086&DEV_2792&SUBSYS_80481071&REV_04\3&B1BFB68&0&11
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_1050&DEV_0033&SUBSYS_00331050&REV_00\4&1D3F0FBB&0&28F0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_1050&DEV_0033&SUBSYS_00331050&REV_00\4&1D3F0FBB&0&28F0
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-01-30 11:02:07 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-25 and 2008-05-25 -----------------------------

2008-05-25 21:53:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-05-25 20:23:21 0 d-------- C:\Documents and Settings\Administrator\Contacts
2008-05-25 19:07:27 0 d-------- C:\Program Files\Panda Security
2008-05-25 19:07:25 0 d-------- C:\WINDOWS\LastGood
2008-05-25 18:55:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-05-25 18:55:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-25 18:55:45 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-25 18:55:20 0 d-------- C:\Program Files\Common Files\Download Manager
2008-05-25 18:39:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-05-25 18:35:27 0 d-------- C:\Program Files\Trend Micro
2008-05-24 14:40:33 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-24 14:40:33 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-24 14:40:33 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-24 14:40:33 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-05-24 14:40:33 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-05-24 14:40:33 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-05-24 14:40:33 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-05-24 14:40:33 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-24 14:40:33 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-05-24 14:40:33 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-24 14:40:33 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-05-24 14:40:33 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-24 14:40:32 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-23 22:06:25 141312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-05-23 22:06:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-05-23 22:06:21 0 d-------- C:\Documents and Settings\Kamara Work\Application Data\Spyware Terminator
2008-05-23 22:05:56 0 d-------- C:\Program Files\Spyware Terminator
2008-05-06 19:45:29 0 d-------- C:\Program Files\Function Grapher
2008-05-04 21:34:50 0 d-------- C:\Program Files\Common Files\GL
2008-05-04 21:33:58 0 d-------- C:\Program Files\Golden K star
2008-05-02 19:07:36 0 d-------- C:\Documents and Settings\Maureen\Application Data\NCH Swift Sound
2008-04-29 23:29:39 0 d-------- C:\Program Files\NCH Software
2008-04-29 19:50:20 0 d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-04-29 19:49:49 0 d-------- C:\Program Files\NCH Swift Sound
2008-04-29 19:49:49 0 d-------- C:\Documents and Settings\Kamara Work\Application Data\NCH Swift Sound
2008-04-29 19:22:27 0 d-------- C:\Program Files\TextAloud
2008-04-29 19:21:55 0 d-------- C:\WINDOWS\Lhsp


-- Find3M Report ---------------------------------------------------------------

2008-05-25 18:55:20 0 d-------- C:\Program Files\Common Files
2008-05-23 19:02:04 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-18 23:38:28 0 d-------- C:\Program Files\Microsoft Works
2008-04-18 17:48:17 0 d-------- C:\Program Files\Messenger
2008-04-18 17:48:15 0 d-------- C:\Program Files\Windows Media Connect 2
2008-03-13 20:15:26 4704 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-03-13 20:15:26 168 -r-hs---- C:\WINDOWS\system32\6A02C6F6D5.sys


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [08/08/2007 03:49 AM]
"PCguard"="C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [09/05/2007 11:10 PM]
"-FreedomNeedsReboot"="C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe" [09/05/2007 11:10 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 08:50 PM]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [01/08/2005 02:07 AM C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [08/09/2005 02:17 PM C:\WINDOWS\RTHDCPL.EXE]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 05:43 PM C:\WINDOWS\ALCMTR.EXE]
"RemoteControl"="C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe" [11/03/2004 05:24 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 10:11 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/11/2007 04:51 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/11/2007 07:56 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [12/11/2007 09:10 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [10/02/2007 03:45 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:00 PM]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 12:34 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 05:24 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"IndexCleaner"="C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\Bluetooth\Bluetooth Software\BTTray.exe [10/2/2004 12:12:18 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 1:05:56 PM]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

*Newly Created Service* - MBAMCATCHME



-- End of Deckard's System Scanner: finished at 2008-05-25 23:51:17 ------------
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download DAFT and save it to your desktop:
  • Double-click the daft.exe icon.
  • Click on the Scan button.
  • Select everything it is displaying there
  • Click the Fix button.
  • Then rescan with DAFT again - it should say now that "All associations are OK"
  • Close DAFT if you receive that message. This means that it is fixed now.
=================================================
After that please re-open Hijackthis and click on "Do a system scan only"
Then place a check mark next to these entries below:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: gktxaspm - {AE7C2D7A-58B4-4DDD-904F-E089A9514E0F} - C:\DOCUME~1\KAMARA~1\LOCALS~1\Temp\ac8zt2\gktxaspm.dll (file missing)



Now click on Fix Checked and then close Hijackthis.
==================================
Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as button:
  • Save the file in txt format to your desktop.
  • Post that information in your next post.

  • 0

#5
natnat08

natnat08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, May 26, 2008 3:16:57 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 25/05/2008
Kaspersky Anti-Virus database records: 800334
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 58889
Number of viruses found: 5
Number of infected objects: 8
Number of suspicious objects: 0
Duration of the scan process: 02:37:22

Infected Object Name / Virus Name / Last Action
C:\336061f0b407b4c5c5cde228\admparse.dll Object is locked skipped
C:\336061f0b407b4c5c5cde228\admparse.dll.mui Object is locked skipped
C:\336061f0b407b4c5c5cde228\advpack.dll Object is locked skipped
C:\336061f0b407b4c5c5cde228\advpack.dll.mui Object is locked skipped
C:\336061f0b407b4c5c5cde228\browseui.dll Object is locked skipped
C:\336061f0b407b4c5c5cde228\corpol.dll Object is locked skipped
C:\336061f0b407b4c5c5cde228\custsat.dll Object is locked skipped
C:\336061f0b407b4c5c5cde228\dxtmsft.dll Object is locked skipped
C:\336061f0b407b4c5c5cde228\dxtrans.dll Object is locked skipped
C:\336061f0b407b4c5c5cde228\extmgr.dll Object is locked skipped
C:\336061f0b407b4c5c5cde228\extmgr.dll.mui Object is locked skipped
C:\336061f0b407b4c5c5cde228\feeddisc.wav Object is locked skipped
C:\336061f0b407b4c5c5cde228\hmmapi.dll Object is locked skipped
C:\336061f0b407b4c5c5cde228\hmmapi.dll.mui Object is locked skipped
C:\336061f0b407b4c5c5cde228\html.iec Object is locked skipped
C:\336061f0b407b4c5c5cde228\html.iec.mui Object is locked skipped
C:\336061f0b407b4c5c5cde228\icardie.dll Object is locked skipped
C:\336061f0b407b4c5c5cde228\icardie.dll.mui Object is locked skipped
C:\336061f0b407b4c5c5cde228\icrav03.rat Object is locked skipped
C:\336061f0b407b4c5c5cde228\ie4uinit.exe Object is locked skipped
C:\336061f0b407b4c5c5cde228\ie4uinit.exe.mui Object is locked skipped
C:\336061f0b407b4c5c5cde228\ieakeng.dll Object is locked skipped
C:\336061f0b407b4c5c5cde228\ieakeng.dll.mui Object is locked skipped
C:\336061f0b407b4c5c5cde228\ieakmmc.chm Object is locked skipped
C:\336061f0b407b4c5c5cde228\ieaksie.dll Object is locked skipped
C:\336061f0b407b4c5c5cde228\ieaksie.dll.mui Object is locked skipped
C:\336061f0b407b4c5c5cde228\ieakui.dll Object is locked skipped
C:\336061f0b407b4c5c5cde228\ieakui.dll.mui Object is locked skipped
C:\336061f0b407b4c5c5cde228\ieapfltr.dat Object is locked skipped
C:\336061f0b407b4c5c5cde228\ieapfltr.dll Object is locked skipped
C:\336061f0b407b4c5c5cde228\iedkcs32.dll Object is locked skipped
C:\336061f0b407b4c5c5cde228\iedkcs32.dll.mui Object is locked skipped
C:\336061f0b407b4c5c5cde228\iedw.exe Object is locked skipped
C:\336061f0b407b4c5c5cde228\iedw.exe.mui Object is locked skipped
C:\336061f0b407b4c5c5cde228\ieencode.dll Object is locked skipped
C:\336061f0b407b4c5c5cde228\ieeula.chm Object is locked skipped
C:\336061f0b407b4c5c5cde228\ieframe.dll Object is locked skipped
C:\336061f0b407b4c5c5cde228\ieframe.dll.mui Object is locked skipped
C:\336061f0b407b4c5c5cde228\iepeers.dll Object is locked skipped
C:\336061f0b407b4c5c5cde228\iepeers.dll.mui Object is locked skipped
C:\336061f0b407b4c5c5cde228\ieproxy.dll Object is locked skipped
C:\336061f0b407b4c5c5cde228\iernonce.dll Object is locked skipped
C:\336061f0b407b4c5c5cde228\iernonce.dll.mui Object is locked skipped
C:\336061f0b407b4c5c5cde228\iertutil.dll Object is locked skipped
C:\336061f0b407b4c5c5cde228\iesetup.dll Object is locked skipped
C:\336061f0b407b4c5c5cde228\iesetup.dll.mui Object is locked skipped
C:\336061f0b407b4c5c5cde228\iesupp.chm Object is locked skipped
C:\336061f0b407b4c5c5cde228\ieudinit.exe Object is locked skipped
C:\336061f0b407b4c5c5cde228\ieui.dll Object is locked skipped
C:\336061f0b407b4c5c5cde228\ieui.dll.mui Object is locked skipped
C:\336061f0b407b4c5c5cde228\ieuinit.inf Object is locked skipped
C:\336061f0b407b4c5c5cde228\ieunatt.exe.mui Object is locked skipped
C:\336061f0b407b4c5c5cde228\iexplore.chm Object is locked skipped
C:\336061f0b407b4c5c5cde228\iexplore.exe Object is locked skipped
C:\336061f0b407b4c5c5cde228\iexplore.exe.mui Object is locked skipped
C:\336061f0b407b4c5c5cde228\imgutil.dll Object is locked skipped
C:\336061f0b407b4c5c5cde228\inetcorp.iem Object is locked skipped
C:\336061f0b407b4c5c5cde228\inetcpl.cpl Object is locked skipped
C:\336061f0b407b4c5c5cde228\inetcpl.cpl.mui Object is locked skipped
C:\336061f0b407b4c5c5cde228\inetres.adm Object is locked skipped
C:\336061f0b407b4c5c5cde228\inetset.iem Object is locked skipped
C:\336061f0b407b4c5c5cde228\infobar.wav Object is locked skipped
C:\336061f0b407b4c5c5cde228\inseng.dll Object is locked skipped
C:\336061f0b407b4c5c5cde228\inseng.dll.mui Object is locked skipped
C:\336061f0b407b4c5c5cde228\install.ins Object is locked skipped
C:\336061f0b407b4c5c5cde228\jscript.dll Object is locked skipped
C:\336061f0b407b4c5c5cde228\jsproxy.dll Object is locked skipped
C:\336061f0b407b4c5c5cde228\licmgr10.dll Object is locked skipped
C:\336061f0b407b4c5c5cde228\licmgr10.dll.mui Object is locked skipped
C:\336061f0b407b4c5c5cde228\msfeeds.dll Object is locked skipped
C:\336061f0b407b4c5c5cde228\msfeeds.mof Object is locked skipped
C:\336061f0b407b4c5c5cde228\msfeedsbs.dll Object is locked skipped
C:\336061f0b407b4c5c5cde228\msfeedsbs.dll.mui Object is locked skipped
C:\336061f0b407b4c5c5cde228\msfeedsbs.mof Object is locked skipped
C:\336061f0b407b4c5c5cde228\msfeedssync.exe Object is locked skipped
C:\336061f0b407b4c5c5cde228\mshta.exe Object is locked skipped
C:\336061f0b407b4c5c5cde228\mshta.exe.mui Object is locked skipped
C:\336061f0b407b4c5c5cde228\mshtml.dll Object is locked skipped
C:\336061f0b407b4c5c5cde228\mshtml.dll.mui Object is locked skipped
C:\336061f0b407b4c5c5cde228\mshtml.tlb Object is locked skipped
C:\336061f0b407b4c5c5cde228\mshtmled.dll Object is locked skipped
C:\336061f0b407b4c5c5cde228\mshtmled.dll.mui Object is locked skipped
C:\336061f0b407b4c5c5cde228\mshtmler.dll Object is locked skipped
C:\336061f0b407b4c5c5cde228\mshtmler.dll.mui Object is locked skipped
C:\336061f0b407b4c5c5cde228\msls31.dll Object is locked skipped
C:\336061f0b407b4c5c5cde228\msrating.dll Object is locked skipped
C:\336061f0b407b4c5c5cde228\msrating.dll.mui Object is locked skipped
C:\336061f0b407b4c5c5cde228\mstime.dll Object is locked skipped
C:\336061f0b407b4c5c5cde228\navstart.wav Object is locked skipped
C:\336061f0b407b4c5c5cde228\occache.dll Object is locked skipped
C:\336061f0b407b4c5c5cde228\occache.dll.mui Object is locked skipped
C:\336061f0b407b4c5c5cde228\occache.ini Object is locked skipped
C:\336061f0b407b4c5c5cde228\pngfilt.dll Object is locked skipped
C:\336061f0b407b4c5c5cde228\popupblk.wav Object is locked skipped
C:\336061f0b407b4c5c5cde228\shdocvw.dll Object is locked skipped
C:\336061f0b407b4c5c5cde228\shlwapi.dll Object is locked skipped
C:\336061f0b407b4c5c5cde228\spmsg.dll Object is locked skipped
C:\336061f0b407b4c5c5cde228\spuninst.exe Object is locked skipped
C:\336061f0b407b4c5c5cde228\spupdsvc.exe Object is locked skipped
C:\336061f0b407b4c5c5cde228\tdc.ocx Object is locked skipped
C:\336061f0b407b4c5c5cde228\ticrf.rat Object is locked skipped
C:\336061f0b407b4c5c5cde228\update\eula.rtf Object is locked skipped
C:\336061f0b407b4c5c5cde228\update\idndl.exe Object is locked skipped
C:\336061f0b407b4c5c5cde228\update\ie7.cat Object is locked skipped
C:\336061f0b407b4c5c5cde228\update\iecustom.dll Object is locked skipped
C:\336061f0b407b4c5c5cde228\update\iereseticons.exe Object is locked skipped
C:\336061f0b407b4c5c5cde228\update\iesetup.exe Object is locked skipped
C:\336061f0b407b4c5c5cde228\update\legitlibm.dll Object is locked skipped
C:\336061f0b407b4c5c5cde228\update\nlsdl.exe Object is locked skipped
C:\336061f0b407b4c5c5cde228\update\update.exe Object is locked skipped
C:\336061f0b407b4c5c5cde228\update\update.exe.manifest Object is locked skipped
C:\336061f0b407b4c5c5cde228\update\update.inf Object is locked skipped
C:\336061f0b407b4c5c5cde228\update\update.ver Object is locked skipped
C:\336061f0b407b4c5c5cde228\update\updspapi.dll Object is locked skipped
C:\336061f0b407b4c5c5cde228\update\xmllitesetup.exe Object is locked skipped
C:\336061f0b407b4c5c5cde228\url.dll Object is locked skipped
C:\336061f0b407b4c5c5cde228\urlmon.dll Object is locked skipped
C:\336061f0b407b4c5c5cde228\urlmon.dll.mui Object is locked skipped
C:\336061f0b407b4c5c5cde228\vbscript.dll Object is locked skipped
C:\336061f0b407b4c5c5cde228\vgx.dll Object is locked skipped
C:\336061f0b407b4c5c5cde228\webcheck.dll Object is locked skipped
C:\336061f0b407b4c5c5cde228\webcheck.dll.mui Object is locked skipped
C:\336061f0b407b4c5c5cde228\webcheck.ini Object is locked skipped
C:\336061f0b407b4c5c5cde228\winfxdocobj.exe Object is locked skipped
C:\336061f0b407b4c5c5cde228\winfxdocobj.exe.mui Object is locked skipped
C:\336061f0b407b4c5c5cde228\wininet.dll Object is locked skipped
C:\336061f0b407b4c5c5cde228\wininet.dll.mui Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\real\members.stg Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012008052620080527\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF61C4.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF61DE.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF67E1.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF67EE.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GZTF4PJ6\Brittney-Banzai_MySpace4[1].flv Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\NtUser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{DB30AD27-A786-4522-81EE-7CC2E4817D5E}\RP171\A0062345.exe Infected: Trojan-Downloader.Win32.Agent.qnb skipped
C:\System Volume Information\_restore{DB30AD27-A786-4522-81EE-7CC2E4817D5E}\RP173\A0062372.exe Infected: Trojan-Downloader.Win32.Agent.qnb skipped
C:\System Volume Information\_restore{DB30AD27-A786-4522-81EE-7CC2E4817D5E}\RP173\A0062373.exe Infected: Trojan-Downloader.Win32.Agent.qnb skipped
C:\System Volume Information\_restore{DB30AD27-A786-4522-81EE-7CC2E4817D5E}\RP173\A0062465.exe Infected: Trojan-Downloader.Win32.Agent.qnb skipped
C:\System Volume Information\_restore{DB30AD27-A786-4522-81EE-7CC2E4817D5E}\RP173\A0062466.exe Infected: Trojan.Win32.Vapsup.fmv skipped
C:\System Volume Information\_restore{DB30AD27-A786-4522-81EE-7CC2E4817D5E}\RP173\A0062467.dll Infected: not-a-virus:AdWare.Win32.E404.bf skipped
C:\System Volume Information\_restore{DB30AD27-A786-4522-81EE-7CC2E4817D5E}\RP173\A0062468.dll Infected: Trojan.Win32.Agent.nax skipped
C:\System Volume Information\_restore{DB30AD27-A786-4522-81EE-7CC2E4817D5E}\RP173\A0062471.dll Infected: Trojan.Win32.Vapsup.fmu skipped
C:\System Volume Information\_restore{DB30AD27-A786-4522-81EE-7CC2E4817D5E}\RP173\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

Scan process completed.
  • 0

#6
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hi I really see no malware in any of your logs.
The only thing that is present is some old deleted trojan files in the System Restore Points.
We will clean them now.
================
Please delete this folder >C:\Deckard
Also the Icon on your desktop.
Then empty your recycle bin.

Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb/310405/en-us
======================================
After that try this for the erros.
GO to Start >Run type in cmd then hit ok.
THen type in this chkdsk /r /f then hit enter.
Type in Y at the prompt and then restart the compuetr.
Let it run through this check and then let me knw how it goes.
  • 0

#7
natnat08

natnat08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Thank you soooo much for taking the time out to help me, I followed your steps and it seems as if the problem has gone, yay!...thanks again :)
  • 0

#8
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome :)


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

#9
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP