Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

CiD Popups ! [CLOSED]

Started by mikeya , Jan 13 2008 05:46 AM

  • This topic is locked This topic is locked

#1
mikeya
Posted 13 January 2008 - 05:46 AM

mikeya

    Member

  • Member
  • PipPip
  • 23 posts
Hi Guys, you've helped me clean my system up before and since then i've had no problems untill now. I can't stop these CiD popups. I've searched the forum for self help but really i have no idea where to start. Please help.

Here is my log:

Logfile of HijackThis v1.99.1
Scan saved at 11:38:22, on 13/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\khooker.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Michael\Desktop\System Security Items\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster...omeLeftPane.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by blueyonder
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ppmate] C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [hxhsnmcmhc] C:\WINDOWS\system32\hxhsnmcmhc.exe
O4 - HKLM\..\Run: [Move shim inter meta] C:\Documents and Settings\All Users\Application Data\bike bold move shim\Bait five.exe
O4 - HKLM\..\RunServices: [hxhsnmcmhc] C:\WINDOWS\system32\hxhsnmcmhc.exe
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Soft load] C:\DOCUME~1\Michael\APPLIC~1\KEEPRE~1\internetonce.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://edits.mywebse...arch.jhtml?p=ZC
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - https://ukplay.toont...4.47/ttinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab57176.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Toolbar) - http://us.dl1.yimg.c...ebio5_1_3_0.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Print Spooler Service (ara0aea5o6eyh) - Unknown owner - C:\WINDOWS\system32\hxhsnmcmhc.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

Thanks in advance.
  • 0

Advertisements

#2
sage5
Posted 13 January 2008 - 05:54 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi mikeya,

My name is sage5, and I will be helping you with this problem.

Please download the following & save to your Desktop:
Deckard's System Scanner

Run Deckard's System Scanner:
  • Close all other windows before proceeding.
  • Double click on the dss.exe file on your Desktop and follow the prompts.
  • Scans will run, and 2 text files will open in Notepad.
  • Close both of the text files.
These files are C:\Deckard\System Scanner\main.txt & extra.txt. I will need you to copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.



Cheers,

sage5
  • 0

#3
mikeya
Posted 13 January 2008 - 06:07 AM

mikeya

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Thanks sage5.....

Deckard's System Scanner v20071014.68
Run by Michael on 2008-01-13 11:58:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
72: 2008-01-13 11:58:50 UTC - RP459 - Deckard's System Scanner Restore Point
71: 2008-01-13 10:30:24 UTC - RP458 - Removed Windows Live Sign-in Assistant
70: 2008-01-13 10:29:32 UTC - RP457 - Removed Windows Live Messenger
69: 2008-01-11 21:31:46 UTC - RP456 - System Checkpoint
68: 2008-01-10 21:21:26 UTC - RP455 - System Checkpoint


-- First Restore Point --
1: 2007-10-15 00:48:46 UTC - RP388 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Michael.exe) ---------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-13 12:01:11
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
C:\Program Files\Grisoft\AVG Free\avgupsvc.exe
C:\Program Files\Grisoft\AVG Free\avgemc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\System\vcssecs.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\khooker.exe
C:\Program Files\Virtual CD v4 SDK\System\vcsplay.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Michael\Desktop\dss.exe
C:\Documents and Settings\Michael\Desktop\System Security Items\Michael.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by blueyonder
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster...omeLeftPane.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ppmate] C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [hxhsnmcmhc] C:\WINDOWS\system32\hxhsnmcmhc.exe
O4 - HKLM\..\Run: [Move shim inter meta] C:\Documents and Settings\All Users\Application Data\bike bold move shim\Bait five.exe
O4 - HKLM\..\RunServices: [hxhsnmcmhc] C:\WINDOWS\system32\hxhsnmcmhc.exe
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Soft load] C:\DOCUME~1\Michael\APPLIC~1\KEEPRE~1\internetonce.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://edits.mywebse...arch.jhtml?p=ZC
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\APPS\IECustom\script.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} () - http://codecs.micros...386/wmv9dmo.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - https://ukplay.toont...4.47/ttinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab57176.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Toolbar) - http://us.dl1.yimg.c...ebio5_1_3_0.cab
O18 - Protocol: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINDOWS\wc98pp.dll
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Print Spooler Service (ara0aea5o6eyh) - Unknown owner - C:\WINDOWS\system32\hxhsnmcmhc.exe /service
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG Free\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG Free\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SmartLinkService (SLService) - Unknown owner - C:\WINDOWS\system32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\System\vcssecs.exe
O24 - Desktop Component 1: PC-Aquarium Deluxe 4 - 7db39a0d-580f-4be9-9195-8bfcd226f6c2O24 - Desktop Component 2: Aqua Garden - 6423CD5F-D089-4BF1-88B6-6A359339DAFF

--
End of file - 8938 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R1 vcsmpdrv - c:\windows\system32\drivers\vcsmpdrv.sys <Not Verified; H+H Software GmbH; Virtual CD>
R2 MASPINT - c:\windows\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT>
R3 Pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 DCamUSBSQTECH (MiniCam300K) - c:\windows\system32\drivers\sqcaptur.sys <Not Verified; Service & Quality Technology.; Microsoft® Windows NT® Operating System>
S3 dsreader (MaxDrive Driver (dsreader.sys)) - c:\windows\system32\drivers\dsreader.sys <Not Verified; Thesycon GmbH, Germany; Universal USB Device Driver>
S3 GT680x (GrandTechICNameNT) - c:\windows\system32\drivers\gt680x.sys <Not Verified; ; USB Scanner Driver>
S3 PIXMCV (JVC Communication PIX-MCV Driver) - c:\windows\system32\drivers\pixmcvc.sys <Not Verified; Pixela; PIX-MCV Communication Driver (WinMe/2000/XP)>
S3 PIXMCVA (JVC PIX-MCV Audio Capture) - c:\windows\system32\drivers\pixmcva.sys <Not Verified; Pixela; Pixela>
S3 PIXMCVV (JVC PIX-MCV Video Capture) - c:\windows\system32\drivers\pixmcvv.sys <Not Verified; Pixela; Pixela>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 VCSSecS (Virtual CD v4 Security service (SDK - Version)) - c:\program files\virtual cd v4 sdk\system\vcssecs.exe <Not Verified; H+H Software GmbH; Virtual CD>

S2 ara0aea5o6eyh (Print Spooler Service) - c:\windows\system32\hxhsnmcmhc.exe /service (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-01-13 12:00:01 272 --ah----- C:\WINDOWS\Tasks\AFBFBA8D917C2D11.job
2008-01-12 21:32:00 368 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job


-- Files created between 2007-12-13 and 2008-01-13 -----------------------------

2008-01-12 22:02:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-12 22:02:13 0 d-------- C:\Documents and Settings\Michael\Application Data\PrevxCSI
2008-01-08 17:47:01 0 d-------- C:\Program Files\keep regs ooze
2008-01-07 16:58:04 0 d-------- C:\Documents and Settings\Guest\Application Data\AVG7
2008-01-07 16:56:58 0 d-------- C:\Documents and Settings\Guest\WINDOWS
2008-01-07 16:56:58 0 d--h----- C:\Documents and Settings\Guest\Templates
2008-01-07 16:56:58 0 dr------- C:\Documents and Settings\Guest\Start Menu
2008-01-07 16:56:58 0 dr-h----- C:\Documents and Settings\Guest\SendTo
2008-01-07 16:56:58 0 dr-h----- C:\Documents and Settings\Guest\Recent
2008-01-07 16:56:58 0 d--h----- C:\Documents and Settings\Guest\PrintHood
2008-01-07 16:56:58 786432 --ah----- C:\Documents and Settings\Guest\NTUSER.DAT
2008-01-07 16:56:58 0 d--h----- C:\Documents and Settings\Guest\NetHood
2008-01-07 16:56:58 0 dr------- C:\Documents and Settings\Guest\My Documents
2008-01-07 16:56:58 0 d--h----- C:\Documents and Settings\Guest\Local Settings
2008-01-07 16:56:58 0 dr------- C:\Documents and Settings\Guest\Favorites
2008-01-07 16:56:58 0 dr------- C:\Documents and Settings\Guest\Desktop
2008-01-07 16:56:58 0 d---s---- C:\Documents and Settings\Guest\Cookies
2008-01-07 16:56:58 0 dr-h----- C:\Documents and Settings\Guest\Application Data
2008-01-07 16:56:58 0 d---s---- C:\Documents and Settings\Guest\Application Data\Microsoft
2008-01-07 16:56:58 0 d-------- C:\Documents and Settings\Guest\Application Data\InterTrust
2008-01-07 16:56:58 0 d-------- C:\Documents and Settings\Guest\Application Data\Identities
2008-01-07 16:56:58 0 d-------- C:\Documents and Settings\Guest\Application Data\Adobe
2008-01-06 13:05:16 0 d-------- C:\Documents and Settings\Mike\Application Data\keep regs ooze
2008-01-05 17:36:52 0 d-------- C:\Documents and Settings\All Users\Application Data\bike bold move shim
2008-01-05 17:36:26 0 d-------- C:\Documents and Settings\Michael\Application Data\keep regs ooze


-- Find3M Report ---------------------------------------------------------------

2008-01-13 10:29:41 0 d-------- C:\Program Files\MSN Messenger
2008-01-13 10:10:30 0 d-------- C:\Program Files\Soulseek
2008-01-13 08:57:57 0 d-------- C:\Documents and Settings\Michael\Application Data\AVG7
2008-01-13 08:57:24 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-12 19:27:01 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-01-02 18:21:03 0 d-------- C:\Program Files\TVUPlayer
2008-01-01 23:07:17 0 d-------- C:\Documents and Settings\Michael\Application Data\Vso
2008-01-01 21:23:14 0 d-------- C:\Program Files\uTorrent
2008-01-01 16:28:14 0 d-------- C:\Program Files\TVAnts
2007-12-05 15:46:19 0 d-------- C:\Program Files\Common Files
2007-12-04 20:47:30 0 d-------- C:\Program Files\SopCast
2007-12-04 19:16:30 0 d-------- C:\Documents and Settings\Michael\Application Data\dvdcss
2007-11-28 19:00:21 0 d-------- C:\Documents and Settings\Michael\Application Data\SopCast
2007-10-16 06:13:58 4144 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiS KHooker"="C:\WINDOWS\System32\khooker.exe" [13/12/2001 09:27]
"VCSPlayer"="C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" [07/06/2002 12:34]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [04/02/2002 21:32]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [04/07/2002 18:16]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [31/10/2003 18:42]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [15/12/2007 12:50]
"ppmate"="C:\Program Files\PPMate\PPMate\ppmate.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 03:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 19:51]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [01/06/2007 15:51]
"PC Pitstop Optimize Scheduler"="C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe" [21/08/2007 19:38]
"hxhsnmcmhc"="C:\WINDOWS\system32\hxhsnmcmhc.exe" []
"Move shim inter meta"="C:\Documents and Settings\All Users\Application Data\bike bold move shim\Bait five.exe" [13/01/2008 10:54]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Update Service"="C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe" [05/02/2003 16:35]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 07:56]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [01/07/2007 08:23]
"Soft load"="C:\DOCUME~1\Michael\APPLIC~1\KEEPRE~1\internetonce.exe" [08/01/2008 17:46]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"hxhsnmcmhc"=C:\WINDOWS\system32\hxhsnmcmhc.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [17/02/1999 20:05:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\Program Files\DVDIdle Pro\DVDShell.dll [29/01/2003 13:58 40960]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 28/04/2007 13:54 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GStartup.lnk
backup=C:\WINDOWS\pss\GStartup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ulead Photo Express 3.0 SE Calendar Checker.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ulead Photo Express 3.0 SE Calendar Checker.lnk
backup=C:\WINDOWS\pss\Ulead Photo Express 3.0 SE Calendar Checker.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seticlient]
C:\Program Files\SETI@home\[email protected] -min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TheLionCluster]
C:\Program Files\The Lion\skinkers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\Winampa.exe"




-- Hosts -----------------------------------------------------------------------

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

60 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-01-13 12:03:46 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.20GHz
Percentage of Memory in Use: 54%
Physical Memory (total/avail): 703.48 MiB / 316.68 MiB
Pagefile Memory (total/avail): 809.93 MiB / 461.61 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1936.15 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 53.94 GiB total, 28.1 GiB free.
D: is CDROM (UDF)
E: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - ST360012A - 55.9 GiB - 2 partitions
\PARTITION0 - Unknown - 2000.25 MiB
\PARTITION1 (bootable) - Installable File System - 53.94 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntivirusOverride is set.
FirewallOverride is set.

AV: AVG 7.5.503 v7.5.503 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe:*:Enabled:TrueVector Service"
"C:\\Documents and Settings\\Michael\\Desktop\\slsk.exe"="C:\\Documents and Settings\\Michael\\Desktop\\slsk.exe:*:Enabled:SoulSeek"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\tvants\\Tvants.exe"="C:\\Program Files\\tvants\\Tvants.exe:*:Enabled:Tvants"
"C:\\Documents and Settings\\Michael\\Desktop\\utorrent.exe"="C:\\Documents and Settings\\Michael\\Desktop\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Common Files\\Synacast\\SynaLive\\PE.exe"="C:\\Program Files\\Common Files\\Synacast\\SynaLive\\PE.exe:*:Enabled:PE"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\PPMate\\PPMate\\ppmate.exe"="C:\\Program Files\\PPMate\\PPMate\\ppmate.exe:*:Enabled:PPMate"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Documents and Settings\\Michael\\Application Data\\SopCast\\adv\\SopAdver.exe"="C:\\Documents and Settings\\Michael\\Application Data\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"
"C:\\Program Files\\PPMate\\ppmate.exe"="C:\\Program Files\\PPMate\\ppmate.exe:*:Enabled:PPMate"
"C:\\Documents and Settings\\Michael\\Desktop\\Sopcast\\SopCast.exe"="C:\\Documents and Settings\\Michael\\Desktop\\Sopcast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="C:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\\Documents and Settings\\Mike\\Desktop\\slsk.exe"="C:\\Documents and Settings\\Mike\\Desktop\\slsk.exe:*:Enabled:SoulSeek"
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Michael\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=COMPUTER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Michael
LOGONSERVER=\\COMPUTER
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\PROGRA~1\COMMON~1\TVNAVI~1;C:\PROGRA~1\COMMON~1\AUTODE~1;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Documents and Settings\Michael\My Documents;P¤
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Michael\LOCALS~1\Temp
TMP=C:\DOCUME~1\Michael\LOCALS~1\Temp
USERDOMAIN=COMPUTER
USERNAME=Michael
USERPROFILE=C:\Documents and Settings\Michael
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Michael (admin)
josh
x.aimee.x
Mike (admin)
Administrator (admin)
Guest (new local, guest)


-- Add/Remove Programs ---------------------------------------------------------

-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
--> "C:\Program Files\Common Files\Teknum Systems\tsUninst.exe" "C:\Program Files\HandyBits\EasyCrypto\HandyBits EasyCrypto Deluxe.del"
--> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{09B44E78-A988-4BC0-962F-63ECD3333708} /l1033
--> C:\WINDOWS\BWUnin-6.1.0.145L.exe -AppId 4448364
--> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\Modio\SLAMRNTO\slclean.exe
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {8855FF30-19CE-4CB1-A654-87B38369CCE1}
--> C:\WINDOWS\uninst.exe -fC:\APPS\Audioneer\NewDJ\DeIsL1.isu -cC:\APPS\Audioneer\NewDJ\_ISREG32.DLL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2CC982C0-7EAE-11D4-ACC3-0050568AD318}\SETUP.EXE" -uninst
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
--> stunwdm.exe
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
AtomixMP3 Limited Edition v2.0 --> C:\PROGRA~1\ATOMIX~1\UNWISE.EXE C:\PROGRA~1\ATOMIX~1\INSTALL.LOG
AVG Free Edition --> C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CDex extraction audio --> "C:\Program Files\CDex_140b9\uninstall.exe"
ConvertXtoDVD 2.1.8.193 --> "C:\Program Files\vso\ConvertXtoDVD\unins000.exe"
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVDIdle Pro 2.11 --> "C:\Program Files\DVDIdle Pro\unins000.exe"
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
HijackThis 1.99.1 --> C:\Documents and Settings\Michael\Desktop\System Security Items\HijackThis.exe /uninstall
hp deskjet 5550 series (Remove only) --> C:\Program Files\hp deskjet 5550 series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=USB001 -vproduct=5550 -huninstall
hp print screen utility --> C:\Program Files\Hewlett-Packard\hp print screen utility\UnInstall\prnunins.exe
Icy Tower v1.3.1 --> "c:\games\icytower1.3\unins000.exe"
ImageMixer VCD2 for FinePix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{934E9442-D305-4ACF-AD87-A6C11D677CB9}\setup.exe"
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
iTunes --> MsiExec.exe /I{553E56C3-7AA1-45FE-A2FC-2C43DC27F765}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
K-Lite Codec Pack --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2000 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MicroStaff WINASPI --> C:\MWASPI\uninst.exe
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nintendo DS - GBA Max Drive --> "C:\Program Files\Datel\Nintendo DS - GBA Max Drive\unins000.exe"
Packard Bell ActivDoc --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{07A1C2E1-76DD-11D6-9922-009027E9C183}\setup.exe"
Packard Bell Companion -->
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PC Pitstop Optimize 1.5 --> "C:\Program Files\PCPitstop\Optimize\unins000.exe"
PCL-W300 Capture --> C:\WINDOWS\pcamrm.exe
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
RAW FILE CONVERTER LE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE" -l0x9
Rescue from Space Invaders --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Godzilla's Breath\Rescue from Space Invaders\Uninst.isu"
SAMSUNG CDMA Modem Driver Set --> C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio -->
Samsung PC Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x9 -removeonly
Samsung PC Studio 3 USB Driver Installer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x9 -removeonly
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
SopCast 1.1.2 --> C:\Program Files\SopCast\uninst.exe
SoulSeek Client 156c --> "C:\Program Files\Soulseek\uninstall.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TVAnts 1.0 --> C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
TVUPlayer 2.3.4.1 --> C:\Program Files\TVUPlayer\uninst.exe
uTorrent --> C:\Program Files\uTorrent\Uninstall.exe
VERITAS RecordNow DX --> MsiExec.exe /I{8855FF30-19CE-4CB1-A654-87B38369CCE1}
VideoEgg Publisher --> C:\Documents and Settings\Michael\Application Data\VideoEgg\Uninstall.exe
VideoLAN VLC media player 0.8.4a --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Vodafone 804SS USB driver Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\4\SSVDUninstall.exe
WebFldrs XP -->
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Works Suite OS Pack -->
Yahoo! Toolbar -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type3642 / Success
Event Submitted/Written: 01/13/2008 09:37:57 AM
Event ID/Source: 12001 / usnjsvc
Event Description:


Event Record #/Type3640 / Warning
Event Submitted/Written: 01/13/2008 09:34:33 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{571700F0-DB9D-4B3A-B03D-35A14BB5939F}', feature 'MsgrFeat' failed during request for component '{C6638736-7004-4E1D-A5BC-30110004EFC5}'

Event Record #/Type3639 / Warning
Event Submitted/Written: 01/13/2008 09:34:33 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{571700F0-DB9D-4B3A-B03D-35A14BB5939F}', feature 'MsgrFeat', component '{33EF8657-5705-47D4-B01F-E96A27C1D8BD}' failed. The resource 'HKEY_CLASSES_ROOT\Typelib\{53CED51D-432B-45B2-A3E0-0CE2C24235D4}\' does not exist.

Event Record #/Type3634 / Error
Event Submitted/Written: 01/13/2008 09:09:34 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.8.20071.12718, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type3618 / Error
Event Submitted/Written: 01/12/2008 05:53:02 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module kernel32.dll, version 5.1.2600.3119, fault address 0x00012a5b.
Processing media-specific event for [iexplore.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type57623 / Error
Event Submitted/Written: 01/13/2008 00:02:37 PM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The SmartLinkService service has reported an invalid current state 0.

Event Record #/Type57621 / Error
Event Submitted/Written: 01/13/2008 10:30:37 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type57618 / Error
Event Submitted/Written: 01/13/2008 10:30:37 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type57615 / Error
Event Submitted/Written: 01/13/2008 10:30:37 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type57612 / Error
Event Submitted/Written: 01/13/2008 10:30:37 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126



-- End of Deckard's System Scanner: finished at 2008-01-13 12:03:46 ------------
  • 0

#4
sage5
Posted 13 January 2008 - 06:41 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi mikeya,

Please download the following & save to your Desktop:
ComboFix

Run ComboFix:
  • Double click combofix.exe and follow the prompts.
  • When finished, it will produce a log for you. Post that log and a HiJackthis log in your next reply
Log file will be C:\Combofix.txt

Note: Do not mouseclick combofix's window while its running. That may cause it to stall


Cheers,

sage5
  • 0

#5
mikeya
Posted 13 January 2008 - 07:01 AM

mikeya

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
ComboFix 08-01-13.1 - Michael 2008-01-13 12:50:30.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.280 [GMT 0:00]
Running from: C:\Documents and Settings\Michael\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Downloaded Program Files.\egcomservice_pack.inf
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\system32\plugin1.dat
C:\WINDOWS\system32\SysPr.prx

.
((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))))
.

2008-01-13 12:49 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 11:58 . 2008-01-13 11:58 <DIR> d-------- C:\Deckard
2008-01-12 22:02 . 2008-01-12 22:03 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\PrevxCSI
2008-01-12 22:02 . 2008-01-12 22:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-08 17:47 . 2008-01-08 17:47 <DIR> d-------- C:\Program Files\keep regs ooze
2008-01-07 16:58 . 2008-01-07 16:58 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\AVG7
2008-01-07 16:56 . 2003-02-05 16:23 <DIR> d-------- C:\Documents and Settings\Guest\WINDOWS
2008-01-07 16:56 . 2003-02-05 16:39 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\InterTrust
2008-01-06 13:05 . 2008-01-06 13:21 <DIR> d-------- C:\Documents and Settings\Mike\Application Data\keep regs ooze
2008-01-05 17:36 . 2008-01-12 20:09 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\keep regs ooze
2008-01-05 17:36 . 2008-01-12 19:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\bike bold move shim
2008-01-03 20:13 . 2008-01-03 20:13 268 --ah----- C:\sqmdata01.sqm
2008-01-03 20:13 . 2008-01-03 20:13 244 --ah----- C:\sqmnoopt05.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 10:29 --------- d-----w C:\Program Files\MSN Messenger
2008-01-13 10:10 --------- d-----w C:\Program Files\Soulseek
2008-01-13 08:57 --------- d-----w C:\Documents and Settings\Michael\Application Data\AVG7
2008-01-12 20:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-12 19:27 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-01-02 18:21 --------- d-----w C:\Program Files\TVUPlayer
2008-01-01 23:07 --------- d-----w C:\Documents and Settings\Michael\Application Data\Vso
2008-01-01 21:23 --------- d-----w C:\Program Files\uTorrent
2008-01-01 16:28 --------- d-----w C:\Program Files\TVAnts
2007-12-05 16:27 --------- d-----w C:\Documents and Settings\Mike\Application Data\Samsung
2007-12-05 15:46 --------- d-----w C:\Documents and Settings\Mike\Application Data\AVG7
2007-12-04 20:47 --------- d-----w C:\Program Files\SopCast
2007-12-04 19:16 --------- d-----w C:\Documents and Settings\Michael\Application Data\dvdcss
2007-11-28 19:00 --------- d-----w C:\Documents and Settings\Michael\Application Data\SopCast
2007-11-14 07:26 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 09:55 3,065,856 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 17:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 17:40 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-03-22 07:33 87,608 ----a-w C:\Documents and Settings\Michael\Application Data\ezpinst.exe
2007-03-22 07:33 47,360 ----a-w C:\Documents and Settings\Michael\Application Data\pcouffin.sys
2005-06-22 15:41 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2003-03-04 19:46 100,760 ----a-w C:\Documents and Settings\Michael\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Update Service"="C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe" [2003-02-05 16:35 30208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:56 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-07-01 08:23 1318912]
"Soft load"="C:\DOCUME~1\Michael\APPLIC~1\KEEPRE~1\internetonce.exe" [2008-01-08 17:46 403968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiS KHooker"="C:\WINDOWS\System32\khooker.exe" [2001-12-13 09:27 290816]
"VCSPlayer"="C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" [2002-06-07 12:34 299008]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32 53248]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-07-04 18:16 188416]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 18:42 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-15 12:50 579072]
"ppmate"="C:\Program Files\PPMate\PPMate\ppmate.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 15:51 257088]
"PC Pitstop Optimize Scheduler"="C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe" [2007-08-21 19:38 1680883]
"hxhsnmcmhc"="C:\WINDOWS\system32\hxhsnmcmhc.exe" [ ]
"Move shim inter meta"="C:\Documents and Settings\All Users\Application Data\bike bold move shim\Bait five.exe" [2008-01-13 10:54 2251776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"hxhsnmcmhc"="C:\WINDOWS\system32\hxhsnmcmhc.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 07:56 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-12-15 12:50 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\Program Files\DVDIdle Pro\DVDShell.dll [2003-01-29 13:58 40960]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2007-04-28 13:54 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GStartup.lnk
backup=C:\WINDOWS\pss\GStartup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ulead Photo Express 3.0 SE Calendar Checker.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ulead Photo Express 3.0 SE Calendar Checker.lnk
backup=C:\WINDOWS\pss\Ulead Photo Express 3.0 SE Calendar Checker.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 08:41 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seticlient]
C:\Program Files\SETI@home\[email protected]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TheLionCluster]
C:\Program Files\The Lion\skinkers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2003-12-13 00:50 33792 C:\Program Files\Winamp\Winampa.exe

R0 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 13:52]
R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2002-06-07 12:38]
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 12:17]
R3 STAC97NA;SigmaTel 3D Environmental Audio;C:\WINDOWS\system32\drivers\stac97na.sys [2002-09-20 18:42]
R3 STAC97NH;STAC97NH;C:\WINDOWS\system32\drivers\stac97nh.sys [2002-09-20 18:43]
S2 ara0aea5o6eyh;Print Spooler Service;C:\WINDOWS\system32\hxhsnmcmhc.exe []
S3 DCamUSBNW802;PCL-W300 Capture;C:\WINDOWS\system32\DRIVERS\pcam.sys [2002-01-07 06:53]
S3 dsreader;MaxDrive Driver (dsreader.sys);C:\WINDOWS\system32\Drivers\dsreader.sys [2001-01-02 22:53]
S3 PIXMCV;JVC Communication PIX-MCV Driver;C:\WINDOWS\system32\Drivers\pixmcvc.sys [2002-09-28 05:08]
S3 PIXMCVA;JVC PIX-MCV Audio Capture;C:\WINDOWS\system32\Drivers\pixmcva.sys [2002-10-03 19:53]
S3 PIXMCVV;JVC PIX-MCV Video Capture;C:\WINDOWS\system32\Drivers\pixmcvv.sys [2002-11-28 01:16]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 16:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 16:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 16:59]
S3 V90drv;v90drv;C:\WINDOWS\system32\DRIVERS\v90drv.sys [2001-11-29 16:09]

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2008-01-13 12:00:01 C:\WINDOWS\Tasks\AFBFBA8D917C2D11.job"
- c:\docume~1\michael\applic~1\keepre~1\BIND MESS ATOM.exe
"2008-01-12 21:32:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-13 12:54:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2008-01-13 12:56:05
ComboFix-quarantined-files.txt 2008-01-13 12:55:11
.
2008-01-09 19:59:30 --- E O F ---
  • 0

#6
sage5
Posted 13 January 2008 - 07:22 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi mikeya,


I see you have uTorrent installed on your system.
While the program itself is legal, most of the files downloaded with it, are not.
These programs can also be one of the major infection routes for an otherwise secure PC, because you might be unknowingly downloading infected files.
I highly recommend uninstalling uTorrent as outlined below.


Run HijackThis.
  • Click the Do a system scan only button.
  • Check the boxes for the all the entries listed below:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster...omeLeftPane.htm
O4 - HKLM\..\Run: [hxhsnmcmhc] C:\WINDOWS\system32\hxhsnmcmhc.exe
O4 - HKLM\..\Run: [Move shim inter meta] C:\Documents and Settings\All Users\Application Data\bike bold move shim\Bait five.exe
O4 - HKLM\..\RunServices: [hxhsnmcmhc] C:\WINDOWS\system32\hxhsnmcmhc.exe
O4 - HKCU\..\Run: [Soft load] C:\DOCUME~1\Michael\APPLIC~1\KEEPRE~1\internetonce.exe
O18 - Protocol: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} -
O23 - Service: Print Spooler Service (ara0aea5o6eyh) - Unknown owner - C:\WINDOWS\system32\hxhsnmcmhc.exe /service
  • Now close all windows other than HijackThis and click Fix Checked.
  • Close HijackThis.

Remove folders & files:
  • Please go to Start > Control Panel > Add/Remove Programs and remove the following, (if present):
    uTorrent
    J2SE Runtime Environment 5.0 Update 11
    LiveReg (Symantec Corporation)
    LiveUpdate 2.6 (Symantec Corporation)

Create a CombFix Script:
  • Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.
  • Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\Tasks\AFBFBA8D917C2D11.job
C:\WINDOWS\system32\d3d9caps.dat
C:\WINDOWS\system32\hxhsnmcmhc.exe
C:\WINDOWS\wc98pp.dll

Folder::
C:\Program Files\uTorrent
C:\Program Files\keep regs ooze
C:\Documents and Settings\Mike\Application Data\keep regs ooze
C:\Documents and Settings\All Users\Application Data\bike bold move shim
C:\Documents and Settings\Michael\Application Data\keep regs ooze


  • Save the above as CFScript.txt
  • Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
    Posted Image
  • After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.
  • Please tell me how your PC is behaving now.


Cheers,

sage5

Edited by sage5, 13 January 2008 - 07:24 AM.

  • 0

#7
mikeya
Posted 13 January 2008 - 08:03 AM

mikeya

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hi sage5. Thanks for you help with this. All seems fine. Here are my logs:

ComboFix 08-01-13.1 - Michael 2008-01-13 13:47:28.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.284 [GMT 0:00]
Running from: C:\Documents and Settings\Michael\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Michael\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\d3d9caps.dat
C:\WINDOWS\system32\hxhsnmcmhc.exe
C:\WINDOWS\Tasks\AFBFBA8D917C2D11.job
C:\WINDOWS\wc98pp.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\bike bold move shim\Bait five.exe
C:\Documents and Settings\Michael\Application Data\keep regs ooze
C:\Documents and Settings\Michael\Application Data\keep regs ooze\0
C:\Documents and Settings\Michael\Application Data\keep regs ooze\BIND MESS ATOM.exe
C:\Documents and Settings\Michael\Application Data\keep regs ooze\gpnznoyn.exe
C:\Documents and Settings\Michael\Application Data\keep regs ooze\internetonce.exe
C:\Documents and Settings\Michael\Application Data\keep regs ooze\rect film face funk.exe
C:\Documents and Settings\Mike\Application Data\keep regs ooze
C:\Documents and Settings\Mike\Application Data\keep regs ooze\internetonce.exe
C:\Program Files\keep regs ooze
C:\WINDOWS\system32\d3d9caps.dat
C:\WINDOWS\Tasks\AFBFBA8D917C2D11.job
C:\WINDOWS\wc98pp.dll
C:\Documents and Settings\All Users\Application Data\bike bold move shim

.
((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))))
.

2008-01-13 12:49 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 11:58 . 2008-01-13 11:58 <DIR> d-------- C:\Deckard
2008-01-12 22:02 . 2008-01-12 22:03 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\PrevxCSI
2008-01-12 22:02 . 2008-01-12 22:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-07 16:58 . 2008-01-07 16:58 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\AVG7
2008-01-07 16:56 . 2003-02-05 16:23 <DIR> d-------- C:\Documents and Settings\Guest\WINDOWS
2008-01-07 16:56 . 2003-02-05 16:39 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\InterTrust
2008-01-03 20:13 . 2008-01-03 20:13 268 --ah----- C:\sqmdata01.sqm
2008-01-03 20:13 . 2008-01-03 20:13 244 --ah----- C:\sqmnoopt05.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 13:53 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-13 13:41 --------- d-----w C:\Program Files\Java
2008-01-13 10:29 --------- d-----w C:\Program Files\MSN Messenger
2008-01-13 10:10 --------- d-----w C:\Program Files\Soulseek
2008-01-13 08:57 --------- d-----w C:\Documents and Settings\Michael\Application Data\AVG7
2008-01-12 20:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-12 19:27 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-01-02 18:21 --------- d-----w C:\Program Files\TVUPlayer
2008-01-01 23:07 --------- d-----w C:\Documents and Settings\Michael\Application Data\Vso
2008-01-01 16:28 --------- d-----w C:\Program Files\TVAnts
2007-12-05 16:27 --------- d-----w C:\Documents and Settings\Mike\Application Data\Samsung
2007-12-05 15:46 --------- d-----w C:\Documents and Settings\Mike\Application Data\AVG7
2007-12-04 20:47 --------- d-----w C:\Program Files\SopCast
2007-12-04 19:16 --------- d-----w C:\Documents and Settings\Michael\Application Data\dvdcss
2007-11-28 19:00 --------- d-----w C:\Documents and Settings\Michael\Application Data\SopCast
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-03-22 07:33 87,608 ----a-w C:\Documents and Settings\Michael\Application Data\ezpinst.exe
2007-03-22 07:33 47,360 ----a-w C:\Documents and Settings\Michael\Application Data\pcouffin.sys
2005-06-22 15:41 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2003-03-04 19:46 100,760 ----a-w C:\Documents and Settings\Michael\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-01-13_12.54.34.37 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-13 12:49:54 237,568 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-13 13:47:17 237,568 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-13 12:49:55 12,288 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-13 13:47:17 12,288 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-13 12:49:55 237,568 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-13 13:47:17 237,568 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-13 12:49:55 12,288 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-13 13:47:17 12,288 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-13 12:49:55 8,716,288 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-13 13:47:17 8,716,288 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-13 12:49:55 159,744 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-13 13:47:17 159,744 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Update Service"="C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe" [2003-02-05 16:35 30208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:56 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-07-01 08:23 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiS KHooker"="C:\WINDOWS\System32\khooker.exe" [2001-12-13 09:27 290816]
"VCSPlayer"="C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" [2002-06-07 12:34 299008]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32 53248]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-07-04 18:16 188416]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 18:42 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-15 12:50 579072]
"ppmate"="C:\Program Files\PPMate\PPMate\ppmate.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 15:51 257088]
"PC Pitstop Optimize Scheduler"="C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe" [2007-08-21 19:38 1680883]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 07:56 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-12-15 12:50 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\Program Files\DVDIdle Pro\DVDShell.dll [2003-01-29 13:58 40960]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2007-04-28 13:54 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GStartup.lnk
backup=C:\WINDOWS\pss\GStartup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ulead Photo Express 3.0 SE Calendar Checker.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ulead Photo Express 3.0 SE Calendar Checker.lnk
backup=C:\WINDOWS\pss\Ulead Photo Express 3.0 SE Calendar Checker.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 08:41 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seticlient]
C:\Program Files\SETI@home\[email protected]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TheLionCluster]
C:\Program Files\The Lion\skinkers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2003-12-13 00:50 33792 C:\Program Files\Winamp\Winampa.exe

R0 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 13:52]
R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2002-06-07 12:38]
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 12:17]
R3 STAC97NA;SigmaTel 3D Environmental Audio;C:\WINDOWS\system32\drivers\stac97na.sys [2002-09-20 18:42]
R3 STAC97NH;STAC97NH;C:\WINDOWS\system32\drivers\stac97nh.sys [2002-09-20 18:43]
S2 ara0aea5o6eyh;Print Spooler Service;C:\WINDOWS\system32\hxhsnmcmhc.exe []
S3 DCamUSBNW802;PCL-W300 Capture;C:\WINDOWS\system32\DRIVERS\pcam.sys [2002-01-07 06:53]
S3 dsreader;MaxDrive Driver (dsreader.sys);C:\WINDOWS\system32\Drivers\dsreader.sys [2001-01-02 22:53]
S3 PIXMCV;JVC Communication PIX-MCV Driver;C:\WINDOWS\system32\Drivers\pixmcvc.sys [2002-09-28 05:08]
S3 PIXMCVA;JVC PIX-MCV Audio Capture;C:\WINDOWS\system32\Drivers\pixmcva.sys [2002-10-03 19:53]
S3 PIXMCVV;JVC PIX-MCV Video Capture;C:\WINDOWS\system32\Drivers\pixmcvv.sys [2002-11-28 01:16]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 16:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 16:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 16:59]
S3 V90drv;v90drv;C:\WINDOWS\system32\DRIVERS\v90drv.sys [2001-11-29 16:09]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-13 13:54:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-13 13:59:49 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-13 13:59:44
ComboFix2.txt 2008-01-13 12:56:07
.
2008-01-09 19:59:30 --- E O F ---



Logfile of HijackThis v1.99.1
Scan saved at 14:01:31, on 13/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\System32\khooker.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Michael\Desktop\System Security Items\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ppmate] C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://edits.mywebse...arch.jhtml?p=ZC
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - https://ukplay.toont...4.47/ttinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab57176.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Toolbar) - http://us.dl1.yimg.c...ebio5_1_3_0.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Print Spooler Service (ara0aea5o6eyh) - Unknown owner - C:\WINDOWS\system32\hxhsnmcmhc.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

Thanks again.
  • 0

#8
sage5
Posted 13 January 2008 - 04:39 PM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi mikeya,


You don't appear to be running a 3rd party firewall. These are essential to protect from trojans, viruses, spyware etc.

You should check out:- Comodo Firewall Pro or Sunbelt Personal Firewall

User manuals are available for both:
Comodo's manual is built in and accessable from the Help Menu.

Sunbelt Manual Here

Both are simple to install & free to use.
Please install only 1


I need you to post me a fresh HijackThis log to confirm correct installation of the Anti-virus and Firewall programs.

Run HijackThis:
  • Select the Run a system scan and save a logfile option. The logfile opens in Notepad.
  • Start your Web Browser and navigate back to this thread.
  • Click the Add Reply button
  • Copy and Paste the text into the Reply window.
  • Also paste me the text from C:\avscan.txt

Cheers,

sage5
  • 0

#9
sage5
Posted 24 January 2008 - 05:17 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP