Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

antivirusxp08 [RESOLVED]

Started by mbrikha , Jul 27 2008 11:43 PM

Page 3 of 6
1
2
3
4
5

This topic is locked

#31
mbrikha

Posted 31 July 2008 - 11:48 AM

Member

Topic Starter
Member
47 posts

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\SYSTEM32\1802.DLL" deleted successfully.
File "C:\WINDOWS\SYSTEM32\AUTO_UPDATE_UNINSTALL.EXE" deleted successfully.
File "C:\WINDOWS\SYSTEM32\DELFIN.DLL" deleted successfully.
File "C:\WINDOWS\SYSTEM32\GOLDNEW2B.DLL" deleted successfully.
File "C:\WINDOWS\SYSTEM32\MIDAD.DLL" deleted successfully.
File "C:\WINDOWS\SYSTEM32\MSREV23.DLL" deleted successfully.
File "C:\WINDOWS\SYSTEM32\MSREV43.DLL" deleted successfully.
File "C:\WINDOWS\SYSTEM32\POP5.DLL" deleted successfully.
File "C:\WINDOWS\SYSTEM32\TVNEW.DLL" deleted successfully.

Error: file "C:\WINDOWS\TRUFKZ.HTML" not found!
Deletion of file "C:\WINDOWS\TRUFKZ.HTML" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

#32
mbrikha

Posted 31 July 2008 - 11:50 AM

Member

Topic Starter
Member
47 posts

Deckard's System Scanner v20071014.68
Run by Owner on 2008-07-31 12:46:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 504 MiB (512 MiB recommended).

-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:46:33 PM, on 7/31/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Common Files\AOL\1139186156\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\common files\aol\1139186156\ee\AOLOpenRide.exe
C:\Program Files\Common Files\AOL\1139186156\ee\aolsoftware.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139186156\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: AOL OpenRide.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...96/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go...y/OTOYAX29b.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://i21.photobuck...Grl90/black.jpg

--
End of file - 7232 bytes

-- Files created between 2008-06-30 and 2008-07-31 -----------------------------

2008-07-30 21:20:58 0 d-------- C:\fsaua.data
2008-07-29 19:27:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-29 19:27:22 0 d-------- C:\WINDOWS\System32\Kaspersky Lab
2008-07-29 13:11:23 0 d-------- C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Application Data\Malwarebytes
2008-07-29 13:11:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-29 13:11:17 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-28 21:44:27 0 d-------- C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Application Data\Comcast
2008-07-28 21:23:41 3022 --a------ C:\WINDOWS\System32\tmp.reg
2008-07-28 21:22:44 53248 --a------ C:\WINDOWS\System32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-07-28 21:22:13 81920 --a------ C:\WINDOWS\System32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-07-28 21:22:12 25600 --a------ C:\WINDOWS\System32\WS2Fix.exe
2008-07-28 21:22:12 289144 --a------ C:\WINDOWS\System32\VCCLSID.exe <Not Verified; S!Ri; >
2008-07-28 21:22:12 86528 --a------ C:\WINDOWS\System32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-07-28 21:22:11 288417 --a------ C:\WINDOWS\System32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-07-28 21:22:11 51200 --a------ C:\WINDOWS\System32\dumphive.exe
2008-07-27 23:47:14 0 d-------- C:\Program Files\Trend Micro
2008-07-27 23:15:36 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

-- Find3M Report ---------------------------------------------------------------

2008-07-31 00:31:06 0 d-------- C:\Program Files\hbinst
2008-07-29 18:44:16 0 d-------- C:\Program Files\Common Files
2008-07-28 21:56:28 0 d-------- C:\Program Files\WildTangent
2008-07-28 21:52:56 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-28 21:52:33 0 d-------- C:\Program Files\NewSoft
2008-07-28 21:50:43 0 d-------- C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Application Data\Musicmatch
2008-07-28 21:50:41 0 d-------- C:\Program Files\MUSICMATCH
2008-07-28 21:48:04 0 d-------- C:\Program Files\Microsoft Money
2008-07-28 21:41:57 0 d-------- C:\Program Files\Common Files\aolshare
2008-07-28 21:31:21 0 d-------- C:\Program Files\Viewpoint
2008-06-24 12:26:30 0 d-------- C:\Program Files\McAfee
2008-06-23 14:31:07 0 d-------- C:\Program Files\Common Files\McAfee
2008-06-02 22:36:44 0 d-------- C:\Program Files\LimeWire
2008-05-31 21:40:26 9604 --a------ C:\WINDOWS\mozver.dat
2008-05-31 21:33:33 0 d-------- C:\Program Files\Common Files\xing shared
2008-05-31 21:33:26 0 d-------- C:\Program Files\Common Files\Real
2008-05-31 21:33:18 1770 --a------ C:\WINDOWS\nsreg.dat
2008-05-31 20:33:26 0 d-------- C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Application Data\Real
2008-05-31 20:31:44 0 d-------- C:\Program Files\Common Files\csshare

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BlockTracker"="c:\hp\bin\BlockTracker.exe" []
"NvCplDaemon"="NvQTwk" []
"nwiz"="nwiz.exe" [09/30/2002 11:39 PM C:\WINDOWS\system32\nwiz.exe]
"HostManager"="C:\Program Files\Common Files\AOL\1139186156\ee\AOLSoftware.exe" [09/25/2006 04:52 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 09:16 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/31/2008 09:32 PM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 06:12 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll,nViewLoadHook" []
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Comcast\COMCAS~1\data\xtras\mssysmgr.exe" []
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" []
"Aim6"="" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Start Menu\Programs\Startup\
AOL OpenRide.lnk - C:\Program Files\Common Files\AOL\Launch\aollaunch.exe [9/25/2006 4:52:49 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [12/3/2002 4:58:20 PM]
NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe [10/11/2003 8:19:17 AM]
officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [12/3/2002 4:23:30 PM]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [9/20/2002 7:20:02 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\86942b4f-d046-4526-8f8c-669ad3dd860b]
C:\WINDOWS\System32\dccnncr.exe

-- End of Deckard's System Scanner: finished at 2008-07-31 12:47:11 ------------

#33
fenzodahl512

Posted 31 July 2008 - 11:58 AM

Malware Removal
9,863 posts

A little bit more

1. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Begin copying here:
Files to delete:
C:\WINDOWS\System32\dccnncr.exe

Registry keys to delete:
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\86942b4f-d046-4526-8f8c-669ad3dd860b

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Now, open the avenger folder and start The Avenger program by clicking on its icon.

Right click on the window under Input script here:, and select Paste.
You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
Click on Execute
Answer "Yes" twice when prompted.

3. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

4. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh DSS log .

#34
mbrikha

Posted 31 July 2008 - 02:56 PM

Member

Topic Starter
Member
47 posts

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Error: file "C:\WINDOWS\System32\dccnncr.exe" not found!
Deletion of file "C:\WINDOWS\System32\dccnncr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\86942b4f-d046-4526-8f8c-669ad3dd860b" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\86942b4f-d046-4526-8f8c-669ad3dd860b" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

#35
mbrikha

Posted 31 July 2008 - 02:56 PM

Member

Topic Starter
Member
47 posts

Deckard's System Scanner v20071014.68
Run by Owner on 2008-07-31 15:50:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 504 MiB (512 MiB recommended).

-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:51:15 PM, on 7/31/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Common Files\AOL\1139186156\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\program files\common files\aol\1139186156\ee\AOLOpenRide.exe
C:\Program Files\Common Files\AOL\1139186156\ee\aolsoftware.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe
c:\PROGRA~1\mcafee\msc\mcupdui.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139186156\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: AOL OpenRide.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...96/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go...y/OTOYAX29b.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://i21.photobuck...Grl90/black.jpg

--
End of file - 7225 bytes

-- Files created between 2008-06-30 and 2008-07-31 -----------------------------

2008-07-31 14:35:45 0 d-------- C:\Program Files\Common Files\SupportSoft
2008-07-30 21:20:58 0 d-------- C:\fsaua.data
2008-07-29 19:27:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-29 19:27:22 0 d-------- C:\WINDOWS\System32\Kaspersky Lab
2008-07-29 13:11:23 0 d-------- C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Application Data\Malwarebytes
2008-07-29 13:11:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-29 13:11:17 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-28 21:44:27 0 d-------- C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Application Data\Comcast
2008-07-28 21:23:41 3022 --a------ C:\WINDOWS\System32\tmp.reg
2008-07-28 21:22:44 53248 --a------ C:\WINDOWS\System32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-07-28 21:22:13 81920 --a------ C:\WINDOWS\System32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-07-28 21:22:12 25600 --a------ C:\WINDOWS\System32\WS2Fix.exe
2008-07-28 21:22:12 289144 --a------ C:\WINDOWS\System32\VCCLSID.exe <Not Verified; S!Ri; >
2008-07-28 21:22:12 86528 --a------ C:\WINDOWS\System32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-07-28 21:22:11 288417 --a------ C:\WINDOWS\System32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-07-28 21:22:11 51200 --a------ C:\WINDOWS\System32\dumphive.exe
2008-07-27 23:47:14 0 d-------- C:\Program Files\Trend Micro
2008-07-27 23:15:36 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

-- Find3M Report ---------------------------------------------------------------

2008-07-31 15:15:32 0 d-------- C:\Program Files\support.com
2008-07-31 14:35:45 0 d-------- C:\Program Files\Common Files
2008-07-31 00:31:06 0 d-------- C:\Program Files\hbinst
2008-07-28 21:56:28 0 d-------- C:\Program Files\WildTangent
2008-07-28 21:52:56 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-28 21:52:33 0 d-------- C:\Program Files\NewSoft
2008-07-28 21:50:43 0 d-------- C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Application Data\Musicmatch
2008-07-28 21:50:41 0 d-------- C:\Program Files\MUSICMATCH
2008-07-28 21:48:04 0 d-------- C:\Program Files\Microsoft Money
2008-07-28 21:41:57 0 d-------- C:\Program Files\Common Files\aolshare
2008-07-28 21:31:21 0 d-------- C:\Program Files\Viewpoint
2008-06-24 12:26:30 0 d-------- C:\Program Files\McAfee
2008-06-23 14:31:07 0 d-------- C:\Program Files\Common Files\McAfee
2008-06-02 22:36:44 0 d-------- C:\Program Files\LimeWire
2008-05-31 21:40:26 9604 --a------ C:\WINDOWS\mozver.dat
2008-05-31 21:33:33 0 d-------- C:\Program Files\Common Files\xing shared
2008-05-31 21:33:26 0 d-------- C:\Program Files\Common Files\Real
2008-05-31 21:33:18 1770 --a------ C:\WINDOWS\nsreg.dat
2008-05-31 20:33:26 0 d-------- C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Application Data\Real
2008-05-31 20:31:44 0 d-------- C:\Program Files\Common Files\csshare

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BlockTracker"="c:\hp\bin\BlockTracker.exe" []
"NvCplDaemon"="NvQTwk" []
"nwiz"="nwiz.exe" [09/30/2002 11:39 PM C:\WINDOWS\system32\nwiz.exe]
"HostManager"="C:\Program Files\Common Files\AOL\1139186156\ee\AOLSoftware.exe" [09/25/2006 04:52 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 09:16 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/31/2008 09:32 PM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 06:12 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll,nViewLoadHook" []
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Comcast\COMCAS~1\data\xtras\mssysmgr.exe" []
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" []
"Aim6"="" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Start Menu\Programs\Startup\
AOL OpenRide.lnk - C:\Program Files\Common Files\AOL\Launch\aollaunch.exe [9/25/2006 4:52:49 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [12/3/2002 4:58:20 PM]
NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe [10/11/2003 8:19:17 AM]
officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [12/3/2002 4:23:30 PM]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [9/20/2002 7:20:02 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\86942b4f-d046-4526-8f8c-669ad3dd860b]
C:\WINDOWS\System32\dccnncr.exe

-- End of Deckard's System Scanner: finished at 2008-07-31 15:52:58 ------------

#36
fenzodahl512

Posted 31 July 2008 - 03:11 PM

Malware Removal
9,863 posts

Please download RegSrch and unzip it to your Desktop.

Double-click RegScrh.vbs
Copy/paste 86942b4f-d046-4526-8f8c-669ad3dd860b to the RegSrch windows and press Ok
RegScrh will be dissappear. Please wait until a window pop-up stated the search is completed..
A log will be appear. Please save it to your Desktop and post its content here in your next reply

#37
mbrikha

Posted 31 July 2008 - 04:39 PM

Member

Topic Starter
Member
47 posts

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "86942b4f-d046-4526-8f8c-669ad3dd860b" 7/31/2008 5:35:08 PM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\86942b4f-d046-4526-8f8c-669ad3dd860b
]

[HKEY_USERS\S-1-5-21-489530047-1577466506-2605587702-1003\Software\Microsoft\Active Setup\Installed Components\86942b4f-d046-4526-8f8c-669ad3dd860b]

[HKEY_USERS\S-1-5-21-489530047-1577466506-2605587702-1003\Software\Microsoft\Active Setup\Installed Components\86942b4f-d046-4526-8f8c-669ad3dd860b
]

#38
fenzodahl512

Posted 31 July 2008 - 10:34 PM

Malware Removal
9,863 posts

The steps that I am about to suggest involve modifying the registry. Modfying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry

Go Here and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
Make sure that at least the first two check boxes are ticked
Press OK
Press YES to create the folder.

For detailed instruction on how to back-up registry via ERUNT, please visit HERE

NEXT

Please disable your McAfee program before continue with this fix.. Please re-enable it back after this fix.. Please visit HERE if you do not know how..

Please copy and paste the following into a Notepad

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\86942b4f-d046-4526-8f8c-669ad3dd860b]

[-HKEY_USERS\S-1-5-21-489530047-1577466506-2605587702-1003\Software\Microsoft\Active Setup\Installed Components\86942b4f-d046-4526-8f8c-669ad3dd860b]

Save it in desktop as Fix.reg and in Save as type: choose All Files

A new registry file will then created on your desktop. It should look like this: Posted Image

Just double-click the file and choose Yes at prompt.

If you do not sure how to make a registry file, please visit HERE for the tutorial.

Please post a fresh DSS log in your next reply..

#39
mbrikha

Posted 31 July 2008 - 10:59 PM

Member

Topic Starter
Member
47 posts

Deckard's System Scanner v20071014.68
Run by Owner on 2008-07-31 23:54:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 78% (more than 75%).
Total Physical Memory: 504 MiB (512 MiB recommended).

-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:55:09 PM, on 7/31/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\1139186156\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\program files\common files\aol\1139186156\ee\AOLOpenRide.exe
C:\Program Files\Common Files\AOL\1139186156\ee\aolsoftware.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139186156\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: AOL OpenRide.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...96/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go...y/OTOYAX29b.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://i21.photobuck...Grl90/black.jpg

--
End of file - 7221 bytes

-- Files created between 2008-06-30 and 2008-07-31 -----------------------------

2008-07-31 14:35:45 0 d-------- C:\Program Files\Common Files\SupportSoft
2008-07-30 21:20:58 0 d-------- C:\fsaua.data
2008-07-29 19:27:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-29 19:27:22 0 d-------- C:\WINDOWS\System32\Kaspersky Lab
2008-07-29 13:11:23 0 d-------- C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Application Data\Malwarebytes
2008-07-29 13:11:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-29 13:11:17 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-28 21:44:27 0 d-------- C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Application Data\Comcast
2008-07-28 21:23:41 3022 --a------ C:\WINDOWS\System32\tmp.reg
2008-07-28 21:22:44 53248 --a------ C:\WINDOWS\System32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-07-28 21:22:13 81920 --a------ C:\WINDOWS\System32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-07-28 21:22:12 25600 --a------ C:\WINDOWS\System32\WS2Fix.exe
2008-07-28 21:22:12 289144 --a------ C:\WINDOWS\System32\VCCLSID.exe <Not Verified; S!Ri; >
2008-07-28 21:22:12 86528 --a------ C:\WINDOWS\System32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-07-28 21:22:11 288417 --a------ C:\WINDOWS\System32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-07-28 21:22:11 51200 --a------ C:\WINDOWS\System32\dumphive.exe
2008-07-27 23:47:14 0 d-------- C:\Program Files\Trend Micro
2008-07-27 23:15:36 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

-- Find3M Report ---------------------------------------------------------------

2008-07-31 18:39:52 0 d-------- C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Application Data\Mozilla
2008-07-31 15:15:32 0 d-------- C:\Program Files\support.com
2008-07-31 14:35:45 0 d-------- C:\Program Files\Common Files
2008-07-31 00:31:06 0 d-------- C:\Program Files\hbinst
2008-07-28 21:56:28 0 d-------- C:\Program Files\WildTangent
2008-07-28 21:52:56 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-28 21:52:33 0 d-------- C:\Program Files\NewSoft
2008-07-28 21:50:43 0 d-------- C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Application Data\Musicmatch
2008-07-28 21:50:41 0 d-------- C:\Program Files\MUSICMATCH
2008-07-28 21:48:04 0 d-------- C:\Program Files\Microsoft Money
2008-07-28 21:41:57 0 d-------- C:\Program Files\Common Files\aolshare
2008-07-28 21:31:21 0 d-------- C:\Program Files\Viewpoint
2008-06-24 12:26:30 0 d-------- C:\Program Files\McAfee
2008-06-23 14:31:07 0 d-------- C:\Program Files\Common Files\McAfee
2008-06-02 22:36:44 0 d-------- C:\Program Files\LimeWire
2008-05-31 21:40:26 9604 --a------ C:\WINDOWS\mozver.dat
2008-05-31 21:33:33 0 d-------- C:\Program Files\Common Files\xing shared
2008-05-31 21:33:26 0 d-------- C:\Program Files\Common Files\Real
2008-05-31 21:33:18 1770 --a------ C:\WINDOWS\nsreg.dat
2008-05-31 20:33:26 0 d-------- C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Application Data\Real
2008-05-31 20:31:44 0 d-------- C:\Program Files\Common Files\csshare

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BlockTracker"="c:\hp\bin\BlockTracker.exe" []
"NvCplDaemon"="NvQTwk" []
"nwiz"="nwiz.exe" [09/30/2002 11:39 PM C:\WINDOWS\system32\nwiz.exe]
"HostManager"="C:\Program Files\Common Files\AOL\1139186156\ee\AOLSoftware.exe" [09/25/2006 04:52 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 09:16 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/31/2008 09:32 PM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 06:12 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll,nViewLoadHook" []
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Comcast\COMCAS~1\data\xtras\mssysmgr.exe" []
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" []
"Aim6"="" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Start Menu\Programs\Startup\
AOL OpenRide.lnk - C:\Program Files\Common Files\AOL\Launch\aollaunch.exe [9/25/2006 4:52:49 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [12/3/2002 4:58:20 PM]
NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe [10/11/2003 8:19:17 AM]
officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [12/3/2002 4:23:30 PM]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [9/20/2002 7:20:02 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\86942b4f-d046-4526-8f8c-669ad3dd860b]
C:\WINDOWS\System32\dccnncr.exe

-- End of Deckard's System Scanner: finished at 2008-07-31 23:56:15 ------------

#40
fenzodahl512

Posted 31 July 2008 - 11:06 PM

Malware Removal
9,863 posts

I wonder myself why is that entry keeps coming back.. It's like something is respawn it.. Lets do a more aggressive step...

Please visit below webpage for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.

#41
mbrikha

Posted 31 July 2008 - 11:13 PM

Member

Topic Starter
Member
47 posts

wait, when i download comb fix do u want me to run it?

#42
fenzodahl512

Posted 31 July 2008 - 11:16 PM

Malware Removal
9,863 posts

wait, when i download comb fix do u want me to run it?

Yup..

#43
mbrikha

Posted 31 July 2008 - 11:27 PM

Member

Topic Starter
Member
47 posts

it says recovery console installed do you want to continue scanning for malware? do i say yes or no?

#44
fenzodahl512

Posted 01 August 2008 - 02:10 AM

Malware Removal
9,863 posts

it says recovery console installed do you want to continue scanning for malware? do i say yes or no?

Say yes.. Just run the ComboFix and post the log here

#45
mbrikha

Posted 01 August 2008 - 11:26 AM

Member

Topic Starter
Member
47 posts

ComboFix 08-07-31.01 - Owner 2008-08-01 11:49:58.2 - NTFSx86
Running from: C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Application Data\nsv
C:\Documents and Settings\All Users\Application Data\nsv\cache\286.dfn
C:\Documents and Settings\All Users\Application Data\nsv\cache\538.dfn
C:\Documents and Settings\All Users\Application Data\nsv\wmv0104.dbd
C:\Documents and Settings\All Users\Application Data\nsv\wmv0106.ddx
C:\Documents and Settings\All Users\Application Data\nsv\wmv0204.ddx
C:\Documents and Settings\All Users\Application Data\nsv\wmv0315.ddx
C:\Documents and Settings\All Users\Application Data\nsv\wmv0412.ddx
C:\Documents and Settings\All Users\Application Data\nsv\wmv0504.ddx
C:\Documents and Settings\All Users\Application Data\nsv\wmv0904.ddx
C:\Documents and Settings\All Users\Application Data\nsv\wmv1125.ddx
C:\Documents and Settings\All Users\Application Data\nsv\wmv1204.ddx
C:\Documents and Settings\All Users\Application Data\nsv\wmv1215.dbd
C:\Documents and Settings\All Users\Application Data\nsv\wmv1909.ddx
C:\Documents and Settings\All Users\Application Data\nsv\wmv1920.dbd
C:\Documents and Settings\All Users\Application Data\nsv\wmv2007.dbd
C:\Documents and Settings\Guest.YOUR-KYBTG65GXE\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Guest\Application Data\Hotbar
C:\Documents and Settings\Guest\Application Data\Hotbar\eskin\empty_bg_st.htm
C:\Documents and Settings\Guest\Application Data\Hotbar\eskin\FileManager.txt
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\dynamic\1.sdf
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\dynamic\1385437.sdf
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\dynamic\2885069.sdf
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\dynamic\ASPL1.dat
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\dynamic\domains.txt
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\dynamic\hstat\31e6.dat
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\17025
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\18721
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\26664
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\45833
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\4899
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\67226
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\68386
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\81785
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\86379
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\93921
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\dynamic\ustat\31e6.dat
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\ads.cdf
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\business_promo.htm
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\buttondir.txt
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\components.cdf
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_1000.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_2000.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_3000.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bar.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar1.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar10.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar11.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar12.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar13.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar14.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar2.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar3.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar4.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar5.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar6.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar7.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar8.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar9.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_logos.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_other.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_x.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_weather.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\default.cdf
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_511745-514279.mnu
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_categorize.mnu
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_comparison.mnu
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_explorer-Mails.mnu
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_explorer-people.mnu
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_favorites.mnu
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Games.mnu
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Hide.mnu
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_hotbarcom.mnu
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Hotmail.mnu
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_hsskin.mnu
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Mails.mnu
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_new.mnu
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_premium.mnu
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_ringtone.mnu
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_searchfor.mnu
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_searchgo.mnu
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_weather.mnu
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_yellowpages.mnu
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\email-def-511724-9595.mnu
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\email-t1-bg.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar-premium-hotbar-premium.mnu
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar-premium.cdf
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar_promo.htm
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\icons2.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords.idx
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords_idx.idx
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords_sdf.sdf
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords1.dat
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\layout.cdf
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\linkpathlegal.txt
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\progress.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\s_icons_buttons.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\t2_bg.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\theweb.mnu
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\top7.cdf
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\Top7_theweb.mnu
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\1\tsd_bg.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\ads.cdf
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\business_promo.htm
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\buttondir.txt
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\components.cdf
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_1000.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_2000.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_3000.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bar.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar1.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar10.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar11.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar12.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar13.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar14.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar2.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar3.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar4.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar5.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar6.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar7.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar8.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar9.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_logos.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_other.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_x.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_weather.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\default.cdf
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_511745-514279.mnu
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_categorize.mnu
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_comparison.mnu
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_explorer-Mails.mnu
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_favorites.mnu
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Games.mnu
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Hide.mnu
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_hotbarcom.mnu
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Hotmail.mnu
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_hsskin.mnu
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Mails.mnu
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_new.mnu
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_premium.mnu
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_ringtone.mnu
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_searchfor.mnu
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_searchgo.mnu
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_weather.mnu
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_yellowpages.mnu
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\email-def-511724-9595.mnu
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\email-t1-bg.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar-premium-hotbar-premium.mnu
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar-premium.cdf
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar_promo.htm
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\icons2.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords.idx
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords_idx.idx
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords_sdf.sdf
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords1.dat
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\layout.cdf
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\linkpathlegal.txt
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\progress.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\s_icons_buttons.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\t2_bg.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\theweb.mnu
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\top7.cdf
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\Top7_theweb.mnu
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\2\tsd_bg.res
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\ads.xip
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\business_promo.xip
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_1000.xip
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_2000.xip
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_3000.xip
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bar.xip
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar10.xip
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar11.xip
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar12.xip
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar13.xip
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar14.xip
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar2.xip
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar3.xip
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar4.xip
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar5.xip
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar6.xip
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar7.xip
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar8.xip
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar9.xip
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_logos.xip
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_other.xip
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_x.xip
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_weather.xip
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\default.xip
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar-premium.xip
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar_promo.xip
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\icons2.xip
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords.xip
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords_idx.xip
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords_sdf.xip
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords1.xip
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\layout.xip
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\progress.xip
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.txt
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\t2_bg.xip
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\top7.xip
C:\Documents and Settings\Guest\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\tsd_bg.xip
C:\Documents and Settings\LocalService\Application Data\Hotbar
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\Hotbar\dynamic\domains.txt
C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Application Data\macromedia\Flash Player\#SharedObjects\HZW7ZSTW\interclick.com
C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Application Data\macromedia\Flash Player\#SharedObjects\HZW7ZSTW\interclick.com\ud.sol
C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\lswmv.ini
C:\Program Files\cas
C:\Program Files\cas\Client\84.ico
C:\Program Files\cas\Client\85.ico
C:\Program Files\cas\Client\hf.txt
C:\Program Files\cas\Client\sf.txt
C:\Program Files\cas\Client\Uninstall.exe
C:\Program Files\casstub
C:\Program Files\Common Files\{30526~1
C:\Program Files\Common Files\{C0526~1
C:\Program Files\Common Files\uninstall information
C:\Program Files\e2g
C:\Program Files\e2g\data19
C:\Program Files\purityscan
C:\Program Files\thesearchaccelerator
C:\Program Files\thesearchaccelerator\INSTALL.LOG
C:\Program Files\thesearchaccelerator\logo.ico
C:\Program Files\thesearchaccelerator\rss_html_template.html
C:\Program Files\thesearchaccelerator\TBlogin.users.ucmore.com.4.5.40.0
C:\Program Files\thesearchaccelerator\toolbar.cfg
C:\Program Files\thesearchaccelerator\UNWISE.EXE
C:\Temp\fse
C:\temp\iee
C:\WINDOWS\Downloaded Program Files\hotbar.inf
C:\WINDOWS\install.exe
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\Cache\180SAInstaller.exe
C:\WINDOWS\system32\Cache\b2s-537466.exe
C:\WINDOWS\system32\Cache\dist006.exe
C:\WINDOWS\system32\Cache\mswinstall.exe
C:\WINDOWS\system32\Cache\setup.exe
C:\WINDOWS\system32\Cache\trgen-fran-default.exe
C:\WINDOWS\system32\Cache\uninstall.exe
C:\WINDOWS\system32\Cache\weirdontheweb_ventura2.exe
C:\WINDOWS\system32\cfg.dat
C:\WINDOWS\system32\lmdv.bin
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\msodae.dll
C:\WINDOWS\system32\o02PrEz
C:\WINDOWS\system32\unsvchosts.lzma
C:\WINDOWS\system32\vidctrl
C:\WINDOWS\system32\vmss
C:\WINDOWS\system32\wapisu.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSDIRECTX

((((((((((((((((((((((((( Files Created from 2008-07-01 to 2008-08-01 )))))))))))))))))))))))))))))))
.

2008-07-31 23:51 . 2008-07-31 23:52 <DIR> d-------- C:\Program Files\ERUNT
2008-07-31 14:35 . 2008-07-31 14:35 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
2008-07-30 21:20 . 2008-07-30 21:20 <DIR> d-------- C:\fsaua.data
2008-07-29 19:27 . 2008-07-29 19:27 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-07-29 19:27 . 2008-07-29 19:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-29 13:11 . 2008-07-29 13:11 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-29 13:11 . 2008-07-29 13:11 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Application Data\Malwarebytes
2008-07-29 13:11 . 2008-07-29 13:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-29 13:11 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-29 13:11 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-29 12:52 . 2008-07-29 12:52 <DIR> d-------- C:\_OTMoveIt
2008-07-28 21:44 . 2008-07-28 21:44 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Application Data\Comcast
2008-07-28 21:23 . 2008-07-29 11:57 3,022 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-28 21:22 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-28 21:22 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-28 21:22 . 2008-05-29 08:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-28 21:22 . 2008-05-23 17:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-28 21:22 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-28 21:22 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-28 21:22 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-28 10:13 . 2008-07-28 10:13 0 --a------ C:\WINDOWS\system32\55.tmp
2008-07-28 10:07 . 2008-07-28 10:07 <DIR> d-------- C:\Deckard
2008-07-27 23:47 . 2008-07-27 23:47 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-27 23:15 . 2008-07-27 23:45 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-27 19:16 . 2002-08-29 02:41 150,528 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-07-27 19:16 . 2001-08-17 21:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-07-25 23:20 . 2008-07-25 23:20 <DIR> d-------- C:\Documents and Settings\OWNERY~1~000\LOCALS~1
2008-07-25 23:20 . 2008-07-25 23:20 <DIR> d-------- C:\Documents and Settings\OWNERY~1~000
2008-07-25 20:44 . 2008-07-25 20:44 0 --a------ C:\WINDOWS\system32\AE.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-31 23:15 --------- d-----w C:\Program Files\support.com
2008-07-31 08:31 --------- d-----w C:\Program Files\hbinst
2008-07-29 05:56 --------- d-----w C:\Program Files\WildTangent
2008-07-29 05:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-29 05:52 --------- d-----w C:\Program Files\NewSoft
2008-07-29 05:50 --------- d-----w C:\Program Files\MUSICMATCH
2008-07-29 05:50 --------- d-----w C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Application Data\Musicmatch
2008-07-29 05:48 --------- d-----w C:\Program Files\Microsoft Money
2008-07-29 05:41 --------- d-----w C:\Program Files\Common Files\aolshare
2008-07-29 05:31 --------- d-----w C:\Program Files\Viewpoint
2008-07-29 05:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-24 20:26 --------- d-----w C:\Program Files\McAfee
2008-06-23 22:31 --------- d-----w C:\Program Files\Common Files\McAfee
2008-06-03 06:36 --------- d-----w C:\Program Files\LimeWire
2008-06-01 05:33 --------- d-----w C:\Program Files\Common Files\xing shared
2008-06-01 05:33 --------- d-----w C:\Program Files\Common Files\Real
2008-06-01 04:31 --------- d-----w C:\Program Files\Common Files\csshare
2007-02-24 05:49 25,600 ----a-w C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\usbsermptxp.sys
2007-02-24 05:49 22,768 ----a-w C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\usbsermpt.sys
2005-09-05 21:32 601 ---ha-w C:\Documents and Settings\Guest.JAINIE\hpothb07.dat
2005-05-29 00:06 637 ---ha-w C:\Documents and Settings\Guest\hpothb07.dat
2004-02-08 04:21 0 ---ha-w C:\Documents and Settings\NetworkService\hpothb07.dat
2003-10-10 01:23 665 ---ha-w C:\WINDOWS\system32\config\systemprofile\hpothb07.dat
2003-10-10 01:23 665 ---ha-w C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\hpothb07.dat
2003-10-10 01:23 665 ---ha-w C:\Documents and Settings\Guest.YOUR-KYBTG65GXE\hpothb07.dat
2003-10-10 01:23 665 ---ha-w C:\Documents and Settings\Guest.YOUR-KYBTG65GXE.000\hpothb07.dat
2003-10-10 01:23 665 ---ha-w C:\Documents and Settings\Default User\hpothb07.dat
2003-10-10 01:23 164 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat
2003-10-10 01:23 0 ---ha-w C:\Documents and Settings\LocalService\hpothb07.dat
2005-03-20 02:15 32 --sha-w C:\WINDOWS\{7026FA23-A796-43C9-BF9D-223558230A97}.dat
2005-05-25 00:11 32 --sha-w C:\WINDOWS\{C70DBAF0-79B6-4F26-A6D9-40DD6412DCD2}.dat
2005-03-20 00:00 475 --sh--w C:\WINDOWS\system32\ovjy.dll
2005-05-16 01:15 475 --sh--w C:\WINDOWS\system32\vdfvqydc.dll
2005-03-20 02:15 32 --sha-w C:\WINDOWS\system32\{1F0BCF34-AF6E-4B35-AC62-AEF898B1D097}.dat
2005-05-25 00:11 32 --sha-w C:\WINDOWS\system32\{8444D0C8-A2A4-4623-9B9E-B04F8589CCEB}.dat
.

------- Sigcheck -------

2004-08-03 22:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2004-08-03 22:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\SoftwareDistribution\Download\9ded4ee34a35fced0033d3e152a36e0e\ip6fw.sys
2004-08-03 22:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 61,440 2001-07-07 05:56:56 C:\hp\KBD\bak\KBD.EXE

----a-w 159,832 2005-08-02 19:33:02 C:\Program Files\Common Files\AOL\1139186156\ee\bak\AOLHostManager.exe
----a-w 14,384 2006-09-26 00:52:50 C:\Program Files\Common Files\AOL\1139186156\ee\AOLHostManager.exe

----a-w 50,736 2006-09-26 00:52:48 C:\Program Files\Common Files\AOL\1139186156\ee\bak\AOLSoftware.exe
----a-w 50,736 2006-09-26 00:52:48 C:\Program Files\Common Files\AOL\1139186156\ee\AOLSoftware.exe

----a-w 185,784 2006-10-17 03:59:28 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe
----a-w 185,632 2008-06-01 05:32:18 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

----a-w 34,504 2002-08-20 06:23:16 C:\Program Files\Common Files\Symantec Shared\bak\ccRegVfy.exe

----a-w 218,240 2004-11-02 22:59:52 C:\Program Files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe

----a-w 143,360 2002-02-21 03:40:00 C:\Program Files\COMPAQ\Coloreal\bak\coloreal.exe

----a-w 278,528 2006-02-23 22:45:20 C:\Program Files\iTunes\bak\iTunesHelper.exe

----a-w 36,975 2005-06-03 10:52:54 C:\Program Files\Java\jre1.5.0_04\bin\bak\jusched.exe

----a-w 303,104 2005-09-23 02:29:08 C:\Program Files\McAfee.com\Agent\bak\mcagent.exe
----a-w 582,992 2007-11-02 02:12:38 C:\Program Files\McAfee.com\Agent\mcagent.exe

----a-w 212,992 2006-01-11 20:05:42 C:\Program Files\McAfee.com\Agent\bak\mcupdate.exe
----a-w 419,152 2007-12-06 22:10:26 C:\Program Files\McAfee.com\Agent\mcupdate.exe

----a-w 241,714 2001-07-26 01:00:00 C:\Program Files\Microsoft Money\System\bak\Activation.exe

----a-w 5,354,792 2006-07-30 02:34:04 C:\Program Files\MSN Messenger\bak\MsnMsgr.Exe
----a-w 5,674,352 2007-01-19 20:54:56 C:\Program Files\MSN Messenger\msnmsgr.exe

----a-w 11,776 2006-01-19 18:06:16 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mimboot.exe

----a-w 110,592 2006-01-19 18:06:18 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mm_tray.exe

----a-w 1,327,104 2006-11-16 21:42:52 C:\Program Files\MySpace\IM\bak\MySpaceIM.exe
----a-w 5,181,440 2007-03-07 05:06:56 C:\Program Files\MySpace\IM\MySpaceIM.exe

----a-w 282,624 2006-09-01 22:57:48 C:\Program Files\QuickTime\bak\qttask.exe

----a-w 155,648 2002-06-18 16:01:00 C:\Program Files\VERITAS Software\Update Manager\bak\sgtray.exe

----a-w 212,992 2002-09-14 05:42:26 C:\WINDOWS\SMINST\bak\RECGUARD.EXE

----a-w 52,736 1998-05-08 00:04:38 C:\WINDOWS\system\bak\hpsysdrv.exe

----a-w 114,688 2002-09-09 15:05:52 C:\WINDOWS\system32\bak\hkcmd.exe

----a-w 81,920 2002-08-01 04:28:38 C:\WINDOWS\system32\bak\ps2.exe

----a-w 188,416 2002-12-04 08:23:24 C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb07.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Comcast\COMCAS~1\data\xtras\mssysmgr.exe" [N/A]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" [N/A]
"NVIEW"="nview.dll" [2002-09-30 23:39 548933 C:\WINDOWS\system32\nview.dll]
"Aim6"="" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"BlockTracker"="c:\hp\bin\BlockTracker.exe" [N/A]
"HostManager"="C:\Program Files\Common Files\AOL\1139186156\ee\AOLSoftware.exe" [2006-09-25 16:52 50736]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 21:16 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-31 21:32 185632]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 18:12 582992]
"nwiz"="nwiz.exe" [2002-09-30 23:39 372736 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-03-06 21:06 5181440]

C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Start Menu\Programs\Startup\
AOL OpenRide.lnk - C:\Program Files\Common Files\AOL\Launch\aollaunch.exe [2006-09-25 16:52:49 50736]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-03 16:58:20 40960]
NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe [2003-10-11 08:19:17 237568]
officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-12-03 16:23:30 147456]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2002-09-20 19:20:02 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

R0 sonypvl2;sonypvl2;C:\WINDOWS\System32\drivers\sonypvl2.sys [2003-07-25 14:02]
R1 sonypvf2;sonypvf2;C:\WINDOWS\System32\drivers\sonypvf2.sys [2004-04-08 10:04]
R1 sonypvt2;sonypvt2;C:\WINDOWS\System32\drivers\sonypvt2.sys [2003-08-20 09:44]
R2 SVKP;SVKP;C:\WINDOWS\System32\SVKP.sys [2005-07-18 15:36]
S1 sonypvd2;sonypvd2;C:\WINDOWS\System32\DRIVERS\sonypvd2.sys [2003-06-24 09:29]
S3 msCMTSrvc;Content Monitoring Tool;C:\WINDOWS\system32\msCMTSrvc.exe []

*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
*Newly Created Service* - SHAREDACCESS

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\86942b4f-d046-4526-8f8c-669ad3dd860b]
C:\WINDOWS\System32\dccnncr.exe
.
Contents of the 'Scheduled Tasks' folder

2003-05-22 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1052015226.job
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-12-03 16:40]

2007-12-15 C:\WINDOWS\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-01-01 C:\WINDOWS\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2005-07-18 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 11:24]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Application Data\Mozilla\Firefox\Profiles\u1cghiq5.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.comcast.net/
FF -: plugin - C:\Documents and Settings\Owner.YOUR-KYBTG65GXE.000\Application Data\Mozilla\Firefox\Profiles\u1cghiq5.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_04\bin\NPOJI610.dll
FF -: plugin - C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll
FF -: plugin - C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll
FF -: plugin - C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-01 11:58:16
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-01 12:21:26
ComboFix-quarantined-files.txt 2008-08-01 20:21:16

Pre-Run: 75,173,867,520 bytes free
Post-Run: 75,163,701,248 bytes free

464