Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - natro charlo

Pages: [1]
1
Tech Clinic / lots of trojans
« on: May 04, 2008, 06:02:10 PM »
Deckard's System Scanner v20071014.68
Run by Administrator on 2008-05-04 19:03:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:03:26 PM, on 5/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\WINDOWS\system32\rsvp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ADMINI~1.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Intel® Alert Service (AlertService) - Unknown owner - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (file missing)
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Intel® Quick Resume technology (ELService) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel® Viiv(tm) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

--
End of file - 4122 bytes

-- Files created between 2008-04-04 and 2008-05-04 -----------------------------

2008-05-04 16:43:06         0 d-------- C:\Program Files\Avira
2008-05-04 16:43:06         0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-04 14:20:12       430 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-04 14:19:38     25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-04 14:19:38    289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-05-04 14:19:38     86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-05-04 14:19:38    288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-05-04 14:19:38     82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-04 14:19:38     51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-04 14:19:38     82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-04 14:19:37     53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-05-03 07:59:39         0 d-------- C:\Program Files\Ultra MP3 CD Burner
2008-05-03 00:33:52         0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-03 00:33:52         0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-01 20:38:26         0 d-------- C:\cabs
2008-05-01 20:38:17  24519680 --a------ C:\Program Files\D00643-001-001.exe
2008-05-01 20:03:24         0 d-------- C:\Documents and Settings\Administrator\Application Data\teamspeak2
2008-05-01 20:03:13         0 d-------- C:\Program Files\Teamspeak2_RC2
2008-05-01 19:56:24         0 d-------- C:\Documents and Settings\Administrator\Application Data\Aim
2008-05-01 19:56:18         0 d-------- C:\Program Files\Viewpoint
2008-05-01 19:56:17         0 d-------- C:\Program Files\AOD
2008-05-01 19:56:15         0 d-------- C:\Program Files\AIM
2008-04-30 21:13:12     68096 --a------ C:\WINDOWS\zip.exe
2008-04-30 21:13:12     49152 --a------ C:\WINDOWS\VFind.exe
2008-04-30 21:13:12    212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-30 21:13:12    136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-30 21:13:12    161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-30 21:13:12     98816 --a------ C:\WINDOWS\sed.exe
2008-04-30 21:13:12     80412 --a------ C:\WINDOWS\grep.exe
2008-04-30 21:13:12     73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-29 23:33:17         0 d-------- C:\Documents and Settings\Administrator\Application Data\WinRAR
2008-04-29 23:29:55         0 d-------- C:\Documents and Settings\Administrator\Application Data\BitTorrent
2008-04-29 23:29:21         0 d-------- C:\Program Files\DNA
2008-04-29 23:29:21         0 d-------- C:\Program Files\BitTorrent
2008-04-29 23:29:21         0 d-------- C:\Documents and Settings\Administrator\Application Data\DNA
2008-04-29 23:27:11         0 d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-04-29 23:27:07         0 d-------- C:\Program Files\Uniblue
2008-04-29 23:11:39         0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-04-29 23:11:35         0 d-------- C:\Program Files\Security Task Manager
2008-04-29 22:41:30         0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-29 22:41:25         0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-29 22:41:25         0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-04-29 22:40:04         0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-29 21:27:37         0 d-------- C:\Program Files\Trend Micro
2008-04-29 20:06:57         0 d-------- C:\WINDOWS\BDOSCAN8
2008-04-29 18:40:22         0 d-------- C:\Program Files\TweakNow RegCleaner Std
2008-04-29 18:33:54         0 d-------- C:\WINDOWS\SxsCaPendDel
2008-04-29 18:15:13         0 d-------- C:\WINDOWS\pss
2008-04-17 11:58:32         0 d-------- C:\Program Files\iPod


-- Find3M Report ---------------------------------------------------------------

2008-05-01 19:06:59         0 d-------- C:\Program Files\Messenger
2008-05-01 19:06:58         0 d-------- C:\Program Files\iTunes
2008-05-01 19:06:58         0 d-------- C:\Program Files\Digital Media Reader
2008-04-30 16:13:18      6754 --a------ C:\Documents and Settings\Administrator\Application Data\wklnhst.dat
2008-04-29 23:17:46         0 d-------- C:\Program Files\Intel
2008-04-29 22:40:04         0 d-------- C:\Program Files\Common Files
2008-04-29 22:23:43         0 d-------- C:\Program Files\Google
2008-04-29 22:09:33         0 d-------- C:\Program Files\Java
2008-04-29 22:08:07         0 d-------- C:\Program Files\Netscape Internet Service
2008-04-29 22:07:52         0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-29 22:07:52         0 d-------- C:\Program Files\CyberLink
2008-04-29 22:04:19         0 d-------- C:\Program Files\Common Files\AOL
2008-04-29 21:59:34         0 d-------- C:\Program Files\The Weather Channel FW
2008-04-29 21:57:01         0 d-------- C:\Program Files\Common Files\Real
2008-04-29 18:28:12         0 d-------- C:\Program Files\Hewlett-Packard
2008-04-29 18:27:18         0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-02-12 15:56:24      1158 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [01/05/2006 05:28 AM]
"SigmatelSysTrayApp"="sttray.exe" []
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [02/12/2008 10:06 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [04/29/2008 11:29 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Awola]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gateway Extended Warranty]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gateway Registration]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NMSSupport]
"C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet /keeploaded /nodetect

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrnSys Executable]
C:\Program Files\Hewlett-Packard\hp print screen utility\PrnSys.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask            .exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\readericon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
%WINDIR%\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
%WINDIR%\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
sttray.exe




-- End of Deckard's System Scanner: finished at 2008-05-04 19:03:44 ------------



seems to be running really good and smooth

2
Tech Clinic / lots of trojans
« on: May 04, 2008, 04:08:48 PM »
Avira AntiVir Personal
Report file date: Sunday, May 04, 2008  16:47

Scanning for 1248213 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (Service Pack 2)  [5.1.2600]
Boot mode:        Normally booted
Username:         SYSTEM
Computer name:    YOUR-776A965251

Version information:
BUILD.DAT     : 8.1.00.295      16479 Bytes    4/9/2008 16:24:00
AVSCAN.EXE    : 8.1.2.12       311553 Bytes   3/18/2008 15:02:56
AVSCAN.DLL    : 8.1.1.0         53505 Bytes    2/7/2008 14:43:37
LUKE.DLL      : 8.1.2.9        151809 Bytes   2/28/2008 14:41:23
LUKERES.DLL   : 8.1.2.1         12033 Bytes   2/21/2008 14:28:40
ANTIVIR0.VDF  : 6.40.0.0     11030528 Bytes   7/18/2007 16:33:34
ANTIVIR1.VDF  : 7.0.3.2       5447168 Bytes    3/7/2008 19:08:58
ANTIVIR2.VDF  : 7.0.3.197     1260032 Bytes   4/22/2008 20:44:39
ANTIVIR3.VDF  : 7.0.3.243      276992 Bytes    5/2/2008 20:44:41
Engineversion : 8.1.0.37  
AEVDF.DLL     : 8.1.0.5        102772 Bytes   2/25/2008 15:58:21
AESCRIPT.DLL  : 8.1.0.28       233851 Bytes    5/4/2008 20:44:55
AESCN.DLL     : 8.1.0.15       119157 Bytes    5/4/2008 20:44:54
AERDL.DLL     : 8.1.0.20       418165 Bytes    5/4/2008 20:44:53
AEPACK.DLL    : 8.1.1.4        364918 Bytes    5/4/2008 20:44:51
AEOFFICE.DLL  : 8.1.0.18       192890 Bytes    5/4/2008 20:44:49
AEHEUR.DLL    : 8.1.0.21      1196407 Bytes    5/4/2008 20:44:48
AEHELP.DLL    : 8.1.0.14       115063 Bytes    5/4/2008 20:44:44
AEGEN.DLL     : 8.1.0.18       299381 Bytes    5/4/2008 20:44:43
AEEMU.DLL     : 8.1.0.5        430450 Bytes    4/7/2008 21:34:43
AECORE.DLL    : 8.1.0.27       168310 Bytes    5/4/2008 20:44:42
AVWINLL.DLL   : 1.0.0.7         14593 Bytes   1/23/2008 23:07:53
AVPREF.DLL    : 8.0.0.1         25857 Bytes   2/18/2008 16:37:50
AVREP.DLL     : 7.0.0.1        155688 Bytes   4/16/2007 19:26:47
AVREG.DLL     : 8.0.0.0         30977 Bytes   1/23/2008 23:07:49
AVARKT.DLL    : 1.0.0.23       307457 Bytes   2/12/2008 14:29:23
AVEVTLOG.DLL  : 8.0.0.11       114945 Bytes   2/28/2008 14:31:31
SQLITE3.DLL   : 3.3.17.1       339968 Bytes   1/22/2008 23:28:02
SMTPLIB.DLL   : 1.2.0.19        28929 Bytes   1/23/2008 23:08:39
NETNT.DLL     : 8.0.0.1          7937 Bytes   1/25/2008 18:05:10
RCIMAGE.DLL   : 8.0.0.35      2371841 Bytes   3/10/2008 20:37:25
RCTEXT.DLL    : 8.0.32.0        86273 Bytes    3/6/2008 18:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Sunday, May 04, 2008  16:47

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'rsvp.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'Remote UI Service.exe' - '1' Module(s) have been scanned
Scan process 'mediaserver.exe' - '1' Module(s) have been scanned
Scan process 'MCLServiceATL.exe' - '1' Module(s) have been scanned
Scan process 'ISSM.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'btdna.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
32 processes with 32 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
      [INFO]      No virus was found!
Master boot sector HD1
      [INFO]      No virus was found!
      [WARNING]   The device is not ready.
Master boot sector HD2
      [INFO]      No virus was found!
      [WARNING]   The device is not ready.
Master boot sector HD3
      [INFO]      No virus was found!
      [WARNING]   The device is not ready.
Master boot sector HD4
      [INFO]      No virus was found!
      [WARNING]   The device is not ready.

Start scanning boot sectors:
Boot sector 'C:\'
      [INFO]      No virus was found!
Boot sector 'D:\'
      [INFO]      No virus was found!

Starting to scan the registry.
The registry was scanned ( '17' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
      [WARNING]   The file could not be opened!
C:\pagefile.sys
      [WARNING]   The file could not be opened!
C:\Documents and Settings\Administrator\Desktop\mohaa\wambot.exe
      [DETECTION] Is the Trojan horse TR/Dloader.ATQ
      [WARNING]   The file was ignored!
C:\_OTMoveIt\MovedFiles\05042008_141143\rkDw.0xe
      [DETECTION] Is the Trojan horse TR/Renos.19456.15
      [NOTE]      The file was moved to '486224b8.qua'!
C:\_OTMoveIt\MovedFiles\05042008_141143\Documents and Settings\Administrator\Application Data\etbruiyrqm .0xe
      [DETECTION] Is the Trojan horse TR/Renos.19456.15
      [NOTE]      The file was moved to '488024c3.qua'!
C:\_OTMoveIt\MovedFiles\05042008_141143\Documents and Settings\Administrator\Application Data\etbruiyrqm.0xe
      [DETECTION] Is the Trojan horse TR/Renos.19456.15
      [NOTE]      The file was moved to '488024c5.qua'!
C:\_OTMoveIt\MovedFiles\05042008_141143\Documents and Settings\Administrator\Application Data\eyouk .0xe
      [DETECTION] Is the Trojan horse TR/Renos.19456.15
      [NOTE]      The file was moved to '488d24cd.qua'!
C:\_OTMoveIt\MovedFiles\05042008_141143\Documents and Settings\Administrator\Application Data\eyouk.0xe
      [DETECTION] Is the Trojan horse TR/Renos.19456.15
      [NOTE]      The file was moved to '488d24cf.qua'!
C:\_OTMoveIt\MovedFiles\05042008_141143\Documents and Settings\Administrator\Application Data\fxyebvgcwzy .0xe
      [DETECTION] Is the Trojan horse TR/Renos.19456.15
      [NOTE]      The file was moved to '489724d0.qua'!
C:\_OTMoveIt\MovedFiles\05042008_141143\Documents and Settings\Administrator\Application Data\fxyebvgcwzy.0xe
      [DETECTION] Is the Trojan horse TR/Renos.19456.15
      [NOTE]      The file was moved to '489724d3.qua'!
C:\_OTMoveIt\MovedFiles\05042008_141143\Documents and Settings\Administrator\Application Data\pqmvhtkhi.0xe
      [DETECTION] Is the Trojan horse TR/Renos.19456.15
      [NOTE]      The file was moved to '488b24ce.qua'!
C:\_OTMoveIt\MovedFiles\05042008_141143\Documents and Settings\Administrator\Application Data\ssmm .0xe
      [DETECTION] Is the Trojan horse TR/Renos.19456.15
      [NOTE]      The file was moved to '488b24d2.qua'!
C:\_OTMoveIt\MovedFiles\05042008_141143\Documents and Settings\Administrator\Application Data\ssmm.0xe
      [DETECTION] Is the Trojan horse TR/Renos.19456.15
      [NOTE]      The file was moved to '488b24d4.qua'!
C:\_OTMoveIt\MovedFiles\05042008_141143\Documents and Settings\Administrator\Application Data\zjbstyocxdbf .0xe
      [DETECTION] Is the Trojan horse TR/Renos.19456.15
      [NOTE]      The file was moved to '488024cc.qua'!
C:\_OTMoveIt\MovedFiles\05042008_141143\Documents and Settings\Administrator\Application Data\zjbstyocxdbf.0xe
      [DETECTION] Is the Trojan horse TR/Renos.19456.15
      [NOTE]      The file was moved to '488024ce.qua'!
Begin scan in 'D:\' <RECOVERY>


End of the scan: Sunday, May 04, 2008  17:06
Used time: 19:16 min

The scan has been done completely.

   4998 Scanning directories
 214523 Files were scanned
     13 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
     12 files were moved to quarantine
      0 files were renamed
      2 Files cannot be scanned
 214510 Files not concerned
  14282 Archives were scanned
      7 Warnings
     12 Notes



Deckard's System Scanner v20071014.68
Run by Administrator on 2008-05-04 17:10:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:10:15 PM, on 5/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\WINDOWS\system32\rsvp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ADMINI~1.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Intel® Alert Service (AlertService) - Unknown owner - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (file missing)
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Intel® Quick Resume technology (ELService) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel® Viiv(tm) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

--
End of file - 4155 bytes

-- Files created between 2008-04-04 and 2008-05-04 -----------------------------

2008-05-04 16:43:06         0 d-------- C:\Program Files\Avira
2008-05-04 16:43:06         0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-04 14:20:12       430 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-04 14:19:38     25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-04 14:19:38    289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-05-04 14:19:38     86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-05-04 14:19:38    288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-05-04 14:19:38     82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-04 14:19:38     51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-04 14:19:38     82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-04 14:19:37     53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-05-03 07:59:39         0 d-------- C:\Program Files\Ultra MP3 CD Burner
2008-05-03 00:33:52         0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-03 00:33:52         0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-01 20:38:26         0 d-------- C:\cabs
2008-05-01 20:38:17  24519680 --a------ C:\Program Files\D00643-001-001.exe
2008-05-01 20:03:24         0 d-------- C:\Documents and Settings\Administrator\Application Data\teamspeak2
2008-05-01 20:03:13         0 d-------- C:\Program Files\Teamspeak2_RC2
2008-05-01 19:56:24         0 d-------- C:\Documents and Settings\Administrator\Application Data\Aim
2008-05-01 19:56:18         0 d-------- C:\Program Files\Viewpoint
2008-05-01 19:56:17         0 d-------- C:\Program Files\AOD
2008-05-01 19:56:15         0 d-------- C:\Program Files\AIM
2008-04-30 21:13:12     68096 --a------ C:\WINDOWS\zip.exe
2008-04-30 21:13:12     49152 --a------ C:\WINDOWS\VFind.exe
2008-04-30 21:13:12    212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-30 21:13:12    136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-30 21:13:12    161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-30 21:13:12     98816 --a------ C:\WINDOWS\sed.exe
2008-04-30 21:13:12     80412 --a------ C:\WINDOWS\grep.exe
2008-04-30 21:13:12     73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-29 23:33:17         0 d-------- C:\Documents and Settings\Administrator\Application Data\WinRAR
2008-04-29 23:29:55         0 d-------- C:\Documents and Settings\Administrator\Application Data\BitTorrent
2008-04-29 23:29:21         0 d-------- C:\Program Files\DNA
2008-04-29 23:29:21         0 d-------- C:\Program Files\BitTorrent
2008-04-29 23:29:21         0 d-------- C:\Documents and Settings\Administrator\Application Data\DNA
2008-04-29 23:27:11         0 d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-04-29 23:27:07         0 d-------- C:\Program Files\Uniblue
2008-04-29 23:11:39         0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-04-29 23:11:35         0 d-------- C:\Program Files\Security Task Manager
2008-04-29 22:41:30         0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-29 22:41:25         0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-29 22:41:25         0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-04-29 22:40:04         0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-29 21:27:37         0 d-------- C:\Program Files\Trend Micro
2008-04-29 20:06:57         0 d-------- C:\WINDOWS\BDOSCAN8
2008-04-29 18:40:22         0 d-------- C:\Program Files\TweakNow RegCleaner Std
2008-04-29 18:33:54         0 d-------- C:\WINDOWS\SxsCaPendDel
2008-04-29 18:15:13         0 d-------- C:\WINDOWS\pss
2008-04-17 11:58:32         0 d-------- C:\Program Files\iPod


-- Find3M Report ---------------------------------------------------------------

2008-05-01 19:06:59         0 d-------- C:\Program Files\Messenger
2008-05-01 19:06:58         0 d-------- C:\Program Files\iTunes
2008-05-01 19:06:58         0 d-------- C:\Program Files\Digital Media Reader
2008-04-30 16:13:18      6754 --a------ C:\Documents and Settings\Administrator\Application Data\wklnhst.dat
2008-04-29 23:17:46         0 d-------- C:\Program Files\Intel
2008-04-29 22:40:04         0 d-------- C:\Program Files\Common Files
2008-04-29 22:23:43         0 d-------- C:\Program Files\Google
2008-04-29 22:09:33         0 d-------- C:\Program Files\Java
2008-04-29 22:08:07         0 d-------- C:\Program Files\Netscape Internet Service
2008-04-29 22:07:52         0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-29 22:07:52         0 d-------- C:\Program Files\CyberLink
2008-04-29 22:04:19         0 d-------- C:\Program Files\Common Files\AOL
2008-04-29 21:59:34         0 d-------- C:\Program Files\The Weather Channel FW
2008-04-29 21:57:01         0 d-------- C:\Program Files\Common Files\Real
2008-04-29 18:28:12         0 d-------- C:\Program Files\Hewlett-Packard
2008-04-29 18:27:18         0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-02-12 15:56:24      1158 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [01/05/2006 05:28 AM]
"SigmatelSysTrayApp"="sttray.exe" []
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [02/12/2008 10:06 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [04/29/2008 11:29 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\909d1eba]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Awola]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM93ae2d26]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bnhfygw]
"C:\Documents and Settings\Administrator\My Documents\T?sks\r?gedit.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ealb]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
"C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
"C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gateway Extended Warranty]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gateway Registration]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NMSSupport]
"C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet /keeploaded /nodetect

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Prdwhxns]
"C:\Program Files\Common Files\A?pPatch\w?auclt.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrnSys Executable]
C:\Program Files\Hewlett-Packard\hp print screen utility\PrnSys.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask            .exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\readericon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
%WINDIR%\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
%WINDIR%\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
sttray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAble]

*Newly Created Service* - SSMDRV



-- End of Deckard's System Scanner: finished at 2008-05-04 17:10:33 ------------

3
Tech Clinic / lots of trojans
« on: May 04, 2008, 03:43:32 PM »
SmitFraudFix v2.319

Scan done at 14:20:07.78, Sun 05/04/2008
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1       localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{9A2F6998-1B52-4323-90C4-20C4CE87FF5B}: DhcpNameServer=208.31.142.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9A2F6998-1B52-4323-90C4-20C4CE87FF5B}: DhcpNameServer=208.31.142.2
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9A2F6998-1B52-4323-90C4-20C4CE87FF5B}: DhcpNameServer=208.31.142.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=208.31.142.2
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=208.31.142.2
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=208.31.142.2


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
 
Registry Cleaning done.
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

4
Tech Clinic / lots of trojans
« on: May 04, 2008, 01:13:59 PM »
C:\Documents and Settings\Administrator\Application Data\etbruiyrqm .0xe moved successfully.
C:\Documents and Settings\Administrator\Application Data\etbruiyrqm.0xe moved successfully.
C:\Documents and Settings\Administrator\Application Data\eyouk .0xe moved successfully.
C:\Documents and Settings\Administrator\Application Data\eyouk.0xe moved successfully.
C:\Documents and Settings\Administrator\Application Data\fxyebvgcwzy .0xe moved successfully.
C:\Documents and Settings\Administrator\Application Data\fxyebvgcwzy.0xe moved successfully.
C:\Documents and Settings\Administrator\Application Data\pqmvhtkhi.0xe moved successfully.
C:\Documents and Settings\Administrator\Application Data\ssmm .0xe moved successfully.
C:\Documents and Settings\Administrator\Application Data\ssmm.0xe moved successfully.
C:\Documents and Settings\Administrator\Application Data\zjbstyocxdbf .0xe moved successfully.
C:\Documents and Settings\Administrator\Application Data\zjbstyocxdbf.0xe moved successfully.
C:\rkDw.0xe moved successfully.
File/Folder C:\WINDOWS\system32\vtuussp.dll not found.
File/Folder C:\WINDOWS\system32\mllmj.dll not found.
File/Folder C:\WINDOWS\system32\xasxtl.dll not found.
 
OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05042008_141143

5
Tech Clinic / lots of trojans
« on: May 03, 2008, 03:58:00 PM »
C:\Program Files\McAfee\SpamKiller moved successfully.
C:\Program Files\McAfee moved successfully.
< [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\909d1eba] >
File/Folder [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\909d1eba] not found.
< [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM93ae2d26] >
File/Folder [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM93ae2d26] not found.
< [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bnhfygw] >
File/Folder [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bnhfygw] not found.
< [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ealb] >
File/Folder [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ealb] not found.
< [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager] >
File/Folder [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager] not found.
< [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB] >
File/Folder [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB] not found.
< [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load] >
File/Folder [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load] not found.
< [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Prdwhxns] >
File/Folder [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Prdwhxns] not found.
< [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1] >
File/Folder [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1] not found.
< [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] >
File/Folder [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] not found.
< [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAble] >
File/Folder [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAble] not found.
 
OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05032008_002933







-------------------------------------------------------------------------------
 KASPERSKY ONLINE SCANNER REPORT
 Saturday, May 03, 2008 5:50:10 PM
 Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
 Kaspersky Online Scanner version: 5.0.98.0
 Kaspersky Anti-Virus database last update:  3/05/2008
 Kaspersky Anti-Virus database records: 737641
-------------------------------------------------------------------------------

Scan Settings:
   Scan using the following antivirus database: extended
   Scan Archives: true
   Scan Mail Bases: true

Scan Target - My Computer:
   A:\
   C:\
   D:\
   E:\
   F:\
   G:\
   H:\
   I:\

Scan Statistics:
   Total number of scanned objects: 51129
   Number of viruses found: 1
   Number of infected objects: 12
   Number of suspicious objects: 0
   Duration of the scan process: 00:26:30

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Application Data\etbruiyrqm .0xe   Infected: not-virus:Hoax.Win32.Renos.aot   skipped
C:\Documents and Settings\Administrator\Application Data\etbruiyrqm.0xe   Infected: not-virus:Hoax.Win32.Renos.aot   skipped
C:\Documents and Settings\Administrator\Application Data\eyouk .0xe   Infected: not-virus:Hoax.Win32.Renos.aot   skipped
C:\Documents and Settings\Administrator\Application Data\eyouk.0xe   Infected: not-virus:Hoax.Win32.Renos.aot   skipped
C:\Documents and Settings\Administrator\Application Data\fxyebvgcwzy .0xe   Infected: not-virus:Hoax.Win32.Renos.aot   skipped
C:\Documents and Settings\Administrator\Application Data\fxyebvgcwzy.0xe   Infected: not-virus:Hoax.Win32.Renos.aot   skipped
C:\Documents and Settings\Administrator\Application Data\pqmvhtkhi.0xe   Infected: not-virus:Hoax.Win32.Renos.aot   skipped
C:\Documents and Settings\Administrator\Application Data\ssmm .0xe   Infected: not-virus:Hoax.Win32.Renos.aot   skipped
C:\Documents and Settings\Administrator\Application Data\ssmm.0xe   Infected: not-virus:Hoax.Win32.Renos.aot   skipped
C:\Documents and Settings\Administrator\Application Data\zjbstyocxdbf .0xe   Infected: not-virus:Hoax.Win32.Renos.aot   skipped
C:\Documents and Settings\Administrator\Application Data\zjbstyocxdbf.0xe   Infected: not-virus:Hoax.Win32.Renos.aot   skipped
C:\Documents and Settings\Administrator\Cookies\index.dat   Object is locked   skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat   Object is locked   skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012008050320080504\index.dat   Object is locked   skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat   Object is locked   skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\Administrator\NTUSER.DAT   Object is locked   skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG   Object is locked   skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log   Object is locked   skipped
C:\Documents and Settings\IUSR_NMPR\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\IUSR_NMPR\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\IUSR_NMPR\NTUSER.DAT   Object is locked   skipped
C:\Documents and Settings\IUSR_NMPR\ntuser.dat.LOG   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat   Object is locked   skipped
C:\Documents and Settings\LocalService\NTUSER.DAT   Object is locked   skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG   Object is locked   skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat   Object is locked   skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG   Object is locked   skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT   Object is locked   skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG   Object is locked   skipped
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\db\mb_collectiondb.mdb1   Object is locked   skipped
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\db\mb_collectiondb.mdb2   Object is locked   skipped
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\db\mb_collectionnameindex.mdb1   Object is locked   skipped
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\db\mb_collectionnameindex.mdb2   Object is locked   skipped
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\db\mb_collectionrevindex.mdb1   Object is locked   skipped
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\db\mb_collectionrevindex.mdb2   Object is locked   skipped
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\db\mb_collectiontypedateindex.mdb1   Object is locked   skipped
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\db\mb_collectiontypedateindex.mdb2   Object is locked   skipped
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\db\mb_collectiontypeindex.mdb1   Object is locked   skipped
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\db\mb_collectiontypeindex.mdb2   Object is locked   skipped
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\db\mb_collectiontypenameindex.mdb1   Object is locked   skipped
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\db\mb_collectiontypenameindex.mdb2   Object is locked   skipped
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\db\mb_content.mdb1   Object is locked   skipped
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\db\mb_content.mdb2   Object is locked   skipped
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\db\mb_creationdateindex.mdb1   Object is locked   skipped
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\db\mb_creationdateindex.mdb2   Object is locked   skipped
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\db\mb_propdb.mdb1   Object is locked   skipped
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\db\mb_propdb.mdb2   Object is locked   skipped
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\db\mb_typenameindex.mdb1   Object is locked   skipped
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\db\mb_typenameindex.mdb2   Object is locked   skipped
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\db\mb_urldb.mdb1   Object is locked   skipped
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\db\mb_urldb.mdb2   Object is locked   skipped
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\db\mb_urlindex.mdb1   Object is locked   skipped
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\db\mb_urlindex.mdb2   Object is locked   skipped
C:\rkDw.0xe   Infected: not-virus:Hoax.Win32.Renos.aot   skipped
C:\System Volume Information\MountPointManagerRemoteDatabase   Object is locked   skipped
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP156\change.log   Object is locked   skipped
C:\WINDOWS\Debug\PASSWD.LOG   Object is locked   skipped
C:\WINDOWS\SchedLgU.Txt   Object is locked   skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log   Object is locked   skipped
C:\WINDOWS\Sti_Trace.log   Object is locked   skipped
C:\WINDOWS\system32\CatRoot2\edb.log   Object is locked   skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb   Object is locked   skipped
C:\WINDOWS\system32\config\AppEvent.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\default   Object is locked   skipped
C:\WINDOWS\system32\config\default.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\IntelDH.evt   Object is locked   skipped
C:\WINDOWS\system32\config\Internet.evt   Object is locked   skipped
C:\WINDOWS\system32\config\Media Ce.evt   Object is locked   skipped
C:\WINDOWS\system32\config\SAM   Object is locked   skipped
C:\WINDOWS\system32\config\SAM.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\SecEvent.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\SECURITY   Object is locked   skipped
C:\WINDOWS\system32\config\SECURITY.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\software   Object is locked   skipped
C:\WINDOWS\system32\config\software.LOG   Object is locked   skipped
C:\WINDOWS\system32\config\SysEvent.Evt   Object is locked   skipped
C:\WINDOWS\system32\config\system   Object is locked   skipped
C:\WINDOWS\system32\config\system.LOG   Object is locked   skipped
C:\WINDOWS\system32\h323log.txt   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA   Object is locked   skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP   Object is locked   skipped
C:\WINDOWS\wiadebug.log   Object is locked   skipped
C:\WINDOWS\wiaservc.log   Object is locked   skipped
C:\WINDOWS\WindowsUpdate.log   Object is locked   skipped
D:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP156\change.log   Object is locked   skipped

Scan process completed.

6
Tech Clinic / lots of trojans
« on: May 02, 2008, 03:21:07 PM »
yes mcafee is uninstalled and so is f secure i deleted f secure because it kept popping up windows every second when i was deleting infected files and it was aggrivating me and mcafee i uninstalled also...i wasnt sure if i got every root files of the trojans and i figured you would know for sure

hijack this log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:22:42 PM, on 5/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Intel® Alert Service (AlertService) - Unknown owner - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Intel® Quick Resume technology (ELService) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel® Viiv(tm) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

--
End of file - 3720 bytes

7
Tech Clinic / lots of trojans
« on: May 01, 2008, 06:07:55 PM »
ComboFix 08-04-29.5 - Administrator 2008-05-01 19:07:55.5 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.677 [GMT -4:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

(((((((((((((((((((((((((   Files Created from 2008-04-01 to 2008-05-01  )))))))))))))))))))))))))))))))
.

2008-05-01 19:06 . 2008-01-15 19:24   64,512   --a--c---   C:\WINDOWS\system32\dllcache\ehtray.exe
2008-04-30 16:10 . 2007-07-30 19:19   207,736   --a------   C:\WINDOWS\system32\muweb.dll
2008-04-29 23:29 . 2008-04-29 23:29   <DIR>   d--------   C:\Program Files\DNA
2008-04-29 23:29 . 2008-04-29 23:29   <DIR>   d--------   C:\Program Files\BitTorrent
2008-04-29 23:29 . 2008-04-30 23:08   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\DNA
2008-04-29 23:29 . 2008-04-29 23:35   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\BitTorrent
2008-04-29 23:27 . 2008-04-29 23:27   <DIR>   d--------   C:\Program Files\Uniblue
2008-04-29 23:27 . 2008-04-29 23:27   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-04-29 23:11 . 2008-04-29 23:11   <DIR>   d--------   C:\Program Files\Security Task Manager
2008-04-29 23:11 . 2008-04-29 23:18   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-04-29 22:41 . 2008-04-29 22:41   <DIR>   d--------   C:\Program Files\SUPERAntiSpyware
2008-04-29 22:41 . 2008-04-29 22:41   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-29 22:41 . 2008-04-29 22:41   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-04-29 22:40 . 2008-04-29 22:40   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2008-04-29 21:27 . 2008-04-29 21:27   <DIR>   d--------   C:\Program Files\Trend Micro
2008-04-29 20:06 . 2008-04-29 23:42   <DIR>   d--------   C:\WINDOWS\BDOSCAN8
2008-04-29 18:40 . 2008-04-29 18:40   <DIR>   d--------   C:\Program Files\TweakNow RegCleaner Std
2008-04-29 18:33 . 2008-04-29 18:47   <DIR>   d--------   C:\WINDOWS\SxsCaPendDel
2008-04-17 12:00 . 2008-04-28 21:06   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
2008-04-17 12:00 . 2008-04-17 12:00   1,409   --a------   C:\WINDOWS\QTFont.for
2008-04-17 11:58 . 2008-04-17 11:58   <DIR>   d--------   C:\Program Files\iPod

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-01 23:06   ---------   d-----w   C:\Program Files\iTunes
2008-05-01 23:06   ---------   d-----w   C:\Program Files\Digital Media Reader
2008-04-30 20:13   6,754   ----a-w   C:\Documents and Settings\Administrator\Application Data\wklnhst.dat
2008-04-30 03:17   ---------   d-----w   C:\Program Files\Intel
2008-04-30 02:23   ---------   d-----w   C:\Program Files\Google
2008-04-30 02:19   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\F-Secure
2008-04-30 02:09   ---------   d-----w   C:\Program Files\Java
2008-04-30 02:08   ---------   d-----w   C:\Program Files\Netscape Internet Service
2008-04-30 02:08   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Netscape Internet Service
2008-04-30 02:07   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-04-30 02:07   ---------   d-----w   C:\Program Files\CyberLink
2008-04-30 02:04   ---------   d-----w   C:\Program Files\Common Files\AOL
2008-04-30 01:59   ---------   d-----w   C:\Program Files\The Weather Channel FW
2008-04-30 01:57   ---------   d-----w   C:\Program Files\Common Files\Real
2008-04-29 23:11   158,208   ----a-w   C:\WINDOWS\pchealth\helpctr\binaries\MSConfig.exe
2008-04-29 22:30   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Napster
2008-04-29 22:28   ---------   d-----w   C:\Program Files\Hewlett-Packard
2008-04-21 22:34   15,360   ----a-w   C:\WINDOWS\system32\ctfmon.exe
2008-03-19 09:47   1,845,248   ----a-w   C:\WINDOWS\system32\win32k.sys
2008-03-01 13:06   826,368   ----a-w   C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51   282,624   ----a-w   C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32   45,568   ----a-w   C:\WINDOWS\system32\dnsrslvr.dll
2007-12-30 22:53   0   --sha-w   C:\Documents and Settings\Administrator\Application Data\e3b9042be25a68b2861ee2ba8e8eeb298f757348.dat
.
Code: [Select]
<pre>
----a-w   110,592 2008-01-09 20:11:12  C:\Program Files\McAfee\SpamKiller\MS18B0~1 .EXE
----a-w   110,592 2007-12-31 14:35:38  C:\Program Files\McAfee\SpamKiller\MskAgent  .exe
----a-w   110,592 2008-01-15 15:54:48  C:\Program Files\McAfee\SpamKiller\MskAgent .exe
----a-w   110,592 2008-01-14 00:38:54  C:\Program Files\McAfee\SpamKiller\MSKAGE~1 .EXE
</pre>

(((((((((((((((((((((((((((((   snapshot@2008-04-30_21.14.35.71   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-01 01:09:38   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
+ 2008-05-01 23:04:49   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
+ 2008-01-15 23:24:15   64,512   ----a-w   C:\WINDOWS\ehome\ehtray.exe
- 2004-08-10 19:00:00   158,208   -c--a-w   C:\WINDOWS\system32\dllcache\msconfig.exe
+ 2008-04-29 23:11:49   158,208   -c--a-w   C:\WINDOWS\system32\dllcache\msconfig.exe
- 2008-04-06 05:56:20   19,836,024   ----a-w   C:\WINDOWS\system32\MRT.exe
+ 2008-03-18 17:07:54   19,148,408   ----a-w   C:\WINDOWS\system32\MRT.exe
+ 2008-01-15 23:24:37   176,128   ----a-w   C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-04-29 23:29 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-05 05:28 7393280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\909d1eba]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Awola]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM93ae2d26]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bnhfygw]
C:\Documents and Settings\Administrator\My Documents\T?sks\r?gedit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-21 18:34 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ealb]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gateway Extended Warranty]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gateway Registration]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2008-01-15 19:24 176128 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NMSSupport]
--a------ 2008-01-15 19:24 375296 C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-01-05 05:28 7393280 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-01-05 05:28 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Prdwhxns]
C:\Program Files\Common Files\A?pPatch\w?auclt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrnSys Executable]
--a------ 2008-01-15 19:24 36864 C:\Program Files\Hewlett-Packard\hp print screen utility\PrnSys.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask            .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\readericon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
%WINDIR%\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
%WINDIR%\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAble]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=

S4 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" []

.
Contents of the 'Scheduled Tasks' folder
"2008-04-18 19:28:38 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-16 00:31:10 C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#deskjet3500#CN3AN3D4887O.job"
- C:\Program Files\HP\hpcoretech\comp\hpdarc.exe+/#Hewlett-Packard#deskjet3500#CN3AN3D4887O
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-01 19:08:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-01 19:08:53
ComboFix-quarantined-files.txt  2008-05-01 23:08:50
ComboFix2.txt  2008-05-01 01:14:44

Pre-Run: 236,529,127,424 bytes free
Post-Run: 236,517,294,080 bytes free

177   --- E O F ---   2008-04-30 20:15:35

8
Tech Clinic / lots of trojans
« on: May 01, 2008, 06:06:04 PM »
Code: [Select]
Ran on Thu 05/01/2008 - 19:07:00.04

----a-w   110,592 2008-01-09 20:11:12  C:\Program Files\McAfee\SpamKiller\MS18B0~1 .EXE
----a-w   110,592 2007-12-31 14:35:38  C:\Program Files\McAfee\SpamKiller\MskAgent  .exe
----a-w   110,592 2008-01-15 15:54:48  C:\Program Files\McAfee\SpamKiller\MskAgent .exe
----a-w   110,592 2008-01-14 00:38:54  C:\Program Files\McAfee\SpamKiller\MSKAGE~1 .EXE

 Entries: 4  (4)
 Directories: 0  Files: 4
 Bytes: 442,368  Blocks:  864

9
Tech Clinic / lots of trojans
« on: April 30, 2008, 10:06:06 PM »
Code: [Select]
Ran on Wed 04/30/2008 - 23:07:05.54

----a-w   375,296 2008-01-15 23:24:25  C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent .exe
----a-w   139,264 2008-01-15 23:24:16  C:\Program Files\Digital Media Reader\readericon45G .exe
----a-w 73,728 2008-01-15 23:24:16  C:\Program Files\Gateway\GWCares\GWCares .exe
----a-w 68,856 2008-01-15 23:24:44  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w   171,448 2008-01-12 14:46:28  C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier .exe
----a-w 36,864 2008-01-15 23:24:39  C:\Program Files\Hewlett-Packard\hp print screen utility\PrnSys .exe
----a-w   267,048 2008-04-17 19:13:37  C:\Program Files\iTunes\iTunesHelper .exe
----a-w   110,592 2008-01-14 00:38:54  C:\Program Files\McAfee\SpamKiller\MS18B0~1 .EXE
----a-w   110,592 2008-01-09 20:11:12  C:\Program Files\McAfee\SpamKiller\MS18B0~2 .EXE
----a-w   110,592 2008-04-30 00:29:41  C:\Program Files\McAfee\SpamKiller\MskAgent  .exe
----a-w   110,592 2008-01-15 22:27:43  C:\Program Files\McAfee\SpamKiller\MskAgent .exe
----a-w   110,592 2008-01-15 15:54:48  C:\Program Files\McAfee\SpamKiller\MSKAGE~1 .EXE
----a-w   110,592 2007-12-31 14:35:38  C:\Program Files\McAfee\SpamKiller\MSKAGE~2 .EXE
----a-w   110,592 2008-04-30 00:29:41  C:\Program Files\McAfee\SpamKiller\MSKAGE~3 .EXE
----a-w 1,121,792 2008-01-15 22:27:56  C:\Program Files\McAfee\SpamKiller\MSKDetct .exe
----a-w 1,694,208 2008-01-15 23:25:00  C:\Program Files\Messenger\msmsgs .exe
----a-w 64,512 2008-01-15 23:24:15  C:\WINDOWS\ehome\ehtray .exe
----a-w   158,208 2008-04-29 23:11:49  C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
----a-w 19,148,408 2008-03-18 17:07:54  C:\WINDOWS\system32\MRT .exe
----a-w   176,128 2008-01-15 23:24:37  C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09 .exe

 Entries:   20  (20)
 Directories: 0  Files: 20
 Bytes: 24,269,904  Blocks:   47,404

10
Tech Clinic / lots of trojans
« on: April 30, 2008, 08:14:37 PM »
combofix log

ComboFix 08-04-29.5 - Administrator 2008-04-30 21:13:30.4 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.692 [GMT -4:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
 * Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

(((((((((((((((((((((((((   Files Created from 2008-04-01 to 2008-05-01  )))))))))))))))))))))))))))))))
.

2008-04-30 16:10 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-29 23:29 . 2008-04-29 23:29 <DIR> d-------- C:\Program Files\DNA
2008-04-29 23:29 . 2008-04-29 23:29 <DIR> d-------- C:\Program Files\BitTorrent
2008-04-29 23:29 . 2008-04-30 19:30 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DNA
2008-04-29 23:29 . 2008-04-29 23:35 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\BitTorrent
2008-04-29 23:27 . 2008-04-29 23:27 <DIR> d-------- C:\Program Files\Uniblue
2008-04-29 23:27 . 2008-04-29 23:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-04-29 23:11 . 2008-04-29 23:11 <DIR> d-------- C:\Program Files\Security Task Manager
2008-04-29 23:11 . 2008-04-29 23:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-04-29 22:41 . 2008-04-29 22:41 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-29 22:41 . 2008-04-29 22:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-29 22:41 . 2008-04-29 22:41 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-04-29 22:40 . 2008-04-29 22:40 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-29 21:27 . 2008-04-29 21:27 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-29 20:06 . 2008-04-29 23:42 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-04-29 18:40 . 2008-04-29 18:40 <DIR> d-------- C:\Program Files\TweakNow RegCleaner Std
2008-04-29 18:33 . 2008-04-29 18:47 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-04-17 12:00 . 2008-04-28 21:06 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-17 12:00 . 2008-04-17 12:00 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-17 11:58 . 2008-04-17 11:58 <DIR> d-------- C:\Program Files\iPod

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-30 20:13 6,754 ----a-w C:\Documents and Settings\Administrator\Application Data\wklnhst.dat
2008-04-30 03:17 --------- d-----w C:\Program Files\Intel
2008-04-30 02:23 --------- d-----w C:\Program Files\Google
2008-04-30 02:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\F-Secure
2008-04-30 02:09 --------- d-----w C:\Program Files\Java
2008-04-30 02:08 --------- d-----w C:\Program Files\Netscape Internet Service
2008-04-30 02:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Netscape Internet Service
2008-04-30 02:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-30 02:07 --------- d-----w C:\Program Files\CyberLink
2008-04-30 02:04 --------- d-----w C:\Program Files\Common Files\AOL
2008-04-30 01:59 --------- d-----w C:\Program Files\The Weather Channel FW
2008-04-30 01:57 --------- d-----w C:\Program Files\Common Files\Real
2008-04-30 00:29 --------- d-----w C:\Program Files\iTunes
2008-04-29 23:11 158,208 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
2008-04-29 22:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Napster
2008-04-29 22:28 --------- d-----w C:\Program Files\Hewlett-Packard
2008-04-21 22:34 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-18 17:07 19,148,408 ----a-w C:\WINDOWS\system32\MRT .exe
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2007-12-30 22:53 0 --sha-w C:\Documents and Settings\Administrator\Application Data\e3b9042be25a68b2861ee2ba8e8eeb298f757348.dat
.
Code: [Select]
<pre>
----a-w   375,296 2008-01-15 23:24:25  C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent .exe
----a-w   139,264 2008-01-15 23:24:16  C:\Program Files\Digital Media Reader\readericon45G .exe
----a-w 73,728 2008-01-15 23:24:16  C:\Program Files\Gateway\GWCares\GWCares .exe
----a-w 68,856 2008-01-15 23:24:44  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w   171,448 2008-01-12 14:46:28  C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier .exe
----a-w 36,864 2008-01-15 23:24:39  C:\Program Files\Hewlett-Packard\hp print screen utility\PrnSys .exe
----a-w   267,048 2008-04-17 19:13:37  C:\Program Files\iTunes\iTunesHelper .exe
----a-w   110,592 2008-01-14 00:38:54  C:\Program Files\McAfee\SpamKiller\MS18B0~1 .EXE
----a-w   110,592 2008-01-09 20:11:12  C:\Program Files\McAfee\SpamKiller\MS18B0~2 .EXE
----a-w   110,592 2008-04-30 00:29:41  C:\Program Files\McAfee\SpamKiller\MskAgent  .exe
----a-w   110,592 2008-01-15 22:27:43  C:\Program Files\McAfee\SpamKiller\MskAgent .exe
----a-w   110,592 2008-01-15 15:54:48  C:\Program Files\McAfee\SpamKiller\MSKAGE~1 .EXE
----a-w   110,592 2007-12-31 14:35:38  C:\Program Files\McAfee\SpamKiller\MSKAGE~2 .EXE
----a-w   110,592 2008-04-30 00:29:41  C:\Program Files\McAfee\SpamKiller\MSKAGE~3 .EXE
----a-w 1,121,792 2008-01-15 22:27:56  C:\Program Files\McAfee\SpamKiller\MSKDetct .exe
----a-w 1,694,208 2008-01-15 23:25:00  C:\Program Files\Messenger\msmsgs .exe
----a-w 64,512 2008-01-15 23:24:15  C:\WINDOWS\ehome\ehtray .exe
----a-w   158,208 2008-04-29 23:11:49  C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
----a-w 19,148,408 2008-03-18 17:07:54  C:\WINDOWS\system32\MRT .exe
----a-w   176,128 2008-01-15 23:24:37  C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09 .exe
</pre>

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-04-29 23:29 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-05 05:28 7393280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\909d1eba]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Awola]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM93ae2d26]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bnhfygw]
C:\Documents and Settings\Administrator\My Documents\T?sks\r?gedit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-21 18:34 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ealb]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gateway Extended Warranty]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gateway Registration]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NMSSupport]
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-01-05 05:28 7393280 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-01-05 05:28 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Prdwhxns]
C:\Program Files\Common Files\A?pPatch\w?auclt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrnSys Executable]
C:\Program Files\Hewlett-Packard\hp print screen utility\PrnSys.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask            .exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\readericon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
%WINDIR%\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
%WINDIR%\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAble]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=

S4 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" []

.
Contents of the 'Scheduled Tasks' folder
"2008-04-18 19:28:38 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-16 00:31:10 C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#deskjet3500#CN3AN3D4887O.job"
- C:\Program Files\HP\hpcoretech\comp\hpdarc.exe+/#Hewlett-Packard#deskjet3500#CN3AN3D4887O
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-30 21:14:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-30 21:14:44
ComboFix-quarantined-files.txt  2008-05-01 01:14:40

Pre-Run: 236,536,545,280 bytes free
Post-Run: 236,544,876,544 bytes free

181 --- E O F --- 2008-04-30 20:15:35

11
Tech Clinic / lots of trojans
« on: April 30, 2008, 05:37:59 PM »
main.txt

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-04-30 18:36:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
97: 2008-04-30 22:36:23 UTC - RP149 - Deckard's System Scanner Restore Point
96: 2008-04-30 20:15:33 UTC - RP148 - Software Distribution Service 3.0
95: 2008-04-30 03:34:31 UTC - RP147 - Uniblue RegistryBooster
94: 2008-04-30 03:14:58 UTC - RP146 - Move file to quarantine: MCRD Device Service
93: 2008-04-30 03:14:24 UTC - RP145 - Uninstall "Remote UI Service"


-- First Restore Point --
1: 2008-02-01 01:15:51 UTC - RP53 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

 

-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:36:47 PM, on 2008-04-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Intel® Alert Service (AlertService) - Unknown owner - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Intel® Quick Resume technology (ELService) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel® Viiv(tm) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

--
End of file - 3079 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080429-213029-134 O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\system32\TwcToolbarBho.dll
backup-20080429-213029-173 O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
backup-20080429-213029-288 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20080429-213029-311 O2 - BHO: (no name) - {BF8B63A6-DA33-A5E0-13E1-D08F76262B93} - C:\WINDOWS\system32\xasxtl.dll
backup-20080429-213029-353 O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
backup-20080429-213029-596 O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
backup-20080429-213029-687 O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
backup-20080429-213029-752 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
backup-20080429-213029-823 O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\PROGRA~1\NETSCA~1\NETSCA~1\pbhelper.dll
backup-20080429-213029-950 O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\addressBook.exe" /d locale=en-US ee://aol/imApp
backup-20080429-213029-957 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20080429-213030-189 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
backup-20080429-213030-309 O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
backup-20080429-213030-392 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
backup-20080429-213030-430 O20 - Winlogon Notify: vtuussp - vtuussp.dll (file missing)
backup-20080429-213030-513 O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab
backup-20080429-213030-547 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
backup-20080429-213030-645 O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
backup-20080429-213030-688 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20080429-213030-754 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
backup-20080429-213030-783 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1200114690640
backup-20080429-213030-834 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20080429-213031-347 O23 - Service: Netscape Update Service (NCUpdateSvc) - Netscape Communications Corporation - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
backup-20080429-213031-453 O23 - Service: Intel® Alert Service (AlertService) - Intel Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
backup-20080429-213031-547 O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
backup-20080429-213031-854 O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
backup-20080429-213031-874 O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
backup-20080429-213031-929 O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
backup-20080429-221452-143 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20080429-221452-210 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20080429-221452-342 O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (file missing)
backup-20080429-221452-438 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20080429-221452-658 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20080429-221452-833 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20080429-221452-876 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20080429-221453-405 O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
backup-20080429-221453-459 O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
backup-20080429-221453-475 O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
backup-20080429-221453-738 O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe
backup-20080429-221453-984 O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
backup-20080429-221603-167 O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
backup-20080429-221603-190 O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.charter.com/diskless/bin/ssctlsma.dll
backup-20080429-221603-595 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.net/index.php
backup-20080429-221603-906 O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
backup-20080429-221603-918 O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
backup-20080429-221604-126 O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe
backup-20080429-221604-142 O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
backup-20080429-221604-258 O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
backup-20080429-221604-405 O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
backup-20080429-221604-457 O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
backup-20080429-221604-585 O23 - Service: Intel® Alert Service (AlertService) - Intel Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
backup-20080429-221604-650 O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ELhid (EL hid Service) - c:\windows\system32\drivers\elhid.sys <Not Verified; Intel Corporation; Intel® Quick Resume Technology>
R1 ELkbd (EL KB Service) - c:\windows\system32\drivers\elkbd.sys <Not Verified; Intel Corporation; Intel® Quick Resume Technology>
R1 ELmon (EL Monitor Service) - c:\windows\system32\drivers\elmon.sys <Not Verified; Intel Corporation; Intel® Quick Resume Technology>
R1 ELmou (EL Mouse Service) - c:\windows\system32\drivers\elmou.sys <Not Verified; Intel Corporation; Intel® Quick Resume Technology>

S3 catchme - c:\combofix\catchme.sys (file missing)
S3 GoProto (GoProto Protocol Driver) - c:\windows\system32\drivers\goprot51.sys <Not Verified; Gteko Ltd.; Gteko Diagnostics Network Module>
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 TSHWMDTCP - c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.sys
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 ISSM (Intel® Software Services Manager) - "c:\program files\intel\inteldh\intel media server\media server\bin\issm.exe" <Not Verified; Intel Corporation; Intel® Viiv(tm) Software>
R2 M1 Server (Intel® Viiv(tm) Media Server) - c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe
R2 MCLServiceATL (Intel® Application Tracker) - "c:\program files\intel\inteldh\intel media server\shells\mclserviceatl.exe" <Not Verified; Intel Corporation; Intel® Viiv(tm) Software>
R2 Remote UI Service (Intel® Remoting Service) - "c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe" <Not Verified; Intel Corporation; Intel® Viiv(tm) Software>

S2 AlertService (Intel® Alert Service) - "c:\program files\intel\inteldh\ccu\alertservice.exe" (file missing)
S2 ELService (Intel® Quick Resume technology) - c:\program files\intel\inteldh\intel® quick resume technology drivers\elservice.exe (file missing)
S3 aspnet_state (ASP.NET State Service) - c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe (file missing)
S4 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\1D4D676902700
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\1D4D676902700
Service: NIC1394


-- Scheduled Tasks -------------------------------------------------------------

2008-04-18 15:28:38       284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-04-15 20:31:10       350 --a------ C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#deskjet3500#CN3AN3D4887O.job


-- Files created between 2008-03-30 and 2008-04-30 -----------------------------

2008-04-29 23:33:17         0 d-------- C:\Documents and Settings\Administrator\Application Data\WinRAR
2008-04-29 23:29:55         0 d-------- C:\Documents and Settings\Administrator\Application Data\BitTorrent
2008-04-29 23:29:21         0 d-------- C:\Program Files\DNA
2008-04-29 23:29:21         0 d-------- C:\Program Files\BitTorrent
2008-04-29 23:29:21         0 d-------- C:\Documents and Settings\Administrator\Application Data\DNA
2008-04-29 23:27:11         0 d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-04-29 23:27:07         0 d-------- C:\Program Files\Uniblue
2008-04-29 23:11:39         0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-04-29 23:11:35         0 d-------- C:\Program Files\Security Task Manager
2008-04-29 22:41:30         0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-29 22:41:25         0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-29 22:41:25         0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-04-29 22:40:04         0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-29 21:27:37         0 d-------- C:\Program Files\Trend Micro
2008-04-29 20:06:57         0 d-------- C:\WINDOWS\BDOSCAN8
2008-04-29 19:26:36     68096 --a------ C:\WINDOWS\zip.exe
2008-04-29 19:26:36    161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-29 19:26:36     80412 --a------ C:\WINDOWS\grep.exe
2008-04-29 19:26:35     49152 --a------ C:\WINDOWS\VFind.exe
2008-04-29 19:26:35    136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-29 19:26:35     98816 --a------ C:\WINDOWS\sed.exe
2008-04-29 19:26:35     73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-29 19:26:34    212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-29 18:40:22         0 d-------- C:\Program Files\TweakNow RegCleaner Std
2008-04-29 18:33:54         0 d-------- C:\WINDOWS\SxsCaPendDel
2008-04-29 18:15:13         0 d-------- C:\WINDOWS\pss
2008-04-17 11:58:32         0 d-------- C:\Program Files\iPod


-- Find3M Report ---------------------------------------------------------------

2008-04-30 16:13:18      6754 --a------ C:\Documents and Settings\Administrator\Application Data\wklnhst.dat
2008-04-29 23:17:46         0 d-------- C:\Program Files\Intel
2008-04-29 22:40:04         0 d-------- C:\Program Files\Common Files
2008-04-29 22:23:43         0 d-------- C:\Program Files\Google
2008-04-29 22:09:33         0 d-------- C:\Program Files\Java
2008-04-29 22:08:07         0 d-------- C:\Program Files\Netscape Internet Service
2008-04-29 22:07:52         0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-29 22:07:52         0 d-------- C:\Program Files\CyberLink
2008-04-29 22:04:19         0 d-------- C:\Program Files\Common Files\AOL
2008-04-29 21:59:34         0 d-------- C:\Program Files\The Weather Channel FW
2008-04-29 21:57:01         0 d-------- C:\Program Files\Common Files\Real
2008-04-29 20:29:44         0 d-------- C:\Program Files\Messenger
2008-04-29 20:29:22         0 d-------- C:\Program Files\iTunes
2008-04-29 20:16:40     19456 --a------ C:\Documents and Settings\Administrator\Application Data\zjbstyocxdbf.0xe
2008-04-29 20:16:38     19456 --a------ C:\Documents and Settings\Administrator\Application Data\ssmm.0xe
2008-04-29 20:16:37     19456 --a------ C:\Documents and Settings\Administrator\Application Data\pqmvhtkhi.0xe
2008-04-29 20:16:31     19456 --a------ C:\Documents and Settings\Administrator\Application Data\fxyebvgcwzy.0xe
2008-04-29 20:16:30     19456 --a------ C:\Documents and Settings\Administrator\Application Data\eyouk.0xe
2008-04-29 20:16:29     19456 --a------ C:\Documents and Settings\Administrator\Application Data\etbruiyrqm.0xe
2008-04-29 18:28:12         0 d-------- C:\Program Files\Hewlett-Packard
2008-04-29 18:27:18         0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-02-12 15:56:24      1158 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-05 05:28 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-04-29 11:29 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\909d1eba]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Awola]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM93ae2d26]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bnhfygw]
"C:\Documents and Settings\Administrator\My Documents\T?sks\r?gedit.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ealb]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
"C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
"C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gateway Extended Warranty]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gateway Registration]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NMSSupport]
"C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet /keeploaded /nodetect

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Prdwhxns]
"C:\Program Files\Common Files\A?pPatch\w?auclt.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrnSys Executable]
C:\Program Files\Hewlett-Packard\hp print screen utility\PrnSys.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask            .exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\readericon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
%WINDIR%\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
%WINDIR%\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
sttray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAble]

 


-- End of Deckard's System Scanner: finished at 2008-04-30 18:37:12 ------------

extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core(tm)2 CPU          6300  @ 1.86GHz
CPU 1: Intel® Core(tm)2 CPU          6300  @ 1.86GHz
Percentage of Memory in Use: 32%
Physical Memory (total/avail): 1005.8 MiB / 680.53 MiB
Pagefile Memory (total/avail): 2420.8 MiB / 2189.3 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1934.32 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 228.45 GiB total, 217.31 GiB free.
D: is Fixed (FAT32) - 4.42 GiB total, 1.98 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD2500JS-22NCB1 - 232.88 GiB - 2 partitions
  \PARTITION0 (bootable) - Installable File System - 228.45 GiB - C:
  \PARTITION1 - Unknown - 4.43 GiB - D:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device

 

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.

FW:  v (McAfee) [color=\"RED\"]Disabled[/color]
AV:  v (McAfee) [color=\"RED\"]Disabled[/color] [color=\"RED\"]Outdated[/color]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-776A965251
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\YOUR-776A965251
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=YOUR-776A965251
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

IUSR_NMPR
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

 --> MsiExec.exe /I{3BF1390E-9EAE-4C2A-B30C-3992233FBCBA}
 --> MsiExec.exe /X{16DDE3E0-98D6-40AC-BCF0-5EAB81965AE3}
 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Bicycle Board Games --> "C:\Program Files\Microsoft Games\Bicycle Board Games\UNINSTAL.EXE" /runtemp /addremove
BitTorrent --> C:\Program Files\BitTorrent\uninst.exe
Charter High Speed Internet Self-Installation Wizard --> MsiExec.exe /I{5AF8C46D-A141-4E69-9EB5-76A43ED29281}
Digital Media Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875} /l1033
DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
hp deskjet 3500 --> msiexec /x{8FD62EBB-3175-4907-A326-989B14E5C757}
HP Driver Diagnostics --> MsiExec.exe /I{16BE87BC-69F5-4D36-8CF0-E1CB3ACD5ED3}
hp print screen utility --> C:\Program Files\Hewlett-Packard\hp print screen utility\UnInstall\prnunins.exe
Intel Audio Studio 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2205E3A5-DCDC-461D-8ED6-D6F2341D3B64}\setup.exe" -l0x9
Intel® Management Engine Interface --> C:\WINDOWS\system32\heciudlg.exe -uninstall
Intel® PRO Network Connections Drivers --> Prounstl.exe
Intel® Quick Resume Technology Drivers --> C:\WINDOWS\System32\Elusetup.exe
Intel® Viiv™ Software --> MsiExec.exe /X{DA327C6D-D8F1-4587-B4DE-10C39BF6B891} /qb!
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (2.0.0.14) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe"  -uninstall
Security Task Manager 1.7e --> C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
Security Update for Step By Step Interactive Training (KB898458) -->
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IPDRSLSM5K.inf
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TweakNow RegCleaner Standard --> "C:\Program Files\TweakNow RegCleaner Std\unins000.exe"
Uniblue RegistryBooster 2 --> "C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB914548 --> "C:\WINDOWS\$NtUninstallKB914548$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type9247 / Warning
Event Submitted/Written: 04/29/2008 09:58:57 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{DA327C6D-D8F1-4587-B4DE-10C39BF6B891}', feature 'Base' failed during request for component '{5617BF49-9195-4C35-B9AD-F8D165DE25BB}'

Event Record #/Type9246 / Error
Event Submitted/Written: 04/29/2008 07:47:34 PM
Event ID/Source: 103 / F-Secure Anti-Virus
Event Description:
310  2008-01-20  16:06:37-04:00  your-776a965251  YOUR-776A965251\Administrator  F-Secure Anti-Virus
 Spyware detected:
 Type: adware
 Family:  
 Name: AdWare.Win32.Virtumonde
 Object: C:\WINDOWS\system32\vtuussp.dll
 Action: none.

Event Record #/Type9245 / Error
Event Submitted/Written: 04/29/2008 07:47:34 PM
Event ID/Source: 103 / F-Secure Anti-Virus
Event Description:
309  2008-01-20  16:06:29-04:00  your-776a965251  YOUR-776A965251\Administrator  F-Secure Anti-Virus
 Spyware detected:
 Type: adware
 Family:  
 Name: AdWare.Win32.Virtumonde
 Object: C:\WINDOWS\system32\mllmj.dll
 Action: none.

Event Record #/Type9244 / Error
Event Submitted/Written: 04/29/2008 07:47:34 PM
Event ID/Source: 103 / F-Secure Anti-Virus
Event Description:
308  2008-01-20  16:06:05-04:00  your-776a965251  YOUR-776A965251\Administrator  F-Secure Anti-Virus
 Spyware detected:
 Type: adware
 Family:  
 Name: AdWare.Win32.Virtumonde
 Object: C:\WINDOWS\system32\vtuussp.dll
 Action: none.

Event Record #/Type9243 / Error
Event Submitted/Written: 04/29/2008 07:47:34 PM
Event ID/Source: 103 / F-Secure Anti-Virus
Event Description:
307  2008-01-20  16:05:58-04:00  your-776a965251  YOUR-776A965251\Administrator  F-Secure Anti-Virus
 Spyware detected:
 Type: adware
 Family:  
 Name: AdWare.Win32.Virtumonde
 Object: C:\WINDOWS\system32\mllmj.dll
 Action: none.

 

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type18721 / Error
Event Submitted/Written: 04/30/2008 06:34:44 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register with DCOM within the required timeout.

Event Record #/Type18704 / Error
Event Submitted/Written: 04/30/2008 06:34:17 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Intel® Quick Resume technology service failed to start due to the following error:
%%2

Event Record #/Type18703 / Error
Event Submitted/Written: 04/30/2008 06:34:17 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Intel® Alert Service service failed to start due to the following error:
%%3

Event Record #/Type18699 / Error
Event Submitted/Written: 04/30/2008 04:15:35 PM
Event ID/Source: 20 / Windows Update Agent
Event Description:
Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework, Version 2.0 (KB928365).

Event Record #/Type18692 / Error
Event Submitted/Written: 04/30/2008 04:09:32 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register with DCOM within the required timeout.

 

-- End of Deckard's System Scanner: finished at 2008-04-30 18:37:12 ------------

12
Tech Clinic / lots of trojans
« on: April 30, 2008, 07:16:17 AM »
thought i could fix my friends computer this time but man there are way to many virus on it..and they keep renaming themselves :-(

heres the hijack this log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:17:05 AM, on 2008-04-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\WINDOWS\system32\rsvp.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Intel® Alert Service (AlertService) - Unknown owner - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Intel® Quick Resume technology (ELService) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel® Viiv(tm) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

--
End of file - 3013 bytes

13
Tech Clinic / Virus Found
« on: March 20, 2008, 01:51:10 PM »
also combofix changed my time on my computer and im not sure how to correct it..it is in military time.

14
Tech Clinic / Virus Found
« on: March 20, 2008, 12:20:13 PM »
It is running a lot lot lot better now thanks a lot...no more error windows when i boot up and no more pop ups and no more flash screens in my internet browser...do you think i should defragment it now after moving and deleting a bunch of stuff? or is that not effective...

here is the log




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:33, on 3/20/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\taskswitch.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1203883812328
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

--
End of file - 3421 bytes

15
Tech Clinic / Virus Found
« on: March 20, 2008, 12:39:38 AM »
BitDefender Online Scanner
 
 
 
Scan report generated at: Thu, Mar 20, 2008 - 01:52:01
 
 
 
 
 
Scan path: A:\;C:\;D:\;E:\;F:\;
 
 
 
 
 
 
 
Statistics
 
Time
 03:32:14
 
Files
 238111
 
Folders
 2822
 
Boot Sectors
 2
 
Archives
 908
 
Packed Files
 3321
 
 
 
 
Results
 
Identified Viruses
 1
 
Infected Files
 1
 
Suspect Files
 0
 
Warnings
 0
 
Disinfected
 0
 
Deleted Files
 1
 
 
 
 
Engines Info
 
Virus Definitions
 1016846
 
Engine build
 AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
 
Scan plugins
 16
 
Archive plugins
 41
 
Unpack plugins
 7
 
E-mail plugins
 6
 
System plugins
 5
 
 
 
 
Scan Settings
 
First Action
 Disinfect
 
Second Action
 Delete
 
Heuristics
 Yes
 
Enable Warnings
 Yes
 
Scanned Extensions
 *;
 
Exclude Extensions
 
 
Scan Emails
 Yes
 
Scan Archives
 Yes
 
Scan Packed
 Yes
 
Scan Files
 Yes
 
Scan Boot
 Yes
 
 
 
 
  Scanned File
  Status
 
C:\QooBox\Quarantine\C\WINDOWS\system32\urqqrsq.dll.vir
 Infected with: Trojan.Vundo.ECP
 
C:\QooBox\Quarantine\C\WINDOWS\system32\urqqrsq.dll.vir
 Disinfection failed
 
C:\QooBox\Quarantine\C\WINDOWS\system32\urqqrsq.dll.vir
 Deleted
 
C:\WINDOWS\system32\sfman32.dll
 Clean
 
C:\WINDOWS\system32\sfmapi.dll
 Clean
 
C:\WINDOWS\system32\shadow.exe
 Clean
 
C:\WINDOWS\system32\share.exe
 Clean
 
C:\WINDOWS\system32\shdoclc.dll
 Clean
 
C:\WINDOWS\system32\shdocvw.dll
 Clean
 
C:\WINDOWS\system32\shell.dll
 Clean
 
C:\WINDOWS\system32\shell32.dll
 Clean
 
C:\WINDOWS\system32\ShellExt\
 Clean
 
C:\WINDOWS\system32\shellstyle.dll
 Clean
 
C:\WINDOWS\system32\shfolder.dll
 Clean
 
C:\WINDOWS\system32\shgina.dll
 Clean
 
C:\WINDOWS\system32\shiftjis.uce
 Clean
 
C:\WINDOWS\system32\shimeng.dll
 Clean
 
C:\WINDOWS\system32\shimgvw.dll
 Clean
 
C:\WINDOWS\system32\shlwapi.dll
 Clean
 
C:\WINDOWS\system32\shmedia.dll
 Clean
 
C:\WINDOWS\system32\shmgrate.exe
 Clean
 
C:\WINDOWS\system32\shrpubw.exe
 Clean
 
C:\WINDOWS\system32\shscrap.dll
 Clean
 
C:\WINDOWS\system32\shsvcs.dll
 Clean
 
C:\WINDOWS\system32\shutdown.exe
 Clean
 
C:\WINDOWS\system32\sigtab.dll
 Clean
 
C:\WINDOWS\system32\sigverif.exe
 Clean
 
C:\WINDOWS\system32\simpdata.tlb
 Clean
 
C:\WINDOWS\system32\SIntf16.dll
 Clean
 
C:\WINDOWS\system32\SIntf32.dll
 Clean
 
C:\WINDOWS\system32\SIntfNT.dll
 Clean
 
C:\WINDOWS\system32\sisbkup.dll
 Clean
 
C:\WINDOWS\system32\skdll.dll
 Clean
 
C:\WINDOWS\system32\skeys.exe
 Clean
 
C:\WINDOWS\system32\slayerxp.dll
 Clean
 
C:\WINDOWS\system32\slbcsp.dll
 Clean
 
C:\WINDOWS\system32\slbiop.dll
 Clean
 
C:\WINDOWS\system32\slbrccsp.dll
 Clean
 
C:\WINDOWS\system32\sl_anet.acm
 Clean
 
C:\WINDOWS\system32\smlogcfg.dll
 Clean
 
C:\WINDOWS\system32\smlogsvc.exe
 Clean
 
C:\WINDOWS\system32\smss.exe
 Clean
 
C:\WINDOWS\system32\sndrec32.exe
 Clean
 
C:\WINDOWS\system32\sndvol32.exe
 Clean
 
C:\WINDOWS\system32\snmpapi.dll
 Clean
 
C:\WINDOWS\system32\snmpsnap.dll
 Clean
 
C:\WINDOWS\system32\softpub.dll
 Clean
 
C:\WINDOWS\system32\sol.exe
 Clean
 
C:\WINDOWS\system32\sort.exe
 Clean
 
C:\WINDOWS\system32\sortkey.nls
 Clean
 
C:\WINDOWS\system32\sorttbls.nls
 Clean
 
C:\WINDOWS\system32\sound.drv
 Clean
 
C:\WINDOWS\system32\spider.exe
 Clean
 
C:\WINDOWS\system32\spiisupd.exe
 Clean
 
C:\WINDOWS\system32\spnike.dll
 Clean
 
C:\WINDOWS\system32\spool\
 Clean
 
C:\WINDOWS\system32\spool\drivers\
 Clean
 
C:\WINDOWS\system32\spool\drivers\color\
 Clean
 
C:\WINDOWS\system32\spool\drivers\color\is330.icm
 Clean
 
C:\WINDOWS\system32\spool\drivers\color\kodak_dc.icm
 Clean
 
C:\WINDOWS\system32\spool\drivers\color\sRGB Color Space Profile.icm
 Clean
 
C:\WINDOWS\system32\spool\drivers\w32x86\
 Clean
 
C:\WINDOWS\system32\spool\drivers\w32x86\3\
 Clean
 
C:\WINDOWS\system32\spool\drivers\w32x86\3\HPV600AL.DLL
 Clean
 
C:\WINDOWS\system32\spool\drivers\w32x86\3\HPVDJ200.HLP
 Clean
 
C:\WINDOWS\system32\spool\drivers\w32x86\3\HPVDJ50.INI
 Clean
 
C:\WINDOWS\system32\spool\drivers\w32x86\3\HPVDJ50.INI=>(unicode)
 Clean
 
C:\WINDOWS\system32\spool\drivers\w32x86\3\HPVDJ697.BUD
 Clean
 
C:\WINDOWS\system32\spool\drivers\w32x86\3\HPVDJ697.GPD
 Clean
 
C:\WINDOWS\system32\spool\drivers\w32x86\3\HPVDJ69X.GPD
 Clean
 
C:\WINDOWS\system32\spool\drivers\w32x86\3\HPVDJ6XX.GPD
 Clean
 
C:\WINDOWS\system32\spool\drivers\w32x86\3\HPVIMG50.DLL
 Clean
 
C:\WINDOWS\system32\spool\drivers\w32x86\3\HPVNAM50.GPD
 Clean
 
C:\WINDOWS\system32\spool\drivers\w32x86\3\HPVUD50.DLL
 Clean
 
C:\WINDOWS\system32\spool\drivers\w32x86\3\HPVUI50.DLL
 Clean
 
C:\WINDOWS\system32\spool\drivers\w32x86\3\STDNAMES.GPD
 Clean
 
C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRV.DLL
 Clean
 
C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRV.HLP
 Clean
 
C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL
 Clean
 
C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIRES.DLL
 Clean
 
C:\WINDOWS\system32\spool\PRINTERS\
 Clean
 
C:\WINDOWS\system32\spool\prtprocs\
 Clean
 
C:\WINDOWS\system32\spool\prtprocs\w32x86\
 Clean
 
C:\WINDOWS\system32\spoolss.dll
 Clean
 
C:\WINDOWS\system32\spoolsv.exe
 Clean
 
C:\WINDOWS\system32\sprestrt.exe
 Clean
 
C:\WINDOWS\system32\sprio600.dll
 Clean
 
C:\WINDOWS\system32\sprio800.dll
 Clean
 
C:\WINDOWS\system32\spxcoins.dll
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/#SYSTEM
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/_data_source_wizard_screen_1.htm
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/_data_source_wizard_screen_1.htm=>(JAVASCRIPT 2)
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/_data_source_wizard_screen_2.htm
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/_data_source_wizard_screen_2.htm=>(JAVASCRIPT 2)
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/_data_source_wizard_screen_3.htm
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/_data_source_wizard_screen_3.htm=>(JAVASCRIPT 2)
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/_data_source_wizard_screen_4.htm
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/_data_source_wizard_screen_4.htm=>(JAVASCRIPT 2)
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/_sql_server_login_dialog_box.htm
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/_sql_server_login_dialog_box.htm=>(JAVASCRIPT 2)
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/_sql_server_2000_copyright_and_disclaimer.htm
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/_sql_server_2000_copyright_and_disclaimer.htm=>(JAVASCRIPT 2)
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/coUA.css
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/coUA_Ex.css
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/coUA_Print.css
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/mailto.css
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/shared.js
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/mailto.js
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/mailto.js=>(JAVASCRIPT 1)
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/mailto.js=>(JAVASCRIPT 2)
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/mailto.js=>(JAVASCRIPT 3)
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/caution.gif
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/coC.gif
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/coCb.gif
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/coE.gif
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/coEb.gif
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/elle.gif
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/important.gif
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/note.gif
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/relglyph.gif
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/relglyph_.gif
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/relglyph_c.gif
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/spacer.gif
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/tip.gif
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/warning.gif
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/mailto.gif
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/keybrd.gif
 Clean
 
C:\WINDOWS\system32\sqlsodbc.chm=>/Basics/keybrd_.gif
 Clean
 
C:\WINDOWS\system32\sqlsrv32.dll
 Clean
 
C:\WINDOWS\system32\sqlsrv32.rll
 Clean
 
C:\WINDOWS\system32\sqlunirl.dll
 Clean
 
C:\WINDOWS\system32\sqlwid.dll
 Clean
 
C:\WINDOWS\system32\sqlwoa.dll
 Clean
 
C:\WINDOWS\system32\srclient.dll
 Clean
 
C:\WINDOWS\system32\srrstr.dll
 Clean
 
C:\WINDOWS\system32\srsvc.dll
 Clean
 
C:\WINDOWS\system32\srvsvc.dll
 Clean
 
C:\WINDOWS\system32\ss3dfo.scr
 Clean
 
C:\WINDOWS\system32\ssbezier.scr
 Clean
 
C:\WINDOWS\system32\ssdpapi.dll
 Clean
 
C:\WINDOWS\system32\ssdpsrv.dll
 Clean
 
C:\WINDOWS\system32\ssflwbox.scr
 Clean
 
C:\WINDOWS\system32\ssmarque.scr
 Clean
 
C:\WINDOWS\system32\ssmypics.scr
 Clean
 
C:\WINDOWS\system32\ssmyst.scr
 Clean
 
C:\WINDOWS\system32\sspipes.scr
 Clean
 
C:\WINDOWS\system32\ssstars.scr
 Clean
 
C:\WINDOWS\system32\sstext3d.scr
 Clean
 
C:\WINDOWS\system32\stclient.dll
 Clean
 
C:\WINDOWS\system32\STDOLE.TLB
 Clean
 
C:\WINDOWS\system32\stdole2.tlb
 Clean
 
C:\WINDOWS\system32\stdole32.tlb
 Clean
 
C:\WINDOWS\system32\sti.dll
 Clean
 
C:\WINDOWS\system32\stimon.exe
 Clean
 
C:\WINDOWS\system32\sti_ci.dll
 Clean
 
C:\WINDOWS\system32\stobject.dll
 Clean
 
C:\WINDOWS\system32\storage.dll
 Clean
 
C:\WINDOWS\system32\storprop.dll
 Clean
 
C:\WINDOWS\system32\streamci.dll
 Clean
 
C:\WINDOWS\system32\strmdll.dll
 Clean
 
C:\WINDOWS\system32\subrange.uce
 Clean
 
C:\WINDOWS\system32\subst.exe
 Clean
 
C:\WINDOWS\system32\svchost.exe
 Clean
 
C:\WINDOWS\system32\svcpack.dll
 Clean
 
C:\WINDOWS\system32\swprv.dll
 Clean
 
C:\WINDOWS\system32\swreg.exe
 Clean
 
C:\WINDOWS\system32\swsc.exe
 Clean
 
C:\WINDOWS\system32\swxcacls.exe
 Clean
 
C:\WINDOWS\system32\sxs.dll
 Clean
 
C:\WINDOWS\system32\syncapp.exe
 Clean
 
C:\WINDOWS\system32\synceng.dll
 Clean
 
C:\WINDOWS\system32\syncui.dll
 Clean
 
C:\WINDOWS\system32\sysdm.cpl
 Clean
 
C:\WINDOWS\system32\sysedit.exe
 Clean
 
C:\WINDOWS\system32\sysinv.dll
 Clean
 
C:\WINDOWS\system32\syskey.exe
 Clean
 
C:\WINDOWS\system32\sysmon.ocx
 Clean
 
C:\WINDOWS\system32\sysocmgr.exe
 Clean
 
C:\WINDOWS\system32\sysprint.sep
 Clean
 
C:\WINDOWS\system32\sysprtj.sep
 Clean
 
C:\WINDOWS\system32\syssetup.dll
 Clean
 
C:\WINDOWS\system32\system.drv
 Clean
 
C:\WINDOWS\system32\systeminfo.exe
 Clean
 
C:\WINDOWS\system32\systray.exe
 Clean
 
C:\WINDOWS\system32\t2embed.dll
 Clean
 
C:\WINDOWS\system32\tapi.dll
 Clean
 
C:\WINDOWS\system32\tapi3.dll
 Clean
 
C:\WINDOWS\system32\tapi32.dll
 Clean
 
C:\WINDOWS\system32\tapiperf.dll
 Clean
 
C:\WINDOWS\system32\tapisrv.dll
 Clean
 
C:\WINDOWS\system32\tapiui.dll
 Clean
 
C:\WINDOWS\system32\taskkill.exe
 Clean
 
C:\WINDOWS\system32\tasklist.exe
 Clean
 
C:\WINDOWS\system32\taskman.exe
 Clean
 
C:\WINDOWS\system32\taskmgr.exe
 Clean
 
C:\WINDOWS\system32\TaskSwitch.exe
 Clean
 
C:\WINDOWS\system32\tcmsetup.exe
 Clean
 
C:\WINDOWS\system32\tcpmib.dll
 Clean
 
C:\WINDOWS\system32\tcpmon.dll
 Clean
 
C:\WINDOWS\system32\tcpmon.ini
 Clean
 
 
 
 
 
 
 
 
 
 
 

 


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:55, on 3/20/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\taskswitch.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [5011ee3b] rundll32.exe "C:\WINDOWS\System32\rigwejfu.dll",b
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1203883812328
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 4568 bytes

16
Tech Clinic / Virus Found
« on: March 19, 2008, 10:41:11 PM »
ComboFix


ComboFix 08-03-18.1 - Administrator 2008-03-19 22:06:47.2 - NTFSx86
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
 * Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]

FILE ::
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\system32\5011fcb5
C:\WINDOWS\System32\hxwyrthl.dll
C:\WINDOWS\system32\lhtrywxh.ini
C:\WINDOWS\System32\rigwejfu.dll
C:\WINDOWS\system32\ufjewgir.ini
C:\WINDOWS\System32\vpcaaewo.dll
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\system32\5011fcb5
C:\WINDOWS\system32\lhtrywxh.ini
C:\WINDOWS\system32\ufjewgir.ini

.
(((((((((((((((((((((((((   Files Created from 2008-02-20 to 2008-03-20  )))))))))))))))))))))))))))))))
.

2008-03-18 22:16 . 2008-03-18 22:16   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-03-18 22:16 . 2008-03-18 22:16   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\Yahoo!
2008-03-18 22:13 . 2008-03-19 14:07   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-03-18 22:09 . 2008-03-18 22:12   <DIR>   d--------   C:\Program Files\Yahoo!
2008-03-17 14:54 . 2008-03-17 22:47   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\AVG7
2008-03-17 14:53 . 2008-03-17 14:53   <DIR>   d--------   C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-17 14:53 . 2008-03-17 14:53   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-17 14:53 . 2008-03-17 23:38   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\avg7
2008-03-17 14:42 . 2008-03-17 14:42   <DIR>   d--------   C:\Program Files\Alwil Software
2008-03-17 14:42 . 2003-03-18 15:20   1,060,864   --a------   C:\WINDOWS\system32\MFC71.dll
2008-03-17 14:22 . 2008-03-17 14:22   <DIR>   d--------   C:\WINDOWS\Sun
2008-03-13 13:26 . 2008-03-13 13:26   <DIR>   d--------   C:\Program Files\Hasbro Interactive
2008-03-13 13:26 . 1999-12-09 13:17   755,200   --a------   C:\WINDOWS\system32\Ir50_32.dll
2008-03-13 13:26 . 1999-12-09 13:18   239,616   --a------   C:\WINDOWS\system32\Hdk3ctnt.dll
2008-03-13 13:26 . 1999-12-09 13:17   199,680   --a------   C:\WINDOWS\system32\iac25_32.ax
2008-03-13 13:26 . 2008-03-13 13:27   405   --a------   C:\WINDOWS\PowerReg.dat
2008-03-05 18:49 . 2008-03-05 18:49   <DIR>   d--------   C:\Program Files\Lavasoft
2008-03-05 18:48 . 2008-03-05 18:48   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2008-03-04 22:50 . 2008-03-04 22:53   <DIR>   d--------   C:\Program Files\Google
2008-03-04 22:50 . 2008-03-19 03:57   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-28 22:28 . 2008-02-28 22:28   <DIR>   d--------   C:\Program Files\Mplayer
2008-02-28 22:26 . 2008-02-28 22:26   <DIR>   d--------   C:\Program Files\Quake III Arena
2008-02-28 14:15 . 2008-02-28 22:28   871   --a------   C:\WINDOWS\QIII.INI
2008-02-28 05:38 . 2008-02-28 05:38   0   --a------   C:\WINDOWS\nsreg.dat
2008-02-27 19:36 . 2008-02-27 19:36   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\MSN6
2008-02-27 19:36 . 2008-02-27 19:36   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\MSN6
2008-02-27 19:33 . 2008-02-27 19:33   <DIR>   d--------   C:\WINDOWS\LogFiles
2008-02-27 19:03 . 2008-02-27 19:03   <DIR>   d--------   C:\Program Files\Common Files\INCA Shared
2008-02-27 19:03 . 2003-07-20 22:17   5,174   --a------   C:\WINDOWS\system32\nppt9x.vxd
2008-02-27 19:03 . 2005-01-04 13:43   4,682   --a------   C:\WINDOWS\system32\npptNT2.sys
2008-02-26 16:41 . 2008-03-05 18:49   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-26 02:10 . 2008-02-26 02:10   <DIR>   d--------   C:\Documents and Settings\Administrator\WINDOWS
2008-02-26 02:10 . 1998-10-29 16:45   306,688   --a------   C:\WINDOWS\IsUninst.exe
2008-02-26 01:47 . 2008-02-27 20:41   <DIR>   d--------   C:\Program Files\Diablo II backup
2008-02-25 19:07 . 2008-02-25 19:07   94,208   --a------   C:\WINDOWS\DIIUnin.exe
2008-02-25 19:07 . 2008-02-26 02:01   35,535   --a------   C:\WINDOWS\DIIUnin.dat
2008-02-25 19:07 . 2008-02-25 19:07   2,829   --a------   C:\WINDOWS\DIIUnin.pif
2008-02-25 18:57 . 2008-03-18 18:19   <DIR>   d--------   C:\Program Files\Diablo II
2008-02-25 17:35 . 2008-02-25 17:35   <DIR>   d--------   C:\Program Files\D-Tools
2008-02-25 17:35 . 2004-08-22 16:31   155,136   --a------   C:\WINDOWS\system32\drivers\d347bus.sys
2008-02-25 17:35 . 2004-08-22 16:31   5,248   --a------   C:\WINDOWS\system32\drivers\d347prt.sys
2008-02-25 16:19 . 2008-02-26 01:50   21,840   --a----t-   C:\WINDOWS\system32\SIntfNT.dll
2008-02-25 16:19 . 2008-02-26 01:50   17,212   --a----t-   C:\WINDOWS\system32\SIntf32.dll
2008-02-25 16:19 . 2008-02-26 01:50   12,067   --a----t-   C:\WINDOWS\system32\SIntf16.dll
2008-02-25 03:50 . 2005-04-15 19:58   1,071,088   --a------   C:\WINDOWS\system32\MSCOMCTL.OCX
2008-02-25 03:50 . 2004-03-09 16:45   662,288   --a------   C:\WINDOWS\system32\MSCOMCT2.OCX
2008-02-25 03:50 . 2004-06-14 14:56   427,864   --a------   C:\WINDOWS\system32\XceedZip.dll
2008-02-25 03:33 . 2008-02-25 03:33   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-02-25 03:31 . 2008-03-16 15:04   <DIR>   d--h-----   C:\Program Files\InstallShield Installation Information
2008-02-25 03:31 . 2008-02-25 03:34   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\CyberLink
2008-02-25 03:29 . 2008-02-25 03:28   505,392   --a------   C:\WINDOWS\system32\msvcp71.dll
2008-02-25 03:28 . 2008-02-25 03:31   <DIR>   d--------   C:\Program Files\CyberLink
2008-02-24 23:37 . 2008-02-24 23:38   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2008-02-24 23:36 . 2008-02-24 23:37   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Pro
2008-02-24 23:29 . 2008-02-24 23:29   685,816   --a------   C:\WINDOWS\system32\drivers\sptd.sys
2008-02-24 23:23 . 2008-02-24 23:23   <DIR>   d--------   C:\Program Files\DNA
2008-02-24 23:23 . 2008-02-24 23:23   <DIR>   d--------   C:\Program Files\BitTorrent
2008-02-24 23:23 . 2008-03-16 12:33   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\DNA
2008-02-24 23:23 . 2008-03-18 21:30   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\BitTorrent
2008-02-24 21:22 . 2008-02-24 21:35   <DIR>   d--------   C:\Program Files\Videos
2008-02-24 21:20 . 2008-02-24 21:20   <DIR>   d--------   C:\Program Files\TweakNow RegCleaner Std
2008-02-24 21:18 . 2008-03-10 17:58   <DIR>   d--------   C:\Program Files\Downloaded Programs
2008-02-24 21:00 . 2008-02-24 21:00   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\Ahead
2008-02-24 19:22 . 2008-02-24 19:22   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-02-24 19:21 . 2008-02-24 19:21   <DIR>   d--------   C:\Program Files\Common Files\Adobe
2008-02-24 17:54 . 2008-02-24 17:57   <DIR>   d--------   C:\Program Files\Winamp
2008-02-24 17:54 . 2008-02-24 17:57   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\Winamp
2008-02-24 17:39 . 2008-02-25 19:18   <DIR>   d--------   C:\Program Files\torrents
2008-02-24 16:40 . 2008-03-10 21:46   <DIR>   d--------   C:\Program Files\Incomplete
2008-02-24 16:39 . 2008-03-19 18:37   <DIR>   d--------   C:\Program Files\Media
2008-02-24 16:37 . 2008-03-10 21:47   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-02-24 16:31 . 2007-12-14 01:59   69,632   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-02-24 16:30 . 2008-02-24 16:31   <DIR>   d--------   C:\Program Files\Java
2008-02-24 16:28 . 2008-02-24 16:28   <DIR>   d--------   C:\Program Files\Common Files\Java
2008-02-24 16:27 . 2008-02-24 18:16   <DIR>   d--------   C:\Program Files\LimeWire
2008-02-24 15:27 . 2008-02-24 15:27   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\Aim
2008-02-24 15:25 . 2008-03-19 14:45   <DIR>   d--------   C:\Program Files\Viewpoint
2008-02-24 15:25 . 2008-02-24 15:25   <DIR>   d--------   C:\Program Files\AOD
2008-02-24 15:25 . 2008-02-26 02:27   <DIR>   d--------   C:\Program Files\AIM
2008-02-24 15:25 . 2004-02-25 13:05   348,160   --a------   C:\WINDOWS\system32\msvcr71.dll
2008-02-24 15:11 . 2007-07-30 19:19   549,720   --a------   C:\WINDOWS\system32\wuapi.dll
2008-02-24 15:11 . 2007-07-30 19:19   325,976   --a------   C:\WINDOWS\system32\wucltui.dll
2008-02-24 15:11 . 2007-07-30 19:19   216,408   --a------   C:\WINDOWS\system32\wuaucpl.cpl
2008-02-24 15:11 . 2007-07-30 19:19   43,352   --a------   C:\WINDOWS\system32\wups2.dll
2008-02-24 15:11 . 2007-07-30 19:18   34,136   --a------   C:\WINDOWS\system32\wucltui.dll.mui
2008-02-24 15:11 . 2007-07-30 19:18   33,624   --a------   C:\WINDOWS\system32\wups.dll
2008-02-24 15:11 . 2007-07-30 19:19   25,944   --a------   C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-02-24 15:11 . 2007-07-30 19:19   25,944   --a------   C:\WINDOWS\system32\wuapi.dll.mui
2008-02-24 15:11 . 2007-07-30 19:18   20,312   --a------   C:\WINDOWS\system32\wuaueng.dll.mui
2008-02-24 09:39 . 2001-08-17 12:20   96,256   --a------   C:\WINDOWS\system32\drivers\ac97intc.sys
2008-02-24 09:39 . 2001-08-17 12:20   96,256   --a--c---   C:\WINDOWS\system32\dllcache\ac97intc.sys
2008-02-23 10:19 . 2008-02-23 10:19   <DIR>   d---s----   C:\Documents and Settings\Administrator\UserData
2008-02-22 17:09 . 2008-02-22 17:09   <DIR>   d---s----   C:\WINDOWS\system32\Microsoft
2008-02-22 17:02 . 2008-03-19 14:45   <DIR>   d--------   C:\Program Files\Symantec
2008-02-22 17:02 . 2008-03-19 14:41   <DIR>   d--------   C:\Program Files\Common Files\Symantec Shared
2008-02-22 17:02 . 2008-02-22 17:02   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-22 17:01 . 2008-03-16 11:43   <DIR>   d--------   C:\Program Files\Common Files\InstallShield
2008-02-22 17:01 . 2008-02-22 17:01   <DIR>   d--------   C:\Program Files\Common Files\Ahead
2008-02-22 17:01 . 2008-02-22 17:01   <DIR>   d--------   C:\Program Files\Ahead
2008-02-22 16:59 . 2008-03-19 14:45   <DIR>   d--hs----   C:\WINDOWS\Installer

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-16 16:52   12,464   ----a-w   C:\WINDOWS\system32\drivers\secdrv.sys
2008-02-22 16:53   ---------   d-----w   C:\Program Files\microsoft frontpage
2008-02-22 16:52   558,142   ----a-w   C:\WINDOWS\java\Packages\JBP37BB7.ZIP
2008-02-22 16:52   155,995   ----a-w   C:\WINDOWS\java\Packages\MSA8BHJD.ZIP
.

(((((((((((((((((((((((((((((   snapshot@2008-03-19_15.02.54.70   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-02-24 20:05:37   39,992   ----a-w   C:\WINDOWS\system32\perfc009.dat
+ 2008-03-19 20:02:09   39,992   ----a-w   C:\WINDOWS\system32\perfc009.dat
- 2008-02-24 20:05:37   311,604   ----a-w   C:\WINDOWS\system32\perfh009.dat
+ 2008-03-19 20:02:09   311,604   ----a-w   C:\WINDOWS\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CoolSwitch"="C:\WINDOWS\System32\taskswitch.exe" [2002-03-19 12:30 45632]
"5011ee3b"="C:\WINDOWS\System32\rigwejfu.dll" [ ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-17 15:27 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-17 14:53 219136]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
--a------ 2007-11-16 19:20 91432 C:\Program Files\Cyberlink\Shared Files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-03-12 20:13 287040 C:\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM]
--a------ 2004-02-28 12:12 144896 C:\Program Files\AIM\\DeadAIM.ocm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--------- 2007-10-11 12:06 62760 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 06:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2007-10-28 09:35 72736 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-12-14 03:42 144784 C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=

R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2007-11-03 00:12]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 22:09:09
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"
.
Completion time: 2008-03-19 22:09:57
ComboFix-quarantined-files.txt  2008-03-20 03:09:42
ComboFix2.txt  2008-03-19 20:03:13

17
Tech Clinic / Virus Found
« on: March 19, 2008, 02:00:28 PM »
Computer is running better already i really appreciate the help...

HIJACK THIS LOG


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:14, on 3/19/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\taskswitch.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2FFB00B3-AC14-4769-9E72-DA94E4E3824B} - C:\WINDOWS\System32\gebyx.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: {506b188a-a119-10c9-6ca4-cd71397a55dc} - {cd55a793-17dc-4ac6-9c01-911aa881b605} - C:\WINDOWS\System32\caaobijq.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [5011ee3b] rundll32.exe "C:\WINDOWS\System32\rigwejfu.dll",b
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1203883812328
O20 - Winlogon Notify: ddcccbx - ddcccbx.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 4670 bytes



COMBOFIX LOG



ComboFix 08-03-18.1 - Administrator 2008-03-19 14:57:26.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.1.1252.1.1033.18.178 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
 * Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\curity~1
C:\WINDOWS\BM5322dda7.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\iwxiwwvh.dll
C:\WINDOWS\system32\urqqrsq.dll
C:\WINDOWS\system32\vpcaaewo.dll
C:\WINDOWS\system32\xgbksxob.dll
C:\WINDOWS\system32\xybeg.ini
C:\WINDOWS\system32\xybeg.ini2

.
(((((((((((((((((((((((((   Files Created from 2008-02-19 to 2008-03-19  )))))))))))))))))))))))))))))))
.

2008-03-18 22:16 . 2008-03-18 22:16   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-03-18 22:16 . 2008-03-18 22:16   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\Yahoo!
2008-03-18 22:13 . 2008-03-19 14:07   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-03-18 22:09 . 2008-03-18 22:12   <DIR>   d--------   C:\Program Files\Yahoo!
2008-03-17 14:54 . 2008-03-17 22:47   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\AVG7
2008-03-17 14:53 . 2008-03-17 14:53   <DIR>   d--------   C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-17 14:53 . 2008-03-17 14:53   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-17 14:53 . 2008-03-17 23:38   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\avg7
2008-03-17 14:42 . 2008-03-17 14:42   <DIR>   d--------   C:\Program Files\Alwil Software
2008-03-17 14:42 . 2003-03-18 15:20   1,060,864   --a------   C:\WINDOWS\system32\MFC71.dll
2008-03-17 14:22 . 2008-03-17 14:22   <DIR>   d--------   C:\WINDOWS\Sun
2008-03-17 12:23 . 2008-03-17 12:23   294   --ahs----   C:\WINDOWS\system32\ufjewgir.ini
2008-03-16 12:22 . 2008-03-16 12:27   414   --ahs----   C:\WINDOWS\system32\lhtrywxh.ini
2008-03-16 12:21 . 2008-03-16 12:21   63   --a------   C:\WINDOWS\system32\5011fcb5
2008-03-16 12:13 . 2008-03-16 12:13   37,376   --a------   C:\WINDOWS\mrofinu572.exe
2008-03-13 13:26 . 2008-03-13 13:26   <DIR>   d--------   C:\Program Files\Hasbro Interactive
2008-03-13 13:26 . 1999-12-09 13:17   755,200   --a------   C:\WINDOWS\system32\Ir50_32.dll
2008-03-13 13:26 . 1999-12-09 13:18   239,616   --a------   C:\WINDOWS\system32\Hdk3ctnt.dll
2008-03-13 13:26 . 1999-12-09 13:17   199,680   --a------   C:\WINDOWS\system32\iac25_32.ax
2008-03-13 13:26 . 2008-03-13 13:27   405   --a------   C:\WINDOWS\PowerReg.dat
2008-03-05 18:49 . 2008-03-05 18:49   <DIR>   d--------   C:\Program Files\Lavasoft
2008-03-05 18:48 . 2008-03-05 18:48   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2008-03-04 22:50 . 2008-03-04 22:53   <DIR>   d--------   C:\Program Files\Google
2008-03-04 22:50 . 2008-03-19 03:57   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-28 22:28 . 2008-02-28 22:28   <DIR>   d--------   C:\Program Files\Mplayer
2008-02-28 22:26 . 2008-02-28 22:26   <DIR>   d--------   C:\Program Files\Quake III Arena
2008-02-28 14:15 . 2008-02-28 22:28   871   --a------   C:\WINDOWS\QIII.INI
2008-02-28 05:38 . 2008-02-28 05:38   0   --a------   C:\WINDOWS\nsreg.dat
2008-02-27 19:36 . 2008-02-27 19:36   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\MSN6
2008-02-27 19:36 . 2008-02-27 19:36   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\MSN6
2008-02-27 19:33 . 2008-02-27 19:33   <DIR>   d--------   C:\WINDOWS\LogFiles
2008-02-27 19:03 . 2008-02-27 19:03   <DIR>   d--------   C:\Program Files\Common Files\INCA Shared
2008-02-27 19:03 . 2003-07-20 22:17   5,174   --a------   C:\WINDOWS\system32\nppt9x.vxd
2008-02-27 19:03 . 2005-01-04 13:43   4,682   --a------   C:\WINDOWS\system32\npptNT2.sys
2008-02-26 16:41 . 2008-03-05 18:49   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-26 02:10 . 2008-02-26 02:10   <DIR>   d--------   C:\Documents and Settings\Administrator\WINDOWS
2008-02-26 02:10 . 1998-10-29 16:45   306,688   --a------   C:\WINDOWS\IsUninst.exe
2008-02-26 01:47 . 2008-02-27 20:41   <DIR>   d--------   C:\Program Files\Diablo II backup
2008-02-25 19:07 . 2008-02-25 19:07   94,208   --a------   C:\WINDOWS\DIIUnin.exe
2008-02-25 19:07 . 2008-02-26 02:01   35,535   --a------   C:\WINDOWS\DIIUnin.dat
2008-02-25 19:07 . 2008-02-25 19:07   2,829   --a------   C:\WINDOWS\DIIUnin.pif
2008-02-25 18:57 . 2008-03-18 18:19   <DIR>   d--------   C:\Program Files\Diablo II
2008-02-25 17:35 . 2008-02-25 17:35   <DIR>   d--------   C:\Program Files\D-Tools
2008-02-25 17:35 . 2004-08-22 16:31   155,136   --a------   C:\WINDOWS\system32\drivers\d347bus.sys
2008-02-25 17:35 . 2004-08-22 16:31   5,248   --a------   C:\WINDOWS\system32\drivers\d347prt.sys
2008-02-25 16:19 . 2008-02-26 01:50   21,840   --a----t-   C:\WINDOWS\system32\SIntfNT.dll
2008-02-25 16:19 . 2008-02-26 01:50   17,212   --a----t-   C:\WINDOWS\system32\SIntf32.dll
2008-02-25 16:19 . 2008-02-26 01:50   12,067   --a----t-   C:\WINDOWS\system32\SIntf16.dll
2008-02-25 03:50 . 2005-04-15 19:58   1,071,088   --a------   C:\WINDOWS\system32\MSCOMCTL.OCX
2008-02-25 03:50 . 2004-03-09 16:45   662,288   --a------   C:\WINDOWS\system32\MSCOMCT2.OCX
2008-02-25 03:50 . 2004-06-14 14:56   427,864   --a------   C:\WINDOWS\system32\XceedZip.dll
2008-02-25 03:33 . 2008-02-25 03:33   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-02-25 03:31 . 2008-03-16 15:04   <DIR>   d--h-----   C:\Program Files\InstallShield Installation Information
2008-02-25 03:31 . 2008-02-25 03:34   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\CyberLink
2008-02-25 03:29 . 2008-02-25 03:28   505,392   --a------   C:\WINDOWS\system32\msvcp71.dll
2008-02-25 03:28 . 2008-02-25 03:31   <DIR>   d--------   C:\Program Files\CyberLink
2008-02-24 23:37 . 2008-02-24 23:38   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2008-02-24 23:36 . 2008-02-24 23:37   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Pro
2008-02-24 23:29 . 2008-02-24 23:29   685,816   --a------   C:\WINDOWS\system32\drivers\sptd.sys
2008-02-24 23:23 . 2008-02-24 23:23   <DIR>   d--------   C:\Program Files\DNA
2008-02-24 23:23 . 2008-02-24 23:23   <DIR>   d--------   C:\Program Files\BitTorrent
2008-02-24 23:23 . 2008-03-16 12:33   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\DNA
2008-02-24 23:23 . 2008-03-18 21:30   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\BitTorrent
2008-02-24 21:22 . 2008-02-24 21:35   <DIR>   d--------   C:\Program Files\Videos
2008-02-24 21:20 . 2008-02-24 21:20   <DIR>   d--------   C:\Program Files\TweakNow RegCleaner Std
2008-02-24 21:18 . 2008-03-10 17:58   <DIR>   d--------   C:\Program Files\Downloaded Programs
2008-02-24 21:00 . 2008-02-24 21:00   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\Ahead
2008-02-24 19:22 . 2008-02-24 19:22   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-02-24 19:21 . 2008-02-24 19:21   <DIR>   d--------   C:\Program Files\Common Files\Adobe
2008-02-24 17:54 . 2008-02-24 17:57   <DIR>   d--------   C:\Program Files\Winamp
2008-02-24 17:54 . 2008-02-24 17:57   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\Winamp
2008-02-24 17:39 . 2008-02-25 19:18   <DIR>   d--------   C:\Program Files\torrents
2008-02-24 16:40 . 2008-03-10 21:46   <DIR>   d--------   C:\Program Files\Incomplete
2008-02-24 16:39 . 2008-03-17 14:50   <DIR>   d--------   C:\Program Files\Media
2008-02-24 16:37 . 2008-03-10 21:47   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-02-24 16:31 . 2007-12-14 01:59   69,632   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-02-24 16:30 . 2008-02-24 16:31   <DIR>   d--------   C:\Program Files\Java
2008-02-24 16:28 . 2008-02-24 16:28   <DIR>   d--------   C:\Program Files\Common Files\Java
2008-02-24 16:27 . 2008-02-24 18:16   <DIR>   d--------   C:\Program Files\LimeWire
2008-02-24 15:27 . 2008-02-24 15:27   <DIR>   d--------   C:\Documents and Settings\Administrator\Application Data\Aim
2008-02-24 15:25 . 2008-03-19 14:45   <DIR>   d--------   C:\Program Files\Viewpoint
2008-02-24 15:25 . 2008-02-24 15:25   <DIR>   d--------   C:\Program Files\AOD
2008-02-24 15:25 . 2008-02-26 02:27   <DIR>   d--------   C:\Program Files\AIM
2008-02-24 15:25 . 2004-02-25 13:05   348,160   --a------   C:\WINDOWS\system32\msvcr71.dll
2008-02-24 15:11 . 2007-07-30 19:19   549,720   --a------   C:\WINDOWS\system32\wuapi.dll
2008-02-24 15:11 . 2007-07-30 19:19   325,976   --a------   C:\WINDOWS\system32\wucltui.dll
2008-02-24 15:11 . 2007-07-30 19:19   216,408   --a------   C:\WINDOWS\system32\wuaucpl.cpl
2008-02-24 15:11 . 2007-07-30 19:19   43,352   --a------   C:\WINDOWS\system32\wups2.dll
2008-02-24 15:11 . 2007-07-30 19:18   34,136   --a------   C:\WINDOWS\system32\wucltui.dll.mui
2008-02-24 15:11 . 2007-07-30 19:18   33,624   --a------   C:\WINDOWS\system32\wups.dll
2008-02-24 15:11 . 2007-07-30 19:19   25,944   --a------   C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-02-24 15:11 . 2007-07-30 19:19   25,944   --a------   C:\WINDOWS\system32\wuapi.dll.mui
2008-02-24 15:11 . 2007-07-30 19:18   20,312   --a------   C:\WINDOWS\system32\wuaueng.dll.mui
2008-02-24 09:39 . 2001-08-17 12:20   96,256   --a------   C:\WINDOWS\system32\drivers\ac97intc.sys
2008-02-24 09:39 . 2001-08-17 12:20   96,256   --a--c---   C:\WINDOWS\system32\dllcache\ac97intc.sys
2008-02-23 10:19 . 2008-02-23 10:19   <DIR>   d---s----   C:\Documents and Settings\Administrator\UserData
2008-02-22 17:09 . 2008-02-22 17:09   <DIR>   d---s----   C:\WINDOWS\system32\Microsoft
2008-02-22 17:02 . 2008-03-19 14:45   <DIR>   d--------   C:\Program Files\Symantec
2008-02-22 17:02 . 2008-03-19 14:41   <DIR>   d--------   C:\Program Files\Common Files\Symantec Shared
2008-02-22 17:02 . 2008-02-22 17:02   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Symantec

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-16 16:52   12,464   ----a-w   C:\WINDOWS\system32\drivers\secdrv.sys
2008-02-22 16:53   ---------   d-----w   C:\Program Files\microsoft frontpage
2008-02-22 16:52   558,142   ----a-w   C:\WINDOWS\java\Packages\JBP37BB7.ZIP
2008-02-22 16:52   155,995   ----a-w   C:\WINDOWS\java\Packages\MSA8BHJD.ZIP
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2FFB00B3-AC14-4769-9E72-DA94E4E3824B}]
         C:\WINDOWS\System32\gebyx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cd55a793-17dc-4ac6-9c01-911aa881b605}]
         C:\WINDOWS\System32\caaobijq.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CoolSwitch"="C:\WINDOWS\System32\taskswitch.exe" [2002-03-19 12:30 45632]
"5011ee3b"="C:\WINDOWS\System32\rigwejfu.dll" [ ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-17 15:27 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-17 14:53 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcccbx]
ddcccbx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\5011ee3b]
C:\WINDOWS\System32\hxwyrthl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
--a------ 2007-11-16 19:20 91432 C:\Program Files\Cyberlink\Shared Files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-03-12 20:13 287040 C:\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM5322dda7]
C:\WINDOWS\System32\vpcaaewo.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM]
--a------ 2004-02-28 12:12 144896 C:\Program Files\AIM\\DeadAIM.ocm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--------- 2007-10-11 12:06 62760 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 06:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2007-10-28 09:35 72736 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-12-14 03:42 144784 C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=

R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2007-11-03 00:12]

*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 15:00:56
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\devldr32.exe
.
**************************************************************************
.
Completion time: 2008-03-19 15:03:12 - machine was rebooted
ComboFix-quarantined-files.txt  2008-03-19 20:03:09

18
Tech Clinic / Virus Found
« on: March 18, 2008, 04:10:54 PM »
[quote name=\'natro charlo\' post=\'424325\' date=\'Mar 18 2008, 01:03 PM\']when i try to click the save list option in the uninstall maniger hijackthis just simply exits..and it doesnt save anything should i write the list manually

also today when i booted my computer i get two messages..the one i wrote first up there and then also another one telling me that there is no disk in drive A: insert disk to continue[/quote]

Un-Install List

Ad-Aware 2007  
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 6.0
Adobe Shockwave Player
Ahead Nero 6 Demo
Alt-Tab Switcher Powertoy for Windows XP
AOL Instant Messenger
ATI Display Driver
avast! Antivirus
AVG 7.5
DAEMON Tools
DeadAIM
Diablo II
DivX Codec
Google Earth
Google Updater
HijackThis 2.0.2
Java(tm) 6 Update 4
Limewire PRO 4.17.1
Live Update 1.7(Symantec Corporation)
Medal of Honor Allied Assault(tm) Spearhead
Medal of Honor Allied Assault(tm) Spearhead
Medal of Honor Allied Assault(tm) Spearhead Patch
Monopoly
Mozilla Firefox (2.0.0.12)
Outerinfo
PowerDVD Ultra
Quake III Arena
Symantec Antivirus Client
TweakNow RegCleaner Standard
Viewpoint Media Player
Winamp
Windows Media Format Runtime
WinRAR archiver

19
Tech Clinic / Virus Found
« on: March 18, 2008, 01:03:50 PM »
when i try to click the save list option in the uninstall maniger hijackthis just simply exits..and it doesnt save anything should i write the list manually

also today when i booted my computer i get two messages..the one i wrote first up there and then also another one telling me that there is no disk in drive A: insert disk to continue

20
Tech Clinic / Virus Found
« on: March 17, 2008, 10:36:16 PM »
has been giving me lots of pop ups...i found an MS.pfx file or something in my windows folder and deleted it and i dont remember its exact name..also when i re start when my desktop first comes up i get an error failed to load c:\windows\system32/rigwejfu.dll says it cant be found....

here is my hijack log...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:29 PM, on 3/17/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\taskswitch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\System32\Rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\??curity\m?config.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [5011ee3b] rundll32.exe "C:\WINDOWS\System32\rigwejfu.dll",b
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BM5322dda7] Rundll32.exe "C:\WINDOWS\System32\vtlcpmfh.dll",s
O4 - HKCU\..\Run: [Ntur] "C:\WINDOWS\System32\ECURIT~1\nslookup.exe" -vt yazb
O4 - HKCU\..\Run: [Lcscugtf] "C:\Program Files\??curity\m?config.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1203883812328
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

--
End of file - 4530 bytes

Pages: [1]