[AtlantaFalcon]

Hello and thank you for you help first of all. I have completed the steps required before posting.

Ok, I was infected with virtumundo a few weeks ago. It was a virus that attatched itself to
explorer.exe file. Anyways, ran virtumundo fix and thought all was well. But it's not. Get
Internet errors from time to time. There is also a folder in program files that I have to
delete alot. I unlock it with UnLocker and it shows that it is attatched to explorer.exe also,
I get it deleted but it comes back every reboot. There are things in my HiJack this log that I
know do not belong there. As I said I deleted some .dll files from windows/system32 folder and
it helped a bit. Thank you for your help again.


Trojan.Vundo is what Malwarebytes is reporting by the way.

Windows update page is encountering a problem, but I just updated like 4 days ago

After I rebooted, the folder is still there. I know there is still an infection.

EDITED - I hope this doesn't affect my post count or bump me or anything, but I wanted to add that in the last 5 or 6 hours my IE freezes and "does not respond" like every 10 minutes. Not sure if these logs will reflect that, but I wanted to give you guys as much feedback as I can as to my specific problem.

RE-EDIT - When Internet Explorer decides to not respond, I open Task manager and notice several iexplorer.exe's, sometimes 4 of them. It either has to be shut down, or if I leave it alone long enough a window pops up and says "This Tab has Been Recovered - There was a problem with this window causing it to close." or something along those lines. Please Help.








Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:32:26 PM, on 7/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlantafalcons.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {427B37EF-B6C5-4823-A97C-10B88977E398} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {D7063320-BFBE-452D-AE0D-4896BFE2084A} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.aka...vex-2.2.4.1.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 6588 bytes



---------------------------------------------------------------------------------------------------------------------------------------------------------------


Malwarebytes' Anti-Malware 1.23
Database version: 1010
Windows 5.1.2600 Service Pack 2

6:24:33 PM 7/30/2008
mbam-log-7-30-2008 (18-24-33).txt

Scan type: Quick Scan
Objects scanned: 41270
Time elapsed: 6 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\cbxndvmg -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\cbXNDVMg.ddd (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkIArsP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRLCRii.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGyyywX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJAqqnk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM472dfbe5.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM472dfbe5.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

Edited by AtlantaFalcon, 31 July 2008 - 11:53 AM.

[Advertisements]

Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following...


Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• Please let your firewall allow the scanning/downloading process.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

If you are using Vista, you need to right-click at dss.exe icon and choose Run as Administrator


Regards
fenzodahl512

[fenzodahl512]

Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following...


Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• Please let your firewall allow the scanning/downloading process.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

If you are using Vista, you need to right-click at dss.exe icon and choose Run as Administrator


Regards
fenzodahl512

[AtlantaFalcon]

Hi, and Thank You SO MUCH for your help. I have ran the dss as instructed but have two problems. I noticed that it doesn't create system restore points as it does for other people who run it( ive read through tons of posts) and also DSS did not create an extra.txt file for me. It only opened one window and that was main.txt

Here is the DSS Main.txt log as follows:

Deckard's System Scanner v20071014.68
Run by SiviK OutkasT on 2008-07-31 16:48:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 504 MiB (512 MiB recommended).
System Drive C: has 2.01 GiB (less than 15%) free.


-- HijackThis (run as SiviK OutkasT.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:48:40 PM, on 7/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Documents and Settings\SiviK OutkasT\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\SIVIKO~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlantafalcons.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {427B37EF-B6C5-4823-A97C-10B88977E398} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {D7063320-BFBE-452D-AE0D-4896BFE2084A} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.aka...vex-2.2.4.1.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 6437 bytes

-- Files created between 2008-06-30 and 2008-07-31 -----------------------------

2008-07-31 00:16:22 0 d-------- C:\d36cd63c986e6dc19b85c190
2008-07-30 18:16:23 0 d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\Malwarebytes
2008-07-30 18:16:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-30 18:16:18 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-30 18:16:06 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-29 13:11:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-07-29 13:10:11 0 dr-h----- C:\Documents and Settings\SiviK OutkasT\Recent
2008-07-25 17:55:52 0 d-------- C:\Program Files\Panda Security
2008-07-25 15:15:54 0 d-------- C:\ZonedOut
2008-07-25 15:13:55 0 d-------- C:\Program Files\SpywareBlaster
2008-07-25 14:41:44 0 d-------- C:\Program Files\microsoft frontpage
2008-07-25 13:39:44 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-07-25 13:39:35 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-07-25 13:39:23 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
2008-07-25 13:38:02 0 d-------- C:\WINDOWS\Internet Logs
2008-07-24 01:36:48 0 d-------- C:\Program Files\VideoLAN
2008-07-23 13:56:34 0 d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\Media Player Classic
2008-07-22 21:46:19 0 d-------- C:\Your Work
2008-07-22 14:05:51 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-22 14:05:36 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-22 14:05:36 0 d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\SUPERAntiSpyware.com
2008-07-22 14:05:02 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-18 15:50:29 0 d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\BitTorrent
2008-07-18 15:50:00 0 d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\DNA
2008-07-18 15:49:59 0 d-------- C:\Program Files\BitTorrent
2008-07-17 20:22:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-07-17 20:22:35 0 d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\Azureus
2008-07-16 20:28:01 0 d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\Download Manager
2008-07-14 20:28:27 0 d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\vlc
2008-07-14 16:15:31 0 d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\Nero
2008-07-14 16:06:45 0 d-------- C:\New Folder (2)
2008-07-14 15:27:25 0 d-------- C:\Program Files\MP3 to WAV Decoder
2008-07-14 15:10:59 368640 --a------ C:\WINDOWS\system32\TwnLib4.dll <Not Verified; Pegasus Imaging Corporation; TwnLib4 - TwainPRO v4.0 - Utility Library>
2008-07-14 15:10:59 802816 --a------ C:\WINDOWS\system32\imagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-07-14 15:10:59 258048 --a------ C:\WINDOWS\system32\imagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-07-14 15:10:58 1757184 --a------ C:\WINDOWS\system32\imagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-07-14 15:10:57 0 d-------- C:\Program Files\Nero
2008-07-14 15:10:57 0 d-------- C:\Program Files\Common Files\Nero
2008-07-14 15:10:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-07-13 15:35:33 0 d-------- C:\New Folder
2008-07-13 14:46:41 176128 --a------ C:\WINDOWS\system32\RcdScan.dll <Not Verified; Dell Computer Corporation; RcdScan Module>
2008-07-13 14:46:41 446464 -ra------ C:\WINDOWS\system32\hhactivex.dll <Not Verified; Blue Sky Software Corporation.; RoboHELP HTML 2000>
2008-07-13 14:46:37 13632 -----n--- C:\WINDOWS\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
2008-07-10 18:52:17 0 d-------- C:\WINDOWS\CSC
2008-07-10 18:21:20 0 d-------- C:\VundoFix Backups
2008-07-10 18:13:12 0 d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\Desktopicon
2008-07-10 14:34:50 720980 --ahs---- C:\WINDOWS\system32\gMVDNXbc.ini2
2008-07-09 19:32:01 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-09 19:01:34 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-07-09 14:15:10 0 d-------- C:\WINDOWS\ie8updates
2008-07-08 18:09:12 0 d--h---c- C:\WINDOWS\ie8
2008-07-07 20:46:37 0 d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-07-07 18:04:04 0 d-------- C:\Downloads


-- Find3M Report ---------------------------------------------------------------

2008-07-30 18:16:06 0 d-------- C:\Program Files\Common Files
2008-07-29 12:59:07 0 d-------- C:\Program Files\Yahoo!
2008-07-28 11:57:55 0 d-------- C:\Program Files\DVDFab 5
2008-07-28 11:57:54 0 d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\Vso
2008-07-25 14:38:22 538 --a------ C:\Program Files\Shortcut to microsoft frontpage.lnk
2008-07-22 19:51:32 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-22 16:46:36 0 d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\LimeWire
2008-07-18 15:50:00 0 d-------- C:\Program Files\DNA
2008-07-18 14:41:57 0 d-------- C:\Program Files\Java
2008-07-13 14:46:38 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-13 14:46:20 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-13 14:45:32 0 d-------- C:\Program Files\Dell
2008-07-13 14:07:00 0 d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\Adobe
2008-07-07 21:01:25 668 --a------ C:\Documents and Settings\SiviK OutkasT\Application Data\vso_ts_preview.xml
2008-06-27 00:56:06 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-27 00:31:54 0 d-------- C:\Program Files\VSO
2008-06-26 18:29:17 0 d-------- C:\Program Files\DivX
2008-06-19 00:42:49 34 --a------ C:\Documents and Settings\SiviK OutkasT\Application Data\pcouffin.log
2008-06-19 00:42:42 47360 --a------ C:\Documents and Settings\SiviK OutkasT\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-06-19 00:42:42 1144 --a------ C:\Documents and Settings\SiviK OutkasT\Application Data\pcouffin.inf
2008-06-19 00:42:42 7887 --a------ C:\Documents and Settings\SiviK OutkasT\Application Data\pcouffin.cat
2008-06-12 18:32:32 0 d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\iolo
2008-06-11 17:09:42 0 d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\uTorrent
2008-06-11 17:08:54 0 d-------- C:\Program Files\RegCleaner
2008-06-06 22:40:27 0 d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\Se Analyzer Tool SA
2008-06-03 00:42:57 0 d-------- C:\Program Files\YouTube Downloader
2008-06-03 00:34:35 0 d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\Mozilla
2008-06-02 19:46:50 0 d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\DivX
2008-05-30 19:22:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 19:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:46 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:46 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-22 21:46:26 74703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-05-22 18:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 18:19:46 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 18:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 18:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-21 00:05:20 0 -rahs---- C:\MSDOS.SYS
2008-05-21 00:05:20 0 -rahs---- C:\IO.SYS
2008-05-21 00:05:20 0 --a------ C:\CONFIG.SYS
2008-05-21 00:05:20 0 --a------ C:\AUTOEXEC.BAT
2008-05-21 00:01:23 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-20 22:35:18 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-20 16:40:11 62 --ahs---- C:\Documents and Settings\SiviK OutkasT\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{427B37EF-B6C5-4823-A97C-10B88977E398}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D7063320-BFBE-452D-AE0D-4896BFE2084A}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [03/24/2006 08:30 PM C:\WINDOWS\stsystra.exe]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [08/22/2005 11:21 PM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [07/23/2005 01:46 AM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [07/23/2005 01:47 AM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [10/14/2005 06:49 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [10/14/2005 06:50 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [10/14/2005 06:46 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [04/11/2006 10:39 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [07/18/2008 03:50 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoDispCPL"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoPropertiesMyComputer"=0 (0x0)
"NoViewContextMenu"=0 (0x0)
"NoFileAssociate"=0 (0x0)
"NoFind"=0 (0x0)
"NoRun"=0 (0x0)
"NoClose"=0 (0x0)
"StartMenuLogoff"=0 (0x0)
"NoSMHelp"=0 (0x0)
"NoResolveTrack"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=1 (0x1)
"ClearRecentDocsOnExit"=0 (0x0)
"HideClock"=0 (0x0)
"NoTrayItemsDisplay"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 07/23/2005 01:46 AM 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,





-- End of Deckard's System Scanner: finished at 2008-07-31 16:49:21 ------------

[fenzodahl512]

Hello..


Please go to Start >> Run >> Copy/paste below >> press Enter

control sysdm.cpl,,4

A new windows will open

Un-tick Turn off System Restore in all drives option >> Press Apply >> Ok


Then please create a fresh Restore Point before proceed with our fix. Please visit this webpage if you do not know how..


--------------------


I don't see anything that malicious in your log.. Lets do this...


Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {427B37EF-B6C5-4823-A97C-10B88977E398} - (no file)
O2 - BHO: (no name) - {D7063320-BFBE-452D-AE0D-4896BFE2084A} - (no file)

Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.




NEXT


Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

Please post these logs in your next reply.. Please post each log in separate post..

1. Kaspersky Webscanner
2. A fresh DSS log (after Kaspersky step)


Regards
fenzodahl512

[AtlantaFalcon]

Ok, I followed the instructions on system restore. It was already unticked. So I ticked
the box and then unticked it. I created a new system restore point. I also deleted the two
entries as instructed through HiJack This. I do not understand even with system restore
unticked why DSS won't allow me to have an extra.txt. I checked under C:\Deckard\System Scanner
and found only main.txt. Strange.

The folder I mentioned that keeps coming back is
C:\Program Files\microsoft frontpage\version3.0\bin
I unlock it with Unlocker and it says it is attatched to explorer.exe it deletes but comes
right back. There is no file in the bin folder even with "Show hidden files" ticked.

Also can you please tell me what these keys are as to they will not delete and I believe
them to have something to do with the Virus. I googled Bonjour and mDNSresponder.exe and
they say it is something to do with ITunes, I don't have Itunes and never have. Not sure
what the software string id is. Thanks again.

O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)


Here is my DSS text as follows:

Deckard's System Scanner v20071014.68
Run by SiviK OutkasT on 2008-07-31 19:07:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 504 MiB (512 MiB recommended).
System Drive C: has 2.46 GiB (less than 15%) free.


-- HijackThis (run as SiviK OutkasT.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:07:21 PM, on 7/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Documents and Settings\SiviK OutkasT\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\SIVIKO~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlantafalcons.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.aka...vex-2.2.4.1.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 6426 bytes

-- Files created between 2008-06-30 and 2008-07-31 -----------------------------

2008-07-31 17:16:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-31 17:16:12 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-07-31 17:16:11 0 d-------- C:\WINDOWS\LastGood
2008-07-31 00:16:22 0 d-------- C:\d36cd63c986e6dc19b85c190
2008-07-30 18:16:23 0 d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\Malwarebytes
2008-07-30 18:16:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-30 18:16:18 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-30 18:16:06 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-29 13:11:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-07-29 13:10:11 0 dr-h----- C:\Documents and Settings\SiviK OutkasT\Recent
2008-07-25 17:55:52 0 d-------- C:\Program Files\Panda Security
2008-07-25 15:15:54 0 d-------- C:\ZonedOut
2008-07-25 15:13:55 0 d-------- C:\Program Files\SpywareBlaster
2008-07-25 14:41:44 0 d-------- C:\Program Files\microsoft frontpage
2008-07-25 13:39:44 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-07-25 13:39:35 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-07-25 13:39:23 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
2008-07-25 13:38:02 0 d-------- C:\WINDOWS\Internet Logs
2008-07-24 01:36:48 0 d-------- C:\Program Files\VideoLAN
2008-07-23 13:56:34 0 d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\Media Player Classic
2008-07-22 21:46:19 0 d-------- C:\Your Work
2008-07-22 14:05:51 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-22 14:05:36 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-22 14:05:36 0 d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\SUPERAntiSpyware.com
2008-07-22 14:05:02 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-18 15:50:29 0 d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\BitTorrent
2008-07-18 15:50:00 0 d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\DNA
2008-07-18 15:49:59 0 d-------- C:\Program Files\BitTorrent
2008-07-17 20:22:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-07-17 20:22:35 0 d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\Azureus
2008-07-16 20:28:01 0 d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\Download Manager
2008-07-14 20:28:27 0 d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\vlc
2008-07-14 16:15:31 0 d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\Nero
2008-07-14 16:06:45 0 d-------- C:\New Folder (2)
2008-07-14 15:27:25 0 d-------- C:\Program Files\MP3 to WAV Decoder
2008-07-14 15:10:59 368640 --a------ C:\WINDOWS\system32\TwnLib4.dll <Not Verified; Pegasus Imaging Corporation; TwnLib4 - TwainPRO v4.0 - Utility Library>
2008-07-14 15:10:59 802816 --a------ C:\WINDOWS\system32\imagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-07-14 15:10:59 258048 --a------ C:\WINDOWS\system32\imagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-07-14 15:10:58 1757184 --a------ C:\WINDOWS\system32\imagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-07-14 15:10:57 0 d-------- C:\Program Files\Nero
2008-07-14 15:10:57 0 d-------- C:\Program Files\Common Files\Nero
2008-07-14 15:10:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-07-13 15:35:33 0 d-------- C:\New Folder
2008-07-13 14:46:41 176128 --a------ C:\WINDOWS\system32\RcdScan.dll <Not Verified; Dell Computer Corporation; RcdScan Module>
2008-07-13 14:46:41 446464 -ra------ C:\WINDOWS\system32\hhactivex.dll <Not Verified; Blue Sky Software Corporation.; RoboHELP HTML 2000>
2008-07-13 14:46:37 13632 -----n--- C:\WINDOWS\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
2008-07-10 18:52:17 0 d-------- C:\WINDOWS\CSC
2008-07-10 18:21:20 0 d-------- C:\VundoFix Backups
2008-07-10 18:13:12 0 d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\Desktopicon
2008-07-10 14:34:50 720980 --ahs---- C:\WINDOWS\system32\gMVDNXbc.ini2
2008-07-09 19:32:01 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-09 19:01:34 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-07-09 14:15:10 0 d-------- C:\WINDOWS\ie8updates
2008-07-08 18:09:12 0 d--h---c- C:\WINDOWS\ie8
2008-07-07 20:46:37 0 d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-07-07 18:04:04 0 d-------- C:\Downloads


-- Find3M Report ---------------------------------------------------------------

2008-07-30 18:16:06 0 d-------- C:\Program Files\Common Files
2008-07-29 12:59:07 0 d-------- C:\Program Files\Yahoo!
2008-07-28 11:57:55 0 d-------- C:\Program Files\DVDFab 5
2008-07-28 11:57:54 0 d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\Vso
2008-07-25 14:38:22 538 --a------ C:\Program Files\Shortcut to microsoft frontpage.lnk
2008-07-22 19:51:32 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-22 16:46:36 0 d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\LimeWire
2008-07-18 15:50:00 0 d-------- C:\Program Files\DNA
2008-07-18 14:41:57 0 d-------- C:\Program Files\Java
2008-07-13 14:46:38 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-13 14:46:20 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-13 14:45:32 0 d-------- C:\Program Files\Dell
2008-07-13 14:07:00 0 d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\Adobe
2008-07-07 21:01:25 668 --a------ C:\Documents and Settings\SiviK OutkasT\Application Data\vso_ts_preview.xml
2008-06-27 00:56:06 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-27 00:31:54 0 d-------- C:\Program Files\VSO
2008-06-26 18:29:17 0 d-------- C:\Program Files\DivX
2008-06-19 00:42:49 34 --a------ C:\Documents and Settings\SiviK OutkasT\Application Data\pcouffin.log
2008-06-19 00:42:42 47360 --a------ C:\Documents and Settings\SiviK OutkasT\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-06-19 00:42:42 1144 --a------ C:\Documents and Settings\SiviK OutkasT\Application Data\pcouffin.inf
2008-06-19 00:42:42 7887 --a------ C:\Documents and Settings\SiviK OutkasT\Application Data\pcouffin.cat
2008-06-12 18:32:32 0 d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\iolo
2008-06-11 17:09:42 0 d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\uTorrent
2008-06-11 17:08:54 0 d-------- C:\Program Files\RegCleaner
2008-06-06 22:40:27 0 d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\Se Analyzer Tool SA
2008-06-03 00:42:57 0 d-------- C:\Program Files\YouTube Downloader
2008-06-03 00:34:35 0 d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\Mozilla
2008-06-02 19:46:50 0 d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\DivX
2008-05-30 19:22:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 19:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:46 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:46 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-22 21:46:26 74703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-05-22 18:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 18:19:46 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 18:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 18:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-21 00:05:20 0 -rahs---- C:\MSDOS.SYS
2008-05-21 00:05:20 0 -rahs---- C:\IO.SYS
2008-05-21 00:05:20 0 --a------ C:\CONFIG.SYS
2008-05-21 00:05:20 0 --a------ C:\AUTOEXEC.BAT
2008-05-21 00:01:23 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-20 22:35:18 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-20 16:40:11 62 --ahs---- C:\Documents and Settings\SiviK OutkasT\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [03/24/2006 08:30 PM C:\WINDOWS\stsystra.exe]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [08/22/2005 11:21 PM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [07/23/2005 01:46 AM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [07/23/2005 01:47 AM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [10/14/2005 06:49 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [10/14/2005 06:50 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [10/14/2005 06:46 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [04/11/2006 10:39 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [07/18/2008 03:50 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoDispCPL"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoPropertiesMyComputer"=0 (0x0)
"NoViewContextMenu"=0 (0x0)
"NoFileAssociate"=0 (0x0)
"NoFind"=0 (0x0)
"NoRun"=0 (0x0)
"NoClose"=0 (0x0)
"StartMenuLogoff"=0 (0x0)
"NoSMHelp"=0 (0x0)
"NoResolveTrack"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsHistory"=1 (0x1)
"ClearRecentDocsOnExit"=0 (0x0)
"HideClock"=0 (0x0)
"NoTrayItemsDisplay"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 07/23/2005 01:46 AM 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,





-- End of Deckard's System Scanner: finished at 2008-07-31 19:08:00 ------------

Edited by AtlantaFalcon, 31 July 2008 - 05:11 PM.

[AtlantaFalcon]

Sorry, I meant to put Kaspersky first.


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, July 31, 2008 7:05:51 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 31/07/2008
Kaspersky Anti-Virus database records: 1036115
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 69180
Number of viruses found: 3
Number of infected objects: 11
Number of suspicious objects: 0
Duration of the scan process: 01:02:45

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\SiviK OutkasT\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\SiviK OutkasT\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\SiviK OutkasT\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{B1F3BE4B-5F45-11DD-A22B-0014229DA6A9}.dat Object is locked skipped
C:\Documents and Settings\SiviK OutkasT\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B1F3BE4C-5F45-11DD-A22B-0014229DA6A9}.dat Object is locked skipped
C:\Documents and Settings\SiviK OutkasT\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C4ABF4EE-5F45-11DD-A22B-0014229DA6A9}.dat Object is locked skipped
C:\Documents and Settings\SiviK OutkasT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\SiviK OutkasT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\SiviK OutkasT\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\SiviK OutkasT\Local Settings\History\History.IE5\MSHist012008073120080801\index.dat Object is locked skipped
C:\Documents and Settings\SiviK OutkasT\Local Settings\Temp\DRDld\mbam-setup.exe Infected: not-a-virus:FraudTool.Win32.SpyNoMore.g skipped
C:\Documents and Settings\SiviK OutkasT\Local Settings\Temp\~DF1639.tmp Object is locked skipped
C:\Documents and Settings\SiviK OutkasT\Local Settings\Temp\~DF3996.tmp Object is locked skipped
C:\Documents and Settings\SiviK OutkasT\Local Settings\Temp\~DF3A09.tmp Object is locked skipped
C:\Documents and Settings\SiviK OutkasT\Local Settings\Temporary Internet Files\AntiPhishing\5AFAD6B8-456C-4DA1-88AD-AF7DFF52072B.dat Object is locked skipped
C:\Documents and Settings\SiviK OutkasT\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\SiviK OutkasT\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\SiviK OutkasT\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080710-152016-582.dll Infected: Trojan.Win32.Monder.wk skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080710-152016-760.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080710-160427-877.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080710-160427-960.dll Infected: Trojan.Win32.Monder.wk skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080710-160509-146.dll Infected: Trojan.Win32.Monder.wk skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080710-160509-541.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080710-163823-117.dll Infected: Trojan.Win32.Monder.wk skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080710-163824-564.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080710-180059-639.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080710-180059-922.dll Infected: Trojan.Win32.Monder.wk skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{522F6A5F-CCE7-45B1-A470-82CB71768E36}\RP5\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{3ABD67F5-0865-43EF-A149-C20DB3DEAEA4}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

[fenzodahl512]

I do not understand even with system restore
unticked why DSS won't allow me to have an extra.txt. I checked under C:\Deckard\System Scanner
and found only main.txt. Strange.

Dont worry about that.. When you have run DSS before, there will be no extra.txt appears unless you put some special command to it..

The folder I mentioned that keeps coming back is
C:\Program Files\microsoft frontpage\version3.0\bin
I unlock it with Unlocker and it says it is attatched to explorer.exe it deletes but comes
right back. There is no file in the bin folder even with "Show hidden files" ticked.

That is part of Standard Windows 2000 and Windows XP.. I'd rather have you leave it there..

Also can you please tell me what these keys are as to they will not delete and I believe
them to have something to do with the Virus. I googled Bonjour and mDNSresponder.exe and
they say it is something to do with ITunes, I don't have Itunes and never have. Not sure
what the software string id is. Thanks again.

O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)

Both entries are legit. I'd rather you to leave legit entries as they are not harm your computer in any way.. If you remove legit entries for no good reason, things might get messy.. Please refer to both sites below:

http://www.castlecops.com/lsp-183.html

http://www.castlecop...3list-3129.html


By the way, your log looks good to my eyes.. Please navigate C:\Program Files\Trend Micro\HijackThis\backups folder and delete everything inside.. Don't delete the folder itself.. Just leave it empty.. If you still have problem with your computer, I strongly believe it is not malware/virus related..


Do you have anymore question?

[AtlantaFalcon]

Ok. Well I tried to visist both sites and neither of them are up and running. I thank you for your time and expertise. But I do want to say that the C:\Program Files\microsoft frontpage\version3.0\bin was not on my computer 3 weeks ago. I downloaded this file stupidly, I have had this computer for almost 3 years and that folder was never there. I downloaded it and ever since then, I had the trojan issue. That is not the issue, I do have one more question though, I at my own risk would like to remove C:\Program Files\Bonjour but there is no way to remove it in Control Panel or any other way I have tried. Any suggestons? Thanks again.

[AtlantaFalcon]

Sorry to reply again, but as I posted that Internet Explorer froze again and there were still multiple IExplorer.exe in task manager. Any suggestions as to what that might be and a resolution for that? Thanks

EDIT - I have tried to delete the file C:\microsoft frontpage\version 3.0\bin again and with success, but it comes back on boot even with system restore
turned off. If it was a normal required windows file, the I don't understand why I have never seen until 3 weeks ago and a normal file wouldn't duplicate itself time and time again after deleting it. The file is attatched to winlogon.exe and not explorer.exe. This file does not belong. Can you kindly direct me to someone who can help me get this off of my pc?

REEDIT - Also, I'm not trying to undermind you here, or be a [bleep]. I'm just sayin I know my computer and when something is wrong with it. But I just ran Spybot S&D and it is reporting 3 reg entries of Virtumonde.prx and 1 reg entry of Virtumonde.sci. I am listing a list of what spybot reported. If you cannot help I understand. I am not posting this to question your expertise, only to show you that my system is still having problems that maybe the other logs are not showing. If there is nothing you can do, like I said I understand, but is there anyone else or another forum you can point me to? Thank you again.


Microsoft.Windows.AppFirewallBypass: [SBI $9DD943AA] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\system32\usmt\migwiz.exe

Virtumonde.prx: [SBI $C46E6FC7] Configuration file (File, nothing done)
C:\WINDOWS\pskt.ini

Virtumonde.prx: [SBI $13DC8D4E] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\IProxyProvider\Path=...C:\WINDOWS\system32\aladedks.dll...

Virtumonde.prx: [SBI $7BFCBA71] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct

Virtumonde.sci: [SBI $D6BC29CE] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{427B37EF-B6C5-4823-A97C-10B88977E398}

DoubleClick: Tracking cookie (Internet Explorer: SiviK OutkasT) (Cookie, nothing done)


BlueStreak: Tracking cookie (Firefox: default) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---

Edited by AtlantaFalcon, 01 August 2008 - 11:44 AM.

[fenzodahl512]

I'm not sure if your IE problem is related with malware.. Lets do another scan and see what it can find out..



Please visit below webpage for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.

[fenzodahl512]

--edit--

double posted

Edited by fenzodahl512, 01 August 2008 - 02:51 PM.

[AtlantaFalcon]

OK, when I drag the WindowsXp icon I downloaded as instructed, it seems to try and run combofix.exe rather that install windows recovery console.....I drag the file

310994-XP2-Pro-ENU.EXE and it asks me if I want to run combofix , don't see anything about windows recovery console.....is this normal.?

[AtlantaFalcon]

Also, not sure if this is pertinent. But earlier I uninstalled SUPERAntiSpyware b/c it seems to hang up alot. It has now reinstalled itself?

[AtlantaFalcon]

Here is my ComboFix log as instructed. Thank you for your patience.


ComboFix 08-07-31.06 - SiviK OutkasT 2008-08-01 16:58:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.226 [GMT -4:00]
Running from: C:\Documents and Settings\SiviK OutkasT\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\SiviK OutkasT\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\SiviK OutkasT\Application Data\inst.exe
C:\Documents and Settings\SiviK OutkasT\Application Data\macromedia\Flash Player\#SharedObjects\W9AQRA4S\interclick.com
C:\Documents and Settings\SiviK OutkasT\Application Data\macromedia\Flash Player\#SharedObjects\W9AQRA4S\interclick.com\ud.sol
C:\Documents and Settings\SiviK OutkasT\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\SiviK OutkasT\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\gMVDNXbc.ini
C:\WINDOWS\system32\gMVDNXbc.ini2

.
((((((((((((((((((((((((( Files Created from 2008-07-01 to 2008-08-01 )))))))))))))))))))))))))))))))
.

2008-08-01 15:42 . 2008-08-01 15:42 <DIR> d-------- C:\LSP fix
2008-08-01 14:43 . 2008-08-01 14:43 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-08-01 13:14 . 2008-08-01 16:46 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-01 13:14 . 2008-08-01 16:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-31 17:16 . 2008-07-31 17:16 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-07-31 00:16 . 2008-07-31 00:17 <DIR> d-------- C:\d36cd63c986e6dc19b85c190
2008-07-30 18:16 . 2008-07-30 18:16 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-30 18:16 . 2008-07-30 18:16 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-07-30 18:16 . 2008-07-30 18:16 <DIR> d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\Malwarebytes
2008-07-30 18:16 . 2008-07-30 18:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-30 18:16 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-30 18:16 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-29 12:57 . 2008-07-29 12:57 2,919,360 --a------ C:\ccsetup209.exe
2008-07-25 18:52 . 2008-07-25 18:52 219,952 --a------ C:\utorrent.exe
2008-07-25 16:50 . 2008-07-25 16:50 1,871,422 --a------ C:\BELKIN_54G_RT_USA_4.03.03.bin
2008-07-25 15:13 . 2008-07-25 15:13 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-07-25 15:13 . 2008-07-25 15:13 2,869,536 --a------ C:\spywareblastersetup41.exe
2008-07-25 13:39 . 2008-07-25 13:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-07-25 13:39 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-07-25 13:39 . 2008-07-25 13:41 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-07-25 13:38 . 2008-07-25 14:41 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-07-24 01:36 . 2008-07-24 01:36 <DIR> d-------- C:\Program Files\VideoLAN
2008-07-23 21:07 . 2008-07-23 23:46 439,808 --a------ C:\Pro_Brand_International_-_Daily_Update_-_Master.xls
2008-07-23 17:04 . 2008-07-23 17:04 1,782 --a------ C:\RC.html
2008-07-23 13:56 . 2008-07-23 13:57 <DIR> d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\Media Player Classic
2008-07-22 21:46 . 2008-07-23 01:11 <DIR> d-------- C:\Your Work
2008-07-22 14:05 . 2008-07-22 14:05 <DIR> d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\SUPERAntiSpyware.com
2008-07-22 14:05 . 2008-07-22 14:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-18 15:50 . 2008-08-01 16:53 <DIR> d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\DNA
2008-07-18 15:50 . 2008-07-31 16:47 <DIR> d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\BitTorrent
2008-07-18 15:49 . 2008-07-18 15:50 <DIR> d-------- C:\Program Files\BitTorrent
2008-07-17 20:22 . 2008-07-22 16:46 <DIR> d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\Azureus
2008-07-16 20:28 . 2008-07-16 21:23 <DIR> d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\Download Manager
2008-07-14 20:28 . 2008-07-14 20:28 <DIR> d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\vlc
2008-07-14 16:27 . 2008-07-31 23:20 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-14 16:15 . 2008-07-14 16:15 <DIR> d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\Nero
2008-07-14 16:06 . 2008-07-15 18:52 <DIR> d-------- C:\New Folder (2)
2008-07-14 15:27 . 2008-07-14 15:27 <DIR> d-------- C:\Program Files\MP3 to WAV Decoder
2008-07-14 15:27 . 2001-07-25 00:43 409,600 --a------ C:\WINDOWS\system32\activemp3.ocx
2008-07-14 15:27 . 2001-08-08 22:00 40,960 --a------ C:\WINDOWS\system32\DGPNorm.ocx
2008-07-14 15:10 . 2008-07-14 15:11 <DIR> d-------- C:\Program Files\Nero
2008-07-14 15:10 . 2008-07-14 15:11 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-07-14 15:10 . 2008-07-14 15:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-07-14 15:10 . 2006-03-17 12:45 1,757,184 --a------ C:\WINDOWS\system32\imagX7.dll
2008-07-14 15:10 . 2006-03-17 12:45 802,816 --a------ C:\WINDOWS\system32\imagXRA7.dll
2008-07-14 15:10 . 2006-03-17 12:45 497,296 --a------ C:\WINDOWS\system32\imagXpr7.dll
2008-07-14 15:10 . 2006-03-17 15:49 368,640 --a------ C:\WINDOWS\system32\TwnLib4.dll
2008-07-14 15:10 . 2006-03-17 12:45 258,048 --a------ C:\WINDOWS\system32\imagXR7.dll
2008-07-13 15:35 . 2008-07-26 13:23 <DIR> d-------- C:\New Folder
2008-07-13 14:48 . 2008-07-13 14:48 59 --a------ C:\WINDOWS\WININIT.INI
2008-07-13 14:46 . 2000-03-23 12:50 446,464 -ra------ C:\WINDOWS\system32\hhactivex.dll
2008-07-13 14:46 . 1998-11-10 10:46 328,480 --a------ C:\WINDOWS\system32\ssa3d30.ocx
2008-07-13 14:46 . 2002-01-08 17:00 176,128 --a------ C:\WINDOWS\system32\RcdScan.dll
2008-07-13 14:46 . 1998-09-24 12:03 171,967 --a------ C:\WINDOWS\system32\Odbcjet.hlp
2008-07-13 14:46 . 2001-08-22 08:42 13,632 --------- C:\WINDOWS\system32\drivers\omci.sys
2008-07-13 14:46 . 1998-09-24 12:03 7,348 --a------ C:\WINDOWS\system32\Odbcjet.cnt
2008-07-10 18:21 . 2008-07-10 18:21 <DIR> d-------- C:\VundoFix Backups
2008-07-10 18:13 . 2008-07-10 18:13 <DIR> d-------- C:\Program Files\Unlocker
2008-07-10 18:13 . 2008-07-10 18:13 <DIR> d-------- C:\Documents and Settings\SiviK OutkasT\Application Data\Desktopicon
2008-07-09 19:32 . 2008-07-09 19:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-09 19:01 . 2008-07-09 19:01 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-07-09 14:15 . 2008-07-09 14:15 <DIR> d-------- C:\WINDOWS\ie8updates
2008-07-08 18:09 . 2008-07-08 18:11 <DIR> d--h-c--- C:\WINDOWS\ie8
2008-07-07 22:08 . 2008-07-16 19:35 360,320 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-07-07 20:46 . 2008-07-07 20:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-07-07 18:04 . 2008-07-10 01:39 <DIR> d-------- C:\Downloads

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-01 16:13 --------- d-----w C:\Program Files\Yahoo!
2008-07-28 15:57 --------- d-----w C:\Program Files\DVDFab 5
2008-07-28 15:57 --------- d-----w C:\Documents and Settings\SiviK OutkasT\Application Data\Vso
2008-07-25 23:18 360,320 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2008-07-22 23:51 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-22 20:46 --------- d-----w C:\Documents and Settings\SiviK OutkasT\Application Data\LimeWire
2008-07-18 19:50 --------- d-----w C:\Program Files\DNA
2008-07-18 18:41 --------- d-----w C:\Program Files\Java
2008-07-13 19:19 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-13 18:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-13 18:46 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-13 18:45 --------- d-----w C:\Program Files\Dell
2008-06-27 04:31 --------- d-----w C:\Program Files\VSO
2008-06-26 22:29 --------- d-----w C:\Program Files\DivX
2008-06-20 20:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 04:42 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-06-19 04:42 47,360 ----a-w C:\Documents and Settings\SiviK OutkasT\Application Data\pcouffin.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 22:32 --------- d-----w C:\Documents and Settings\SiviK OutkasT\Application Data\iolo
2008-06-12 22:32 --------- d-----w C:\Documents and Settings\LocalService\Application Data\iolo
2008-06-11 21:09 --------- d-----w C:\Documents and Settings\SiviK OutkasT\Application Data\uTorrent
2008-06-11 21:08 --------- d-----w C:\Program Files\RegCleaner
2008-06-07 02:40 --------- d-----w C:\Documents and Settings\SiviK OutkasT\Application Data\Se Analyzer Tool SA
2008-06-03 04:42 --------- d-----w C:\Program Files\YouTube Downloader
2008-06-02 23:46 --------- d-----w C:\Documents and Settings\SiviK OutkasT\Application Data\DivX
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-05-23 01:46 74,703 ----a-w C:\WINDOWS\system32\mfc45.dll
2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-13 01:53 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2008-05-13 01:53 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2008-05-13 01:53 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2008-05-08 04:50 830,464 ----a-w C:\WINDOWS\system32\wininet.dll
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
.

------- Sigcheck -------

2007-10-30 12:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 06:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 07:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 07:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-07-07 22:08 360064 482ab7f9cd41702e8f856c11cfefb02d C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2008-07-25 19:18 360320 c5b527301e59c0557aeee15a2abba79a C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-07-25 19:18 360320 c5b527301e59c0557aeee15a2abba79a C:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 22:39 176201]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-07-18 15:50 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-22 23:21 823362]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-07-23 01:46 401408]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-07-23 01:47 385024]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 18:49 94208]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 18:50 114688]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 18:46 77824]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 20:30 282624 C:\WINDOWS\stsystra.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFileAssociate"= 0 (0x0)
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2005-07-23 01:46 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.GTCC"= GTCODEC.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24240:TCP"= 24240:TCP:BTA
"24240:UDP"= 24240:UDP:BTB

S3 DCamUSBDXGTech;Dual-Mode DSC (Video Camera);C:\WINDOWS\system32\Drivers\GT891x1.SYS []
S3 GT890x;Dual-Mode DSC (Still Camera);C:\WINDOWS\system32\Drivers\GT890x.SYS []

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP111
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\SiviK OutkasT\Application Data\Mozilla\Firefox\Profiles\47if4xxt.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-01 17:00:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-01 17:01:40
ComboFix-quarantined-files.txt 2008-08-01 21:01:37

Pre-Run: 2,903,355,392 bytes free
Post-Run: 3,234,455,552 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

227 --- E O F --- 2008-07-31 04:30:50

[fenzodahl512]

Please reboot your computer and test it.. So. how is your computer now?