Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Hijack This log [RESOLVED]

Started by MVV , Aug 02 2008 05:31 PM

This topic is locked

#1
MVV

Posted 02 August 2008 - 05:31 PM

Member

Member
87 posts

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:25:46 PM, on 8/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [7cfcad32] rundll32.exe "C:\WINDOWS\system32\antinpbp.dll",b
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [QdrModule10] "C:\Program Files\QdrModule\QdrModule10.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &Search - ?p=ZKxdm011YYUS
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - https://objects.aol....83/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - https://objects.aol....,20/McGDMgr.cab
O20 - AppInit_DLLs: gseuyh.dll thqbkz.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 7067 bytes

#2
andrewuk

Posted 02 August 2008 - 07:00 PM

Trusted Helper

Malware Removal
5,297 posts

Hi MVV

welcome to geekstogo

in this post we will clear the malware i can see, and do some additional scans to seek out the other malware likely to be on your machine.

Firslty a question: do you have any antivirus programs installed?

====STEP 1====
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com

O8 - Extra context menu item: &Search - ?p=ZKxdm011YYUS

O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

====STEP 2====
if you have already downloaded combofix then could you delete the current version of combofix you have and then follow these instructions:

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet. (All the instructions for installing the Recovery Console are in the above link, but for more information on the Windows XP Recovery Console read http://support.micro...com/kb/314058.)

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

====STEP 3====
Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

In your next reply could i see:
1. the answer to the antivirus question
2. the combofix log
3. the hijackthis log
4. the kaspersky log

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk

Edited by andrewuk, 02 August 2008 - 07:02 PM.

#3
MVV

Posted 02 August 2008 - 08:04 PM

Member

Topic Starter
Member
87 posts

Regarding Kaspersky am I suppose to install kavwebscan_unicode.cab?

#4
andrewuk

Posted 02 August 2008 - 08:13 PM

Trusted Helper

Malware Removal
5,297 posts

yes

#5
MVV

Posted 02 August 2008 - 09:39 PM

Member

Topic Starter
Member
87 posts

The programs I have on my computer are;

Super Anti Spyware, Malwarebytes Anti-Malware and Spybot Search and Destroy.

ComboFix 08-08-01.05 - Mike 2008-08-02 21:34:11.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.227 [GMT -6:00]
Running from: C:\Documents and Settings\Mike\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\aolconnfix.exe
C:\aolconnfix.txt
C:\Documents and Settings\Jen\Application Data\macromedia\Flash Player\#SharedObjects\X2KGRJ4M\interclick.com
C:\Documents and Settings\Jen\Application Data\macromedia\Flash Player\#SharedObjects\X2KGRJ4M\interclick.com\ud.sol
C:\Documents and Settings\Jen\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Jen\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Lucy63\Application Data\macromedia\Flash Player\#SharedObjects\EJPHH5AD\interclick.com
C:\Documents and Settings\Lucy63\Application Data\macromedia\Flash Player\#SharedObjects\EJPHH5AD\interclick.com\ud.sol
C:\Documents and Settings\Lucy63\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Lucy63\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Mike\Application Data\macromedia\Flash Player\#SharedObjects\8QPH3DT2\interclick.com
C:\Documents and Settings\Mike\Application Data\macromedia\Flash Player\#SharedObjects\8QPH3DT2\interclick.com\ud.sol
C:\Documents and Settings\Mike\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Mike\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\BM7fcf9eae.txt
C:\WINDOWS\Fonts\bduala.dll
C:\WINDOWS\system32\gsmdxjpe.dll
C:\WINDOWS\SYSTEM32\jilRYcfe.ini
C:\WINDOWS\SYSTEM32\jilRYcfe.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\SYSTEM32\pbpnitna.ini
C:\WINDOWS\system32\qiftnpjw.dll
C:\WINDOWS\SYSTEM32\YGggPXbc.ini
C:\WINDOWS\SYSTEM32\YGggPXbc.ini2

.
((((((((((((((((((((((((( Files Created from 2008-07-03 to 2008-08-03 )))))))))))))))))))))))))))))))
.

2008-08-02 21:41 . 2008-08-02 21:41 294 ---hs---- C:\WINDOWS\SYSTEM32\pbpnitna.ini
2008-08-02 04:42 . 2008-08-02 04:42 83,456 --a------ C:\WINDOWS\SYSTEM32\antinpbp.dll
2008-08-02 04:39 . 2008-08-02 04:39 114,176 --a------ C:\WINDOWS\SYSTEM32\thqbkz.dll
2008-08-02 04:39 . 2008-08-02 04:39 114,176 --a------ C:\WINDOWS\SYSTEM32\immruows.dll
2008-08-02 04:37 . 2008-08-02 04:37 0 --a------ C:\WINDOWS\BM7fcf9eae.xml
2008-08-02 04:36 . 2008-08-02 04:36 314,880 --a------ C:\WINDOWS\SYSTEM32\efcYRlij.dll
2008-08-02 01:57 . 2008-08-02 01:57 114,176 --a------ C:\WINDOWS\SYSTEM32\gseuyh.dll
2008-08-02 01:43 . 2008-08-02 01:43 <DIR> d-------- C:\WINDOWS\SYSTEM32\kBin19
2008-07-29 23:00 . 2008-07-29 23:01 6,046,584 --a------ C:\Program Files\Firefox Setup 2.0.0.16.exe
2008-07-29 20:18 . 2008-08-02 21:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-29 20:18 . 2008-07-29 20:18 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-28 20:04 . 2008-07-28 20:04 105,472 --a------ C:\WINDOWS\SYSTEM32\xvvnwhix.dll
2008-07-28 20:04 . 2008-07-28 20:04 105,472 --a------ C:\WINDOWS\SYSTEM32\joyixq.dll
2008-07-28 18:28 . 2008-07-28 18:28 812,344 --a------ C:\Program Files\HJTInstall.exe
2008-07-27 21:08 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-07-27 19:48 . 2008-07-28 21:22 <DIR> d--hs---- C:\WINDOWS\THVjeTYz
2008-07-27 19:48 . 2008-08-02 04:29 <DIR> d-------- C:\WINDOWS\SYSTEM32\vn3
2008-07-27 19:48 . 2008-07-28 21:22 <DIR> d-------- C:\WINDOWS\SYSTEM32\fonts
2008-07-27 19:48 . 2008-07-27 19:48 <DIR> d-------- C:\WINDOWS\SYSTEM32\bosh
2008-07-27 19:48 . 2008-07-27 19:48 <DIR> d-------- C:\Temp\epr1
2008-07-25 01:49 . 2008-07-28 03:20 72 --a------ C:\WINDOWS\SCapPro.INI
2008-07-25 01:35 . 2008-07-25 01:35 <DIR> d-------- C:\Documents and Settings\Mike\Application Data\ACASystems
2008-07-25 01:35 . 2008-07-25 01:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACASystems
2008-07-25 01:32 . 2008-07-25 01:32 1,938,584 --a------ C:\Program Files\ACapProSetup.exe
2008-07-12 05:24 . 2008-07-12 05:24 <DIR> d-------- C:\MGtools
2008-07-12 05:24 . 2008-07-12 05:24 18,463 --a------ C:\MGlogs.zip
2008-07-12 03:37 . 2008-07-12 03:38 1,238,055 --a------ C:\MGtools.exe
2008-07-12 01:48 . 2008-07-12 01:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-07-12 01:44 . 2008-07-12 01:49 <DIR> d-------- C:\Program Files\PC Tools AntiVirus
2008-07-12 01:44 . 2008-07-12 01:44 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-07-12 01:10 . 2008-07-12 01:32 <DIR> d-------- C:\Program Files\SmitfraudFix
2008-07-12 01:10 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe
2008-07-12 01:10 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2008-07-12 01:10 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\SYSTEM32\VACFix.exe
2008-07-12 01:10 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\SYSTEM32\IEDFix.exe
2008-07-12 01:10 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\SYSTEM32\IEDFix.C.exe
2008-07-12 01:10 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\SYSTEM32\404Fix.exe
2008-07-12 01:10 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
2008-07-12 01:10 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
2008-07-12 01:10 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\SYSTEM32\WS2Fix.exe
2008-07-12 01:10 . 2008-07-12 01:28 1,710 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2008-07-12 01:09 . 2008-07-12 01:08 1,478,367 --a------ C:\Program Files\SmitfraudFix.exe
2008-07-11 22:13 . 2008-07-12 00:58 <DIR> d-------- C:\WINDOWS\SYSTEM32\sfig
2008-07-11 22:13 . 2008-07-11 23:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\provdll
2008-07-11 22:13 . 2008-08-02 04:29 <DIR> d-------- C:\WINDOWS\SYSTEM32\olixds01
2008-07-11 22:13 . 2008-07-11 23:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\OBDE
2008-07-11 22:13 . 2008-08-02 04:29 <DIR> d-------- C:\WINDOWS\SYSTEM32\imp32
2008-07-11 22:13 . 2008-07-11 22:13 <DIR> d-------- C:\Temp\stmpv4
2008-07-11 22:13 . 2002-08-29 04:00 4,224 --a------ C:\WINDOWS\SYSTEM32\beep.sys
2008-07-11 20:37 . 2008-07-11 21:50 <DIR> d-------- C:\Documents and Settings\Mike\Application Data\gtk-2.0
2008-07-11 20:36 . 2008-07-11 20:38 <DIR> d-------- C:\Documents and Settings\Mike\Application Data\avidemux
2008-07-11 20:32 . 2008-07-11 20:43 <DIR> d-------- C:\Documents and Settings\Mike\Application Data\Any Video Converter Professional
2008-07-11 20:32 . 2008-07-12 01:48 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-11 19:11 . 2008-07-11 19:11 <DIR> d-------- C:\Documents and Settings\Mike\Application Data\Sony
2008-07-11 19:10 . 2002-12-17 16:23 33,340 --a------ C:\WINDOWS\SYSTEM32\dbmsqlgc.dll
2008-07-11 19:10 . 2002-10-20 14:05 24,576 --a------ C:\WINDOWS\SYSTEM32\dbmsgnet.dll
2008-07-11 19:09 . 2008-07-11 19:09 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-07-11 19:08 . 2008-07-12 00:00 <DIR> d-------- C:\Program Files\Sony
2008-07-11 18:56 . 2003-05-21 23:50 261,632 --a------ C:\WINDOWS\SYSTEM32\mcdvd_32.dll
2008-07-11 18:56 . 2003-05-21 23:50 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2008-07-11 18:56 . 2003-05-21 23:50 82,944 --a------ C:\WINDOWS\SYSTEM32\vct3216.acm
2008-07-11 18:56 . 2004-02-04 21:11 81,920 --a------ C:\WINDOWS\SYSTEM32\AC3ACM.acm
2008-07-11 18:56 . 2003-05-21 23:50 38,912 --a------ C:\WINDOWS\SYSTEM32\alf2cd.acm
2008-07-11 18:56 . 2000-03-14 20:55 13,239 --a------ C:\WINDOWS\SYSTEM32\Scg726.acm
2008-07-11 18:03 . 2008-07-11 18:04 <DIR> d-------- C:\Documents and Settings\Mike\Application Data\dvdcss
2008-07-11 17:36 . 2008-07-11 18:08 <DIR> d-------- C:\Program Files\ProjectX_0.90.4.00
2008-07-11 17:32 . 2006-03-28 20:18 <DIR> d-------- C:\Program Files\ProjectX_Source_0.90.4
2008-07-11 17:24 . 2008-07-11 17:55 <DIR> d-------- C:\Documents and Settings\Mike\Application Data\DVD Flick
2008-07-11 17:23 . 2004-03-09 00:00 662,288 --a------ C:\WINDOWS\SYSTEM32\mscomct2.ocx
2008-07-11 17:23 . 2004-03-09 00:00 212,240 --a------ C:\WINDOWS\SYSTEM32\richtx32.ocx
2008-07-11 17:23 . 2000-05-19 17:56 81,920 --a------ C:\WINDOWS\SYSTEM32\mbmouse.ocx
2008-07-11 17:23 . 2000-11-05 15:27 36,864 --a------ C:\WINDOWS\SYSTEM32\trayicon.ocx
2008-07-11 04:15 . 2008-07-11 04:15 43,698 --a------ C:\WINDOWS\SYSTEM32\xvid-uninstall.exe
2008-07-11 01:57 . 2008-07-11 01:57 <DIR> d-------- C:\Documents and Settings\Mike\Application Data\AVS4YOU
2008-07-11 01:57 . 2008-07-11 01:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-07-11 01:56 . 2008-07-11 22:24 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-07-07 20:19 . 2008-07-07 20:19 563,712 --a------ C:\WINDOWS\SYSTEM32\Redemption.dll
2008-07-07 20:05 . 2008-07-07 20:43 <DIR> d-------- C:\Program Files\doubleTwist
2008-07-03 11:07 . 2008-07-03 11:08 <DIR> d-------- C:\Documents and Settings\Jen\Application Data\Snapfish
2008-07-03 11:00 . 2008-07-03 11:00 <DIR> dr-h----- C:\Documents and Settings\Jen\Application Data\yahoo!
2008-07-03 10:55 . 2008-07-03 10:55 <DIR> d-------- C:\Documents and Settings\Jen\Application Data\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-02 10:39 --------- d-----w C:\Program Files\Soulseek
2008-07-29 00:28 --------- d-----w C:\Program Files\Trend Micro
2008-07-28 03:08 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-07-28 02:55 --------- d-----w C:\Program Files\Enigma Software Group
2008-07-24 02:09 17,144 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-07-12 02:18 --------- d-----w C:\Documents and Settings\Mike\Application Data\Yahoo!
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 21:40 --------- d-----w C:\Program Files\MySpace
2008-06-14 10:40 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-06-14 10:40 --------- d-----w C:\Documents and Settings\Mike\Application Data\Malwarebytes
2008-06-14 10:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-14 10:39 128,368 ----a-w C:\Program Files\Download_mbam-setup.exe
2008-06-14 10:29 7,652,632 ----a-w C:\Program Files\Free-SpyHunter-Scanner-Install.exe
2008-06-14 04:37 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-13 17:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 10:05 --------- d-----w C:\Program Files\Common Files\AOL
2008-06-12 10:02 --------- d-----w C:\Documents and Settings\Mike\Application Data\AOL
2008-06-12 10:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-06-12 09:14 636,192 ----a-w C:\Program Files\DMSetup-Serial.exe
2008-06-12 07:26 4,257,184 ----a-w C:\Program Files\registryboosteraff.exe
2008-06-12 07:26 --------- d-----w C:\Documents and Settings\Mike\Application Data\Uniblue
2008-06-12 01:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-11 22:34 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-11 22:33 9,722,720 ----a-w C:\Program Files\spybotsd152.exe
2008-06-11 07:39 --------- d-----w C:\Program Files\DivX
2008-06-03 21:22 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-05-13 08:13 486,108,144 ----a-w C:\Program Files\ADBEPHSPCS3_WWE.exe
2008-05-05 03:36 304,957 ----a-w C:\Program Files\hjsplit.zip
2008-04-29 04:04 1,071,480 ----a-w C:\Program Files\dBpoweramp-Codec-m4a.exe
2008-03-26 23:37 6,104,632 ----a-w C:\Program Files\picasaweb-current-setup.exe
2008-03-26 23:23 13,445,041 ----a-w C:\Program Files\ps701up.exe
2008-03-13 02:33 90,044,946 ----a-w C:\Program Files\ableton_live_demo_702_en.zip
2008-01-17 23:19 1,958 ----a-w C:\Program Files\AT&T Self Support Tool.lnk
2008-01-17 23:19 1,741 ----a-w C:\Program Files\AT&T Help.lnk
2007-12-25 23:35 54,330,664 ----a-w C:\Program Files\iTunesSetup.exe
2007-12-20 02:08 5,914,648 ----a-w C:\Program Files\SUPERAntiSpyware.exe
2007-10-05 03:35 842,672 ----a-w C:\Program Files\slsk156c.exe
2007-09-30 22:01 6,016,952 ----a-w C:\Program Files\Firefox Setup 2.0.0.7.exe
2007-09-21 07:59 5,651,713 ----a-w C:\Program Files\The-Codecs-5.0.zip
2007-09-21 05:26 23,769,896 ----a-w C:\Program Files\DivXInstaller.exe
2007-06-12 02:57 4,044,152 ----a-w C:\Program Files\dBpoweramp-encoder-helix.exe
2007-06-12 02:52 4,112,760 ----a-w C:\Program Files\dMC-r12[1].1.exe
2007-05-18 23:16 3,362,502 ----a-w C:\Program Files\cxp_free.exe
2007-05-16 04:44 1,055,648 ----a-w C:\Program Files\qmpsetup_win_ie_07010901.exe
2007-04-10 05:52 206,039 ----a-w C:\Program Files\RAR.zip
2007-03-18 05:43 877,976 ----a-w C:\Program Files\7z444.exe
2007-03-18 03:18 1,202,303 ----a-w C:\Program Files\wrar37b4.exe
2007-02-28 00:06 881 ----a-w C:\Program Files\fixreg.zip
2007-02-13 02:57 4,964,776 ----a-w C:\Program Files\Windows-KB890830-V1.24.exe
2006-12-29 04:29 40,409,184 ----a-w C:\Program Files\MIS_9_0_183_1_trial30OEM_Release.exe
2006-12-26 13:22 70,873,480 ----a-w C:\Program Files\tis2007_trial.exe
2006-12-24 11:50 4,813,736 ----a-w C:\Program Files\Windows-KB890830-V1.23.exe
2004-11-07 21:58 0 ----a-w C:\Documents and Settings\Lucy63\4.dat
2004-11-07 21:58 0 ----a-w C:\Documents and Settings\Lucy63\3.dat
2004-11-07 03:56 0 ----a-w C:\Documents and Settings\Jen\4.dat
2004-11-07 03:56 0 ----a-w C:\Documents and Settings\Jen\3.dat
2006-11-22 20:13 104 --sh--w C:\WINDOWS\Microsoft.NET\ergafx.dll
.

((((((((((((((((((((((((((((( snapshot@2008-07-12_ 5.21.51.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-26 23:47:38 152,809 ----a-w C:\WINDOWS\SYSTEM32\bosh\CDT114v1.exe
+ 2008-07-21 13:21:34 32,768 ----a-w C:\WINDOWS\SYSTEM32\kBin19\kBin191065.exe
- 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe
+ 2008-06-25 16:15:46 17,972,344 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe
+ 2008-08-03 03:40:29 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_5d4.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 110,592 2003-08-19 06:01:00 C:\Program Files\Common Files\Sonic\Update Manager\bak\sgtray.exe

----a-w 290,816 2004-04-12 01:15:14 C:\Program Files\Dell\Media Experience\bak\PCMService.exe

----a-w 270,336 2003-05-02 23:46:04 C:\Program Files\Dell AIO Printer A920\bak\dlbkbmgr.exe

----a-w 306,688 2004-07-19 14:51:24 C:\Program Files\Dell Support\bak\DSAgnt.exe

----a-w 278,528 2006-02-23 22:45:20 C:\Program Files\iTunes\bak\iTunesHelper.exe
----a-w 267,048 2007-12-11 18:10:26 C:\Program Files\iTunes\iTunesHelper.exe

----a-w 32,881 2003-11-19 22:48:14 C:\Program Files\Java\j2re1.4.2_03\bin\bak\jusched.exe

----a-w 200,704 2003-06-18 17:00:00 C:\Program Files\Microsoft Money\System\bak\mnyexpr.exe

----a-w 282,624 2006-06-11 02:11:48 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 286,720 2007-12-11 16:56:54 C:\Program Files\QuickTime\QTTask.exe

----a-w 118,784 2004-02-10 16:51:30 C:\WINDOWS\SYSTEM32\bak\hkcmd.exe
----a-w 77,824 2005-09-20 15:32:24 C:\WINDOWS\SYSTEM32\hkcmd.exe

----a-w 155,648 2004-02-10 16:55:32 C:\WINDOWS\SYSTEM32\bak\igfxtray.exe
----a-w 94,208 2005-09-20 15:35:40 C:\WINDOWS\SYSTEM32\igfxtray.exe

----a-w 122,933 2004-03-15 06:04:00 C:\WINDOWS\SYSTEM32\dla\bak\tfswctrl.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f7f1d2a-0291-4bed-afbf-5de6e69898cd}]
2008-08-02 04:39 114176 --a------ C:\WINDOWS\system32\thqbkz.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2BC8F969-4DC9-48A9-A6AC-399DD8E0415B}]
2008-08-02 04:36 314880 --a------ C:\WINDOWS\system32\efcYRlij.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="1" [X]
"QdrModule10"="C:\Program Files\QdrModule\QdrModule10.exe" [N/A]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-03 15:22 1506544]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [N/A]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\System32\igfxtray.exe" [2005-09-20 09:35 94208]
"igfxhkcmd"="C:\WINDOWS\System32\hkcmd.exe" [2005-09-20 09:32 77824]
"igfxpers"="C:\WINDOWS\System32\igfxpers.exe" [2005-09-20 09:36 114688]
"OASClnt"="C:\Program Files\mcafee.com\antivirus\oasclnt.exe" [N/A]
"EmailScan"="C:\Program Files\mcafee.com\antivirus\mcvsescn.exe" [N/A]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 16:19 129536]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 07:51 442455]
"7cfcad32"="C:\WINDOWS\system32\antinpbp.dll" [2008-08-02 04:42 83456]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2004-09-20 10:19:13 36953]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2004-09-20 10:16:41 24576]
SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2008-01-17 17:18:59 217088]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-20 17:39 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=gseuyh.dll thqbkz.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.HFYU"= huffyuv.dll
"msacm.avis"= ff_acm.acm
"vidc.i263"= C:\WINDOWS\system32\i263_32.drv
"msacm.imc"= C:\WINDOWS\system32\imc32.acm
"vidc.yv12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

S1 DPTI2OO;DPTI2OO;C:\WINDOWS\system32\drivers\DPTI2OO.sys []
S1 mssmbioss;mssmbioss;C:\WINDOWS\system32\drivers\mssmbioss.sys []
.
Contents of the 'Scheduled Tasks' folder

2008-07-11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
- - - - ORPHANS REMOVED - - - -

BHO-{5D1E6AD9-AC31-4908-BF4A-11A6093E30CA} - C:\WINDOWS\system32\cbXPggGY.dll
Notify-khfEWnKe - khfEWnKe.dll

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\w7ntqjtq.default\

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-02 21:40:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\pbpnitna.ini 294 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\SYSTEM32\wscntfy.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-08-02 21:49:44 - machine was rebooted [Mike]
ComboFix-quarantined-files.txt 2008-08-03 03:49:41
ComboFix2.txt 2008-07-12 11:23:23

Pre-Run: 47,433,089,024 bytes free
Post-Run: 47,598,665,728 bytes free

309 --- E O F --- 2008-07-30 04:54:08

#6
MVV

Posted 02 August 2008 - 09:39 PM

Member

Topic Starter
Member
87 posts

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:32:00 PM, on 8/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn1\YTBSDK.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [BM7fcf9eae] Rundll32.exe "C:\WINDOWS\system32\poofajfq.dll",s
O4 - HKLM\..\Run: [7cfcad32] rundll32.exe "C:\WINDOWS\system32\tycpvwqy.dll",b
O4 - HKCU\..\Run: [QdrModule10] "C:\Program Files\QdrModule\QdrModule10.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &Search - ?p=ZKxdm011YYUS
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - https://objects.aol....83/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - https://objects.aol....,20/McGDMgr.cab
O20 - AppInit_DLLs: gseuyh.dll thqbkz.dll ehfjjb.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 6478 bytes

#7
MVV

Posted 02 August 2008 - 09:40 PM

Member

Topic Starter
Member
87 posts

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, August 02, 2008 9:27:08 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 3/08/2008
Kaspersky Anti-Virus database records: 1046803
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 76423
Number of viruses found: 33
Number of infected objects: 61
Number of suspicious objects: 18
Duration of the scan process: 00:56:38

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6a11896086d1250787d892aaafb5a232_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAffIedll3.zip/loader.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAffIedll3.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchBootconf1.zip/msupdate.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchBootconf1.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchSmartSearch.zip/notepad32.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchSmartSearch.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC10.zip/y.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC10.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC12.zip/win32e.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC12.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC26.zip/clrssn.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC26.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC30.zip/y.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC30.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC31.zip/accesss.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC31.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC6.zip/clrssn.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC6.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Mike\.housecall6.6\Quarantine\A0012169.scr.bac_a02728 Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Documents and Settings\Mike\.housecall6.6\Quarantine\A0012170.DLL.bac_a02728 Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped
C:\Documents and Settings\Mike\.housecall6.6\Quarantine\A0012173.DLL.bac_a02728 Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Documents and Settings\Mike\.housecall6.6\Quarantine\A0012174.DLL.bac_a02728 Infected: not-a-virus:AdTool.Win32.MyWebSearch.af skipped
C:\Documents and Settings\Mike\.housecall6.6\Quarantine\A0012176.SCR.bac_a02728 Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Documents and Settings\Mike\.housecall6.6\Quarantine\A0012178.DLL.bac_a02728 Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Documents and Settings\Mike\.housecall6.6\Quarantine\A0012179.EXE.bac_a02728 Infected: not-a-virus:AdTool.Win32.MyWebSearch.a skipped
C:\Documents and Settings\Mike\.housecall6.6\Quarantine\A0012182.DLL.bac_a02728 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bh skipped
C:\Documents and Settings\Mike\.housecall6.6\Quarantine\A0012184.DLL.bac_a02728 Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax skipped
C:\Documents and Settings\Mike\.housecall6.6\Quarantine\A0012188.DLL.bac_a02728 Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Documents and Settings\Mike\.housecall6.6\Quarantine\A0012189.DLL.bac_a02728 Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\Documents and Settings\Mike\.housecall6.6\Quarantine\A0012192.EXE.bac_a02728 Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\Documents and Settings\Mike\.housecall6.6\Quarantine\A0012193.EXE.bac_a02728 Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\Documents and Settings\Mike\.housecall6.6\Quarantine\A0012194.DLL.bac_a02728 Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\Documents and Settings\Mike\.housecall6.6\Quarantine\A0012236.DLL.bac_a02728 Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\Documents and Settings\Mike\.housecall6.6\Quarantine\A0012237.DLL.bac_a02728 Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped
C:\Documents and Settings\Mike\.housecall6.6\Quarantine\A0012241.EXE.bac_a02728 Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Documents and Settings\Mike\.housecall6.6\Quarantine\A0012243.DLL.bac_a02728 Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Documents and Settings\Mike\.housecall6.6\Quarantine\A0012261.DLL.bac_a02728 Infected: not-a-virus:AdWare.Win32.FunWeb.e skipped
C:\Documents and Settings\Mike\.housecall6.6\Quarantine\A0014492.exe.bac_a02728 Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\Documents and Settings\Mike\.housecall6.6\Quarantine\alwkofox.dll.bac_a02728 Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\Mike\.housecall6.6\Quarantine\byqvgfiv.dll.bac_a02728 Infected: Trojan.Win32.BHO.g skipped
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\w7ntqjtq.default\cert8.db Object is locked skipped
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\w7ntqjtq.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\w7ntqjtq.default\history.dat Object is locked skipped
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\w7ntqjtq.default\key3.db Object is locked skipped
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\w7ntqjtq.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\w7ntqjtq.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Mike\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\w7ntqjtq.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\w7ntqjtq.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\w7ntqjtq.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\Application Data\Mozilla\Firefox\Profiles\w7ntqjtq.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\INIL6H01\kb767887[1] Infected: not-a-virus:AdWare.Win32.SuperJuan.cap skipped
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\SVIVO1Q9\kb456456[1] Infected: Trojan.Win32.Monder.cev skipped
C:\Documents and Settings\Mike\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Mike\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\SBC Self Support Tool\log\mpbtn.log Object is locked skipped
C:\Program Files\SBC Self Support Tool\SmartBridge\AlertFilter.log Object is locked skipped
C:\Program Files\SBC Self Support Tool\SmartBridge\log\httpclient.log Object is locked skipped
C:\Program Files\SBC Self Support Tool\SmartBridge\SmartBridge.log Object is locked skipped
C:\Program Files\SmitfraudFix\IEDFix.exe Infected: Hoax.Win32.Renos.vaoz skipped
C:\Program Files\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Program Files\SmitfraudFix.exe/SmitfraudFix/IEDFix.exe Infected: Hoax.Win32.Renos.vaoz skipped
C:\Program Files\SmitfraudFix.exe/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Program Files\SmitfraudFix.exe RAR: infected - 2 skipped
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Data\master.mdf Object is locked skipped
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Data\model.mdf Object is locked skipped
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Data\modellog.ldf Object is locked skipped
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Data\templog.ldf Object is locked skipped
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\LOG\ERRORLOG Object is locked skipped
C:\QooBox\Quarantine\C\Documents and Settings\Mike\Application Data\DOBE~1\iеxplore.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.id skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\tcntptdm.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.bv skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\uoyzsydz.exe.vir Infected: Hoax.Win32.Renos.vajj skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0000689.dll Infected: Trojan.Win32.Monderb.agl skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0000690.dll Infected: Trojan.Win32.Monderb.agl skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0000691.dll Infected: Trojan.Win32.Monderb.agl skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0000692.dll Infected: Trojan.Win32.Monderb.agl skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0000713.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bzj skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0000714.dll Infected: Trojan.Win32.Monder.bvd skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0000717.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0000720.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bzj skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\A0000725.dll Infected: Trojan-Clicker.Win32.Agent.bjk skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0001490.dll Infected: Trojan.Win32.Monder.byj skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0001492.exe Infected: not-a-virus:FraudTool.Win32.AntiSpywareExpert.ag skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0001493.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bzs skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0001494.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.bp skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0001495.exe Infected: Trojan-Downloader.Win32.VB.eyc skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0001496.exe Infected: Trojan.Win32.Agent.lom skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0001499.dll Infected: Trojan.Win32.Monderb.agl skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP16\A0001587.dll Infected: Trojan.Win32.Monderb.agl skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP19\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\antinpbp.dll Infected: Trojan.Win32.Monder.byj skipped
C:\WINDOWS\SYSTEM32\bosh\CDT114v1.exe/stream/data0002 Infected: Trojan-Clicker.Win32.Agent.bjk skipped
C:\WINDOWS\SYSTEM32\bosh\CDT114v1.exe/stream Infected: Trojan-Clicker.Win32.Agent.bjk skipped
C:\WINDOWS\SYSTEM32\bosh\CDT114v1.exe NSIS: infected - 2 skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\ehfjjb.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.cap skipped
C:\WINDOWS\SYSTEM32\gseuyh.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bzs skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\IEDFix.exe Infected: Hoax.Win32.Renos.vaoz skipped
C:\WINDOWS\SYSTEM32\immruows.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bzs skipped
C:\WINDOWS\SYSTEM32\jgwunrfx.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.cap skipped
C:\WINDOWS\SYSTEM32\kBin19\kBin191065.exe Infected: Trojan-Downloader.Win32.VB.gfh skipped
C:\WINDOWS\SYSTEM32\thqbkz.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bzs skipped
C:\WINDOWS\SYSTEM32\tycpvwqy.dll Infected: Trojan.Win32.Monder.cev skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TEMP\Perflib_Perfdata_5d4.dat Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped

Scan process completed.

#8
andrewuk

Posted 02 August 2008 - 10:20 PM

Trusted Helper

Malware Removal
5,297 posts

ok, you have no antivirus program installed. in that case, we will clear what i can see in this post and then install an antivirus program in the following post. you have a a high number of infections, so i want to clear the worst out before we install the antivirus program. try and limit your online activities until we get the antivirus program on your machine.

====STEP 1====
You have some infections that target Hijackthis.
I will need you to rename Hijackthis:
To do this:

Go to Start
Right click and choose Explore
Navigate to this location C:\Program Files\TrendMicro\Hijackthis
Open the Hijackthis folder
Right click on the Hijackthis icon and click rename
rename it to Gotcha

====STEP 2====
Please download ATF Cleaner by Atribune.

Caution: This program is for Windows 2000, XP and Vista only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

====STEP 3====
1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KILLALL::

File::
C:\WINDOWS\SYSTEM32\pbpnitna.ini
C:\WINDOWS\SYSTEM32\antinpbp.dll
C:\WINDOWS\SYSTEM32\thqbkz.dll
C:\WINDOWS\SYSTEM32\immruows.dll
C:\WINDOWS\BM7fcf9eae.xml
C:\WINDOWS\SYSTEM32\efcYRlij.dll
C:\WINDOWS\SYSTEM32\gseuyh.dll
C:\WINDOWS\SYSTEM32\xvvnwhix.dll
C:\WINDOWS\SYSTEM32\joyixq.dll
C:\WINDOWS\system32\poofajfq.dll
C:\WINDOWS\system32\tycpvwqy.dll
C:\Program Files\QdrModule\QdrModule10.exe
C:\WINDOWS\system32\drivers\DPTI2OO.sys
C:\WINDOWS\SYSTEM32\bosh\CDT114v1.exe
C:\WINDOWS\SYSTEM32\ehfjjb.dll
C:\WINDOWS\SYSTEM32\jgwunrfx.dll


Folder::
C:\WINDOWS\SYSTEM32\kBin19

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f7f1d2a-0291-4bed-afbf-5de6e69898cd}]
[-HKEY_CLASSES_ROOT\CLSID\{1f7f1d2a-0291-4bed-afbf-5de6e69898cd}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2BC8F969-4DC9-48A9-A6AC-399DD8E0415B}]
[-HKEY_CLASSES_ROOT\CLSID\{2BC8F969-4DC9-48A9-A6AC-399DD8E0415B}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM7fcf9eae"=-
"7cfcad32"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QdrModule10"=-

Driver::
DPTI2OO

Rootkit::
C:\WINDOWS\system32\pbpnitna.ini

AWF::
C:\Program Files\Common Files\Sonic\Update Manager\bak\sgtray.exe
C:\Program Files\Dell\Media Experience\bak\PCMService.exe
C:\Program Files\Dell AIO Printer A920\bak\dlbkbmgr.exe
C:\Program Files\Dell Support\bak\DSAgnt.exe
C:\Program Files\iTunes\bak\iTunesHelper.exe
C:\Program Files\Java\j2re1.4.2_03\bin\bak\jusched.exe
C:\Program Files\Microsoft Money\System\bak\mnyexpr.exe
C:\Program Files\QuickTime\bak\qttask.exe
C:\WINDOWS\SYSTEM32\bak\hkcmd.exe
C:\WINDOWS\SYSTEM32\bak\igfxtray.exe
C:\WINDOWS\SYSTEM32\dla\bak\tfswctrl.exe

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt
A new HijackThis log.

====STEP 4====
Jotti File Submission:

Please go to Jotti's malware scan
Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
C:\WINDOWS\system32\drivers\mssmbioss.sys

Please post the results of the scan in your next reply.

If Jotti is busy, try the same atVirustotal

In your next reply could i see:
1. the combofix log
2. the hijackthis log
3. the jotti log

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk

#9
MVV

Posted 02 August 2008 - 11:06 PM

Member

Topic Starter
Member
87 posts

ComboFix 08-08-01.05 - Mike 2008-08-02 22:39:23.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.267 [GMT -6:00]
Running from: C:\Documents and Settings\Mike\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mike\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Program Files\QdrModule\QdrModule10.exe
C:\WINDOWS\BM7fcf9eae.xml
C:\WINDOWS\SYSTEM32\antinpbp.dll
C:\WINDOWS\SYSTEM32\bosh\CDT114v1.exe
C:\WINDOWS\system32\drivers\DPTI2OO.sys
C:\WINDOWS\SYSTEM32\efcYRlij.dll
C:\WINDOWS\SYSTEM32\ehfjjb.dll
C:\WINDOWS\SYSTEM32\gseuyh.dll
C:\WINDOWS\SYSTEM32\immruows.dll
C:\WINDOWS\SYSTEM32\jgwunrfx.dll
C:\WINDOWS\SYSTEM32\joyixq.dll
C:\WINDOWS\SYSTEM32\pbpnitna.ini
C:\WINDOWS\system32\poofajfq.dll
C:\WINDOWS\SYSTEM32\thqbkz.dll
C:\WINDOWS\system32\tycpvwqy.dll
C:\WINDOWS\SYSTEM32\xvvnwhix.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM7fcf9eae.txt
C:\WINDOWS\BM7fcf9eae.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\SYSTEM32\bosh\CDT114v1.exe
C:\WINDOWS\SYSTEM32\efcYRlij.dll
C:\WINDOWS\SYSTEM32\ehfjjb.dll
C:\WINDOWS\SYSTEM32\gseuyh.dll
C:\WINDOWS\SYSTEM32\immruows.dll
C:\WINDOWS\SYSTEM32\jgwunrfx.dll
C:\WINDOWS\SYSTEM32\jilRYcfe.ini
C:\WINDOWS\SYSTEM32\jilRYcfe.ini2
C:\WINDOWS\SYSTEM32\joyixq.dll
C:\WINDOWS\SYSTEM32\kBin19
C:\WINDOWS\SYSTEM32\kBin19\kBin191065.exe
C:\WINDOWS\SYSTEM32\pbpnitna.ini
C:\WINDOWS\system32\poofajfq.dll
C:\WINDOWS\SYSTEM32\thqbkz.dll
C:\WINDOWS\system32\tycpvwqy.dll
C:\WINDOWS\SYSTEM32\xvvnwhix.dll
C:\WINDOWS\SYSTEM32\yqwvpcyt.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DPTI2OO
-------\Service_DPTI2OO

((((((((((((((((((((((((( Files Created from 2008-07-03 to 2008-08-03 )))))))))))))))))))))))))))))))
.

2008-08-02 22:29 . 2008-08-02 22:28 50,688 --a------ C:\Program Files\ATF-Cleaner.exe
2008-08-02 22:16 . 2008-08-02 22:16 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2008-08-02 22:16 . 2008-08-02 22:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-29 23:00 . 2008-07-29 23:01 6,046,584 --a------ C:\Program Files\Firefox Setup 2.0.0.16.exe
2008-07-29 20:18 . 2008-08-02 22:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-29 20:18 . 2008-07-29 20:18 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-28 18:28 . 2008-07-28 18:28 812,344 --a------ C:\Program Files\HJTInstall.exe
2008-07-27 21:08 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-07-27 19:48 . 2008-07-28 21:22 <DIR> d--hs---- C:\WINDOWS\THVjeTYz
2008-07-27 19:48 . 2008-08-02 04:29 <DIR> d-------- C:\WINDOWS\SYSTEM32\vn3
2008-07-27 19:48 . 2008-07-28 21:22 <DIR> d-------- C:\WINDOWS\SYSTEM32\fonts
2008-07-27 19:48 . 2008-08-02 22:39 <DIR> d-------- C:\WINDOWS\SYSTEM32\bosh
2008-07-27 19:48 . 2008-07-27 19:48 <DIR> d-------- C:\Temp\epr1
2008-07-25 01:49 . 2008-07-28 03:20 72 --a------ C:\WINDOWS\SCapPro.INI
2008-07-25 01:35 . 2008-07-25 01:35 <DIR> d-------- C:\Documents and Settings\Mike\Application Data\ACASystems
2008-07-25 01:35 . 2008-07-25 01:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACASystems
2008-07-25 01:32 . 2008-07-25 01:32 1,938,584 --a------ C:\Program Files\ACapProSetup.exe
2008-07-12 05:24 . 2008-07-12 05:24 <DIR> d-------- C:\MGtools
2008-07-12 05:24 . 2008-07-12 05:24 18,463 --a------ C:\MGlogs.zip
2008-07-12 03:37 . 2008-07-12 03:38 1,238,055 --a------ C:\MGtools.exe
2008-07-12 01:48 . 2008-07-12 01:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-07-12 01:44 . 2008-07-12 01:49 <DIR> d-------- C:\Program Files\PC Tools AntiVirus
2008-07-12 01:44 . 2008-07-12 01:44 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-07-12 01:10 . 2008-07-12 01:32 <DIR> d-------- C:\Program Files\SmitfraudFix
2008-07-12 01:10 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe
2008-07-12 01:10 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2008-07-12 01:10 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\SYSTEM32\VACFix.exe
2008-07-12 01:10 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\SYSTEM32\IEDFix.exe
2008-07-12 01:10 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\SYSTEM32\IEDFix.C.exe
2008-07-12 01:10 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\SYSTEM32\404Fix.exe
2008-07-12 01:10 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
2008-07-12 01:10 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
2008-07-12 01:10 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\SYSTEM32\WS2Fix.exe
2008-07-12 01:10 . 2008-07-12 01:28 1,710 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2008-07-12 01:09 . 2008-07-12 01:08 1,478,367 --a------ C:\Program Files\SmitfraudFix.exe
2008-07-11 22:13 . 2008-07-12 00:58 <DIR> d-------- C:\WINDOWS\SYSTEM32\sfig
2008-07-11 22:13 . 2008-07-11 23:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\provdll
2008-07-11 22:13 . 2008-08-02 04:29 <DIR> d-------- C:\WINDOWS\SYSTEM32\olixds01
2008-07-11 22:13 . 2008-07-11 23:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\OBDE
2008-07-11 22:13 . 2008-08-02 04:29 <DIR> d-------- C:\WINDOWS\SYSTEM32\imp32
2008-07-11 22:13 . 2008-07-11 22:13 <DIR> d-------- C:\Temp\stmpv4
2008-07-11 22:13 . 2002-08-29 04:00 4,224 --a------ C:\WINDOWS\SYSTEM32\beep.sys
2008-07-11 20:37 . 2008-07-11 21:50 <DIR> d-------- C:\Documents and Settings\Mike\Application Data\gtk-2.0
2008-07-11 20:36 . 2008-07-11 20:38 <DIR> d-------- C:\Documents and Settings\Mike\Application Data\avidemux
2008-07-11 20:32 . 2008-07-11 20:43 <DIR> d-------- C:\Documents and Settings\Mike\Application Data\Any Video Converter Professional
2008-07-11 20:32 . 2008-07-12 01:48 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-11 19:11 . 2008-07-11 19:11 <DIR> d-------- C:\Documents and Settings\Mike\Application Data\Sony
2008-07-11 19:10 . 2002-12-17 16:23 33,340 --a------ C:\WINDOWS\SYSTEM32\dbmsqlgc.dll
2008-07-11 19:10 . 2002-10-20 14:05 24,576 --a------ C:\WINDOWS\SYSTEM32\dbmsgnet.dll
2008-07-11 19:09 . 2008-07-11 19:09 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-07-11 19:08 . 2008-07-12 00:00 <DIR> d-------- C:\Program Files\Sony
2008-07-11 18:56 . 2003-05-21 23:50 261,632 --a------ C:\WINDOWS\SYSTEM32\mcdvd_32.dll
2008-07-11 18:56 . 2003-05-21 23:50 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2008-07-11 18:56 . 2003-05-21 23:50 82,944 --a------ C:\WINDOWS\SYSTEM32\vct3216.acm
2008-07-11 18:56 . 2004-02-04 21:11 81,920 --a------ C:\WINDOWS\SYSTEM32\AC3ACM.acm
2008-07-11 18:56 . 2003-05-21 23:50 38,912 --a------ C:\WINDOWS\SYSTEM32\alf2cd.acm
2008-07-11 18:56 . 2000-03-14 20:55 13,239 --a------ C:\WINDOWS\SYSTEM32\Scg726.acm
2008-07-11 18:03 . 2008-07-11 18:04 <DIR> d-------- C:\Documents and Settings\Mike\Application Data\dvdcss
2008-07-11 17:36 . 2008-07-11 18:08 <DIR> d-------- C:\Program Files\ProjectX_0.90.4.00
2008-07-11 17:32 . 2006-03-28 20:18 <DIR> d-------- C:\Program Files\ProjectX_Source_0.90.4
2008-07-11 17:24 . 2008-07-11 17:55 <DIR> d-------- C:\Documents and Settings\Mike\Application Data\DVD Flick
2008-07-11 17:23 . 2004-03-09 00:00 662,288 --a------ C:\WINDOWS\SYSTEM32\mscomct2.ocx
2008-07-11 17:23 . 2004-03-09 00:00 212,240 --a------ C:\WINDOWS\SYSTEM32\richtx32.ocx
2008-07-11 17:23 . 2000-05-19 17:56 81,920 --a------ C:\WINDOWS\SYSTEM32\mbmouse.ocx
2008-07-11 17:23 . 2000-11-05 15:27 36,864 --a------ C:\WINDOWS\SYSTEM32\trayicon.ocx
2008-07-11 04:15 . 2008-07-11 04:15 43,698 --a------ C:\WINDOWS\SYSTEM32\xvid-uninstall.exe
2008-07-11 01:57 . 2008-07-11 01:57 <DIR> d-------- C:\Documents and Settings\Mike\Application Data\AVS4YOU
2008-07-11 01:57 . 2008-07-11 01:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-07-11 01:56 . 2008-07-11 22:24 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-07-07 20:19 . 2008-07-07 20:19 563,712 --a------ C:\WINDOWS\SYSTEM32\Redemption.dll
2008-07-07 20:05 . 2008-07-07 20:43 <DIR> d-------- C:\Program Files\doubleTwist
2008-07-03 11:07 . 2008-07-03 11:08 <DIR> d-------- C:\Documents and Settings\Jen\Application Data\Snapfish
2008-07-03 11:00 . 2008-07-03 11:00 <DIR> dr-h----- C:\Documents and Settings\Jen\Application Data\yahoo!
2008-07-03 10:55 . 2008-07-03 10:55 <DIR> d-------- C:\Documents and Settings\Jen\Application Data\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-03 04:48 --------- d-----w C:\Program Files\QuickTime
2008-08-03 04:48 --------- d-----w C:\Program Files\iTunes
2008-08-03 04:48 --------- d-----w C:\Program Files\Dell AIO Printer A920
2008-08-03 04:39 --------- d-----w C:\Program Files\Dell Support
2008-08-02 10:39 --------- d-----w C:\Program Files\Soulseek
2008-07-29 00:28 --------- d-----w C:\Program Files\Trend Micro
2008-07-28 03:08 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-07-28 02:55 --------- d-----w C:\Program Files\Enigma Software Group
2008-07-24 02:09 17,144 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-07-12 02:18 --------- d-----w C:\Documents and Settings\Mike\Application Data\Yahoo!
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
2008-06-20 17:41 245,248 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip6.sys
2008-06-14 21:40 --------- d-----w C:\Program Files\MySpace
2008-06-14 10:40 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-06-14 10:40 --------- d-----w C:\Documents and Settings\Mike\Application Data\Malwarebytes
2008-06-14 10:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-14 10:39 128,368 ----a-w C:\Program Files\Download_mbam-setup.exe
2008-06-14 10:29 7,652,632 ----a-w C:\Program Files\Free-SpyHunter-Scanner-Install.exe
2008-06-14 04:37 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-13 17:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2008-06-12 10:05 --------- d-----w C:\Program Files\Common Files\AOL
2008-06-12 10:02 --------- d-----w C:\Documents and Settings\Mike\Application Data\AOL
2008-06-12 10:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-06-12 09:14 636,192 ----a-w C:\Program Files\DMSetup-Serial.exe
2008-06-12 07:26 4,257,184 ----a-w C:\Program Files\registryboosteraff.exe
2008-06-12 07:26 --------- d-----w C:\Documents and Settings\Mike\Application Data\Uniblue
2008-06-12 01:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-11 22:34 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-11 22:33 9,722,720 ----a-w C:\Program Files\spybotsd152.exe
2008-06-11 07:39 --------- d-----w C:\Program Files\DivX
2008-06-03 21:22 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\SYSTEM32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\SYSTEM32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\SYSTEM32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\SYSTEM32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\SYSTEM32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu10.dll
2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\SYSTEM32\DivXsm.exe
2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\SYSTEM32\qt-dx331.dll
2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\SYSTEM32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\SYSTEM32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\SYSTEM32\dpl100.dll
2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\SYSTEM32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\SYSTEM32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\SYSTEM32\DivXWMPExtType.dll
2008-05-13 08:13 486,108,144 ----a-w C:\Program Files\ADBEPHSPCS3_WWE.exe
2008-05-08 12:28 202,752 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2008-05-05 03:36 304,957 ----a-w C:\Program Files\hjsplit.zip
2008-04-29 04:04 1,071,480 ----a-w C:\Program Files\dBpoweramp-Codec-m4a.exe
2008-03-26 23:37 6,104,632 ----a-w C:\Program Files\picasaweb-current-setup.exe
2008-03-26 23:23 13,445,041 ----a-w C:\Program Files\ps701up.exe
2008-03-13 02:33 90,044,946 ----a-w C:\Program Files\ableton_live_demo_702_en.zip
2008-01-17 23:19 1,958 ----a-w C:\Program Files\AT&T Self Support Tool.lnk
2008-01-17 23:19 1,741 ----a-w C:\Program Files\AT&T Help.lnk
2007-12-25 23:35 54,330,664 ----a-w C:\Program Files\iTunesSetup.exe
2007-12-20 02:08 5,914,648 ----a-w C:\Program Files\SUPERAntiSpyware.exe
2007-10-05 03:35 842,672 ----a-w C:\Program Files\slsk156c.exe
2007-09-30 22:01 6,016,952 ----a-w C:\Program Files\Firefox Setup 2.0.0.7.exe
2007-09-21 07:59 5,651,713 ----a-w C:\Program Files\The-Codecs-5.0.zip
2007-09-21 05:26 23,769,896 ----a-w C:\Program Files\DivXInstaller.exe
2007-06-12 02:57 4,044,152 ----a-w C:\Program Files\dBpoweramp-encoder-helix.exe
2007-06-12 02:52 4,112,760 ----a-w C:\Program Files\dMC-r12[1].1.exe
2007-05-18 23:16 3,362,502 ----a-w C:\Program Files\cxp_free.exe
2007-05-16 04:44 1,055,648 ----a-w C:\Program Files\qmpsetup_win_ie_07010901.exe
2007-04-10 05:52 206,039 ----a-w C:\Program Files\RAR.zip
2007-03-18 05:43 877,976 ----a-w C:\Program Files\7z444.exe
2007-03-18 03:18 1,202,303 ----a-w C:\Program Files\wrar37b4.exe
2007-02-28 00:06 881 ----a-w C:\Program Files\fixreg.zip
2007-02-13 02:57 4,964,776 ----a-w C:\Program Files\Windows-KB890830-V1.24.exe
2006-12-29 04:29 40,409,184 ----a-w C:\Program Files\MIS_9_0_183_1_trial30OEM_Release.exe
2006-12-26 13:22 70,873,480 ----a-w C:\Program Files\tis2007_trial.exe
2006-12-24 11:50 4,813,736 ----a-w C:\Program Files\Windows-KB890830-V1.23.exe
2004-11-07 21:58 0 ----a-w C:\Documents and Settings\Lucy63\4.dat
2004-11-07 21:58 0 ----a-w C:\Documents and Settings\Lucy63\3.dat
2004-11-07 03:56 0 ----a-w C:\Documents and Settings\Jen\4.dat
2004-11-07 03:56 0 ----a-w C:\Documents and Settings\Jen\3.dat
2006-11-22 20:13 104 --sh--w C:\WINDOWS\Microsoft.NET\ergafx.dll
.

((((((((((((((((((((((((((((( snapshot@2008-07-12_ 5.21.51.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-03-15 06:04:00 122,933 ----a-w C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
- 2005-09-20 15:32:24 77,824 ----a-w C:\WINDOWS\SYSTEM32\hkcmd.exe
+ 2004-02-10 16:51:30 118,784 ----a-w C:\WINDOWS\SYSTEM32\hkcmd.exe
- 2005-09-20 15:35:40 94,208 ----a-w C:\WINDOWS\SYSTEM32\igfxtray.exe
+ 2004-02-10 16:55:32 155,648 ----a-w C:\WINDOWS\SYSTEM32\igfxtray.exe
+ 2005-05-24 18:27:16 213,048 ----a-w C:\WINDOWS\SYSTEM32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 21:47:20 94,208 ----a-w C:\WINDOWS\SYSTEM32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 21:49:54 950,272 ----a-w C:\WINDOWS\SYSTEM32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe
+ 2008-06-25 16:15:46 17,972,344 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe
+ 2008-08-03 04:48:26 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_c0.dat
+ 2008-08-03 04:48:32 40,960 ----a-w C:\WINDOWS\temp\rtdrvmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="1" [X]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-03 15:22 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\System32\igfxtray.exe" [2004-02-10 10:55 155648]
"igfxhkcmd"="C:\WINDOWS\System32\hkcmd.exe" [2004-02-10 10:51 118784]
"igfxpers"="C:\WINDOWS\System32\igfxpers.exe" [2005-09-20 09:36 114688]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-10 20:11 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 16:45 278528]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 16:19 129536]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 07:51 442455]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2004-09-20 10:19:13 36953]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2004-09-20 10:16:41 24576]
SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2008-01-17 17:18:59 217088]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-20 17:39 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=gseuyh.dll thqbkz.dll ehfjjb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.HFYU"= huffyuv.dll
"msacm.avis"= ff_acm.acm
"vidc.i263"= C:\WINDOWS\system32\i263_32.drv
"msacm.imc"= C:\WINDOWS\system32\imc32.acm
"vidc.yv12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

S1 mssmbioss;mssmbioss;C:\WINDOWS\system32\drivers\mssmbioss.sys []
.
Contents of the 'Scheduled Tasks' folder

2008-07-11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2 - C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
HKCU-Run-BitTorrent DNA - C:\Program Files\DNA\btdna.exe
HKLM-Run-OASClnt - C:\Program Files\mcafee.com\antivirus\oasclnt.exe
HKLM-Run-EmailScan - C:\Program Files\mcafee.com\antivirus\mcvsescn.exe

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-02 22:48:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\LEXBCES.EXE
C:\WINDOWS\SYSTEM32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\SYSTEM32\wscntfy.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
.
**************************************************************************
.
Completion time: 2008-08-02 22:57:32 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-03 04:57:29
ComboFix2.txt 2008-08-03 03:49:45
ComboFix3.txt 2008-07-12 11:23:23

Pre-Run: 47,812,329,472 bytes free
Post-Run: 47,797,219,328 bytes free

322 --- E O F --- 2008-07-30 04:54:08

#10
MVV

Posted 02 August 2008 - 11:07 PM

Member

Topic Starter
Member
87 posts

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00:14 PM, on 8/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\Gotcha.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &Search - ?p=ZKxdm011YYUS
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - https://objects.aol....83/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - https://objects.aol....,20/McGDMgr.cab
O20 - AppInit_DLLs: gseuyh.dll thqbkz.dll ehfjjb.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 6580 bytes

#11
MVV

Posted 02 August 2008 - 11:09 PM

Member

Topic Starter
Member
87 posts

I'm really not sure what to post for the Jotti log. Here are these 2 things.

Scan taken on 03 Aug 2008 05:02:46 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

Scanner Malware name
A-Squared X
AntiVir X
ArcaVir Trojan.Clicker.Vb.Ox
Avast X
AVG Antivirus BHO.EJB
BitDefender Trojan.Vundo.EUO
ClamAV Trojan.Dropper-9471
CPsecure Troj.W32.Agent.ruh
Dr.Web Trojan.MulDrop.15995
F-Prot Antivirus W32/Backdoor2.BXOR
F-Secure Anti-Virus Trojan-Dropper.Win32.Agent.tew
Fortinet X
Ikarus Trojan-Downloader.Win32.Injecter.tz
Kaspersky Anti-Virus Trojan-Dropper.Win32.Agent.tew
NOD32 Win32/Adware.Virtumonde application
Norman Virus Control Sandbox: Vundo.gen189.dropper
Panda Antivirus X
Sophos Antivirus Troj/Ciadoor-DV
VirusBuster X
VBA32 Backdoor.Win32.Hupigon.nqr

#12
andrewuk

Posted 03 August 2008 - 09:56 AM

Trusted Helper

Malware Removal
5,297 posts

in this post we will get an antivirus program onto your machine.

====STEP 1====
i suggest you download and install AVG , there is a free version for personal use. make sure you also download the latest updates and run a full system scan.

====STEP 2====
once you have downloaded, installed, updated and run it then:

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk

#13
MVV

Posted 03 August 2008 - 03:19 PM

Member

Topic Starter
Member
87 posts

Deckard's System Scanner v20071014.68
Run by Mike on 2008-08-02 17:14:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
23: 2008-08-02 23:14:21 UTC - RP23 - Deckard's System Scanner Restore Point
22: 2008-08-02 21:57:28 UTC - RP22 - Installed AVG Free 8.0
21: 2008-08-02 08:33:24 UTC - RP21 - System Checkpoint
20: 2008-08-03 04:38:06 UTC - RP20 - ComboFix created restore point
19: 2008-08-03 03:50:19 UTC - RP19 - Last known good configuration

-- First Restore Point --
1: 2008-08-03 03:50:09 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 510 MiB (512 MiB recommended).

-- HijackThis (run as Mike.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:15:24 PM, on 8/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\System32\igfxpers.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Documents and Settings\Mike\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Mike.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &Search - ?p=ZKxdm011YYUS
O8 - Extra context menu item: Display All Images with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - https://objects.aol....83/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - https://objects.aol....,20/McGDMgr.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: gseuyh.dll,thqbkz.dll,ehfjjb.dll,avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 7494 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080802-210241-192 O15 - Trusted Zone: *.avsystemcare.com
backup-20080802-210241-358 O15 - Trusted Zone: *.safetydownload.com
backup-20080802-210241-452 O15 - Trusted Zone: *.avsystemcare.com (HKLM)
backup-20080802-210241-578 O15 - Trusted Zone: *.onerateld.com
backup-20080802-210241-580 O15 - Trusted Zone: *.virusschlacht.com (HKLM)
backup-20080802-210241-587 O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
backup-20080802-210241-630 O15 - Trusted Zone: *.virusschlacht.com
backup-20080802-210241-719 O15 - Trusted Zone: *.onerateld.com (HKLM)
backup-20080802-210241-753 O15 - Trusted Zone: *.trustedantivirus.com
backup-20080802-210241-918 O15 - Trusted Zone: *.safetydownload.com (HKLM)
backup-20080802-211545-475 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
backup-20080802-211545-828 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S1 mssmbioss - c:\windows\system32\drivers\mssmbioss.sys (file missing)
S3 ATWPKT2 - c:\program files\common files\aol\acs\atwpkt2.sys <Not Verified; America Online; ATW Protocol Driver>
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-07-11 07:04:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2008-07-02 and 2008-08-02 -----------------------------

2008-08-02 22:29:06 50688 --a------ C:\Program Files\ATF-Cleaner.exe <Not Verified; Atribune.org; ATF Cleaner>
2008-08-02 22:16:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-02 22:16:41 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-08-02 21:30:34 68096 --a------ C:\WINDOWS\zip.exe
2008-08-02 21:30:34 49152 --a------ C:\WINDOWS\VFind.exe
2008-08-02 21:30:34 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-08-02 21:30:34 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-08-02 21:30:34 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-08-02 21:30:34 98816 --a------ C:\WINDOWS\sed.exe
2008-08-02 21:30:34 80412 --a------ C:\WINDOWS\grep.exe
2008-08-02 21:30:34 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-08-02 16:39:57 0 d--h----- C:\$AVG8.VAULT$
2008-08-02 15:57:42 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-02 15:57:42 0 d-------- C:\Documents and Settings\Mike\Application Data\AVGTOOLBAR
2008-08-02 15:57:29 0 d-------- C:\Program Files\AVG
2008-08-02 15:57:28 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-02 02:56:34 0 dr-h----- C:\Documents and Settings\Mike\Recent
2008-07-27 19:48:25 0 d--hs---- C:\WINDOWS\THVjeTYz
2008-07-27 19:48:01 0 d-------- C:\WINDOWS\system32\vn3
2008-07-27 19:48:01 0 d-------- C:\WINDOWS\system32\fonts
2008-07-27 19:48:01 0 d-------- C:\WINDOWS\system32\bosh
2008-07-25 01:35:45 0 d-------- C:\Documents and Settings\Mike\Application Data\ACASystems
2008-07-25 01:35:45 0 d-------- C:\Documents and Settings\All Users\Application Data\ACASystems
2008-07-12 05:24:18 0 d-------- C:\MGtools
2008-07-12 05:04:07 0 d-------- C:\cmdcons
2008-07-12 03:37:53 1238055 --a------ C:\MGtools.exe
2008-07-12 01:48:51 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-07-12 01:44:57 0 d-------- C:\Program Files\Common Files\PC Tools
2008-07-12 01:44:51 0 d-------- C:\Program Files\PC Tools AntiVirus
2008-07-12 01:10:43 1710 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-12 01:10:04 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-12 01:10:04 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-07-12 01:10:04 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-07-12 01:10:04 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-07-12 01:10:04 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-07-12 01:10:04 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-12 01:10:04 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-07-12 01:10:03 0 d-------- C:\Program Files\SmitfraudFix
2008-07-11 22:14:07 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-07-11 22:13:27 0 d-------- C:\WINDOWS\system32\sfig
2008-07-11 22:13:27 0 d-------- C:\WINDOWS\system32\provdll
2008-07-11 22:13:27 0 d-------- C:\WINDOWS\system32\OBDE
2008-07-11 22:13:27 0 d-------- C:\WINDOWS\system32\imp32
2008-07-11 22:13:20 0 d-------- C:\WINDOWS\system32\olixds01
2008-07-11 21:30:28 70656 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-07-11 21:30:28 70656 --a------ C:\WINDOWS\system32\i420vfw.dll <Not Verified; www.helixcommunity.org; Helix I420 YUV Codec>
2008-07-11 21:30:28 719872 --a------ C:\WINDOWS\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)>
2008-07-11 21:30:28 27648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2008-07-11 21:30:28 318976 --a------ C:\WINDOWS\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>
2008-07-11 21:30:28 66560 --a------ C:\WINDOWS\MOTA113.exe
2008-07-11 21:30:28 217073 --a------ C:\WINDOWS\meta4.exe
2008-07-11 20:37:30 0 d-------- C:\Documents and Settings\Mike\Application Data\gtk-2.0
2008-07-11 20:36:40 0 d-------- C:\Documents and Settings\Mike\Application Data\avidemux
2008-07-11 20:32:49 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-11 20:32:34 0 d-------- C:\Documents and Settings\Mike\Application Data\Any Video Converter Professional
2008-07-11 19:11:09 0 d-------- C:\Documents and Settings\Mike\Application Data\Sony
2008-07-11 19:09:52 0 d-------- C:\Program Files\Microsoft SQL Server
2008-07-11 19:08:25 0 d-------- C:\Program Files\Sony
2008-07-11 18:56:18 261632 --a------ C:\WINDOWS\system32\mcdvd_32.dll <Not Verified; MainConcept; MainConcept DV Codec "2.0.4>
2008-07-11 18:03:50 0 d-------- C:\Documents and Settings\Mike\Application Data\dvdcss
2008-07-11 17:36:46 0 d-------- C:\Program Files\ProjectX_0.90.4.00
2008-07-11 17:32:21 0 d-------- C:\Program Files\ProjectX_Source_0.90.4
2008-07-11 17:24:00 0 d-------- C:\Documents and Settings\Mike\Application Data\DVD Flick
2008-07-11 04:15:25 43698 --a------ C:\WINDOWS\system32\xvid-uninstall.exe
2008-07-11 01:57:16 0 d-------- C:\Documents and Settings\Mike\Application Data\AVS4YOU
2008-07-11 01:57:12 0 d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-07-11 01:56:11 0 d-------- C:\Program Files\Common Files\AVSMedia
2008-07-07 20:19:03 563712 --a------ C:\WINDOWS\system32\Redemption.dll <Not Verified; Dmitry Streblechenko; Outlook Redemption>
2008-07-07 20:05:45 0 d-------- C:\Program Files\doubleTwist
2008-07-03 11:07:58 0 d-------- C:\Documents and Settings\Jen\Application Data\Snapfish
2008-07-03 11:00:15 0 dr-h----- C:\Documents and Settings\Jen\Application Data\yahoo!
2008-07-03 10:55:51 0 d-------- C:\Documents and Settings\Jen\Application Data\DivX

-- Find3M Report ---------------------------------------------------------------

2008-08-02 22:48:23 0 d-------- C:\Program Files\QuickTime
2008-08-02 22:48:23 0 d-------- C:\Program Files\iTunes
2008-08-02 22:48:23 0 d-------- C:\Program Files\Dell Support
2008-08-02 22:48:23 0 d-------- C:\Program Files\Dell AIO Printer A920
2008-08-02 22:43:41 0 d-------- C:\Program Files\Common Files
2008-08-02 04:39:02 0 d-------- C:\Program Files\Soulseek
2008-07-29 20:20:12 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-07-28 18:28:57 0 d-------- C:\Program Files\Trend Micro
2008-07-27 21:08:14 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-27 20:55:11 0 d-------- C:\Program Files\Enigma Software Group
2008-07-11 20:18:01 0 d-------- C:\Documents and Settings\Mike\Application Data\Yahoo!
2008-07-11 04:17:40 626 --a------ C:\Documents and Settings\Mike\Application Data\AutoGK.ini
2008-06-14 15:40:57 0 d-------- C:\Program Files\MySpace
2008-06-14 04:40:28 0 d-------- C:\Documents and Settings\Mike\Application Data\Malwarebytes
2008-06-14 04:40:04 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-13 22:37:42 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-13 22:22:54 0 d-------- C:\Documents and Settings\Mike\Application Data\Adobe
2008-06-12 04:05:36 0 d-------- C:\Program Files\Common Files\AOL
2008-06-12 04:02:40 0 d-------- C:\Documents and Settings\Mike\Application Data\AOL
2008-06-12 01:26:43 0 d-------- C:\Documents and Settings\Mike\Application Data\Uniblue
2008-06-11 01:39:10 0 d-------- C:\Program Files\DivX
2008-06-03 15:22:13 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-30 17:22:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 17:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 17:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 17:22:46 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 17:22:46 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-22 16:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 16:19:46 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 16:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 16:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-04 21:36:34 304957 --a------ C:\Program Files\hjsplit.zip

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
08/02/2008 03:57 PM 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\System32\igfxtray.exe" [02/10/2004 10:55 AM]
"igfxhkcmd"="C:\WINDOWS\System32\hkcmd.exe" [02/10/2004 10:51 AM]
"igfxpers"="C:\WINDOWS\System32\igfxpers.exe" [09/20/2005 09:36 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/10/2006 08:11 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/23/2006 04:45 PM]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [07/21/2006 04:19 PM]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [08/24/2005 07:51 AM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [08/02/2008 03:57 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/03/2008 03:22 PM]
"Yahoo! Pager"="1" []

C:\Documents and Settings\Mike\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 8:00:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 4:44:06 AM]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [9/20/2004 10:19:13 AM]
DESKTOP.INI [9/3/2002 8:00:00 AM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [9/20/2004 10:16:41 AM]
SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [1/17/2008 5:18:59 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/20/2008 05:39 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=gseuyh.dll,thqbkz.dll,ehfjjb.dll,avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

*Newly Created Service* - AVG8EMC
*Newly Created Service* - AVG8WD
*Newly Created Service* - AVGLDX86
*Newly Created Service* - AVGMFX86
*Newly Created Service* - AVGTDIX

-- End of Deckard's System Scanner: finished at 2008-08-02 17:17:39 ------------

#14
MVV

Posted 03 August 2008 - 03:19 PM

Member

Topic Starter
Member
87 posts

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 54%
Physical Memory (total/avail): 509.98 MiB / 230.91 MiB
Pagefile Memory (total/avail): 1247.29 MiB / 935.95 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1940.04 MiB

C: is Fixed (NTFS) - 70.95 GiB total, 44.3 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST380011A - 74.5 GiB - 3 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Installable File System - 70.95 GiB - C:
\PARTITION2 - Unknown - 3.5 GiB

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: AVG Anti-Virus Free v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"="C:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Mike\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BASEMENT
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Mike
LOGONSERVER=\\BASEMENT
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Mike\LOCALS~1\Temp
TMP=C:\DOCUME~1\Mike\LOCALS~1\Temp
USERDOMAIN=BASEMENT
USERNAME=Mike
USERPROFILE=C:\Documents and Settings\Mike
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Lucy63 (admin)
Jen (admin)
Mike (admin)
Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\mcafee.com\antivirus\uninst.exe" /PopUpMsgBox="N" /CheckMutx="N" /S
--> C:\PROGRA~1\SBCSEL~1\CustomUninstall.exe SBC
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> rundll32 C:\PROGRA~1\NEED2F~1\bar\1.bin\Nd2fnBar.dll,O
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.44 beta --> "C:\Program Files\7-Zip\Uninstall.exe"
ABBYY FineReader 5.0 Sprint --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\Install.log
AOL Coach Version 1.0(Build:20030807.3) --> C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AT&T Self Support Tool --> C:\WINDOWS\Motive\SBC\MCCUninst.exe
AT&T Yahoo! Applications --> C:\PROGRA~1\Yahoo!\common\uninstall.exe
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
coverXP (remove only) --> "C:\Program Files\coverXP\cxp-uninst.exe"
DA920EN --> MsiExec.exe /X{C1E5DF32-8248-4347-908C-E030EDAE4368}
dBpoweramp m4a Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
dBpoweramp Music Converter --> "C:\WINDOWS\System32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
dBpoweramp Real Audio (Helix) Encoder --> "C:\WINDOWS\System32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.dat
Dell AIO Printer A920 --> C:\WINDOWS\System32\spool\drivers\w32x86\3\DLBKUN5C.EXE -dDell AIO Printer A920
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Dell Support 5.0.0 (766) --> rundll32 C:\PROGRA~1\DELLSU~1\AUInst.dll,ExUninstall
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
doubleTwist desktop --> C:\Program Files\doubleTwist\uninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intel® PROSet for Wired Connections --> MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
iTunes --> MsiExec.exe /I{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}
Jasc Paint Shop Photo Album --> MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Encarta Encyclopedia Standard 2004 --> MsiExec.exe /I{04410044-9149-45C6-A806-F2BF9CFCE762}
Microsoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Mike\Application Data\Move Networks\ie_bin\Uninst.exe
Move Networks Player for Internet Explorer --> "C:\Documents and Settings\Mike\Application Data\Move Networks\ie_bin\unins000.exe"
Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
NetZero --> "C:\Program Files\NetZero\uninst.exe"
NetZeroInstallers --> MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
QuickTime --> MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SoulSeek Client 156c --> "C:\Program Files\Soulseek\uninstall.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Theorica Divx ;-) Codecs (remove only) --> C:\Program Files\Theorica Divx ;-) Codecs\Uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
XviD MPEG4 Video Codec (remove only) --> "C:\WINDOWS\system32\xvid-uninstall.exe"

-- Application Event Log -------------------------------------------------------

Event Record #/Type10901 / Warning
Event Submitted/Written: 08/02/2008 03:48:16 PM
Event ID/Source: 19011 / MSSQL$SONY_MEDIAMGR
Event Description:
(SpnRegister) : Error 1355

Event Record #/Type10896 / Warning
Event Submitted/Written: 08/02/2008 10:48:30 PM
Event ID/Source: 19011 / MSSQL$SONY_MEDIAMGR
Event Description:
(SpnRegister) : Error 1355

Event Record #/Type10893 / Warning
Event Submitted/Written: 08/02/2008 10:34:47 PM
Event ID/Source: 19011 / MSSQL$SONY_MEDIAMGR
Event Description:
(SpnRegister) : Error 1355

Event Record #/Type10888 / Warning
Event Submitted/Written: 08/02/2008 09:40:31 PM
Event ID/Source: 19011 / MSSQL$SONY_MEDIAMGR
Event Description:
(SpnRegister) : Error 1355

Event Record #/Type10883 / Warning
Event Submitted/Written: 08/02/2008 09:25:28 PM
Event ID/Source: 19011 / MSSQL$SONY_MEDIAMGR
Event Description:
(SpnRegister) : Error 1355

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type89246 / Error
Event Submitted/Written: 08/02/2008 03:48:31 PM
Event ID/Source: 34 / W32Time
Event Description:
The time service has detected that the system time needs to be
changed by +79202 seconds. The time service will not change the system
time by more than +54000 seconds. Verify that your time and time zone
are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.64:123->207.46.232.182:123) is working properly.

Event Record #/Type89193 / Error
Event Submitted/Written: 08/02/2008 10:38:54 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The MSSQL$SONY_MEDIAMGR service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type89192 / Error
Event Submitted/Written: 08/02/2008 10:38:54 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type89191 / Error
Event Submitted/Written: 08/02/2008 10:38:54 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The WAN Miniport (ATW) Service service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type89190 / Error
Event Submitted/Written: 08/02/2008 10:38:53 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The AOL Connectivity Service service terminated unexpectedly. It has done this 1 time(s).

-- End of Deckard's System Scanner: finished at 2008-08-02 17:17:39 ------------

#15
andrewuk

Posted 03 August 2008 - 05:03 PM

Trusted Helper

Malware Removal
5,297 posts

now we are getting somewhere. in this post we will do some general scans to see what else is lurking on your machine.

====STEP 1====
Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, in the menu, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.

====STEP 2====
could you update and run malwarebytes:

double click the malwarebytes icon on your desktop to open the program

on the tabs at the top, select Update and then press the Check for Updates button on that page. If an update is found, it will download and install the latest version.
once complete (a new version of malwarebytes may download) select the tab Scanner
select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

====STEP 3====
and then run DSS again. there will only be one log this time.

In your next reply could i see:
1. the DRCureIT log
2. the malwarebytes log
3. the DSS log

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk