Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

very serious virus [RESOLVED]

Started by blitzzy , May 28 2008 12:33 AM

  • This topic is locked This topic is locked

#1
blitzzy
Posted 28 May 2008 - 12:33 AM

blitzzy

    Member

  • Member
  • PipPip
  • 10 posts
I ran adware, superspyware , nod32 and windows defense...removed everything that was found...but still having the problem ".tmp is a bad image file please install diskette" "could not initialize installation, missing or corrupt dll files" also about almopst ever .exe file i have is infected too..if only the logs would show up in nod32 and adware


heres my logs from the programs


Nod32

27/05/2008 9:33:08 PM Real-time file system protection file C:\WINDOWS\system32\nxlrqsue.exe Win32/PrivacySet.B trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe.


"superantispyware"
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/27/2008 at 07:52 PM

Application Version : 4.1.1046

Core Rules Database Version : 3469
Trace Rules Database Version: 1460

Scan type : Complete Scan
Total Scan Time : 02:02:36

Memory items scanned : 171
Memory threats detected : 1
Registry items scanned : 5879
Registry threats detected : 13
File items scanned : 17754
File threats detected : 45

Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\GEBSPNNL.DLL
C:\WINDOWS\SYSTEM32\GEBSPNNL.DLL

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{DD4A65C7-61D7-445F-BCF1-5065F765EAF9}
HKCR\CLSID\{DD4A65C7-61D7-445F-BCF1-5065F765EAF9}
HKCR\CLSID\{DD4A65C7-61D7-445F-BCF1-5065F765EAF9}\InprocServer32
HKCR\CLSID\{DD4A65C7-61D7-445F-BCF1-5065F765EAF9}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\SSQQJIYW.DLL
HKCR\CLSID\{DD4A65C7-61D7-445F-BCF1-5065F765EAF9}

Trojan.Vundo-Variant/Small
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91E9FA44-A61D-41A1-88ED-334BCA49E446}
HKCR\CLSID\{91E9FA44-A61D-41A1-88ED-334BCA49E446}
HKCR\CLSID\{91E9FA44-A61D-41A1-88ED-334BCA49E446}\InprocServer32
HKCR\CLSID\{91E9FA44-A61D-41A1-88ED-334BCA49E446}\InprocServer32#ThreadingModel

Adware.Tracking Cookie
C:\Documents and Settings\Zach\Cookies\[email protected][1].txt
C:\Documents and Settings\Zach\Cookies\zach@burstnet[1].txt
C:\Documents and Settings\Zach\Cookies\[email protected][1].txt
C:\Documents and Settings\Zach\Cookies\[email protected][1].txt
C:\Documents and Settings\Zach\Cookies\zach@tacoda[1].txt
C:\Documents and Settings\Zach\Cookies\zach@kontera[1].txt
C:\Documents and Settings\Zach\Cookies\[email protected][1].txt
C:\Documents and Settings\Zach\Cookies\zach@hitbox[2].txt
C:\Documents and Settings\Zach\Cookies\[email protected][1].txt
C:\Documents and Settings\Zach\Cookies\zach@clickbank[2].txt
C:\Documents and Settings\Zach\Cookies\zach@casalemedia[1].txt
C:\Documents and Settings\Zach\Cookies\[email protected][1].txt
C:\Documents and Settings\Zach\Cookies\zach@adrevolver[2].txt
C:\Documents and Settings\Zach\Cookies\zach@media6degrees[2].txt
C:\Documents and Settings\Zach\Cookies\zach@fastclick[1].txt
C:\Documents and Settings\Zach\Cookies\[email protected][1].txt
C:\Documents and Settings\Zach\Cookies\zach@antispywaresuite[1].txt
C:\Documents and Settings\Zach\Cookies\zach@indextools[2].txt
C:\Documents and Settings\Zach\Cookies\[email protected][1].txt
C:\Documents and Settings\Zach\Cookies\[email protected][1].txt
C:\Documents and Settings\Zach\Cookies\zach@atdmt[2].txt
C:\Documents and Settings\Zach\Cookies\[email protected][1].txt
C:\Documents and Settings\Zach\Cookies\[email protected][1].txt
C:\Documents and Settings\Zach\Cookies\[email protected][1].txt
C:\Documents and Settings\Zach\Cookies\zach@overture[2].txt
C:\Documents and Settings\Zach\Cookies\zach@advertising[2].txt
C:\Documents and Settings\Zach\Cookies\zach@realmedia[2].txt
C:\Documents and Settings\Zach\Cookies\[email protected][2].txt
C:\Documents and Settings\Zach\Cookies\zach@doubleclick[1].txt
C:\Documents and Settings\Zach\Cookies\zach@tribalfusion[2].txt
C:\Documents and Settings\Zach\Cookies\zach@revsci[1].txt
C:\Documents and Settings\Zach\Cookies\zach@2o7[1].txt
C:\Documents and Settings\Zach\Cookies\[email protected][2].txt
C:\Documents and Settings\Zach\Cookies\[email protected][2].txt
C:\Documents and Settings\Zach\Cookies\zach@trafficmp[2].txt
C:\Documents and Settings\Zach\Cookies\zach@apmebf[2].txt
C:\Documents and Settings\Zach\Cookies\zach@mediaplex[2].txt
C:\Documents and Settings\Zach\Cookies\zach@atwola[1].txt
C:\Documents and Settings\Zach\Cookies\zach@adnetserver[1].txt
C:\Documents and Settings\Zach\Cookies\zach@questionmarket[1].txt
.2o7.net [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
.revenue.net [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
.kontera.com [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
.fastclick.net [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
.adbrite.com [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
.toplist.cz [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
2.adbrite.com [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
www.madtracker.org [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
www.madtracker.org [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
.madtracker.org [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
.madtracker.org [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
eas.apm.emediate.eu [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
eas.apm.emediate.eu [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
eas.apm.emediate.eu [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
.e-2dj6wgkosodjagp.stats.esomniture.com [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
4.adbrite.com [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
4.adbrite.com [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
ad1.clickhype.com [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
www.googleadservices.com [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
adopt.euroclick.com [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
.adopt.euroclick.com [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
ads.revsci.net [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
www.googleadservices.com [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
digitalmedia.oreilly.com [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
clicktorrent.info [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
clicktorrent.info [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
clicktorrent.info [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
clicktorrent.info [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
clicktorrent.info [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
clicktorrent.info [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
clicktorrent.info [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
clicktorrent.info [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
ads3.blastro.com [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
ads2.blastro.com [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
ads3.blastro.com [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
ads4.blastro.com [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
.tremor.adbureau.net [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
.tremor.adbureau.net [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
ads4.blastro.com [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
ads4.blastro.com [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
tremor.adbureau.net [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
.soundclick.com [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
.soundclick.com [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]
.soundclick.com [ C:\Documents and Settings\Zach\Application Data\Mozilla\Firefox\Profiles\74lnn0fq.default\cookies.txt ]

Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\aoprndtws
HKLM\SOFTWARE\Microsoft\FCOVM
HKLM\SOFTWARE\Microsoft\RemoveRP
HKU\S-1-5-21-3555808789-2655381727-310253540-1008\Software\Microsoft\rdfa

Trojan.Vundo-Variant/F
C:\WINDOWS\SYSTEM32\LJJDTQQH.DLL
C:\WINDOWS\SYSTEM32\VTUNKIJD.DLL

Trojan.Vundo-Variant/Small-GEN
C:\WINDOWS\SYSTEM32\URQQJHWT.DLL



i dont know who messed with my comp but, i think it might have been my bro...somethings wrong with it

i cant get the other logs because they arent there anymore......i just dont know what direction to go in now


ohh yea and it said i had a "tenga" virus also...this all started when i downloaded a free desktop theme called "greenerytheme" now that i remember that


i run winxp pro sp2, intell core duo processor 140 gigs hd and 1 gig of ram

Edited by blitzzy, 28 May 2008 - 12:37 AM.

  • 0

Advertisements

#2
blitzzy
Posted 28 May 2008 - 01:05 AM

blitzzy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
please note that it seemed there was a different virus before i ran these programs and deleted it...my computer is FASTER since i scanned with my programs...but the "bad image file" will not go away...its with every program pretty much..cant install anything new....i see that u guys have resolved a similar issue like mine so hopefully u can help....
  • 0

#3
RatHat
Posted 28 May 2008 - 08:48 AM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Hi there,

Welcome to GeeksToGo. My name is RatHat, and I will help you get through the process of cleaning the malware from your computer.


OK firstly, I need you to print out each post I make so that you can refer to it while we fix your computer. This is because there will be times when you are unable to be online to read my instructions, and I will want you to do everything very carefully. I also need you to follow my instructions in the order that they are given. If however, you cannot carry out one of them, please continue on with the next and let me know what you were unsuccessful with. Please ensure you turn off word wrap in Notepad. To do this, open Notepad, choose Format, then Un-check Word Wrap. (Word Wrap makes reading your log difficult).

Next, I would like to make sure that you can view hidden files and folders;
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading SELECT Show hidden files and folders.
  • UNCHECK the Hide protected operating system files (recommended) option.
  • UNCHECK the Hide extensions for known file types option.
  • Click Yes to confirm.
  • Click OK.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, DSS will open two Notepad files: main.txt and extra.txt
  • Use Save As to save both Notepad files to your Desktop and post them in your next reply.
Note: A copy of these files can be found in you root drive, usually C:\Deckard\System Scanner\

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


So in your next reply, please include the following logs:
  • The contents of DSS main.txt
  • The contents of DSS extra.txt
Regards,
RatHat
  • 0

#4
blitzzy
Posted 28 May 2008 - 12:02 PM

blitzzy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
dss.exe will not install on my system (says it encounters an error and needs to close)

heres the hijack this log, thank yo9u very much for your help

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:31 AM, on 28/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\AOL\1211916721\ee\AOLSoftware.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\JGsoft\EditPadPro6\EditPadPro.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol\aim toolbar 5.0\AolTbServer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5071006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5071006
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Acrobat Speed Launch] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1211916721\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NodLogin] C:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ssqQjIyw - ssqQjIyw.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

--
End of file - 7356 bytes


number 2
ComboScan v20070226.18 run by Zach on 2008-05-28 at 10:52:09
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information -----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU 4300 @ 1.80GHz
CPU 1: Intel® Core™2 CPU 4300 @ 1.80GHz
Percentage of Memory in Use: 35%
Physical Memory (total/avail): 989.9 MiB / 637.25 MiB
Pagefile Memory (total/avail): 2386.59 MiB / 2087.45 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1984.89 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 148.96 GiB total, 122.94 GiB free.
D: is CDROM (CDFS)
E: is CDROM (No Media)
F: is CDROM (CDFS)


-- Security Center --------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: ESET NOD32 Antivirus 3.0 v3.0 (ESET, spol. s r. o.) Disabled


-- Environment Variables --------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Zach\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ZACHLEMAS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Zach
LOGONSERVER=\\ZACHLEMAS
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\iZotope\Runtimes
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Zach\LOCALS~1\Temp
TMP=C:\DOCUME~1\Zach\LOCALS~1\Temp
USERDOMAIN=ZACHLEMAS
USERNAME=Zach
USERPROFILE=C:\Documents and Settings\Zach
windir=C:\WINDOWS


-- User Profiles ----------------------------------------------------------------

Zach (admin)
Administrator (admin)


-- Add/Remove Programs ----------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> MsiExec.exe /I{0F122737-72B2-4095-8B3E-7AAE753DFD3D}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Ableton Live v7.0.1 --> "C:\Program Files\Ableton\Live 7.0.1\Uninstall\unins000.exe"
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 8.1.0 Standard --> msiexec /I {AC76BA86-1033-0000-BA7E-000000000003}
Adobe Audition 3.0 --> msiexec /I {53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AIM Toolbar 5.0 --> "C:\Program Files\AOL\AIM Toolbar 5.0\uninstall.exe"
Ambisone VST 2.02 --> C:\WINDOWS\iun6002.exe "C:\Program Files\VstPlugins\Ambisone VST\irunin.ini"
Ambisone VST v1.07 --> C:\PROGRA~1\Cakewalk\VSTPLU~1\Ambisone\UNWISE.EXE C:\PROGRA~1\Cakewalk\VSTPLU~1\Ambisone\INSTALL.LOG
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
ATI Catalyst Control Center --> MsiExec.exe /I{CB9FF6BD-FCE9-43FB-AD3C-5BCD4C822962}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audacity 1.3.5 (Unicode) --> "C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
BitTorrent --> C:\Program Files\BitTorrent\uninst.exe
Broadcom Management Programs --> MsiExec.exe /I{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}
DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL
DreamStation DXi2 --> C:\WINDOWS\DSDXIRMV.EXE C:\PROGRAM FILES\CAKEWALK\SHARED DXI\AUDIO SIMULATION\DREAMSTATION DXI2
Dynasone --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Steinberg\Cubase VST\Vstplugins\DeIsL1.isu" -c"C:\Program Files\Steinberg\Cubase VST\Vstplugins\_ISREG32.DLL"
Elevayta Wider Boy v4.92d VST --> C:\PROGRA~1\ELEVAY~1\WIDERB~1\UNWISE.EXE C:\PROGRA~1\ELEVAY~1\WIDERB~1\INSTALL.LOG
ESET NOD32 Antivirus --> MsiExec.exe /I{98B987B8-17AE-4883-879A-65E6FB41A51C}
Free Mp3/Wma/Ogg Converter 3.7 --> "C:\Program Files\Free Mp3WmaOgg Converter\unins000.exe"
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 1.99.1 --> C:\Program Files\HijackThis\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
ISO Recorder --> MsiExec.exe /I{DFC6573E-124D-4026-BFA4-B433C9D3FF21}
iZotope Ozone 3 --> "C:\Program Files\iZotope\Ozone 3\unins000.exe"
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
JGsoft EditPad Pro 6 DEMO 6.4.1 --> C:\WINDOWS\UnDeploy.exe "C:\Program Files\JGsoft\EditPadPro6\Deploy.log"
K-Lite Codec Pack 3.9.0 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Learning Essentials for Microsoft Office --> MsiExec.exe /X{75F3A4B2-F6E8-434D-A2EF-DBBC016C6CB2}
Lexicon Lambda ASIO (remove only) --> C:\Program Files\Lexicon\Lambda\LambdaUNInstaller.exe
Lexicon Pantheon VST Plug-in (remove only) --> C:\Program Files\Lexicon\Lexicon Pantheon VST Plug-inUNInstaller.exe
Mavis Beacon Teaches Typing 17 --> C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 17\Uninstall.xml"
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Math --> MsiExec.exe /I{07043840-959A-4B0D-8825-2C533F0DDB19}
Microsoft Office 2003 Web Components --> MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2007 Primary Interop Assemblies --> MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Small Business 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall SMALLBUSINESSR /dll OSETUP.DLL
Microsoft Office Small Business 2007 --> MsiExec.exe /X{91120000-00CA-0000-0000-0000000FF1CE}
Microsoft Office Small Business Connectivity Components --> MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server Native Client --> MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft Student 2007 for Learning Essentials --> RunDll32.exe advpack.dll, LaunchINFSectionEx C:\Program Files\Learning Essentials\1.0\en\US\Microsoft Student 2007\Uninstall\Uninstall.inf,Uninstall,,,N
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MS Geometry 2.0 --> "C:\WINDOWS\MS Geometry\uninstall.exe" "/U:C:\Program Files\Homeworkhelp.com\MS Geometry\irunin.xml"
MSI Wireless LAN Card --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCD71234-2287-41D2-96AD-3D3C66D60FBC}\setup.exe" -l0x9 -removeonly
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NetZero For Riverdeep --> MsiExec.exe /X{86C1A488-24AD-42F0-BCEF-FDB11FC2BEFA}
OrangeVocoder --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Steinberg\Cubase VST\Vstplugins\DeIsL2.isu" -cC:\PROGRA~1\STEINB~1\CUBASE~2\VSTPLU~1\_ISREG32.DLL
OrangeVocoder v2.0-OxYGeN --> C:\WINDOWS\vocoder\UNWISE.EXE C:\WINDOWS\vocoder\INSTALL.LOG
PiWarp VST 2.02 --> C:\WINDOWS\iun6002.exe "C:\Program Files\VstPlugins\PiWarp VST\irunin.ini"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{281ECE39-F043-492B-8337-F2E546B5604A}\Setup.exe" -l0x9 -cluninstall
Prosoniq Morph VST v1.0 --> C:\PROGRA~1\Cakewalk\VSTPLU~1\PROSON~1\UNWISE.EXE C:\PROGRA~1\Cakewalk\VSTPLU~1\PROSON~1\INSTALL.LOG
Prosoniq OrangeVocoder v1.4 --> C:\PROGRA~1\Cakewalk\VSTPLU~1\ORANGE~1\UNWISE.EXE C:\PROGRA~1\Cakewalk\VSTPLU~1\ORANGE~1\INSTALL.LOG
Ready Reference --> "C:\Program Files\Britannica 7.0\Ready Reference\UninstallerData\Uninstall Ready Reference.exe"
Roomulator VST 1.07 --> C:\PROGRA~1\Cakewalk\VSTPLU~1\ROOMUL~1\UNWISE.EXE C:\PROGRA~1\Cakewalk\VSTPLU~1\ROOMUL~1\INSTALL.LOG
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin --> MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Drag-to-Disc --> MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SONAR 7 Producer Edition --> "C:\Program Files\Cakewalk\SONAR 7 Producer Edition\unins000.exe"
Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
SpinAudio VST-DX Wrapper Lite --> C:\Program Files\Spin Audio\VSTDX Wrapper Lite\wluninst.exe
SUPERAntiSpyware Professional --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Syncrosoft License Control --> C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG
T-RackS 1.x --> C:\Program Files\InstallShield Installation Information\{37BCCAE2-A3AD-4E03-B4FD-A1BE1FE6365A}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
UltraISO Premium V9.12 --> "C:\Program Files\UltraISO\unins000.exe"
Uninstall AOL Emergency Connect Utility 1.0 --> C:\Program Files\Common Files\AOL\ECU\uninst.exe
Update for Office 2007 (KB946691) --> msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
US History 1.5 --> "C:\WINDOWS\US History\uninstall.exe" "/U:C:\Program Files\Homeworkhelp.com\US History\irunin.xml"
Waves Diamond Bundle v5.2 --> C:\PROGRA~1\Waves\DIAMON~1\UNWISE.EXE C:\PROGRA~1\Waves\DIAMON~1\INSTALL.LOG
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->


-- End of ComboScan: finished at 2008-05-28 at 10:52:52 -------------------------
  • 0

#5
RatHat
Posted 28 May 2008 - 05:53 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
That is an old version of DSS that you have, when it was named Comboscan. Do you have the first log it produced, named main.txt?


Please uninstall the following programs:

BitTorrent
J2SE Runtime Environment 5.0 Update 6

  • Go to Start then Settings, then Control Panel
  • Choose Add or Remove Programs
  • Remove all of the above
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please read this Combofix tutorial before continuing, then follow the instructions below.

Please ensure you read this guide carefully and install the Recovery Console first.

Next, download ComboFix from Here or Here to your Desktop.

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System.

Posted Image

Download the file & save it as it's originally named, next to ComboFix.exe.

Posted Image

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you. Save this log to your desktop as Combofix.txt and post it in your next reply.

(Note: Combofix will also save the report to C:\Combofix.txt)

Regards,
RatHat
  • 0

#6
blitzzy
Posted 28 May 2008 - 06:43 PM

blitzzy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
thanks alot! here it is



ComboFix 08-05-28.4 - Zach 2008-05-28 17:39:38.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.623 [GMT -7:00]
Running from: C:\Documents and Settings\Zach\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Zach\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
* Resident AV is active

.
/wow section - STAGE 38
The syntax of the command is incorrect.


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\msvcsv60.dll
.
---- Previous Run -------
.
C:\WINDOWS\BM178793bd.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ajhborvv.ini
C:\WINDOWS\system32\jfftoasw.dll
C:\WINDOWS\system32\lnnpsBeg.ini
C:\WINDOWS\system32\lnnpsBeg.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\qrdhyvhn.dll
C:\WINDOWS\system32\wsaotffj.ini

.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-29 )))))))))))))))))))))))))))))))
.

2008-05-28 17:33 . 2008-05-28 17:33 <DIR> d-------- C:\WINDOWS\LastGood
2008-05-28 17:14 . 2008-05-28 17:14 0 --a------ C:\WINDOWS\system32\REN25A.tmp
2008-05-28 17:14 . 2008-05-28 17:14 0 --a------ C:\WINDOWS\system32\REN259.tmp
2008-05-28 10:58 . 2008-05-28 10:58 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-28 10:52 . 2008-05-28 10:52 <DIR> d-------- C:\ComboScan
2008-05-28 10:43 . 2008-05-28 10:43 <DIR> d-------- C:\Program Files\JGsoft
2008-05-28 10:43 . 2008-05-28 10:43 <DIR> d-------- C:\Documents and Settings\Zach\Application Data\JGsoft
2008-05-28 10:43 . 2008-01-17 03:00 67,208 --a------ C:\WINDOWS\UnDeploy.exe
2008-05-28 10:26 . 2008-05-28 10:26 <DIR> d-------- C:\Deckard
2008-05-27 20:03 . 2008-05-27 20:03 <DIR> d-------- C:\Program Files\Windows Defender
2008-05-27 19:47 . 2008-05-27 19:47 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-27 17:32 . 2008-05-27 17:32 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-27 17:32 . 2008-05-27 17:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-27 17:32 . 2008-05-27 17:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-27 17:31 . 2008-05-27 17:31 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-27 17:31 . 2008-05-27 17:32 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-27 17:31 . 2008-05-27 17:31 <DIR> d-------- C:\Documents and Settings\Zach\Application Data\SUPERAntiSpyware.com
2008-05-27 17:24 . 2008-05-27 17:24 203 --a------ C:\Shortcut to CD Drive.lnk
2008-05-27 16:52 . 2008-05-27 16:52 <DIR> d-------- C:\Program Files\ESET
2008-05-27 15:47 . 2008-05-27 15:47 <DIR> d-------- C:\Documents and Settings\Zach\Application Data\Viewpoint
2008-05-27 14:11 . 2008-05-27 14:11 <DIR> d-------- C:\Program Files\Spin Audio
2008-05-27 12:47 . 2008-05-27 12:47 10,920 --a------ C:\aolconnfix.exe
2008-05-27 12:35 . 2008-05-27 12:35 <DIR> d-------- C:\Documents and Settings\Zach\Application Data\AOL
2008-05-27 12:34 . 2008-05-27 12:34 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2008-05-27 12:33 . 2003-01-10 14:13 33,588 -ra------ C:\WINDOWS\system32\drivers\wanatw4.sys
2008-05-27 12:31 . 2008-05-27 12:31 <DIR> d-------- C:\WINDOWS\aolshare
2008-05-27 12:31 . 2008-05-27 12:34 <DIR> d-------- C:\Program Files\Common Files\aolshare
2008-05-27 12:31 . 2008-05-27 12:59 <DIR> d-------- C:\Program Files\AOL 9.1
2008-05-27 11:55 . 2008-05-27 12:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-05-27 11:22 . 2008-05-27 11:22 <DIR> d-------- C:\Program Files\%temp&
2008-05-27 11:21 . 2008-05-27 11:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-05-27 01:03 . 2008-05-27 01:03 588,800 --a------ C:\WINDOWS\system32\OLD290.tmp
2008-05-27 01:03 . 2008-05-27 01:03 289,792 --a------ C:\WINDOWS\system32\OLD28A.tmp
2008-05-27 01:03 . 2008-05-27 01:03 109,568 --a------ C:\WINDOWS\system32\OLD29C.tmp
2008-05-27 01:03 . 2008-05-27 01:03 75,264 --a------ C:\WINDOWS\system32\OLD287.tmp
2008-05-27 01:03 . 2008-05-27 01:01 45,568 --a------ C:\WINDOWS\system32\OLD27D.tmp
2008-05-27 01:03 . 2008-05-27 01:03 42,496 --a------ C:\WINDOWS\system32\OLD293.tmp
2008-05-27 01:03 . 2008-05-27 01:03 33,280 --a------ C:\WINDOWS\system32\OLD280.tmp
2008-05-27 01:03 . 2008-05-27 01:03 32,768 --a------ C:\WINDOWS\system32\OLD283.tmp
2008-05-27 01:03 . 2008-05-27 01:03 11,776 --a------ C:\WINDOWS\system32\OLD295.tmp
2008-05-27 01:03 . 2008-05-27 01:02 8,192 --a------ C:\WINDOWS\system32\OLD279.tmp
2008-05-27 00:28 . 2008-05-27 00:28 <DIR> d-------- C:\Program Files\Plus!
2008-05-27 00:25 . 2008-05-27 00:25 <DIR> d-------- C:\Program Files\Mojicon Installer
2008-05-27 00:11 . 2008-05-27 00:11 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-05-27 00:06 . 2008-05-27 00:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-27 00:03 . 2008-05-27 00:03 <DIR> d-------- C:\Program Files\Waves
2008-05-27 00:01 . 2008-05-27 00:02 <DIR> d-------- C:\Program Files\Prosoniq
2008-05-27 00:01 . 2008-05-27 00:01 <DIR> d-------- C:\Documents and Settings\Zach\WINDOWS
2008-05-27 00:01 . 2008-05-27 04:43 299,520 --a------ C:\WINDOWS\uninst.exe
2008-05-27 00:01 . 1999-04-20 00:32 16,028 --a------ C:\WINDOWS\system32\pQFn.fxb
2008-05-27 00:00 . 2008-05-27 00:01 <DIR> d-------- C:\WINDOWS\vocoder
2008-05-26 23:59 . 2008-05-27 00:00 <DIR> d-------- C:\WINDOWS\system32\IOSUBSYS
2008-05-26 23:59 . 1999-05-04 02:38 39,741 --a------ C:\WINDOWS\system32\tpkd.vxd
2008-05-26 23:58 . 2008-05-26 23:58 <DIR> d-------- C:\Program Files\Elevayta Creativity Tools
2008-05-26 23:58 . 1999-04-20 00:32 17,564 --a------ C:\WINDOWS\system32\pQVr.fxb
2008-05-26 23:56 . 2008-05-27 00:01 <DIR> d-------- C:\Program Files\VstPlugins
2008-05-26 23:56 . 2008-05-27 04:43 720,896 --a------ C:\WINDOWS\iun6002.exe
2008-05-26 23:45 . 2008-05-27 00:11 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-26 17:24 . 2008-05-26 17:24 <DIR> d-------- C:\Program Files\IK Multimedia
2008-05-26 17:24 . 2008-05-26 21:51 16 --a------ C:\WINDOWS\system32\w3data.vss
2008-05-26 17:24 . 2008-05-26 21:51 16 --a------ C:\WINDOWS\msocreg32.dat
2008-05-26 17:23 . 2008-05-26 17:23 <DIR> d-------- C:\Documents and Settings\Zach\Application Data\InstallShield
2008-05-26 16:48 . 2008-05-26 16:48 <DIR> d-------- C:\Program Files\iZotope
2008-05-26 16:48 . 2008-05-26 16:48 <DIR> d-------- C:\Program Files\Common Files\iZotope
2008-05-26 16:48 . 2008-05-26 16:48 <DIR> d-------- C:\Program Files\Common Files\Digidesign
2008-05-26 16:48 . 2008-05-26 16:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iZotope
2008-05-26 16:36 . 2008-05-26 16:36 <DIR> d-------- C:\Documents and Settings\Zach\Application Data\Media Player Classic
2008-05-26 13:34 . 2008-05-26 13:34 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-05-26 13:34 . 2008-03-21 13:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-26 13:08 . 2008-05-26 13:08 <DIR> d-------- C:\Program Files\Free Mp3WmaOgg Converter
2008-05-26 11:19 . 2007-10-24 18:57 1,986,560 --a------ C:\WINDOWS\system32\NCTAudioFile2.dll
2008-05-26 11:19 . 2007-10-16 15:38 1,212,416 --a------ C:\WINDOWS\system32\NCTAudioInformation2.dll
2008-05-26 11:19 . 2007-10-24 18:57 835,584 --a------ C:\WINDOWS\system32\NCTAudioCDGrabber2.dll
2008-05-26 11:19 . 2005-02-24 11:51 348,160 --a------ C:\WINDOWS\system32\NCTWMAFile2.dll
2008-05-26 11:19 . 2006-03-23 12:56 113,486 --a------ C:\WINDOWS\system32\NCTWMAProfiles.prx
2008-05-26 00:28 . 2008-05-26 00:28 <DIR> d-------- C:\Program Files\Ableton
2008-05-26 00:28 . 2003-06-20 12:28 1,777,664 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-05-25 16:50 . 2008-05-25 16:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-25 16:50 . 2008-05-25 16:50 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-25 15:38 . 2008-05-25 15:38 <DIR> d-------- C:\Documents and Settings\Zach\Application Data\acccore
2008-05-25 15:37 . 2008-05-27 14:36 <DIR> d-------- C:\Program Files\Viewpoint
2008-05-25 15:37 . 2008-05-27 14:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-25 15:37 . 2008-05-25 15:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-05-25 15:37 . 2008-05-27 12:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-05-25 15:36 . 2008-05-27 12:35 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-05-25 15:36 . 2008-05-25 15:37 <DIR> d-------- C:\Program Files\AIM6
2008-05-25 14:12 . 2008-05-25 14:12 <DIR> d-------- C:\Documents and Settings\Zach\Application Data\Apple Computer
2008-05-25 11:05 . 2008-05-26 17:39 <DIR> d-------- C:\Documents and Settings\Zach\Application Data\Cakewalk
2008-05-25 11:04 . 2008-05-27 04:42 118,784 --a------ C:\WINDOWS\dsdxirmv.exe
2008-05-25 10:58 . 2006-02-24 10:00 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2008-05-25 10:58 . 2006-11-30 15:49 368,640 --a------ C:\WINDOWS\system32\ReWire.dll
2008-05-25 10:58 . 2006-02-24 10:00 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-05-25 10:58 . 2004-04-13 14:48 233,472 --a------ C:\WINDOWS\system32\REX Shared Library.dll
2008-05-25 10:57 . 2008-05-25 11:03 <DIR> d-------- C:\Program Files\Cakewalk
2008-05-25 10:57 . 2008-05-25 11:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Cakewalk
2008-05-25 10:57 . 2008-05-27 11:04 <DIR> d-------- C:\Cakewalk Projects
2008-05-25 10:43 . 2008-05-25 10:43 <DIR> d-------- C:\Program Files\UltraISO
2008-05-25 10:43 . 2008-05-25 10:43 <DIR> d-------- C:\Program Files\Common Files\EZB Systems
2008-05-25 10:24 . 2008-05-25 14:20 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-05-25 10:22 . 2008-05-25 10:22 <DIR> d-------- C:\Documents and Settings\Zach\Application Data\DAEMON Tools
2008-05-25 10:22 . 2008-05-25 10:22 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-25 10:19 . 2008-05-25 10:19 <DIR> d-------- C:\Program Files\Alex Feinman
2008-05-25 09:47 . 2008-05-25 09:47 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-05-24 20:06 . 2008-05-24 20:06 <DIR> d-------- C:\Documents and Settings\Zach\Application Data\Thinstall
2008-05-24 18:43 . 2008-05-24 18:43 <DIR> d-------- C:\Program Files\DNA
2008-05-24 18:43 . 2008-05-28 17:39 <DIR> d-------- C:\Documents and Settings\Zach\Application Data\DNA
2008-05-24 18:43 . 2008-05-27 01:04 <DIR> d-------- C:\Documents and Settings\Zach\Application Data\BitTorrent
2008-05-24 18:21 . 2008-05-26 00:28 <DIR> d-------- C:\Documents and Settings\Zach\Application Data\Ableton
2008-05-24 18:21 . 2008-05-24 18:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ableton
2008-05-24 16:40 . 2008-05-27 16:49 <DIR> d-------- C:\Temp\ext18866
2008-05-24 15:08 . 2008-05-24 15:08 <DIR> d-------- C:\Documents and Settings\Zach\Application Data\Steinberg
2008-05-24 14:55 . 2008-05-24 14:55 <DIR> d-------- C:\WINDOWS\Cache
2008-05-24 14:55 . 2008-05-24 17:19 <DIR> d-------- C:\Program Files\Lexicon
2008-05-24 14:54 . 2008-05-27 00:01 <DIR> d-------- C:\Program Files\Steinberg
2008-05-24 14:53 . 2008-05-24 14:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Syncrosoft
2008-05-24 14:53 . 2006-01-29 12:48 147,425 --a------ C:\WINDOWS\system32\SYNSOACC-Aide.chm
2008-05-24 14:53 . 2006-01-29 12:48 120,468 --a------ C:\WINDOWS\system32\SYNSOACC-Hilfe.chm
2008-05-24 14:53 . 2006-01-29 12:48 114,279 --a------ C:\WINDOWS\system32\SYNSOACC-Help.chm
2008-05-24 14:53 . 2006-11-23 18:20 18,432 --a------ C:\WINDOWS\system32\drivers\synasUSB.sys
2008-05-24 14:53 . 2008-05-24 14:53 2,892 --a------ C:\WINDOWS\system32\audcon.sys
2008-05-24 14:52 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-05-24 14:52 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-05-24 14:50 . 2008-05-24 16:38 <DIR> d-------- C:\Program Files\Syncrosoft
2008-05-24 14:50 . 2007-08-01 15:58 765,952 --a------ C:\WINDOWS\system32\SYNSOACC.dll
2008-05-24 14:50 . 2006-01-29 12:48 147,456 --a------ C:\WINDOWS\system32\SynsoLChk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-29 00:15 --------- d-----w C:\Program Files\Java
2008-05-27 12:12 98,304 ----a-w C:\WINDOWS\system32\verifier.exe
2008-05-27 12:11 86,016 ----a-w C:\WINDOWS\system32\netsh.exe
2008-05-27 12:10 98,304 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-27 12:07 99,840 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\HelpHost.exe
2008-05-27 12:07 743,936 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe
2008-05-27 12:07 35,328 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\notiflag.exe
2008-05-27 12:07 18,944 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\HscUpd.exe
2008-05-27 12:00 53,248 ----a-w C:\WINDOWS\Help\SBSI\Training\usersid.exe
2008-05-27 12:00 233,472 ----a-w C:\WINDOWS\Help\SBSI\Training\ounins32_s.exe
2008-05-27 12:00 1,077,248 ----a-w C:\WINDOWS\Help\SBSI\Training\orun32.exe
2008-05-27 11:43 98,304 ----a-w C:\WINDOWS\setpwr32.exe
2008-05-27 11:43 306,688 ----a-w C:\WINDOWS\IsUninst.exe
2008-05-27 11:43 274,432 ----a-w C:\WINDOWS\TLCUninstall.exe
2008-05-27 11:43 25,600 ----a-w C:\WINDOWS\twunk_32.exe
2008-05-27 11:43 15,360 ----a-w C:\WINDOWS\TASKMAN.EXE
2008-05-27 11:42 86,016 ----a-w C:\WINDOWS\DLA.EXE
2008-05-27 08:02 815,104 ----a-w C:\WINDOWS\system32\mmc.exe
2008-05-27 08:02 69,120 ----a-w C:\WINDOWS\notepad.exe
2008-05-27 08:02 56,832 ----a-w C:\WINDOWS\system32\rasphone.exe
2008-05-27 08:02 45,568 ----a-w C:\WINDOWS\system32\drwtsn32.exe
2008-05-27 08:02 32,256 ----a-w C:\WINDOWS\system32\wpnpinst.exe
2008-05-27 08:02 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2008-05-27 08:02 24,576 ----a-w C:\WINDOWS\system32\userinit.exe
2008-05-27 08:02 15,872 ----a-w C:\WINDOWS\system32\perfmon.exe
2008-05-27 08:02 114,688 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-27 08:02 1,200,128 ----a-w C:\WINDOWS\system32\ntbackup.exe
2008-05-27 08:01 45,568 ----a-w C:\WINDOWS\system32\dllcache\mshta.exe
2008-05-27 08:01 20,992 ----a-w C:\WINDOWS\system32\fontview.exe
2008-05-27 08:01 183,808 ----a-w C:\WINDOWS\system32\accwiz.exe
2008-05-27 08:01 146,432 ----a-w C:\WINDOWS\regedit.exe
2008-05-27 08:01 102,912 ----a-w C:\WINDOWS\system32\clipbrd.exe
2008-05-27 08:00 10,752 ----a-w C:\WINDOWS\system32\dumprep.exe
2008-05-27 00:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-26 00:45 --------- d-----w C:\Program Files\QuickTime
2008-05-25 17:23 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-25 16:47 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-24 23:40 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-24 23:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-23 06:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-17 23:42 --------- d-----w C:\Program Files\SuperStar
2008-05-17 23:42 --------- d-----w C:\Program Files\Microsoft Student
2008-05-17 23:39 --------- d-----w C:\Program Files\Google
2008-05-17 23:35 --------- d-----w C:\Program Files\Microsoft.NET
2008-05-17 23:32 --------- d-----w C:\Program Files\Microsoft Small Business
2008-05-17 23:31 --------- d-----w C:\Program Files\Transparent
2008-04-23 22:00 33,800 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-04-23 21:53 29,704 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-04-23 21:52 40,456 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2008-03-28 17:41 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-06 10:12 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-03-06 10:12 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-03-02 01:36 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
.

------- Sigcheck -------

2008-05-27 04:52 2015744 85d6b0d223476312175795b7ffd94b1b C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2008-05-27 05:11 2017280 bd457135f13b4434dbcb89bc22e80352 C:\WINDOWS\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00 15360]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-24 18:43 289088]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 12:43 1510640]
"AOL Fast Start"="C:\Program Files\AOL 9.1\AOL.exe" [2008-03-06 03:12 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 00:07 843776]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 14:50 81920]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 07:00 1116920]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 15:23 118784]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 20:46 624248]
"Acrobat Speed Launch"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe" [2006-10-23 01:40 46200]
"HostManager"="C:\Program Files\Common Files\AOL\1211916721\ee\AOLSoftware.exe" [2007-05-25 10:16 42032]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-04-23 14:57 1443072]
"NodLogin"="C:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe" [2008-04-11 16:23 299788]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqQjIyw]
ssqQjIyw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
"C:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1211916721\\ee\\aolsoftware.exe"=
"C:\\Program Files\\AOL 9.1\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

R0 atiide;atiide;C:\WINDOWS\system32\DRIVERS\atiide.sys [2006-09-14 01:45]
R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 08:35]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-04-23 15:00]
S3 CEUSBAUD;Lambda MIDI Device;C:\WINDOWS\system32\Drivers\CEUSBAUD.sys [2003-11-01 13:19]
S3 DfuUsb;DfuUsb;C:\WINDOWS\system32\DRIVERS\DFUUsb.sys [2001-11-27 15:46]
S3 SynasUSB;SynasUSB;C:\WINDOWS\system32\drivers\SynasUSB.sys [2006-11-23 18:20]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{222cbeac-0f30-11dd-b5b9-0019db9bcab7}]
\Shell\AutoRun\command - setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-05-29 00:32:20 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 17:41:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-28 17:41:48
ComboFix-quarantined-files.txt 2008-05-29 00:41:46

Pre-Run: 131,940,585,472 bytes free
Post-Run: 131,912,974,336 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

305 --- E O F --- 2008-05-24 23:40:26
  • 0

#7
RatHat
Posted 28 May 2008 - 09:10 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\REN25A.tmp
C:\WINDOWS\system32\REN259.tmp
C:\WINDOWS\system32\OLD290.tmp
C:\WINDOWS\system32\OLD28A.tmp
C:\WINDOWS\system32\OLD29C.tmp
C:\WINDOWS\system32\OLD287.tmp
C:\WINDOWS\system32\OLD27D.tmp
C:\WINDOWS\system32\OLD293.tmp
C:\WINDOWS\system32\OLD280.tmp
C:\WINDOWS\system32\OLD283.tmp
C:\WINDOWS\system32\OLD295.tmp
C:\WINDOWS\system32\OLD279.tmp
C:\WINDOWS\system32\pQFn.fxb
C:\WINDOWS\iun6002.exe
C:\WINDOWS\winhlp32.exe
C:\WINDOWS\system32\ssqQjIyw.dll

Folder::
C:\Documents and Settings\Zach\Application Data\Viewpoint
C:\Program Files\Viewpoint
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\Zach\Application Data\BitTorrent

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqQjIyw]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\DNA\\btdna.exe"=-

DirLook::
C:\Program Files\%temp&

C:\Temp\ext18866


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the Combofix.txt report into your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please run an online scan with Kaspersky WebScanner. Note: You must use Internet Explorer to run this scan.

Click the Accept button.

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display the results if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop as Kaspersky.txt.
  • Copy and paste that information in your next post.
Regards,
RatHat
  • 0

#8
blitzzy
Posted 28 May 2008 - 09:26 PM

blitzzy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
okay heres the comscan.txt log..now im doing the online scanner which i will post in a minute..thank you (:

theres some "try before u buy" type stuff...i tried to remove bittorrent but it wouldnt let me...the virus i got wont let me remove just yet (:

thanks for the help! ....i had none of these major problems (like with any of these "free" downloads") untill i actually downloaded a legit file "greenerytheme.exe" from a desktop themes website



ComboFix 08-05-28.4 - Zach 2008-05-28 20:15:09.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.474 [GMT -7:00]
Running from: C:\Documents and Settings\Zach\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Zach\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\iun6002.exe
C:\WINDOWS\system32\OLD279.tmp
C:\WINDOWS\system32\OLD27D.tmp
C:\WINDOWS\system32\OLD280.tmp
C:\WINDOWS\system32\OLD283.tmp
C:\WINDOWS\system32\OLD287.tmp
C:\WINDOWS\system32\OLD28A.tmp
C:\WINDOWS\system32\OLD290.tmp
C:\WINDOWS\system32\OLD293.tmp
C:\WINDOWS\system32\OLD295.tmp
C:\WINDOWS\system32\OLD29C.tmp
C:\WINDOWS\system32\pQFn.fxb
C:\WINDOWS\system32\REN259.tmp
C:\WINDOWS\system32\REN25A.tmp
C:\WINDOWS\system32\ssqQjIyw.dll
C:\WINDOWS\winhlp32.exe
.
/wow section - STAGE 38
pv: No matching processes found
The syntax of the command is incorrect.


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\Zach\Application Data\BitTorrent
C:\Documents and Settings\Zach\Application Data\BitTorrent\Ableton.Live.v7.0.1.WORKING-AiR.torrent
C:\Documents and Settings\Zach\Application Data\BitTorrent\Adobe Audition 3.0.torrent
C:\Documents and Settings\Zach\Application Data\BitTorrent\Cakewalk Sonar v7.0 Producer Edition DVDR DYNAMiCS.torrent
C:\Documents and Settings\Zach\Application Data\BitTorrent\dht.dat
C:\Documents and Settings\Zach\Application Data\BitTorrent\IK.Multimedia.T-RackS.VST.RTAS.v1.3.Incl.Keygen-AiR.torrent
C:\Documents and Settings\Zach\Application Data\BitTorrent\Kaspersky AntiVirus v8.0.1.32. Final(full+KEYGEN).rar.torrent
C:\Documents and Settings\Zach\Application Data\BitTorrent\resume.dat
C:\Documents and Settings\Zach\Application Data\BitTorrent\resume.dat.old
C:\Documents and Settings\Zach\Application Data\BitTorrent\rss.dat
C:\Documents and Settings\Zach\Application Data\BitTorrent\settings.dat
C:\Documents and Settings\Zach\Application Data\BitTorrent\settings.dat.old
C:\Documents and Settings\Zach\Application Data\BitTorrent\UltraISO Premium Edition 8.6.torrent
C:\Documents and Settings\Zach\Application Data\BitTorrent\UltraISO_Premium_Edition_v9.1.2.2465 + serial.rar.torrent
C:\Documents and Settings\Zach\Application Data\BitTorrent\VST Collection.rar.torrent
C:\Documents and Settings\Zach\Application Data\BitTorrent\Wavelab_vol.6.0.rar.torrent
C:\Documents and Settings\Zach\Application Data\Viewpoint
C:\Documents and Settings\Zach\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\URLCache.ini
C:\Documents and Settings\Zach\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\URLCache.ini
C:\Documents and Settings\Zach\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\URLCache.ini
C:\Documents and Settings\Zach\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\URLCache.ini
C:\Program Files\Viewpoint
C:\Program Files\Viewpoint\Viewpoint Media Player\HostRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini
C:\WINDOWS\iun6002.exe
C:\WINDOWS\system32\OLD279.tmp
C:\WINDOWS\system32\OLD27D.tmp
C:\WINDOWS\system32\OLD280.tmp
C:\WINDOWS\system32\OLD283.tmp
C:\WINDOWS\system32\OLD287.tmp
C:\WINDOWS\system32\OLD28A.tmp
C:\WINDOWS\system32\OLD290.tmp
C:\WINDOWS\system32\OLD293.tmp
C:\WINDOWS\system32\OLD295.tmp
C:\WINDOWS\system32\OLD29C.tmp
C:\WINDOWS\system32\pQFn.fxb
C:\WINDOWS\system32\REN259.tmp
C:\WINDOWS\system32\REN25A.tmp
C:\WINDOWS\winhlp32.exe

.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-29 )))))))))))))))))))))))))))))))
.

2008-05-28 10:58 . 2008-05-28 10:58 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-28 10:52 . 2008-05-28 10:52 <DIR> d-------- C:\ComboScan
2008-05-28 10:43 . 2008-05-28 10:43 <DIR> d-------- C:\Program Files\JGsoft
2008-05-28 10:43 . 2008-05-28 10:43 <DIR> d-------- C:\Documents and Settings\Zach\Application Data\JGsoft
2008-05-28 10:43 . 2008-01-17 03:00 67,208 --a------ C:\WINDOWS\UnDeploy.exe
2008-05-28 10:26 . 2008-05-28 10:26 <DIR> d-------- C:\Deckard
2008-05-27 20:03 . 2008-05-27 20:03 <DIR> d-------- C:\Program Files\Windows Defender
2008-05-27 19:47 . 2008-05-27 19:47 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-27 17:32 . 2008-05-27 17:32 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-27 17:32 . 2008-05-27 17:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-27 17:32 . 2008-05-27 17:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-27 17:31 . 2008-05-27 17:31 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-27 17:31 . 2008-05-27 17:32 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-27 17:31 . 2008-05-27 17:31 <DIR> d-------- C:\Documents and Settings\Zach\Application Data\SUPERAntiSpyware.com
2008-05-27 17:24 . 2008-05-27 17:24 203 --a------ C:\Shortcut to CD Drive.lnk
2008-05-27 16:52 . 2008-05-27 16:52 <DIR> d-------- C:\Program Files\ESET
2008-05-27 14:11 . 2008-05-27 14:11 <DIR> d-------- C:\Program Files\Spin Audio
2008-05-27 12:47 . 2008-05-27 12:47 10,920 --a------ C:\aolconnfix.exe
2008-05-27 12:35 . 2008-05-27 12:35 <DIR> d-------- C:\Documents and Settings\Zach\Application Data\AOL
2008-05-27 12:34 . 2008-05-27 12:34 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2008-05-27 12:33 . 2003-01-10 14:13 33,588 -ra------ C:\WINDOWS\system32\drivers\wanatw4.sys
2008-05-27 12:31 . 2008-05-27 12:31 <DIR> d-------- C:\WINDOWS\aolshare
2008-05-27 12:31 . 2008-05-27 12:34 <DIR> d-------- C:\Program Files\Common Files\aolshare
2008-05-27 12:31 . 2008-05-27 12:59 <DIR> d-------- C:\Program Files\AOL 9.1
2008-05-27 11:55 . 2008-05-27 12:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-05-27 11:22 . 2008-05-27 11:22 <DIR> d-------- C:\Program Files\%temp&
2008-05-27 11:21 . 2008-05-27 11:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-05-27 00:28 . 2008-05-27 00:28 <DIR> d-------- C:\Program Files\Plus!
2008-05-27 00:25 . 2008-05-27 00:25 <DIR> d-------- C:\Program Files\Mojicon Installer
2008-05-27 00:11 . 2008-05-27 00:11 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-05-27 00:06 . 2008-05-27 00:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-27 00:03 . 2008-05-27 00:03 <DIR> d-------- C:\Program Files\Waves
2008-05-27 00:01 . 2008-05-27 00:02 <DIR> d-------- C:\Program Files\Prosoniq
2008-05-27 00:01 . 2008-05-27 00:01 <DIR> d-------- C:\Documents and Settings\Zach\WINDOWS
2008-05-27 00:01 . 2008-05-27 04:43 299,520 --a------ C:\WINDOWS\uninst.exe
2008-05-27 00:00 . 2008-05-27 00:01 <DIR> d-------- C:\WINDOWS\vocoder
2008-05-26 23:59 . 2008-05-27 00:00 <DIR> d-------- C:\WINDOWS\system32\IOSUBSYS
2008-05-26 23:59 . 1999-05-04 02:38 39,741 --a------ C:\WINDOWS\system32\tpkd.vxd
2008-05-26 23:58 . 2008-05-26 23:58 <DIR> d-------- C:\Program Files\Elevayta Creativity Tools
2008-05-26 23:58 . 1999-04-20 00:32 17,564 --a------ C:\WINDOWS\system32\pQVr.fxb
2008-05-26 23:56 . 2008-05-27 00:01 <DIR> d-------- C:\Program Files\VstPlugins
2008-05-26 23:45 . 2008-05-27 00:11 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-26 17:24 . 2008-05-26 17:24 <DIR> d-------- C:\Program Files\IK Multimedia
2008-05-26 17:24 . 2008-05-26 21:51 16 --a------ C:\WINDOWS\system32\w3data.vss
2008-05-26 17:24 . 2008-05-26 21:51 16 --a------ C:\WINDOWS\msocreg32.dat
2008-05-26 17:23 . 2008-05-26 17:23 <DIR> d-------- C:\Documents and Settings\Zach\Application Data\InstallShield
2008-05-26 16:48 . 2008-05-26 16:48 <DIR> d-------- C:\Program Files\iZotope
2008-05-26 16:48 . 2008-05-26 16:48 <DIR> d-------- C:\Program Files\Common Files\iZotope
2008-05-26 16:48 . 2008-05-26 16:48 <DIR> d-------- C:\Program Files\Common Files\Digidesign
2008-05-26 16:48 . 2008-05-26 16:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iZotope
2008-05-26 16:36 . 2008-05-26 16:36 <DIR> d-------- C:\Documents and Settings\Zach\Application Data\Media Player Classic
2008-05-26 13:34 . 2008-05-26 13:34 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-05-26 13:34 . 2008-03-21 13:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-26 13:08 . 2008-05-26 13:08 <DIR> d-------- C:\Program Files\Free Mp3WmaOgg Converter
2008-05-26 11:19 . 2007-10-24 18:57 1,986,560 --a------ C:\WINDOWS\system32\NCTAudioFile2.dll
2008-05-26 11:19 . 2007-10-16 15:38 1,212,416 --a------ C:\WINDOWS\system32\NCTAudioInformation2.dll
2008-05-26 11:19 . 2007-10-24 18:57 835,584 --a------ C:\WINDOWS\system32\NCTAudioCDGrabber2.dll
2008-05-26 11:19 . 2005-02-24 11:51 348,160 --a------ C:\WINDOWS\system32\NCTWMAFile2.dll
2008-05-26 11:19 . 2006-03-23 12:56 113,486 --a------ C:\WINDOWS\system32\NCTWMAProfiles.prx
2008-05-26 00:28 . 2008-05-26 00:28 <DIR> d-------- C:\Program Files\Ableton
2008-05-26 00:28 . 2003-06-20 12:28 1,777,664 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-05-25 16:50 . 2008-05-25 16:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-25 16:50 . 2008-05-25 16:50 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-25 15:38 . 2008-05-25 15:38 <DIR> d-------- C:\Documents and Settings\Zach\Application Data\acccore
2008-05-25 15:37 . 2008-05-25 15:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-05-25 15:37 . 2008-05-27 12:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-05-25 15:36 . 2008-05-27 12:35 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-05-25 15:36 . 2008-05-25 15:37 <DIR> d-------- C:\Program Files\AIM6
2008-05-25 14:12 . 2008-05-25 14:12 <DIR> d-------- C:\Documents and Settings\Zach\Application Data\Apple Computer
2008-05-25 11:05 . 2008-05-26 17:39 <DIR> d-------- C:\Documents and Settings\Zach\Application Data\Cakewalk
2008-05-25 11:04 . 2008-05-27 04:42 118,784 --a------ C:\WINDOWS\dsdxirmv.exe
2008-05-25 10:58 . 2006-02-24 10:00 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2008-05-25 10:58 . 2006-11-30 15:49 368,640 --a------ C:\WINDOWS\system32\ReWire.dll
2008-05-25 10:58 . 2006-02-24 10:00 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-05-25 10:58 . 2004-04-13 14:48 233,472 --a------ C:\WINDOWS\system32\REX Shared Library.dll
2008-05-25 10:57 . 2008-05-25 11:03 <DIR> d-------- C:\Program Files\Cakewalk
2008-05-25 10:57 . 2008-05-25 11:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Cakewalk
2008-05-25 10:57 . 2008-05-27 11:04 <DIR> d-------- C:\Cakewalk Projects
2008-05-25 10:43 . 2008-05-25 10:43 <DIR> d-------- C:\Program Files\UltraISO
2008-05-25 10:43 . 2008-05-25 10:43 <DIR> d-------- C:\Program Files\Common Files\EZB Systems
2008-05-25 10:24 . 2008-05-25 14:20 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-05-25 10:22 . 2008-05-25 10:22 <DIR> d-------- C:\Documents and Settings\Zach\Application Data\DAEMON Tools
2008-05-25 10:22 . 2008-05-25 10:22 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-25 10:19 . 2008-05-25 10:19 <DIR> d-------- C:\Program Files\Alex Feinman
2008-05-25 09:47 . 2008-05-25 09:47 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-05-24 20:06 . 2008-05-24 20:06 <DIR> d-------- C:\Documents and Settings\Zach\Application Data\Thinstall
2008-05-24 18:43 . 2008-05-24 18:43 <DIR> d-------- C:\Program Files\DNA
2008-05-24 18:43 . 2008-05-28 20:17 <DIR> d-------- C:\Documents and Settings\Zach\Application Data\DNA
2008-05-24 18:21 . 2008-05-26 00:28 <DIR> d-------- C:\Documents and Settings\Zach\Application Data\Ableton
2008-05-24 18:21 . 2008-05-24 18:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ableton
2008-05-24 16:40 . 2008-05-27 16:49 <DIR> d-------- C:\Temp\ext18866
2008-05-24 15:08 . 2008-05-24 15:08 <DIR> d-------- C:\Documents and Settings\Zach\Application Data\Steinberg
2008-05-24 14:55 . 2008-05-24 14:55 <DIR> d-------- C:\WINDOWS\Cache
2008-05-24 14:55 . 2008-05-24 17:19 <DIR> d-------- C:\Program Files\Lexicon
2008-05-24 14:54 . 2008-05-27 00:01 <DIR> d-------- C:\Program Files\Steinberg
2008-05-24 14:53 . 2008-05-24 14:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Syncrosoft
2008-05-24 14:53 . 2006-01-29 12:48 147,425 --a------ C:\WINDOWS\system32\SYNSOACC-Aide.chm
2008-05-24 14:53 . 2006-01-29 12:48 120,468 --a------ C:\WINDOWS\system32\SYNSOACC-Hilfe.chm
2008-05-24 14:53 . 2006-01-29 12:48 114,279 --a------ C:\WINDOWS\system32\SYNSOACC-Help.chm
2008-05-24 14:53 . 2006-11-23 18:20 18,432 --a------ C:\WINDOWS\system32\drivers\synasUSB.sys
2008-05-24 14:53 . 2008-05-24 14:53 2,892 --a------ C:\WINDOWS\system32\audcon.sys
2008-05-24 14:52 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-05-24 14:52 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-05-24 14:50 . 2008-05-24 16:38 <DIR> d-------- C:\Program Files\Syncrosoft
2008-05-24 14:50 . 2007-08-01 15:58 765,952 --a------ C:\WINDOWS\system32\SYNSOACC.dll
2008-05-24 14:50 . 2006-01-29 12:48 147,456 --a------ C:\WINDOWS\system32\SynsoLChk.dll
2008-05-24 14:50 . 2008-05-27 05:12 45,056 --a------ C:\WINDOWS\system32\Synsopos.exe
2008-05-22 17:00 . 2008-05-26 11:19 <DIR> d-------- C:\Program Files\NCH Swift Sound
2008-05-22 17:00 . 2008-05-22 17:00 <DIR> d-------- C:\Documents and Settings\Zach\Application Data\NCH Swift Sound
2008-05-22 17:00 . 2008-05-22 17:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-05-22 16:43 . 2008-05-22 16:43 <DIR> d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)
2008-05-22 16:43 . 2008-05-26 20:56 <DIR> d-------- C:\Documents and Settings\Zach\Application Data\Audacity
2008-05-22 13:14 . 2008-05-22 13:14 1,160 --a------ C:\WINDOWS\mozver.dat
2008-05-22 11:41 . 2008-05-27 12:02 335 --a------ C:\WINDOWS\nsreg.dat
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-06 13:39 . 2008-05-24 21:30 <DIR> d-------- C:\Temp
2008-04-29 11:20 . 2008-04-29 11:20 15,648 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 11:19 . 2008-04-29 11:19 15,648 --a------ C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 11:19 . 2008-04-29 11:19 12,960 --a------ C:\WINDOWS\system32\drivers\Awrtpd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-29 00:15 --------- d-----w C:\Program Files\Java
2008-05-27 12:00 53,248 ----a-w C:\WINDOWS\Help\SBSI\Training\usersid.exe
2008-05-27 12:00 233,472 ----a-w C:\WINDOWS\Help\SBSI\Training\ounins32_s.exe
2008-05-27 12:00 1,077,248 ----a-w C:\WINDOWS\Help\SBSI\Training\orun32.exe
2008-05-27 11:43 98,304 ----a-w C:\WINDOWS\setpwr32.exe
2008-05-27 11:43 306,688 ----a-w C:\WINDOWS\IsUninst.exe
2008-05-27 11:43 274,432 ----a-w C:\WINDOWS\TLCUninstall.exe
2008-05-27 11:43 25,600 ----a-w C:\WINDOWS\twunk_32.exe
2008-05-27 11:43 15,360 ----a-w C:\WINDOWS\TASKMAN.EXE
2008-05-27 11:42 86,016 ----a-w C:\WINDOWS\DLA.EXE
2008-05-27 08:02 69,120 ----a-w C:\WINDOWS\notepad.exe
2008-05-27 08:01 146,432 ----a-w C:\WINDOWS\regedit.exe
2008-05-27 00:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-26 00:45 --------- d-----w C:\Program Files\QuickTime
2008-05-25 17:23 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-25 16:47 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-24 23:40 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-24 23:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-23 06:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-17 23:42 --------- d-----w C:\Program Files\SuperStar
2008-05-17 23:42 --------- d-----w C:\Program Files\Microsoft Student
2008-05-17 23:39 --------- d-----w C:\Program Files\Google
2008-05-17 23:35 --------- d-----w C:\Program Files\Microsoft.NET
2008-05-17 23:32 --------- d-----w C:\Program Files\Microsoft Small Business
2008-05-17 23:31 --------- d-----w C:\Program Files\Transparent
2008-04-23 22:00 33,800 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-04-23 21:53 29,704 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-04-23 21:52 40,456 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Program Files\%temp& ----

2007-12-27 15:57 570 --a------ C:\Program Files\%temp&\bat.bat
2007-12-22 13:42 355 --a------ C:\Program Files\%temp&\server.km92.reg

---- Directory of C:\Temp\ext18866 ----



------- Sigcheck -------

2008-05-27 04:52 2015744 85d6b0d223476312175795b7ffd94b1b C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2008-05-27 05:11 2017280 bd457135f13b4434dbcb89bc22e80352 C:\WINDOWS\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((( snapshot@2008-05-28_17.41.38.75 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-29 00:29:19 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-29 03:18:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 12:43 1510640]
"AOL Fast Start"="C:\Program Files\AOL 9.1\AOL.exe" [2008-03-06 03:12 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 00:07 843776]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 14:50 81920]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 07:00 1116920]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 15:23 118784]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 20:46 624248]
"Acrobat Speed Launch"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe" [2006-10-23 01:40 46200]
"HostManager"="C:\Program Files\Common Files\AOL\1211916721\ee\AOLSoftware.exe" [2007-05-25 10:16 42032]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-04-23 14:57 1443072]
"NodLogin"="C:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe" [2008-04-11 16:23 299788]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
"C:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1211916721\\ee\\aolsoftware.exe"=
"C:\\Program Files\\AOL 9.1\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

R0 atiide;atiide;C:\WINDOWS\system32\DRIVERS\atiide.sys [2006-09-14 01:45]
R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 08:35]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-04-23 15:00]
S3 CEUSBAUD;Lambda MIDI Device;C:\WINDOWS\system32\Drivers\CEUSBAUD.sys [2003-11-01 13:19]
S3 DfuUsb;DfuUsb;C:\WINDOWS\system32\DRIVERS\DFUUsb.sys [2001-11-27 15:46]
S3 SynasUSB;SynasUSB;C:\WINDOWS\system32\drivers\SynasUSB.sys [2006-11-23 18:20]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{222cbeac-0f30-11dd-b5b9-0019db9bcab7}]
\Shell\AutoRun\command - setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-05-29 03:21:49 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 20:20:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-05-28 20:24:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-29 03:24:42
ComboFix2.txt 2008-05-29 00:41:49

Pre-Run: 131,877,441,536 bytes free
Post-Run: 131,880,673,280 bytes free

327 --- E O F --- 2008-05-29 01:40:30

Edited by blitzzy, 28 May 2008 - 09:30 PM.

  • 0

#9
RatHat
Posted 28 May 2008 - 09:36 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Have you got rid of greenerytheme.exe?

I have zapped bittorrent for you, so you should not have any further problems from it.
  • 0

#10
blitzzy
Posted 28 May 2008 - 09:37 PM

blitzzy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
yes i uninstalled it....and how'd u take care of bittorrent for me?? thats f'ing cool (excuse the lango) im almost done with the scan
  • 0

Advertisements

#11
RatHat
Posted 28 May 2008 - 09:39 PM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Killed it with the Combofix script.
  • 0

#12
blitzzy
Posted 28 May 2008 - 11:07 PM

blitzzy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
sorry it did take quite awhile, here is my results...thank you


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, May 28, 2008 10:07:31 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/05/2008
Kaspersky Anti-Virus database records: 810683
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 89227
Number of viruses found: 3
Number of infected objects: 11
Number of suspicious objects: 0
Duration of the scan process: 00:51:27

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\20080528102838\backup\DOCUME~1\Zach\LOCALS~1\Temp\IXP000.TMP\VERSIO~1.EXE/data0000.cab/is153327.exe Infected: Trojan.Win32.Monder.gen skipped
C:\Deckard\System Scanner\20080528102838\backup\DOCUME~1\Zach\LOCALS~1\Temp\IXP000.TMP\VERSIO~1.EXE/data0000.cab Infected: Trojan.Win32.Monder.gen skipped
C:\Deckard\System Scanner\20080528102838\backup\DOCUME~1\Zach\LOCALS~1\Temp\IXP000.TMP\VERSIO~1.EXE Rsrc-Package: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.1\aolusers.fus Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.1\idb\derty5therty\MyDB.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.1\idb\derty5therty\toolbar.lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.1\idb\SNMaster.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.1\organize\CACHE\derty5ther00 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.1\organize\derty5therty Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.1\organize\derty5therty.abi Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.1\organize\derty5therty.aby Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\3.0\aolstderr.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\3.0\aolstdout.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\3.0\cache.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\3.0\ncoc Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\3.0\server.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Charon\CACHE.NDB Object is locked skipped
C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Logs\virlog.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32 Antivirus\Logs\warnlog.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-05272008-200326.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Zach\Application Data\AOL\C_AOL 9.1\IDB\Apps.Lst Object is locked skipped
C:\Documents and Settings\Zach\Application Data\AOL\C_AOL 9.1\IDB\art.idx Object is locked skipped
C:\Documents and Settings\Zach\Application Data\AOL\C_AOL 9.1\IDB\sap.dat Object is locked skipped
C:\Documents and Settings\Zach\Application Data\AOL\C_AOL 9.1\IDB\spool.lst Object is locked skipped
C:\Documents and Settings\Zach\Application Data\AOL\C_AOL 9.1\IDB\sysnews.lst Object is locked skipped
C:\Documents and Settings\Zach\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Zach\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Zach\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped
C:\Documents and Settings\Zach\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
C:\Documents and Settings\Zach\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Zach\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Zach\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Zach\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Zach\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Zach\ntuser.dat.LOG Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jfftoasw.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.vjr skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000067.EXE/data0000.cab/VERSIO~1.EXE/data0000.cab/is153327.exe Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000067.EXE/data0000.cab/VERSIO~1.EXE/data0000.cab Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000067.EXE/data0000.cab/VERSIO~1.EXE Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000067.EXE/data0000.cab/is153672.exe Infected: Trojan.Win32.Zapchast.gb skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000067.EXE/data0000.cab Infected: Trojan.Win32.Zapchast.gb skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\A0000067.EXE Rsrc-Package: infected - 5 skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP6\A0000246.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vjr skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP9\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{18E387B4-CF57-48F8-9A5B-C765974D528C}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
  • 0

#13
blitzzy
Posted 28 May 2008 - 11:10 PM

blitzzy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
why all those files are locked i dont know, i had all anti programs off including firewalls..thanks (:
  • 0

#14
RatHat
Posted 29 May 2008 - 08:16 AM

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
There is nothing there to worry about :)

How is the computer running now? Any more problems?

Regards,
RatHat
  • 0

#15
blitzzy
Posted 29 May 2008 - 11:35 AM

blitzzy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
the computer is running great now thanks! but there is still just one tiny problem...i downloaded some programs that were able to be installed before this virus hit...the setupus still will not install...so should i just re-download them? maybe the virus killed them before



everything else is working PERFECT.......it just says "file corrupt, some systemm dll's are missing or corrupt" when i try to install some vst packs...i think the virus killed them...what do you think? because when i download NEW programs now...they install perfectly ever since you fixe4d everything
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP