Messages

1

Tech Clinic / Computers infected with a trojan or something

« on: January 01, 2008, 03:01:06 AM »

ok ive done everything, is there anything else i should do? can i delete the uninstall_list from my desktop.  well thank you sooo much for helping me with all of this I really really appreciate it

2

Tech Clinic / Computers infected with a trojan or something

« on: January 01, 2008, 01:17:14 AM »

oh well hopefully ive done it right so far, heres the log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:16:39 AM, on 1/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\internet explorer\iexplore.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5064 bytes

3

Tech Clinic / Computers infected with a trojan or something

« on: January 01, 2008, 12:30:38 AM »

oh no sorry i thougth you said only to do that if it prompts me but i read wrong. do you want me to do that and then post another hijackthis log?

4

Tech Clinic / Computers infected with a trojan or something

« on: January 01, 2008, 12:05:17 AM »

ok well it wouldnt let me uninstall that web savings from ebates things ive been trying to delete that for a long time now i guess i deleted the folder and it had the uninstall file in there or something so i dont know how to get rid of it now. it just brings up a little window titled "wjview error" and it says "ERROR:could not execute Main : the system cannot find the file specified"

But heres the hijackthis log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:42 PM, on 12/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5220 bytes

5

Tech Clinic / Computers infected with a trojan or something

« on: December 31, 2007, 08:06:31 PM »

ok thanks a lot, everything seems to be running good so far nothings been popping up anymore.

Ad-Aware SE Personal
Adobe After Effects 5.5
Adobe Encore DVD 1.0
Adobe Flash Player 9 ActiveX
Adobe Photoshop 7.0
Adobe Premiere 6.0
Adobe Reader 8.1.1
Adobe Shockwave Player
Advanced RealMedia Export Plug-in for Premiere 6.0
AIM 6
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
BearShare
Classic PhoneTools
Cleaner 5 EZ
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Easy CD Creator 5 Basic
FLV Player 1.3.3
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
iPod for Windows 2005-03-23
iPod for Windows 2006-03-23
iTunes
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
Java 2 Runtime Environment Standard Edition v1.3.1_04
LiveReg (Symantec Corporation)
McAfee VirusScan Enterprise
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows Journal Viewer
Microsoft Works 2003 Setup Launcher
Mozilla Firefox (0.8.)
Mozilla Firefox (1.0.7)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MySpaceIM
NVIDIA Display Driver
PowerDVD
QuickTime
RealPlayer
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944653)
Sony USB Driver
Sorenson Squeeze
Sorenson Video 3
Sound Blaster Live!
Spybot - Search & Destroy 1.4
Spyware Doctor 3.2
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Web Savings from Ebates
Windows Blaster Worm Removal Tool (KB833330)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Yahoo! Messenger
Zune Desktop Theme

6

Tech Clinic / Computers infected with a trojan or something

« on: December 31, 2007, 04:03:30 PM »

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:01:37 PM, on 12/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 4982 bytes


File EAEFBEA175.sys received on 12.31.2007 21:18:15 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/32 (0%)
Loading server information...
Your file is queued in position: 2.
Estimated start time is between 41 and 59 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:    
   
Antivirus    Version    Last Update    Result
AhnLab-V3   2008.1.1.10   2007.12.31   -
AntiVir   7.6.0.46   2007.12.31   -
Authentium   4.93.8   2007.12.30   -
Avast   4.7.1098.0   2007.12.31   -
AVG   7.5.0.516   2007.12.31   -
BitDefender   7.2   2007.12.31   -
CAT-QuickHeal   9.00   2007.12.31   -
ClamAV   0.91.2   2007.12.31   -
DrWeb   4.44.0.09170   2007.12.31   -
eSafe   7.0.15.0   2007.12.31   -
eTrust-Vet   31.3.5419   2007.12.31   -
Ewido   4.0   2007.12.31   -
FileAdvisor   1   2007.12.31   -
Fortinet   3.14.0.0   2007.12.31   -
F-Prot   4.4.2.54   2007.12.31   -
F-Secure   6.70.13030.0   2007.12.31   -
Ikarus   T3.1.1.15   2007.12.31   -
Kaspersky   7.0.0.125   2007.12.31   -
McAfee   5196   2007.12.31   -
Microsoft   1.3109   2007.12.31   -
NOD32v2   2758   2007.12.31   -
Norman   5.80.02   2007.12.31   -
Panda   9.0.0.4   2007.12.31   -
Prevx1   V2   2007.12.31   -
Rising   20.24.52.00   2007.12.29   -
Sophos   4.24.0   2007.12.31   -
Sunbelt   2.2.907.0   2007.12.30   -
Symantec   10   2007.12.31   -
TheHacker   6.2.9.175   2007.12.29   -
VBA32   3.12.2.5   2007.12.29   -
VirusBuster   4.3.26:9   2007.12.31   -
Webwasher-Gateway   6.6.2   2007.12.31   -
Additional information
File size: 56 bytes
MD5: 74a95b6b4554235b088557f5815a13fc
SHA1: 4738e9016b87422de6eedcb7a64b3899751dcdc9
PEiD: -

7

Tech Clinic / Computers infected with a trojan or something

« on: December 31, 2007, 04:00:37 PM »

SmitFraudFix v2.274

Scan done at 14:08:05.34, Mon 12/31/2007
Run from C:\Documents and Settings\Aaron\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1       localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1B4A2FD0-F74C-46D0-AED5-8BFA4BA8C218}: DhcpNameServer=24.93.41.125 24.93.41.126
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D5093D39-00EA-4D4C-8586-A87437B3171B}: DhcpNameServer=24.93.41.125 24.93.41.126
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E7E117A4-1966-46C8-A57F-2524CDDE24D4}: DhcpNameServer=24.93.41.125 24.93.41.126
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1B4A2FD0-F74C-46D0-AED5-8BFA4BA8C218}: DhcpNameServer=24.93.41.125 24.93.41.126
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D5093D39-00EA-4D4C-8586-A87437B3171B}: DhcpNameServer=24.93.41.125 24.93.41.126
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E7E117A4-1966-46C8-A57F-2524CDDE24D4}: DhcpNameServer=24.93.41.125 24.93.41.126
HKLM\SYSTEM\CS3\Services\Tcpip\..\{1B4A2FD0-F74C-46D0-AED5-8BFA4BA8C218}: DhcpNameServer=24.93.41.125 24.93.41.126
HKLM\SYSTEM\CS3\Services\Tcpip\..\{D5093D39-00EA-4D4C-8586-A87437B3171B}: DhcpNameServer=24.93.41.125 24.93.41.126
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E7E117A4-1966-46C8-A57F-2524CDDE24D4}: DhcpNameServer=24.93.41.125 24.93.41.126
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.93.41.125 24.93.41.126
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.93.41.125 24.93.41.126
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=24.93.41.125 24.93.41.126


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
 
Registry Cleaning done.
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

8

Tech Clinic / Computers infected with a trojan or something

« on: December 31, 2007, 03:59:14 PM »

ok im going to just post each log in their own post so itll be easier to understand whats what.

ComboFix 07-12-31.4 - Aaron 2007-12-31  4:20:34.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.169 [GMT -6:00]
Running from: C:\Documents and Settings\Aaron\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Aaron\Desktop\CFScript.txt
 * Created a new restore point

FILE
C:\WINDOWS\oggview32.dll
C:\WINDOWS\retadpu2000219.exe
C:\WINDOWS\ServicePackFiles\agvtun.bak1
C:\WINDOWS\ServicePackFiles\agvtun.bak2
C:\WINDOWS\ServicePackFiles\agvtun.ini2
C:\WINDOWS\SYSTEM32\ststv.ini2
C:\WINDOWS\SYSTEM32\syvntely.ini
C:\WINDOWS\SYSTEM32\uudixjlj.ini
C:\WINDOWS\system32\yletnvys.dll
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\VundoFix Backups
C:\VundoFix Backups\ddeeg.ini.bad
C:\VundoFix Backups\ddeeg.ini2.bad
C:\VundoFix Backups\geedd.dll.bad
C:\VundoFix Backups\jkhfe.dll.bad
C:\VundoFix Backups\jlkkj.ini.bad
C:\VundoFix Backups\jlkkj.ini2.bad
C:\WINDOWS\oggview32.dll
C:\WINDOWS\QWFyb24gV2VzbGV5IEJhbmRh
C:\WINDOWS\QWFyb24gV2VzbGV5IEJhbmRh\kqIVvZb0pZpWv3pcKHL1vAl1.vbs
C:\WINDOWS\ServicePackFiles\agvtun.bak1
C:\WINDOWS\ServicePackFiles\agvtun.bak2
C:\WINDOWS\ServicePackFiles\agvtun.ini2
C:\WINDOWS\system32\1024
C:\WINDOWS\SYSTEM32\ststv.ini2
C:\WINDOWS\SYSTEM32\syvntely.ini
C:\WINDOWS\SYSTEM32\uudixjlj.ini

.
(((((((((((((((((((((((((   Files Created from 2007-11-28 to 2007-12-31  )))))))))))))))))))))))))))))))
.

2007-12-31 03:12 . 2007-09-05 23:22   289,144   --a------   C:\WINDOWS\SYSTEM32\VCCLSID.exe
2007-12-31 03:12 . 2006-04-27 16:49   288,417   --a------   C:\WINDOWS\SYSTEM32\SrchSTS.exe
2007-12-31 03:12 . 2007-12-20 23:11   81,920   --a------   C:\WINDOWS\SYSTEM32\IEDFix.exe
2007-12-31 03:12 . 2003-06-05 20:13   53,248   --a------   C:\WINDOWS\SYSTEM32\Process.exe
2007-12-31 03:12 . 2004-07-31 17:50   51,200   --a------   C:\WINDOWS\SYSTEM32\dumphive.exe
2007-12-31 03:12 . 2007-10-03 23:36   25,600   --a------   C:\WINDOWS\SYSTEM32\WS2Fix.exe
2007-12-31 03:12 . 2007-12-31 03:12   1,638   --a------   C:\WINDOWS\SYSTEM32\tmp.reg
2007-12-31 03:01 . 2000-08-31 08:00   51,200   --a------   C:\WINDOWS\NirCmd.exe
2007-12-30 13:04 . 2007-12-30 13:04   <DIR>   d--------   C:\Program Files\Trend Micro
2007-12-24 18:38 . 2007-12-24 18:38   <DIR>   d--------   C:\Program Files\Microsoft Silverlight
2007-12-21 01:41 . 2007-12-21 01:52   <DIR>   d--------   C:\Program Files\LimeWire
2007-12-11 13:46 . 2007-12-11 13:46   3,596,288   --a------   C:\WINDOWS\SYSTEM32\qt-dx331.dll
2007-12-11 13:46 . 2007-12-11 13:46   524,288   --a------   C:\WINDOWS\SYSTEM32\DivXsm.exe
2007-12-11 13:46 . 2007-12-11 13:46   4,816   --a------   C:\WINDOWS\SYSTEM32\divxsm.tlb
2007-12-11 13:45 . 2007-12-11 13:45   1,044,480   --a------   C:\WINDOWS\SYSTEM32\libdivx.dll
2007-12-11 13:45 . 2007-12-11 13:45   200,704   --a------   C:\WINDOWS\SYSTEM32\ssldivx.dll
2007-12-11 13:43 . 2007-12-11 13:43   12,288   --a------   C:\WINDOWS\SYSTEM32\DivXWMPExtType.dll
2007-11-29 20:28 . 2007-11-29 20:28   <DIR>   d--------   C:\Documents and Settings\Aaron\New Folder
2007-11-23 03:04 . 2007-11-23 03:04   <DIR>   d--------   C:\Program Files\MySpace
2007-11-08 21:07 . 2007-11-08 21:08   <DIR>   d--------   C:\Program Files\iTunes
2007-11-07 03:05 . 2007-11-07 03:05   <DIR>   d--------   C:\Program Files\FLVPlayer
2007-11-06 23:38 . 2007-11-09 16:05   <DIR>   d--------   C:\Documents and Settings\Aaron\Application Data\U3

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-21 18:55   ---------   d-----w   C:\Program Files\Yahoo!
2007-12-21 18:55   ---------   d-----w   C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
2007-12-21 18:55   ---------   d-----w   C:\Documents and Settings\Aaron\Application Data\Yahoo!
2007-12-16 06:01   ---------   d-----w   C:\Program Files\DivX
2007-12-11 19:44   823,296   ----a-w   C:\WINDOWS\SYSTEM32\divx_xx0c.dll
2007-12-11 19:44   823,296   ----a-w   C:\WINDOWS\SYSTEM32\divx_xx07.dll
2007-12-11 19:44   81,920   ----a-w   C:\WINDOWS\SYSTEM32\dpl100.dll
2007-12-11 19:44   802,816   ----a-w   C:\WINDOWS\SYSTEM32\divx_xx11.dll
2007-12-11 19:44   682,496   ----a-w   C:\WINDOWS\SYSTEM32\DivX.dll
2007-12-11 19:44   593,920   -c--a-w   C:\WINDOWS\SYSTEM32\dpuGUI11.dll
2007-12-11 19:44   57,344   ----a-w   C:\WINDOWS\SYSTEM32\dpv11.dll
2007-12-11 19:44   53,248   -c--a-w   C:\WINDOWS\SYSTEM32\dpuGUI10.dll
2007-12-11 19:44   344,064   ----a-w   C:\WINDOWS\SYSTEM32\dpus11.dll
2007-12-11 19:44   294,912   -c--a-w   C:\WINDOWS\SYSTEM32\dpu10.dll
2007-12-11 19:44   294,912   ----a-w   C:\WINDOWS\SYSTEM32\dpu11.dll
2007-12-11 19:44   196,608   ----a-w   C:\WINDOWS\SYSTEM32\dtu100.dll
2007-12-11 19:44   156,992   ----a-w   C:\WINDOWS\SYSTEM32\DivXCodecVersionChecker.exe
2007-11-13 10:25   20,480   ----a-w   C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-09 03:08   ---------   d-----w   C:\Program Files\iPod
2007-11-09 03:04   ---------   d-----w   C:\Program Files\QuickTime
2007-10-29 22:43   1,287,680   ----a-w   C:\WINDOWS\SYSTEM32\quartz.dll
2007-10-27 23:40   222,720   ----a-w   C:\WINDOWS\SYSTEM32\wmasf.dll
2007-09-28 16:07   129,784   ------w   C:\WINDOWS\SYSTEM32\pxafs.dll
2007-09-28 16:07   120,056   -c----w   C:\WINDOWS\SYSTEM32\pxcpyi64.exe
2007-09-28 16:07   118,520   -c----w   C:\WINDOWS\SYSTEM32\pxinsi64.exe
2007-06-11 02:30   1,308,216   -c--a-w   C:\Program Files\HiJackThis_v2.exe
2006-08-31 02:07   57,208   ----a-w   C:\Documents and Settings\Aaron\Application Data\GDIPFONTCACHEV1.DAT
2004-10-12 04:31   56   -csh--r   C:\WINDOWS\SYSTEM32\EAEFBEA175.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [ ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [ ]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 14:16 5058560]
"nwiz"="nwiz.exe" [2003-10-06 14:16 741376 C:\WINDOWS\SYSTEM32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 01:33 8720384]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 01:56 53760 C:\WINDOWS\SYSTEM32\narrator.exe]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 0 (0x0)
"Btn_Search"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)
"NoToolbarCustomize"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2002-12-17 10:28   684032   --a--c---   C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-10 19:51   39792   --a------   C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
         BCMSMMSG.exe
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 01:56   15360   --a--c---   C:\WINDOWS\system32\ctfmon.exe
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A940]
         C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
         C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe startup
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
         C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
         C:\Program Files\Common Files\AOL\1133112961\ee\AOLSoftware.exe
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-11-02 18:36   267048   --a------   C:\Program Files\iTunes\iTunesHelper.exe
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2003-09-13 21:36   50688   --a--c---   C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
         nwiz.exe /install
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
         C:\Program Files\QuickTime\qttask.exe -atboottime
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
         C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

R0 sonyhcb;Sony Digital Imaging Base;C:\WINDOWS\system32\DRIVERS\sonyhcb.sys [2001-11-05 08:23]
S3 2WIREPCP;2Wire USB;C:\WINDOWS\system32\DRIVERS\2WirePCP.sys [2003-04-17 21:48]
S3 AVCSTRM;AVC Streaming Filter Driver;C:\WINDOWS\system32\DRIVERS\avcstrm.sys [2004-08-04 01:09]
S3 MSTAPE;Microsoft AV/C Tape Subunit Device;C:\WINDOWS\system32\DRIVERS\mstape.sys [2004-08-04 01:09]
S3 sonyhcs;Sony Digital Imaging Video;C:\WINDOWS\system32\DRIVERS\sonyhcs.sys [2001-11-05 08:23]
S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2004-12-18 19:32]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9daeb98c-8cf3-11dc-a7b4-0040050e21b3}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2007-12-28 02:45:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-30 18:27:11 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2005-10-31 04:08:35 C:\WINDOWS\Tasks\XoftSpy.job"
- C:\Program Files\XoftSpy\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-31 04:23:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-31  4:24:00
C:\qoobox\ComboFix-quarantined-files.txt  2007-12-31 10:23:37
C:\qoobox\ComboFix2.txt  2007-12-31 09:08:31
.
2007-12-12 16:41:56   --- E O F ---

9

Tech Clinic / Computers infected with a trojan or something

« on: December 31, 2007, 04:18:45 AM »

ok well thanks for helping me so far

Smitfraudfix

SmitFraudFix v2.274

Scan done at  3:12:45.43, Mon 12/31/2007
Run from C:\Documents and Settings\Aaron\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\1024\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Aaron


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Aaron\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Aaron\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix.exe by S!Ri
C:\WINDOWS\oggview32.dll
HKLM\SOFTWARE\Classes\AppID\oggview32.dll
HKLM\SOFTWARE\Classes\AppID\{1E40AD15-4280-428A-9A26-AB96F9DA2ACE}
HKLM\SOFTWARE\Classes\CLSID\{1E40AD15-4280-428A-9A26-AB96F9DA2ACE}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E40AD15-4280-428A-9A26-AB96F9DA2ACE}
HKLM\SOFTWARE\Classes\oggview32.Video
HKLM\SOFTWARE\Classes\TypeLib\{62566A4D-AE41-44D2-B1B1-BC210BD35DCB}


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{FB153DCE-822E-47ec-8D00-2706E7864B37}"="O"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 24.93.41.125
DNS Server Search Order: 24.93.41.126

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1B4A2FD0-F74C-46D0-AED5-8BFA4BA8C218}: DhcpNameServer=24.93.41.125 24.93.41.126
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D5093D39-00EA-4D4C-8586-A87437B3171B}: DhcpNameServer=24.93.41.125 24.93.41.126
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E7E117A4-1966-46C8-A57F-2524CDDE24D4}: DhcpNameServer=24.93.41.125 24.93.41.126
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1B4A2FD0-F74C-46D0-AED5-8BFA4BA8C218}: DhcpNameServer=24.93.41.125 24.93.41.126
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D5093D39-00EA-4D4C-8586-A87437B3171B}: DhcpNameServer=24.93.41.125 24.93.41.126
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E7E117A4-1966-46C8-A57F-2524CDDE24D4}: DhcpNameServer=24.93.41.125 24.93.41.126
HKLM\SYSTEM\CS3\Services\Tcpip\..\{1B4A2FD0-F74C-46D0-AED5-8BFA4BA8C218}: DhcpNameServer=24.93.41.125 24.93.41.126
HKLM\SYSTEM\CS3\Services\Tcpip\..\{D5093D39-00EA-4D4C-8586-A87437B3171B}: DhcpNameServer=24.93.41.125 24.93.41.126
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E7E117A4-1966-46C8-A57F-2524CDDE24D4}: DhcpNameServer=24.93.41.125 24.93.41.126
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.93.41.125 24.93.41.126
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.93.41.125 24.93.41.126
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=24.93.41.125 24.93.41.126


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End



ComboFix 07-12-31.4 - Aaron 2007-12-31  3:02:54.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.167 [GMT -6:00]
Running from: C:\Documents and Settings\Aaron\Desktop\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\tpBe12
C:\WINDOWS\system32\ineWc01
C:\WINDOWS\system32\mcrh.tmp

.
(((((((((((((((((((((((((   Files Created from 2007-11-28 to 2007-12-31  )))))))))))))))))))))))))))))))
.

2007-12-31 03:01 . 2000-08-31 08:00   51,200   --a------   C:\WINDOWS\NirCmd.exe
2007-12-30 13:04 . 2007-12-30 13:04   <DIR>   d--------   C:\Program Files\Trend Micro
2007-12-30 02:42 . 2007-12-30 02:42   239,104   --a------   C:\WINDOWS\oggview32.dll
2007-12-24 18:38 . 2007-12-24 18:38   <DIR>   d--------   C:\Program Files\Microsoft Silverlight
2007-12-21 01:41 . 2007-12-21 01:52   <DIR>   d--------   C:\Program Files\LimeWire
2007-12-18 21:54 . 2007-12-30 05:09   <DIR>   d--------   C:\VundoFix Backups
2007-12-18 21:38 . 2007-12-18 21:54   1,718,805   ---hs----   C:\WINDOWS\SYSTEM32\syvntely.ini
2007-12-17 00:46 . 2007-12-18 21:36   1,735,461   ---hs----   C:\WINDOWS\SYSTEM32\uudixjlj.ini
2007-12-16 13:05 . 2007-12-30 05:09   <DIR>   d--hs----   C:\WINDOWS\QWFyb24gV2VzbGV5IEJhbmRh
2007-12-11 13:46 . 2007-12-11 13:46   3,596,288   --a------   C:\WINDOWS\SYSTEM32\qt-dx331.dll
2007-12-11 13:46 . 2007-12-11 13:46   524,288   --a------   C:\WINDOWS\SYSTEM32\DivXsm.exe
2007-12-11 13:46 . 2007-12-11 13:46   4,816   --a------   C:\WINDOWS\SYSTEM32\divxsm.tlb
2007-12-11 13:45 . 2007-12-11 13:45   1,044,480   --a------   C:\WINDOWS\SYSTEM32\libdivx.dll
2007-12-11 13:45 . 2007-12-11 13:45   200,704   --a------   C:\WINDOWS\SYSTEM32\ssldivx.dll
2007-12-11 13:43 . 2007-12-11 13:43   12,288   --a------   C:\WINDOWS\SYSTEM32\DivXWMPExtType.dll
2007-11-29 20:28 . 2007-11-29 20:28   <DIR>   d--------   C:\Documents and Settings\Aaron\New Folder
2007-11-23 03:04 . 2007-11-23 03:04   <DIR>   d--------   C:\Program Files\MySpace
2007-11-08 21:07 . 2007-11-08 21:08   <DIR>   d--------   C:\Program Files\iTunes
2007-11-07 03:05 . 2007-11-07 03:05   <DIR>   d--------   C:\Program Files\FLVPlayer
2007-11-06 23:38 . 2007-11-09 16:05   <DIR>   d--------   C:\Documents and Settings\Aaron\Application Data\U3

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-21 18:55   ---------   d-----w   C:\Program Files\Yahoo!
2007-12-21 18:55   ---------   d-----w   C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
2007-12-21 18:55   ---------   d-----w   C:\Documents and Settings\Aaron\Application Data\Yahoo!
2007-12-16 06:01   ---------   d-----w   C:\Program Files\DivX
2007-12-11 19:44   823,296   ----a-w   C:\WINDOWS\SYSTEM32\divx_xx0c.dll
2007-12-11 19:44   823,296   ----a-w   C:\WINDOWS\SYSTEM32\divx_xx07.dll
2007-12-11 19:44   81,920   ----a-w   C:\WINDOWS\SYSTEM32\dpl100.dll
2007-12-11 19:44   802,816   ----a-w   C:\WINDOWS\SYSTEM32\divx_xx11.dll
2007-12-11 19:44   682,496   ----a-w   C:\WINDOWS\SYSTEM32\DivX.dll
2007-12-11 19:44   593,920   -c--a-w   C:\WINDOWS\SYSTEM32\dpuGUI11.dll
2007-12-11 19:44   57,344   ----a-w   C:\WINDOWS\SYSTEM32\dpv11.dll
2007-12-11 19:44   53,248   -c--a-w   C:\WINDOWS\SYSTEM32\dpuGUI10.dll
2007-12-11 19:44   344,064   ----a-w   C:\WINDOWS\SYSTEM32\dpus11.dll
2007-12-11 19:44   294,912   -c--a-w   C:\WINDOWS\SYSTEM32\dpu10.dll
2007-12-11 19:44   294,912   ----a-w   C:\WINDOWS\SYSTEM32\dpu11.dll
2007-12-11 19:44   196,608   ----a-w   C:\WINDOWS\SYSTEM32\dtu100.dll
2007-12-11 19:44   156,992   ----a-w   C:\WINDOWS\SYSTEM32\DivXCodecVersionChecker.exe
2007-11-13 10:25   20,480   ----a-w   C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-09 03:08   ---------   d-----w   C:\Program Files\iPod
2007-11-09 03:04   ---------   d-----w   C:\Program Files\QuickTime
2007-10-29 22:43   1,287,680   ----a-w   C:\WINDOWS\SYSTEM32\quartz.dll
2007-10-27 23:40   222,720   ----a-w   C:\WINDOWS\SYSTEM32\wmasf.dll
2007-09-28 16:07   129,784   ------w   C:\WINDOWS\SYSTEM32\pxafs.dll
2007-09-28 16:07   120,056   -c----w   C:\WINDOWS\SYSTEM32\pxcpyi64.exe
2007-09-28 16:07   118,520   -c----w   C:\WINDOWS\SYSTEM32\pxinsi64.exe
2007-06-11 02:30   1,308,216   -c--a-w   C:\Program Files\HiJackThis_v2.exe
2006-08-31 02:07   57,208   ----a-w   C:\Documents and Settings\Aaron\Application Data\GDIPFONTCACHEV1.DAT
2005-07-29 22:24   472   --sha-r   C:\WINDOWS\QWFyb24gV2VzbGV5IEJhbmRh\kqIVvZb0pZpWv3pcKHL1vAl1.vbs
2005-10-15 19:47   349,139   -csh--w   C:\WINDOWS\ServicePackFiles\agvtun.bak1
2005-11-02 04:17   200,623   -csh--w   C:\WINDOWS\ServicePackFiles\agvtun.bak2
2005-11-02 22:52   424,132   -csh--w   C:\WINDOWS\ServicePackFiles\agvtun.ini2
2004-10-12 04:31   56   -csh--r   C:\WINDOWS\SYSTEM32\EAEFBEA175.sys
2007-04-29 23:39   353   -csh--w   C:\WINDOWS\SYSTEM32\ststv.ini2
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E40AD15-4280-428A-9A26-AB96F9DA2ACE}]
2007-12-30 02:42   239104   --a------   C:\WINDOWS\oggview32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CDFEC33-C98C-491F-AEBB-367588E5161D}]
         C:\WINDOWS\system32\geedd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E19E670A-037B-44B3-B04F-CDC20E31092A}]
         C:\WINDOWS\system32\jkklj.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [ ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [ ]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 14:16 5058560]
"nwiz"="nwiz.exe" [2003-10-06 14:16 741376 C:\WINDOWS\SYSTEM32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 01:33 8720384]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 01:56 53760 C:\WINDOWS\SYSTEM32\narrator.exe]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 0 (0x0)
"Btn_Search"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)
"NoToolbarCustomize"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\584e3088]
         rundll32.exe C:\WINDOWS\system32\yletnvys.dll,b
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2002-12-17 10:28   684032   --a--c---   C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-10 19:51   39792   --a------   C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
         BCMSMMSG.exe
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 01:56   15360   --a--c---   C:\WINDOWS\system32\ctfmon.exe
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A940]
         C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
         C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe startup
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
         C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
         C:\Program Files\Common Files\AOL\1133112961\ee\AOLSoftware.exe
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-11-02 18:36   267048   --a------   C:\Program Files\iTunes\iTunesHelper.exe
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2003-09-13 21:36   50688   --a--c---   C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
         nwiz.exe /install
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
         C:\Program Files\QuickTime\qttask.exe -atboottime
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
         C:\WINDOWS\retadpu2000219.exe 61A847B5BBF72810329B385473F001F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
         C:\Program Files\Save\Save.exe
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xloadnet]
         C:\Program Files\xloadnet\xloadnet.exe
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
         C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

R0 sonyhcb;Sony Digital Imaging Base;C:\WINDOWS\system32\DRIVERS\sonyhcb.sys [2001-11-05 08:23]
S3 2WIREPCP;2Wire USB;C:\WINDOWS\system32\DRIVERS\2WirePCP.sys [2003-04-17 21:48]
S3 AVCSTRM;AVC Streaming Filter Driver;C:\WINDOWS\system32\DRIVERS\avcstrm.sys [2004-08-04 01:09]
S3 MSTAPE;Microsoft AV/C Tape Subunit Device;C:\WINDOWS\system32\DRIVERS\mstape.sys [2004-08-04 01:09]
S3 sonyhcs;Sony Digital Imaging Video;C:\WINDOWS\system32\DRIVERS\sonyhcs.sys [2001-11-05 08:23]
S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2004-12-18 19:32]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9daeb98c-8cf3-11dc-a7b4-0040050e21b3}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2007-12-28 02:45:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-30 18:27:11 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2005-10-31 04:08:35 C:\WINDOWS\Tasks\XoftSpy.job"
- C:\Program Files\XoftSpy\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-31 03:07:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-31  3:08:30
C:\qoobox\ComboFix-quarantined-files.txt  2007-12-31 09:08:15
.
2007-12-12 16:41:56   --- E O F ---

10

Tech Clinic / Computers infected with a trojan or something

« on: December 30, 2007, 02:16:17 PM »

ok well i guess last night i accidently installed something with a virus and now whenever i open up internet explorer or even windows explorer a box pops up titles System Error! and saying Your PC was infected by an unknown trojan. Its dangerous for your system(critical files can be lost)! Click ok to download the antispyware program to clean your system!(Recommended)

Also if i search for something like in google or whatever like it brings up porn advertisements saying Error! Your browser was hijacked! Some results was changed by porn advertising! You need to clean your system immediatly to prevent it. Download the newest antispyware software!
And if you click it it goes to files-secure.com


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:05:05 PM, on 12/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = 4O_MMSBSoftware\Microsoft\Internet Explorer\MainSearch Bar
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: player addon - {1E40AD15-4280-428A-9A26-AB96F9DA2ACE} - C:\WINDOWS\oggview32.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {8CDFEC33-C98C-491F-AEBB-367588E5161D} - C:\WINDOWS\system32\geedd.dll (file missing)
O2 - BHO: (no name) - {E19E670A-037B-44B3-B04F-CDC20E31092A} - C:\WINDOWS\system32\jkklj.dll (file missing)
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O22 - SharedTaskScheduler: (no name) - {FB153DCE-822E-47ec-8D00-2706E7864B37} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6569 bytes

11

Tech Clinic / my hijackthis log please help me

« on: November 07, 2005, 01:06:18 AM »

uhh where it says Decription it says Microsoft Register Server

12

Tech Clinic / my hijackthis log please help me

« on: November 07, 2005, 12:43:11 AM »

File:      winmodem.exe
Status:    
MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.)
MD5    918ddfd8bc911a72967aa0d78642fe43
Packers detected:    
UPX
Scanner results
AntiVir    
Found nothing
ArcaVir    
Found nothing
Avast    
Found nothing
AVG Antivirus    
Found nothing
BitDefender    
Found nothing
ClamAV    
Found nothing
Dr.Web    
Found nothing
F-Prot Antivirus    
Found nothing
Fortinet    
Found nothing
Kaspersky Anti-Virus    
Found nothing
NOD32    
Found nothing
Norman Virus Control    
Found nothing
UNA    
Found nothing
VBA32    
Found nothing

13

Tech Clinic / my hijackthis log please help me

« on: November 06, 2005, 09:02:55 PM »

Everything's working perfectly thank you so much for helping me out.

14

Tech Clinic / my hijackthis log please help me

« on: November 05, 2005, 10:23:31 AM »

Logfile of HijackThis v1.99.1
Scan saved at 9:23:12 AM, on 11/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://skateperception.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://mysa.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://mysa.com
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1125824763578
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

15

Tech Clinic / my hijackthis log please help me

« on: November 05, 2005, 10:21:36 AM »

I still get this message everytime I try to fix it.

An unexpected error has occurred at procedure: modBackup_MakeBackup(sItem=O20 - AppInit_DLLs: msconfd.dll)
Error #5 - Invalid procedure call or argument

Please email me at [email protected], reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2900.2180
HijackThis version: 1.99.1

This message has been copied to your clipboard.
Click OK to continue the rest of the scan.

16

Tech Clinic / my hijackthis log please help me

« on: November 04, 2005, 02:01:43 AM »

Logfile of HijackThis v1.99.1
Scan saved at 1:00:12 AM, on 11/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://skateperception.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://mysa.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://mysa.com
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common

Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe"

startup
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer

A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec

Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator

5\DirectCD\DirectCD.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program

Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage

Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program

Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdat.../muweb_site.cab?

1125824763578
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: msconfd.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -

C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program

Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -

C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc.

- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. -

C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network

Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\System32\nvsvc32.exe















---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:         12:53:02 AM, 11/4/2005
 + Report-Checksum:      5093A8C2

 + Scan result:

   HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{38D4D5D0-423E-4220-B6F9-30918C2AE4A4} -> Spyware.BetterInternet : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{38D4D5D0-423E-4220-B6F9-30918C2AE4A4}\Control\\CI -> Spyware.BetterInternet : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07} -> Spyware.SaveNow : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{CF021F40-3E14-23A5-CBA2-7173706D1316} -> Spyware.MakeMeSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{C285D18D-43A2-4AEF-83FB-BF280E660A97} -> Spyware.SaveNow : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{CF021F3F-3E14-23A5-CBA2-7173706D1316} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{CF021F3F-3E14-23A5-CBA2-7173706D1316}\TypeLib\\ -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{D6188A7D-376C-4970-91AD-675BFCF3762E}\TypeLib\\ -> Spyware.BetterInternet : Cleaned with backup
   HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
   HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
   HKLM\SOFTWARE\Classes\MSEvents.MSEvents -> Spyware.VirtuMonde : Cleaned with backup
   HKLM\SOFTWARE\Classes\MSEvents.MSEvents\CLSID -> Spyware.VirtuMonde : Cleaned with backup
   HKLM\SOFTWARE\Classes\MSEvents.MSEvents\CurVer -> Spyware.VirtuMonde : Cleaned with backup
   HKLM\SOFTWARE\Classes\MSEvents.MSEvents.1 -> Spyware.VirtuMonde : Cleaned with backup
   HKLM\SOFTWARE\Classes\RunMSC.Loader\CLSID\\ -> Spyware.SaveNow : Cleaned with backup
   HKLM\SOFTWARE\Classes\RunMSC.Loader.1\CLSID\\ -> Spyware.SaveNow : Cleaned with backup
   HKLM\SOFTWARE\Classes\SPM1316.SPM1316 -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\SPM1316.SPM1316\CurVer -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\SPM1316.SPM1316.1 -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\SPM1316.SPM1316.1\CLSID\\ -> Spyware.MakeMeSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\TypeLib\{8EA362BD-39CB-40F5-9226-73CD40999095} -> Spyware.BetterInternet : Cleaned with backup
   HKLM\SOFTWARE\Classes\TypeLib\{CF021F32-3E14-23A5-CBA2-7173706D1316} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{38D4D5D0-423E-4220-B6F9-30918C2AE4A4} -> Spyware.BetterInternet : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/version.txt\\.Owner -> Spyware.iSearch : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/version.txt\\{1C78AB3F-A857-482E-80C0-3A1E5238A565} -> Spyware.iSearch : Cleaned with backup
   HKLM\SOFTWARE\Need2Find -> Spyware.Need2Find : Cleaned with backup
   HKLM\SOFTWARE\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
   HKLM\SOFTWARE\Need2Find\bar\Partner -> Spyware.Need2Find : Cleaned with backup
   HKU\S-1-5-21-527237240-879983540-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CF021F40-3E14-23A5-CBA2-7173706D1316} -> Spyware.MakeMeSearch : Cleaned with backup
   HKU\S-1-5-21-527237240-879983540-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1C78AB3F-A857-482E-80C0-3A1E5238A565} -> Spyware.iSearch : Cleaned with backup
   HKU\S-1-5-21-527237240-879983540-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0519A9C9-064A-4CBC-BC47-D0EACD581477} -> Spyware.Icoo : Cleaned with backup
   HKU\S-1-5-21-527237240-879983540-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{38D4D5D0-423E-4220-B6F9-30918C2AE4A4} -> Spyware.BetterInternet : Cleaned with backup
   HKU\S-1-5-21-527237240-879983540-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{465A59EC-20E5-4FCA-A38A-E5EC3C480218} -> Spyware.Icoo : Cleaned with backup
   HKU\S-1-5-21-527237240-879983540-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CF021F40-3E14-23A5-CBA2-7173706D1316} -> Spyware.MakeMeSearch : Cleaned with backup
   HKU\S-1-5-21-527237240-879983540-839522115-1003\Software\Need2Find -> Spyware.Need2Find : Cleaned with backup
   HKU\S-1-5-21-527237240-879983540-839522115-1003\Software\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
   [268] C:\WINDOWS\system32\msconfd.dll -> Spyware.Hijacker.Generic : Cleaned with backup
   [312] C:\WINDOWS\system32\msconfd.dll -> Spyware.Hijacker.Generic : Error during cleaning
   [324] C:\WINDOWS\system32\msconfd.dll -> Spyware.Hijacker.Generic : Error during cleaning
   [476] C:\WINDOWS\system32\msconfd.dll -> Spyware.Hijacker.Generic : Error during cleaning
   [540] C:\WINDOWS\system32\msconfd.dll -> Spyware.Hijacker.Generic : Error during cleaning
   [588] C:\WINDOWS\system32\msconfd.dll -> Spyware.Hijacker.Generic : Error during cleaning
   [792] C:\WINDOWS\system32\msconfd.dll -> Spyware.Hijacker.Generic : Error during cleaning
   [1060] C:\WINDOWS\system32\msconfd.dll -> Spyware.Hijacker.Generic : Error during cleaning
   :mozilla.6:C:\Documents and Settings\Aaron\Application Data\Phoenix\Profiles\default\agpc3ldc.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.7:C:\Documents and Settings\Aaron\Application Data\Phoenix\Profiles\default\agpc3ldc.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.8:C:\Documents and Settings\Aaron\Application Data\Phoenix\Profiles\default\agpc3ldc.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
   :mozilla.17:C:\Documents and Settings\Aaron\Application Data\Phoenix\Profiles\default\agpc3ldc.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   :mozilla.18:C:\Documents and Settings\Aaron\Application Data\Phoenix\Profiles\default\agpc3ldc.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   :mozilla.19:C:\Documents and Settings\Aaron\Application Data\Phoenix\Profiles\default\agpc3ldc.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
   :mozilla.91:C:\Documents and Settings\Aaron\Application Data\Phoenix\Profiles\default\agpc3ldc.slt\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
   :mozilla.92:C:\Documents and Settings\Aaron\Application Data\Phoenix\Profiles\default\agpc3ldc.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
   :mozilla.93:C:\Documents and Settings\Aaron\Application Data\Phoenix\Profiles\default\agpc3ldc.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
   :mozilla.94:C:\Documents and Settings\Aaron\Application Data\Phoenix\Profiles\default\agpc3ldc.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
   :mozilla.95:C:\Documents and Settings\Aaron\Application Data\Phoenix\Profiles\default\agpc3ldc.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
   :mozilla.96:C:\Documents and Settings\Aaron\Application Data\Phoenix\Profiles\default\agpc3ldc.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
   :mozilla.98:C:\Documents and Settings\Aaron\Application Data\Phoenix\Profiles\default\agpc3ldc.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.99:C:\Documents and Settings\Aaron\Application Data\Phoenix\Profiles\default\agpc3ldc.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.100:C:\Documents and Settings\Aaron\Application Data\Phoenix\Profiles\default\agpc3ldc.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   :mozilla.102:C:\Documents and Settings\Aaron\Application Data\Phoenix\Profiles\default\agpc3ldc.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.103:C:\Documents and Settings\Aaron\Application Data\Phoenix\Profiles\default\agpc3ldc.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.104:C:\Documents and Settings\Aaron\Application Data\Phoenix\Profiles\default\agpc3ldc.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.105:C:\Documents and Settings\Aaron\Application Data\Phoenix\Profiles\default\agpc3ldc.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   :mozilla.106:C:\Documents and Settings\Aaron\Application Data\Phoenix\Profiles\default\agpc3ldc.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
   C:\Program Files\Microsoft AntiSpyware\Quarantine\423FE045-27B3-4FD7-BCFE-746203\5016609A-178E-4305-82AE-567D22 -> Adware.CommAd : Cleaned with backup
   C:\Program Files\Microsoft AntiSpyware\Quarantine\4C5DF0F9-3E01-4700-84CA-210DE0\78A4A0F7-F51B-44B4-932A-F1406A -> Trojan.Agent.fc : Cleaned with backup
   C:\Program Files\Microsoft AntiSpyware\Quarantine\A6E6A86B-F2A6-47E2-8F90-E5F5AF\71B02B18-95F4-448C-9194-C5299D -> Spyware.SafeSurfing : Cleaned with backup
   C:\quarantine\A0281826.exe.Vir -> Adware.BetterInternet : Error during cleaning
   C:\quarantine\thin-137-3-x-x.exe.Vir -> Adware.BetterInternet : Error during cleaning
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP694\A0273297.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP694\A0274297.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP696\A0274461.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP697\A0274624.exe -> TrojanDropper.VB.fv : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP697\A0274634.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP697\A0274644.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP698\A0274719.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP699\A0274755.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP699\A0274802.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP701\A0274907.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP702\A0275091.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP703\A0275135.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP706\A0275281.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP706\A0275295.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP706\A0275315.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP707\A0275338.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP707\A0275350.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP707\A0275370.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP707\A0275442.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP708\A0275540.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP708\A0275554.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP708\A0275596.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP709\A0275666.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP712\A0275805.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP712\A0275822.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP714\A0275929.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP715\A0275981.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP716\A0276032.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP719\A0276136.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP719\A0276191.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP721\A0276263.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP721\A0276344.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP723\A0276439.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP723\A0276490.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP724\A0276530.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP724\A0276557.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP724\A0276593.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP725\A0276657.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP725\A0276875.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP726\A0276901.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP726\A0277899.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP726\A0277918.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP726\A0277927.ini -> TrojanSpy.Tofger.ini : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP726\A0277934.dll -> TrojanDownloader.Agent.ga : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP726\A0277945.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP726\A0277981.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP728\A0278044.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP730\A0278111.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP730\A0278254.dll -> Spyware.WildTangent : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP730\A0278264.dll -> Spyware.WildTangent : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP730\A0278274.dll -> Spyware.WildTangent : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP730\A0278277.dll -> Spyware.WildTangent : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP730\A0278292.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP730\A0278310.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP730\A0278334.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP731\A0278369.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP731\A0278401.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP732\A0278478.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP735\A0278517.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP781\A0288024.dll -> TrojanDownloader.Agent.yb : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP782\A0289079.exe -> Trojan.Small.ge : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP782\A0289151.dll -> TrojanDownloader.Agent.yb : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP783\A0289225.dll -> Spyware.Wheaterbug : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP786\A0290579.exe -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP787\A0291759.exe -> TrojanDownloader.Zlob.ap : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP787\A0291761.exe -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP787\A0291768.dll -> Spyware.Virtumonde : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP787\A0292815.dll -> Dialer.Generic : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP787\A0292816.exe -> TrojanDownloader.Harnig.a : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP787\A0292817.dll -> TrojanDownloader.ConHook.k : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP787\A0292873.dll -> Spyware.HotSearchBar : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP787\A0292874.dll -> Trojan.Agent.fc : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP787\A0292876.exe -> Spyware.ISearch : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP787\A0292877.dll -> Dialer.Generic : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP787\A0292878.dll -> Dialer.Generic : Cleaned with backup
   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP787\A0292881.dll -> Spyware.CommAd : Cleaned with backup
   C:\WINDOWS\SYSTEM32\msconfd.dll -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\SYSTEM32\netlanm.dll -> Spyware.SafeSurfing : Cleaned with backup


::Report End

17

Tech Clinic / my hijackthis log please help me

« on: November 03, 2005, 01:04:56 AM »

Heres my new log.

Logfile of HijackThis v1.99.1
Scan saved at 12:03:46 AM, on 11/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://skateperception.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://mysa.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://mysa.com
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [rundll32] C:\windows\rundll32.exe
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1125824763578
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: msconfd.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

18

Tech Clinic / my hijackthis log please help me

« on: November 02, 2005, 08:04:26 PM »

when I was fixing the problems with hijackthis in safe mode i got this error

An unexpected error has occurred at procedure: modBackup_MakeBackup(sItem=O20 - AppInit_DLLs: msconfd.dll)
Error #5 - Invalid procedure call or argument

Please email me at [email protected], reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2900.2180
HijackThis version: 1.99.1

This message has been copied to your clipboard.
Click OK to continue the rest of the scan.




Here is the rest of the stuff though.

NEW HIJACKTHIS LOG

Logfile of HijackThis v1.99.1
Scan saved at 6:51:37 PM, on 11/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\hmfosiw.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://skateperception.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://skateperception.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://skateperception.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://mysa.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://mysa.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\System32\svcinit.exe
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\ServicePackFiles\nutvga.dll (file missing)
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [XoftSpy] C:\Program Files\XoftSpy\XoftSpy.exe -s
O4 - HKLM\..\Run: [windows auto update] msblast.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QD FastAndSafe] C:\WINDOWS\System32\mstaskm.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [Online Service] C:\WINDOWS\SYSTEM32\DLLCACHE\svchost.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MsSystem] c:\msdos.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Microsoft Helper Service] C:\WINDOWS\System32\mstaskm.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [rundll32] C:\windows\rundll32.exe
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [loader] C:\WINDOWS\loader.exe
O4 - HKCU\..\Run: [iedll] C:\WINDOWS\iedll.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1125824763578
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O19 - User stylesheet:  (file missing)
O20 - AppInit_DLLs: msconfd.dll
O20 - Winlogon Notify: nutvga - C:\WINDOWS\ServicePackFiles\nutvga.dll (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\hmfosiw.exe

ACTIVE SCAN REPORT


Incident                      Status                        Location                                                                                                                                                                                                                                                        

Adware:adware/securityerror   No disinfected                C:\Documents and Settings\All Users.WINDOWS\Start Menu\Online Security Center.url                                                                                                                                                                              
Adware:adware/gator           No disinfected                C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\GStartup.lnk                                                                                                                                                                            
Possible Virus.               No disinfected                C:\Program Files\2Wire\sy_apps\dllupdate.exe                                                                                                                                                                                                                    
Adware:Adware/CommAd          No disinfected                C:\Program Files\Microsoft AntiSpyware\Quarantine\423FE045-27B3-4FD7-BCFE-746203\5016609A-178E-4305-82AE-567D22                                                                                                                                                
Adware:Adware/Aurora          No disinfected                C:\Program Files\Microsoft AntiSpyware\Quarantine\4C5DF0F9-3E01-4700-84CA-210DE0\78A4A0F7-F51B-44B4-932A-F1406A                                                                                                                                                
Spyware:Spyware/SafeSurf      No disinfected                C:\Program Files\Microsoft AntiSpyware\Quarantine\A6E6A86B-F2A6-47E2-8F90-E5F5AF\71B02B18-95F4-448C-9194-C5299D                                                                                                                                                
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP693\A0272263.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP693\A0272297.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP694\A0273297.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP694\A0274297.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP696\A0274461.dll                                                                                                                                                                  
Adware:Adware/KoolBar         No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP697\A0274624.exe                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP697\A0274634.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP697\A0274644.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP698\A0274719.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP699\A0274755.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP699\A0274802.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP701\A0274907.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP702\A0275091.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP703\A0275135.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP706\A0275281.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP706\A0275295.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP706\A0275315.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP707\A0275338.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP707\A0275350.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP707\A0275370.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP707\A0275442.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP708\A0275540.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP708\A0275554.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP708\A0275596.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP709\A0275666.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP712\A0275805.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP712\A0275822.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP714\A0275929.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP715\A0275981.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP716\A0276032.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP719\A0276136.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP719\A0276191.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP721\A0276263.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP721\A0276344.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP723\A0276439.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP723\A0276490.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP724\A0276530.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP724\A0276557.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP724\A0276593.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP725\A0276657.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP725\A0276875.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP726\A0276901.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP726\A0277899.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP726\A0277918.dll                                                                                                                                                                  
Virus:Trojan Horse            Disinfected                   C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP726\A0277928.ini                                                                                                                                                                  
Adware:Adware/Tubby           No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP726\A0277934.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP726\A0277945.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP726\A0277981.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP728\A0278044.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP730\A0278111.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP730\A0278292.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP730\A0278310.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP730\A0278334.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP731\A0278369.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP731\A0278401.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP732\A0278478.dll                                                                                                                                                                  
Adware:Adware/Aurora          No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP735\A0278517.dll                                                                                                                                                                  
Adware:Adware/SaveNow         No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP779\A0287758.exe                                                                                                                                                                  
Adware:Adware/SaveNow         No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP780\A0287932.exe                                                                                                                                                                  
Adware:Adware/SecurityError   No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP781\A0288010.tlb                                                                                                                                                                  
Adware:Adware/SecurityError   No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP781\A0289010.tlb                                                                                                                                                                  
Adware:Adware/SecurityError   No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP781\A0289021.tlb                                                                                                                                                                  
Adware:Adware/SecurityError   No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP781\A0289034.tlb                                                                                                                                                                  
Adware:Adware/SecurityError   No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP781\A0289045.tlb                                                                                                                                                                  
Adware:Adware/SecurityError   No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP781\A0289054.tlb                                                                                                                                                                  
Adware:Adware/SecurityError   No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP782\A0289079.exe                                                                                                                                                                  
Adware:Adware/SecurityError   No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP782\A0289080.tlb                                                                                                                                                                  
Spyware:Spyware/Virtumonde    No disinfected                C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP787\A0291768.dll                                                                                                                                                                  
Virus:Trj/Ldpinch.JD          Disinfected                   C:\WINDOWS\assest.dll                                                                                                                                                                                                                                          
Adware:Adware/Aurora          No disinfected                C:\WINDOWS\jaaste.dll                                                                                                                                                                                                                                          
Possible Virus.               No disinfected                C:\WINDOWS\load.exe                                                                                                                                                                                                                                            
Virus:Trj/Downloader.BVH      Disinfected                   C:\WINDOWS\loadk32.exe                                                                                                                                                                                                                                          
Adware:Adware/ISearch         No disinfected                C:\WINDOWS\MTE3MTU6ODoxNg.exe                                                                                                                                                                                                                                  
Adware:Adware/CommAd          No disinfected                C:\WINDOWS\QWFyb24A\asappsrv.dll                                                                                                                                                                                                                                
Dialer:Dialer.CAL             No disinfected                C:\WINDOWS\sasent.dll                                                                                                                                                                                                                                          
Dialer:Dialer.CAL             No disinfected                C:\WINDOWS\sasetup.dll                                                                                                                                                                                                                                          
Adware:adware/secure32        No disinfected                C:\WINDOWS\secure32.html                                                                                                                                                                                                                                        
Possible Virus.               No disinfected                C:\WINDOWS\SYSTEM32\msconfd.dll                                                                                                                                                                                                                                
Adware:Adware/BigTrafficNet   No disinfected                C:\WINDOWS\SYSTEM32\nss9.dll                                                                                                                                                                                                                                    
Virus:Trj/Agent.AJK           Disinfected                   C:\WINDOWS\SYSTEM32\pmkhg.dll                                                                                                                                                                                                                                  
Dialer:Dialer.TY              No disinfected                C:\WINDOWS\winmodem.exe                          





VUNDOFIX TXT FILE

VundoFix V2.15 by Atri
--------------------------------------------------------------------------------------
 
Listing files contained in the vundofix folder.
--------------------------------------------------------------------------------------
 
killvundo.bat
process.exe
ReadMe.txt
vundo.reg
vundofix.txt
 
--------------------------------------------------------------------------------------
 
Filepaths entered
--------------------------------------------------------------------------------------
 
The filepath entered was C:\WINDOWS\ServicePackFiles\nutvga.dll
 
The second filepath entered was C:\WINDOWS\ServicePackFiles\agvtun
 
--------------------------------------------------------------------------------------
 
Log from Process
--------------------------------------------------------------------------------------
 

Killing PID 196 'smss.exe'

Error, Cannot find a process with an image name of explorer.exe


Killing PID 268 'winlogon.exe'
Killing PID 268 'winlogon.exe'
--------------------------------------------------------------------------------------
 
C:\WINDOWS\ServicePackFiles\nutvga.dll Deleted sucessfully.
C:\WINDOWS\ServicePackFiles\agvtun Deleted sucessfully.
 
Fixing Registry
--------------------------------------------------------------------------------------
 
                                                                                                                                                                                                             





SMITREM

   smitRem © log file
     version 2.7

     by noahdfear

The current date is: Wed 11/02/2005
The current time is: 16:41:08.96

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 checking for ShudderLTD key

ShudderLTD key not present!

 checking for PSGuard.com key

PSGuard.com key present!



 Running LTDFix/PSGuard.com fix!



PSGuard.com key was successfully removed! http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'\' />

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 Existing Pre-run Files


 ~~~ Program Files ~~~



 ~~~ Shortcuts ~~~

PSGuard.com


 ~~~ Favorites ~~~



 ~~~ system32 folder ~~~

msvol.tlb
mssearchnet.exe
ncompat.tlb
nvctrl.exe
mscornet.exe
oleext.dll


 ~~~ Icons in System32 ~~~



 ~~~ Windows directory ~~~



 ~~~ Drive root ~~~


 ~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



   Remaining Post-run Files


 ~~~ Program Files ~~~



 ~~~ Shortcuts ~~~



 ~~~ Favorites ~~~



 ~~~ system32 folder ~~~

oleext.dll


 ~~~ Icons in System32 ~~~



 ~~~ Windows directory ~~~



 ~~~ Drive root ~~~



 ~~~ Miscellaneous Files/folders ~~~




 ~~~ Wininet.dll ~~~

wininet.dll INFECTED!! http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'\' /> Starting replacement procedure.


~~~~ Looking for C:\WINDOWS\system32\dllcache\wininet.dll ~~~~


~~~~ C:\WINDOWS\system32\dllcache\wininet.dll Present! ~~~~


~~~~ Checking dllcache\wininet.dll for infection ~~~~


~~~~ dllcache\wininet.dll Clean! ~~~~

 ~~~ Replaced wininet.dll from dllcache ~~~



 ~~~ Upon reboot ~~~

wininet.old present!
oleadm.dll not present!
oleext.dll present!


 ~~~ Upon completion ~~~

wininet.old not present!
oleadm.dll not present!
oleext.dll not present!


~~~~ Rechecking C:\WINDOWS\system32\wininet.dll for infection ~~~~


~~~~ C:\WINDOWS\system32\wininet.dll Clean! http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'\' /> ~~~~

19

Tech Clinic / my hijackthis log please help me

« on: November 02, 2005, 06:33:41 PM »

ok I figured out how to get the safe mode working, I did everything and right now its doing the active scan, I'll post the scan report along with the rest of the stuff in a few minutes.

20

Tech Clinic / my hijackthis log please help me

« on: November 02, 2005, 10:23:31 AM »

sorry if im being impatient again but im bumping it so you dont forget about me.