Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Many DrWatson errors and Virtumonde

Started by Xad , Jul 10 2008 09:54 AM

  • Please log in to reply

#1
Xad
Posted 10 July 2008 - 09:54 AM

Xad

    Member

  • Member
  • PipPip
  • 42 posts
I've been receiving a lot of DrWatson errors, but I'm not sure what's causing them. Also, pages on the internet seem to load very slowly, but this happens at random.

HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:35:09 AM, on 7/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
E:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\explorer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theanimalrescuesite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "E:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\DOCUME~1\Katrina\LOCALS~1\Temp\SSUPDATE.EXE Software\SUPERAntiSpyware.com\SUPERAntiSpyware
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Run Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1136740164140
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11046 bytes

Panda ActiveScan Log

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-07-10 11:11:40
PROTECTIONS: 2
MALWARE: 29
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
McAfee Internet Security Suite 2007 7.2 No Yes
McAfee VirusScan Plus 11.2 No No
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00032745 adware/sahagent Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F3B3060-09E0-44C6-86F7-BC7B02B57BEE}
00045952 spyware/media-motor Spyware No 1 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.atdmt.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.247realmedia.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.tribalfusion.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.mediaplex.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.com.com/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.yadro.ru/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.yadro.ru/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.xiti.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.statcounter.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.apmebf.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.burstnet.com/]
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[www.burstbeacon.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.advertising.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.overture.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.realmedia.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.questionmarket.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.zedo.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.adrevolver.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.adultfriendfinder.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.atwola.com/]
00335980 Application/MyWay HackTools No 0 Yes No C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
01606636 Cookie/Adserver TrackingCookie No 0 Yes No E:\Documents and Settings\Michael Gertz\Application Data\Mozilla\Firefox\Profiles\j18yw66d.default\cookies.txt[.adserver.easyad.info/]
02990320 Application/BoontyGames HackTools No 0 Yes No E:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
03205080 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP636\A0084083.dll
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================


SUPERAntiSpyware Log

SUPERAntiSpyware Scan Log
Generated 07/10/2008 at 01:26 AM

Application Version : 3.6.1000

Core Rules Database Version : 3500
Trace Rules Database Version: 1491

Scan type : Complete Scan
Total Scan Time : 09:39:53

Memory items scanned : 603
Memory threats detected : 0
Registry items scanned : 5355
Registry threats detected : 0
File items scanned : 246329
File threats detected : 9

Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\MCRH.TMP

Adware.Tracking Cookie
E:\Documents and Settings\Michael Gertz\Cookies\michael [email protected][1].txt
E:\Documents and Settings\Michael Gertz\Cookies\michael gertz@hotbar[1].txt
E:\Documents and Settings\Michael Gertz\Cookies\michael [email protected][1].txt
E:\Documents and Settings\Michael Gertz\Cookies\michael gertz@stats[1].txt
E:\Documents and Settings\Michael Gertz\Cookies\[email protected][1].txt
E:\Documents and Settings\Michael Gertz\Cookies\[email protected][1].txt
E:\Documents and Settings\Michael Gertz\Cookies\[email protected][1].txt
E:\Documents and Settings\Michael Gertz\Cookies\[email protected][2].txt

Malwarebytes' Anti-Malware Log

Malwarebytes' Anti-Malware 1.20
Database version: 935
Windows 5.1.2600 Service Pack 2

3:35:48 PM 7/9/2008
mbam-log-7-9-2008 (15-35-48).txt

Scan type: Quick Scan
Objects scanned: 43633
Time elapsed: 17 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{57a52e74-004c-464b-96cc-4dfe5366ea02} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
  • 0

Advertisements

#2
JSntgRvr
Posted 15 July 2008 - 06:10 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Hi, Xad :)

Welcome.

Posted ImagePlease download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Lets take a deeper look:

Posted ImageDownload Deckard's System Scanner (DSS) from here or here to your Desktop. Note: You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of both, the main.txt and the extra.txt in your next reply.
If the files are too long, attach them to a reply:
  • Scroll down to [Attachments]
  • Browse to the following folder:
    • C:\Deckard\System Scanner
  • Click Upload to upload these files one by one
  • Submit your reply

  • 0

#3
Xad
Posted 17 July 2008 - 11:03 AM

Xad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
After running Deckard's System Scanner, only main.txt showed up. Is this a problem?

Attached Files

  • Attached File  main.txt   18.82KB   264 downloads

  • 0

#4
JSntgRvr
Posted 17 July 2008 - 07:38 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Hi, Xad :)

There is no sign of infection in that log. Are you still receiving these error messages? If you do, please explain.
  • 0

#5
Xad
Posted 18 July 2008 - 05:14 PM

Xad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
It doesn't happen very often, but every now and then an error saying that DrWatson encountered an error and had to close appears, and regardless of which option I choose (Send or Don't Send an error report), my computer freezes, and I have to end the DrWatson32 process in the Task Manager to unfreeze it.
  • 0

#6
JSntgRvr
Posted 18 July 2008 - 08:20 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Hi, Xad :)

Lets scan deeper. If afterward you continue to receive these errors, we can always disable DrWatson32.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#7
Xad
Posted 18 July 2008 - 11:47 PM

Xad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
ComboFix

ComboFix 08-07-18.1 - Katrina 2008-07-19 1:33:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.835 [GMT -4:00]
Running from: C:\Documents and Settings\Katrina\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM8ba4d4f6.txt
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cpbeqxjj.ini
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\fxbmnmmq.ini
C:\WINDOWS\system32\gkibydpf.ini
C:\WINDOWS\system32\iairhjbj.ini
C:\WINDOWS\system32\ighxitic.ini
C:\WINDOWS\system32\lbcqbymx.ini
C:\WINDOWS\system32\omocaqbo.ini
C:\WINDOWS\system32\typwkqeq.ini
C:\WINDOWS\system32\UFiilUvw.ini
C:\WINDOWS\system32\uggxsmyb.ini
C:\WINDOWS\system32\uuuDdcdd.ini
C:\WINDOWS\system32\whoqwnna.ini
C:\WINDOWS\system32\xprjigrj.ini

.
((((((((((((((((((((((((( Files Created from 2008-06-19 to 2008-07-19 )))))))))))))))))))))))))))))))
.

2008-07-17 12:54 . 2008-07-17 12:54 <DIR> d-------- C:\Deckard
2008-07-13 00:13 . 2008-07-13 00:13 <DIR> d-------- C:\ISO
2008-07-11 18:12 . 2008-07-11 18:12 <DIR> d-------- C:\Program Files\ASUS
2008-07-10 11:18 . 2008-07-10 11:18 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-10 03:43 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-07-10 03:42 . 2008-07-10 03:42 <DIR> d-------- C:\Program Files\Panda Security
2008-07-09 15:40 . 2008-07-18 18:20 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-07-09 15:40 . 2008-07-09 15:40 <DIR> d-------- C:\Documents and Settings\Katrina\Application Data\SUPERAntiSpyware.com
2008-07-09 15:40 . 2008-07-09 15:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-09 15:15 . 2008-07-09 15:15 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-09 15:15 . 2008-07-09 15:15 <DIR> d-------- C:\Documents and Settings\Katrina\Application Data\Malwarebytes
2008-07-09 15:15 . 2008-07-09 15:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-09 15:15 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-09 15:15 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-09 15:14 . 2008-07-09 15:14 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-07-07 13:44 . 2008-07-07 13:44 <DIR> d-------- C:\Program Files\Opera
2008-07-03 14:08 . 2008-07-11 18:04 <DIR> d-------- C:\Program Files\SpywareGuard
2008-07-02 14:47 . 2008-07-02 14:47 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-07-02 14:47 . 2008-07-02 14:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-30 16:07 . 2008-02-02 13:25 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-06-30 10:54 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-30 02:48 . 2008-07-07 14:23 <DIR> d-------- C:\Program Files\Exterminate It!
2008-06-30 02:35 . 2008-06-30 02:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-30 02:34 . 2008-07-09 15:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-30 00:37 . 2008-06-30 00:40 <DIR> d-------- C:\Temp\ListDlls
2008-06-29 00:44 . 2008-06-29 00:44 <DIR> d-------- C:\Temp\PendMoves
2008-06-28 16:21 . 2008-07-18 19:06 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-28 16:21 . 2008-06-28 16:21 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-26 14:54 . 2008-06-26 14:59 <DIR> d-------- C:\Documents and Settings\Katrina\Application Data\Armagetron
2008-06-26 14:53 . 2008-06-26 14:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Armagetron
2008-06-25 22:39 . 2008-06-26 00:49 <DIR> d-------- C:\Program Files\MoonEdit
2008-06-23 13:48 . 2008-06-30 23:58 110,419 --a------ C:\WINDOWS\BM8ba4d4f6.xml
2008-06-22 15:45 . 2008-06-22 15:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-21 21:52 . 2008-06-21 21:52 <DIR> d-------- C:\Nexon
2008-06-21 21:12 . 2008-06-21 21:12 0 --a------ C:\WINDOWS\Irremote.ini
2008-06-21 00:13 . 2004-03-29 16:23 90,112 --a------ C:\WINDOWS\unvise32.exe
2008-06-20 16:11 . 2008-06-20 16:11 <DIR> d-------- C:\Program Files\FLV Player
2008-06-20 13:41 . 2008-06-20 13:41 245,248 --------- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 06:44 . 2008-06-20 06:44 138,368 --------- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-19 20:00 . 2008-06-19 20:00 <DIR> d-------- C:\Program Files\Free M4a to MP3 Converter
2008-06-19 19:43 . 2008-06-19 19:59 <DIR> d-------- C:\Program Files\Protected Music Converter
2008-06-19 19:43 . 2008-06-19 19:59 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-19 16:43 . 2008-06-19 17:21 <DIR> d-------- C:\Documents and Settings\My Music\iTunes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-18 22:18 --------- d-----w C:\Program Files\Winamp Remote
2008-07-18 21:14 --------- d-----w C:\Program Files\McAfee
2008-07-13 04:22 --------- d-----w C:\Documents and Settings\Katrina\Application Data\uTorrent
2008-07-13 02:00 --------- d-----w C:\Program Files\Warcraft III
2008-07-11 22:44 --------- d-----w C:\Program Files\Common Files\McAfee
2008-07-11 22:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-09 03:03 --------- d-----w C:\Documents and Settings\Katrina\Application Data\Hamachi
2008-06-30 14:54 --------- d-----w C:\Program Files\Java
2008-06-30 06:36 --------- d-----w C:\Program Files\Lavasoft
2008-06-30 06:36 --------- d-----w C:\Documents and Settings\Katrina\Application Data\Lavasoft
2008-06-22 01:15 --------- d-----w C:\Program Files\Common Files\Nero
2008-06-22 01:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-06-22 01:06 --------- d-----w C:\Program Files\Audiosurf
2008-06-22 01:00 --------- d-----w C:\Program Files\Common Files\AOL
2008-06-22 01:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-03 19:34 --------- d-----w C:\Program Files\Last.fm
2008-05-28 10:40 1,570,816 ----a-w C:\Documents and Settings\Katrina\Application Data\tsdnwin.dll
2008-05-26 00:58 --------- d-----w C:\Program Files\CoreCodec
2008-05-25 16:13 --------- d-----w C:\Program Files\ImgBurn
2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-24 02:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-01-09 20:09 16384]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 16:02 495616]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-07-18 18:20 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 20:42 1404928]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-22 00:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-22 00:44 126976]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12 221184]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 02:02 86016]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 06:33 122941]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 06:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 06:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 06:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 06:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 06:00 455168]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-06-30 21:56 188416]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-06-30 22:00 65536]
"LogMeIn GUI"="E:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-09-12 10:20 63048]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Name of App"="C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe" [2008-07-07 13:12 675935]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\Katrina\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-01-07 22:07:55 113664]
dlbcserv.lnk - C:\Program Files\Dell Photo Printer 720\dlbcserv.exe [2008-01-09 08:13:02 315392]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-01-09 20:10:00 169472]
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-07-11 01:00:00 122880]
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1997-07-11 01:00:00 61440]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-07-18 18:20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-18 18:20 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2007-11-15 19:46 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"E:\\Program Files\\Trillian\\trillian.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"E:\\Program Files\\Steam\\steamapps\\xadtheawesome\\team fortress 2\\hl2.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"E:\\Program Files\\Steam\\steamapps\\xadtheawesome\\garrysmod\\hl2.exe"=
"E:\\Program Files\\Steam\\steamapps\\xadtheawesome\\half-life 2 deathmatch\\hl2.exe"=
"E:\\Program Files\\StepMania CVS\\Program\\StepMania.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"E:\\Program Files\\uTorrent\\uTorrent.exe"=
"E:\\UT2004\\System\\UT2004.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skulltag\\IdeSE.exe"=
"C:\\Program Files\\Skulltag\\skulltag.exe"=
"E:\\Nexon\\MapleStory\\Patcher.exe"=
"E:\\Nexon\\MapleStory\\MapleStory.exe"=
"E:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"E:\\Program Files\\YVD\\n00b-IRC.exe"=
"E:\\Program Files\\YVD\\YGO Virtual Desktop V086.exe"=
"C:\\Program Files\\MoonEdit\\me.exe"=
"E:\\Program Files\\Armagetron Advanced\\armagetronad.exe"=
"C:\\Program Files\\Opera\\opera.exe"=
"E:\\Program Files\\vbalink180b0\\VisualBoyAdvance.exe"=
"E:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R2 LMIInfo;LogMeIn Kernel Information Provider;E:\Program Files\LogMeIn\x86\RaInfo.sys [2007-09-12 10:21]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-09-12 10:20]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 17:38]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
*Newly Created Service* - SASDIFSV
.
Contents of the 'Scheduled Tasks' folder
"2008-07-16 13:50:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-15 05:00:00 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-07-01 05:00:01 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Start WingMan Profiler - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-19 01:37:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-07-19 1:40:20
ComboFix-quarantined-files.txt 2008-07-19 05:39:16

Pre-Run: 29,322,321,920 bytes free
Post-Run: 29,325,156,352 bytes free

232 --- E O F --- 2008-07-09 00:33:10

HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:45:23 AM, on 7/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Logitech\Video\LogiTray.exe
E:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Logitech\Video\LowLight.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\svchost.exe
E:\Program Files\Trillian\trillian.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\notepad.exe
E:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theanimalrescuesite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "E:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1136740164140
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10207 bytes
  • 0

#8
JSntgRvr
Posted 19 July 2008 - 09:36 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Hi, Xad :)

There are two folders in a temporary location. If you are not familiar with their content, please boot in Safe Mode and remove these folders:

C:\Temp\ListDlls
C:\Temp\PendMoves

To boot in Safe Mode, follow these steps:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

Please go here:
The Spy Killer Forum
  • Click on "New Topic"
  • Put your name, e-mail address, and this as the title: "BM8ba4d4f6.xml"
  • Put a link to this thread in the description box.
  • Then next to the file box, at the bottom, click the browse button, then navigate to this file:

    • C:\WINDOWS\BM8ba4d4f6.xml
  • Click Open.
  • Click Post.

Let me know when done.
  • 0

#9
Xad
Posted 19 July 2008 - 12:29 PM

Xad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
I do know what's in those Temporary folders, as they were created when I was following a guide on how to remove the Vundo trojan. I don't need them anymore, so I deleted them anyway.

Also, I have posted the topic and uploaded the file to The Spy Killer Forums here.

Edited by Xad, 19 July 2008 - 12:32 PM.

  • 0

#10
JSntgRvr
Posted 19 July 2008 - 02:25 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Hi, Xad :)

Please remove the following file:

C:\WINDOWS\BM8ba4d4f6.xml

It represent no threat and appear as damaged.

Let me know if those DrWatson errors return.
  • 0

Advertisements

#11
JSntgRvr
Posted 02 August 2008 - 05:10 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Hi, Xad :)

I receive your PM. In order to disable Dr. Watson, it will require a Registry Modification. But before we do that, lets search your computer for a Dr. Watson log file. Download the enclosed folder. Save and extract its contents to the desktop. It is a folder containing a batch file, RunMe.bat. Once extracted double click on the RunMe.bat file. A Results.txt file will be produced once the drive is completely scanned. It should take some time. Please be patient

If a log is found, it should contain information about the error. If found, the file can be opened in Notepad. Please post the contents of this log in your next reply.
  • 0

#12
Xad
Posted 03 August 2008 - 04:50 PM

Xad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
I am unable to post the log because it's too long to post, and when I attempted to upload it as an attachment, I received this error: Upload failed. The file was larger than the available space. However, the compressed file is only 1.5MB.
  • 0

#13
JSntgRvr
Posted 03 August 2008 - 07:07 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Upload the compressed file as follows:

Please go here:
The Spy Killer Forum
  • Click on "New Topic"
  • Put your name, e-mail address, and this as the title: "Requested by JSntgRvr"
  • Put a link to this thread in the description box.
  • Then next to the file box, at the bottom, click the browse button, then navigate to the compressed file.
  • Click Open.
  • Click Post.

You wont be able to see if the file was uploaded, but if the above instructions are followed there should be no problem. Let me know when done.
  • 0

#14
Xad
Posted 03 August 2008 - 08:21 PM

Xad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
The file has been uploaded!
  • 0

#15
JSntgRvr
Posted 04 August 2008 - 12:26 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Hi, Xad :)

I have reviewed the log, and it seems you are having this problem since 2005. An exemption fault occurs when a program attempts to access instructions from a protected or corrupted memory location. Since it isn't singular to an specific program, I have to assume it could be due to a bad memory module. We can disable Dr Watson and see if the system continues without a fault, but if it does, then your memory modules will need to be checked.

The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous. As a precaution, we will make a backup of the registry first.

Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing. Please follow the steps that are listed below EXACTLY. If you cannot preform some of these steps, or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  • Go Here and download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
Registry Modifications

Download the enclosed folder. Save and extract its contents to the desktop. It is a folder containing a Batch file file, DrWatson.bat . Once extracted, double click on the DrWatson.bat file. That should remove Dr. Watson, and would have backed-up the key in the root directory as C:\AeDebug.reg.

Once done, attempt to replicate the error message. Let me know the outcome.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP