 Infected With Bancos.ixq Trojan (ca Yahoo Antispy), It keeps on returning and I dont know what to do.. |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Aug 8 2008, 09:59 AM
Post
#1
|
|
|
New Member  Group: Members Posts: 1 Joined: 8-August 08 Member No.: 228,462  |
I also scanned my pc using AVAST antivirus and it found something it cannot repair,move to chest,or delete the infection. forgot the name though.. after that I keep getting this bancos.ixq trojan when scanning my pc with CA yahoo toolbar Here's the main.txt from DSS Deckard's System Scanner v20071014.68 Run by Konata Izumi on 2008-08-08 22:52:11 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- -- Last 5 Restore Point(s) -- 29: 2008-08-08 20:46:29 UTC - RP29 - Deckard's System Scanner Restore Point 28: 2008-08-07 20:19:37 UTC - RP28 - Restore Point (After Cacheman Tweak) 27: 2008-08-06 18:28:43 UTC - RP27 - System Checkpoint 26: 2008-08-04 20:23:24 UTC - RP26 - System Checkpoint 25: 2008-08-03 02:29:41 UTC - RP25 - Removed SUPERAntiSpyware Professional -- First Restore Point -- 1: 2008-07-27 22:17:33 UTC - RP1 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Konata Izumi.exe) ---------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:52:42 PM, on 8/8/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\WindowZones\WindowZones.sys C:\Program Files\WindowZones\WindowZones.sys C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\COMODO\SafeSurf\cssurf.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\WindowZones\WindowZones.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\WindowZones\WindowZones.exe C:\Program Files\Comodo\Firewall\cfp.exe C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\DNA\btdna.exe C:\Program Files\eBoostr\eBoostrCP.exe C:\PROGRA~1\CACHEM~1\CachemanXP.exe C:\Sun\SDK\jdk\bin\javaw.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\Program Files\eBoostr\EBstrSvc.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\WINDOWS\Integrator.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Program Files\Auto Shutdown Genius\ShutdownSvr.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Konata Izumi\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\KONATA~1.EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\PROGRA~1\SPEEDB~1\vaproxy.pac R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [WindowZones] C:\Program Files\WindowZones\WindowZones.exe -startminimize O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [SpeedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe" O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - Startup: Hare.lnk = C:\Program Files\Dachshund Software\Hare\Hare.exe O4 - Startup: SDK Tray Menu.lnk = ? O4 - Global Startup: eBoostr Control Panel.lnk = C:\Program Files\eBoostr\eBoostrCP.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1217180677484 O17 - HKLM\System\CCS\Services\Tcpip\..\{3451F08E-1BD6-47AA-A709-A9BAC5520F7C}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CS1\Services\Tcpip\..\{3451F08E-1BD6-47AA-A709-A9BAC5520F7C}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CS2\Services\Tcpip\..\{3451F08E-1BD6-47AA-A709-A9BAC5520F7C}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CS3\Services\Tcpip\..\{3451F08E-1BD6-47AA-A709-A9BAC5520F7C}: NameServer = 208.67.222.222,208.67.220.220 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\cssdll32.dll,wbsys.dll C:\WINDOWS\system32\guard32.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\PROGRA~1\CACHEM~1\CachemanXP.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: eBoostr Service (EBOOSTRSVC) - Unknown owner - C:\Program Files\eBoostr\EBstrSvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: Auto Shutdown Service (ShutdownService) - Unknown owner - C:\Program Files\Auto Shutdown Genius\ShutdownSvr.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe O23 - Service: WindowZones Service (WZSvc) - ByteCrusher - C:\Program Files\WindowZones\WindowZones.sys -- End of file - 9812 bytes -- File Associations ----------------------------------------------------------- .cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%* .cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 WindowZones (WindowZones Process Monitor Driver) - c:\program files\windowzones\windowzones.drv <Not Verified; ByteCrusher; WindowZones> R2 sbbotdi - c:\program files\speedbit video accelerator\sbbotdi.sys <Not Verified; SpeedBit Ltd.; Speedbit TDI Driver> S0 BootScreen - c:\windows\\systemroot\system32\drivers\vidstub.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 CachemanXPService (CachemanXP) - c:\progra~1\cachem~1\cachemanxp.exe <Not Verified; Outertech; > R2 EBOOSTRSVC (eBoostr Service) - "c:\program files\eboostr\ebstrsvc.exe" R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe R2 PLFlash DeviceIoControl Service - c:\windows\system32\ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application> R2 ShutdownService (Auto Shutdown Service) - c:\program files\auto shutdown genius\shutdownsvr.exe R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition> R2 WZSvc (WindowZones Service) - c:\program files\windowzones\windowzones.sys <Not Verified; ByteCrusher; WindowZones> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Files created between 2008-07-08 and 2008-08-08 ----------------------------- 2008-08-08 22:32:15 0 d-------- C:\Program Files\Trend Micro 2008-08-08 19:05:38 0 dr-h----- C:\Documents and Settings\Konata Izumi\Recent 2008-08-07 22:06:11 0 d-------- C:\Program Files\CachemanXP 2008-08-06 03:09:20 515 --ah----- C:\WINDOWS\wininf.dat 2008-08-06 03:09:16 0 d-------- C:\Program Files\Dachshund Software 2008-08-06 02:33:28 0 d-------- C:\Program Files\SpeedBit Video Accelerator 2008-08-05 19:16:58 65536 --a------ C:\WINDOWS\IFinst27.exe 2008-08-04 22:01:07 0 d-------- C:\Program Files\AskSBar 2008-08-03 22:45:07 0 d-------- C:\Program Files\Auto Shutdown Genius 2008-08-03 22:29:21 0 d-------- C:\WINDOWS\pss 2008-08-03 20:27:54 187392 --a------ C:\WINDOWS\system32\JPGUtils.dll 2008-08-03 20:27:53 0 d-------- C:\Program Files\WinCustomize 2008-08-03 13:06:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-03 04:29:46 0 d-------- C:\WINDOWS\system32\appmgmt 2008-08-03 04:21:01 0 d-------- C:\Program Files\Common Files\Stardock 2008-08-03 04:21:00 163712 --a------ C:\WINDOWS\system32\drivers\vidstub.sys 2008-08-03 04:05:49 0 d-------- C:\Program Files\Stardock 2008-08-03 04:03:59 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE 2008-08-03 00:59:00 0 d-------- C:\Program Files\StepMania 2008-08-02 12:08:12 0 d-------- C:\Documents and Settings\Konata Izumi\Application Data\Sun 2008-08-01 21:43:55 0 d-------- C:\Program Files\WindowZones 2008-08-01 18:29:55 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows> 2008-08-01 15:18:33 0 d-------- C:\Program Files\e-Games 2008-08-01 12:57:38 0 d-------- C:\Documents and Settings\Konata Izumi\Application Data\fretsonfire 2008-08-01 12:57:30 0 d-------- C:\Program Files\Frets on Fire 2008-08-01 05:56:11 0 d-------- C:\Documents and Settings\Konata Izumi\.netbeans-derby 2008-08-01 05:55:05 0 d-------- C:\Documents and Settings\Konata Izumi\.netbeans 2008-08-01 05:51:59 0 d-------- C:\Documents and Settings\Konata Izumi\.netbeans-registration 2008-08-01 05:48:39 0 d-------- C:\Program Files\glassfish-v2ur2 2008-08-01 05:37:07 0 d-------- C:\Program Files\NetBeans 6.1 2008-08-01 05:29:43 23434 --a------ C:\WINDOWS\system32\productregistry 2008-08-01 05:27:37 0 d-------- C:\Sun 2008-08-01 05:22:37 0 d-------- C:\Program Files\Veoh Networks 2008-08-01 05:22:03 0 d-------- C:\WINDOWS\Downloaded Installations 2008-08-01 03:05:29 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2008-08-01 02:47:00 0 d-------- C:\Documents and Settings\Konata Izumi\.nbi 2008-08-01 02:45:13 0 d-------- C:\Program Files\Java 2008-08-01 02:42:44 0 d-------- C:\Program Files\Common Files\Java 2008-08-01 02:31:43 0 d-------- C:\Documents and Settings\Konata Izumi\Application Data\BitTorrent 2008-08-01 02:31:33 0 d-------- C:\Program Files\DNA 2008-08-01 02:31:33 0 d-------- C:\Documents and Settings\Konata Izumi\Application Data\DNA 2008-08-01 02:31:32 0 d-------- C:\Program Files\BitTorrent 2008-07-30 13:03:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2008-07-30 13:00:24 0 d-------- C:\Program Files\Microsoft Works 2008-07-30 13:00:15 0 d-------- C:\Program Files\MSBuild 2008-07-30 12:57:20 0 d-------- C:\WINDOWS\SHELLNEW 2008-07-30 12:56:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-07-30 12:56:10 0 dr-h----- C:\MSOCache 2008-07-29 16:25:02 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-07-29 16:24:56 0 d-------- C:\Program Files\SUPERAntiSpyware 2008-07-29 16:24:56 0 d-------- C:\Documents and Settings\Konata Izumi\Application Data\SUPERAntiSpyware.com 2008-07-29 03:07:44 0 d-------- C:\Documents and Settings\Konata Izumi\Application Data\Comodo 2008-07-28 05:15:53 0 d-------- C:\Program Files\Windows Media Connect 2 2008-07-28 05:14:43 0 d-------- C:\WINDOWS\system32\LogFiles 2008-07-28 05:14:43 0 d-------- C:\WINDOWS\system32\drivers\UMDF 2008-07-28 05:02:48 0 d-------- C:\Program Files\MSXML 4.0 2008-07-28 02:06:17 0 d--hs---- C:\WINDOWS\Installer 2008-07-28 02:06:16 0 d-------- C:\Program Files\Common Files\ODBC 2008-07-28 02:06:13 0 d-------- C:\Program Files\Common Files\SpeechEngines 2008-07-28 02:06:12 0 dr------- C:\Program Files 2008-07-28 02:06:12 0 d-------- C:\Program Files\Common Files 2008-07-28 02:05:41 0 d--h----- C:\Documents and Settings\Default User\Templates 2008-07-28 02:05:41 0 dr------- C:\Documents and Settings\Default User\Start Menu 2008-07-28 02:05:41 0 dr-h----- C:\Documents and Settings\Default User\SendTo 2008-07-28 02:05:41 0 d--h----- C:\Documents and Settings\Default User\Recent 2008-07-28 02:05:41 0 d--h----- C:\Documents and Settings\Default User\PrintHood 2008-07-28 02:05:41 0 d--h----- C:\Documents and Settings\Default User\NetHood 2008-07-28 02:05:41 0 d-------- C:\Documents and Settings\Default User\My Documents 2008-07-28 02:05:41 0 dr-h----- C:\Documents and Settings\Default User\Local Settings 2008-07-28 02:05:41 0 d-------- C:\Documents and Settings\Default User\Favorites 2008-07-28 02:05:41 0 d-------- C:\Documents and Settings\Default User\Desktop 2008-07-28 02:05:41 0 d---s---- C:\Documents and Settings\Default User\Cookies 2008-07-28 02:05:41 0 d--h----- C:\Documents and Settings\All Users\Templates 2008-07-28 02:05:41 0 dr------- C:\Documents and Settings\All Users\Start Menu 2008-07-28 02:05:41 0 d-------- C:\Documents and Settings\All Users\Favorites 2008-07-28 02:05:41 0 dr------- C:\Documents and Settings\All Users\Documents 2008-07-28 02:05:41 0 d-------- C:\Documents and Settings\All Users\Desktop 2008-07-28 02:04:15 0 d-------- C:\WINDOWS\system32\CatRoot2 2008-07-28 02:04:15 0 d-------- C:\WINDOWS\system32\CatRoot 2008-07-28 02:04:09 0 dr-h----- C:\Documents and Settings\Default User\Application Data 2008-07-28 02:04:09 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft 2008-07-28 02:04:09 0 dr-h----- C:\Documents and Settings\All Users\Application Data 2008-07-28 02:04:09 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft 2008-07-28 02:03:47 0 d-------- C:\Documents and Settings 2008-07-28 02:03:46 0 d--hs---- C:\System Volume Information 2008-07-28 01:59:20 0 d-------- C:\WINDOWS 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\WinSxS 2008-07-28 01:59:20 0 dr------- C:\WINDOWS\Web 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\twain_32 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\wins 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\wbem 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\usmt 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\spool 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\ShellExt 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\Setup 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\scripting 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\ras 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\oobe 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\npp 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\mui 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\inetsrv 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\IME 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\icsxml 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\ias 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\export 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\en 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\drivers 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\drivers\etc 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\drivers\disdn 2008-07-28 01:59:20 0 dr-hs--c- C:\WINDOWS\system32\dllcache 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\dhcp 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\config 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\3com_dmi 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\3076 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\2052 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\1054 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\1042 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\1041 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\1037 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\1033 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\1031 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\1028 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\1025 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\security 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\Resources 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\repair 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\Provisioning 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\PeerNet 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\pchealth 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\Network Diagnostic 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\mui 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\msapps 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\msagent 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\Media 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\L2Schemas 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\java 2008-07-28 01:59:20 0 d--h----- C:\WINDOWS\inf 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\ime 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\Help 2008-07-28 01:59:20 0 dr--s---- C:\WINDOWS\Fonts 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\ehome 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\Driver Cache 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\Debug 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\Cursors 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\Connection Wizard 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\Config 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\AppPatch 2008-07-28 01:59:20 0 d-------- C:\WINDOWS\addins 2008-07-28 00:22:31 0 d-------- C:\WINDOWS\system32\Lang 2008-07-28 00:20:32 0 d-------- C:\WINDOWS\system32\ReinstallBackups 2008-07-28 00:20:30 0 d------c- C:\WINDOWS\system32\DRVSTORE 2008-07-28 00:20:30 0 d-------- C:\Program Files\Intel 2008-07-28 00:20:28 0 d-------- C:\Intel 2008-07-28 00:19:29 0 d-------- C:\WINDOWS\system32\Tools 2008-07-28 00:19:19 0 d-------- C:\Program Files\Common Files\InstallShield 2008-07-28 00:18:26 4864 -ra------ C:\WINDOWS\system32\drivers\PortIo.sys <Not Verified; Windows ® Codename Longhorn DDK provider; Windows ® Codename Longhorn DDK driver> 2008-07-28 00:17:23 0 d-------- C:\Documents and Settings\Konata Izumi\Application Data\Identities 2008-07-28 00:17:11 0 d--h----- C:\Documents and Settings\Konata Izumi\Templates 2008-07-28 00:17:11 0 dr------- C:\Documents and Settings\Konata Izumi\Start Menu 2008-07-28 00:17:11 0 dr-h----- C:\Documents and Settings\Konata Izumi\SendTo 2008-07-28 00:17:11 0 d--h----- C:\Documents and Settings\Konata Izumi\PrintHood 2008-07-28 00:17:11 6291456 --ah----- C:\Documents and Settings\Konata Izumi\NTUSER.DAT 2008-07-28 00:17:11 0 d--h----- C:\Documents and Settings\Konata Izumi\NetHood 2008-07-28 00:17:11 0 dr------- C:\Documents and Settings\Konata Izumi\My Documents 2008-07-28 00:17:11 0 d--h----- C:\Documents and Settings\Konata Izumi\Local Settings 2008-07-28 00:17:11 0 dr------- C:\Documents and Settings\Konata Izumi\Favorites 2008-07-28 00:17:11 0 d-------- C:\Documents and Settings\Konata Izumi\Desktop 2008-07-28 00:17:11 0 d--hs---- C:\Documents and Settings\Konata Izumi\Cookies 2008-07-28 00:17:11 0 dr-h----- C:\Documents and Settings\Konata Izumi\Application Data 2008-07-28 00:16:32 0 d-------- C:\WINDOWS\SoftwareDistribution 2008-07-28 00:16:30 0 d---s---- C:\WINDOWS\system32\Microsoft 2008-07-28 00:16:30 0 d-------- C:\WINDOWS\Prefetch 2008-07-28 00:16:29 241664 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT 2008-07-28 00:16:29 0 d--h----- C:\Documents and Settings\LocalService\Local Settings 2008-07-28 00:16:29 0 d--hs---- C:\Documents and Settings\LocalService\Cookies 2008-07-28 00:16:29 0 d-------- C:\Documents and Settings\LocalService\Application Data 2008-07-28 00:16:29 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft 2008-07-28 00:16:10 241664 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT 2008-07-28 00:16:10 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings 2008-07-28 00:16:10 0 d---s---- C:\Documents and Settings\NetworkService\Cookies 2008-07-28 00:16:10 0 d-------- C:\Documents and Settings\NetworkService\Application Data 2008-07-28 00:16:10 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft 2008-07-28 00:13:59 0 d-------- C:\WINDOWS\system32\xircom 2008-07-28 00:13:59 0 d-------- C:\Program Files\microsoft frontpage 2008-07-28 00:13:52 241664 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT 2008-07-28 00:13:41 0 -rahs---- C:\MSDOS.SYS 2008-07-28 00:13:41 0 -rahs---- C:\IO.SYS 2008-07-28 00:13:41 0 --a------ C:\CONFIG.SYS 2008-07-28 00:13:41 0 --a------ C:\AUTOEXEC.BAT 2008-07-28 00:12:58 0 d--hs---- C:\Documents and Settings\All Users\DRM 2008-07-28 00:12:50 0 dr------- C:\WINDOWS\Offline Web Pages 2008-07-28 00:12:50 0 d---s---- C:\WINDOWS\Downloaded Program Files 2008-07-28 00:12:43 0 d--h----- C:\Program Files\WindowsUpdate 2008-07-28 00:12:23 0 d-------- C:\WINDOWS\system32\DirectX 2008-07-28 00:12:01 0 d---s---- C:\WINDOWS\Tasks 2008-07-28 00:12:00 0 d-------- C:\Program Files\Common Files\MSSoap 2008-07-28 00:11:55 0 d-------- C:\WINDOWS\srchasst 2008-07-28 00:11:54 0 d-------- C:\WINDOWS\system32\Macromed 2008-07-28 00:11:45 0 d-------- C:\Program Files\Movie Maker 2008-07-28 00:11:19 0 d-------- C:\WINDOWS\system32\Restore 2008-07-28 00:10:44 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat 2008-07-28 00:10:29 0 d-------- C:\WINDOWS\Registration 2008-07-28 00:10:23 0 d-------- C:\Program Files\Online Services 2008-07-28 00:10:17 0 d-------- C:\Program Files\Messenger 2008-07-28 00:10:12 0 d-------- C:\Program Files\MSN Gaming Zone 2008-07-28 00:09:32 0 d-------- C:\Program Files\Windows NT 2008-07-28 00:09:27 0 d-------- C:\WINDOWS\system32\MsDtc 2008-07-28 00:09:24 0 d-------- C:\WINDOWS\system32\Com 2008-07-27 23:52:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo 2008-07-27 23:52:03 216576 --a------ C:\WINDOWS\system32\monln.dll <Not Verified; Comodo Inc.; Comodo Anti-Viruspyware> 2008-07-27 23:52:01 0 d-------- C:\Program Files\Comodo 2008-07-27 21:13:34 0 d-------- C:\Documents and Settings\Konata Izumi\Application Data\Nero 2008-07-27 21:12:01 0 d-------- C:\Program Files\Nero 2008-07-27 21:12:01 0 d-------- C:\Program Files\Common Files\Nero 2008-07-27 21:12:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero 2008-07-27 21:11:21 0 d-------- C:\WINDOWS\RegisteredPackages 2008-07-27 21:01:46 0 d-------- C:\Documents and Settings\All Users\Application Data\eboostr 2008-07-27 21:01:38 0 d-------- C:\Program Files\eBoostr 2008-07-27 19:47:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2008-07-27 19:47:21 0 d-------- C:\WINDOWS\system32\PreInstall 2008-07-27 19:47:20 0 d--h----- C:\WINDOWS\$hf_mig$ 2008-07-27 19:45:15 0 d-------- C:\WINDOWS\system32\SoftwareDistribution 2008-07-27 19:44:27 0 d--hs---- C:\Documents and Settings\Konata Izumi\UserData 2008-07-27 19:32:48 0 d-------- C:\Program Files\Defraggler 2008-07-27 19:29:55 0 d-------- C:\Documents and Settings\Konata Izumi\Application Data\Yahoo! 2008-07-27 19:29:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-07-27 19:29:51 0 d-------- C:\Program Files\Garena 2008-07-27 19:29:42 0 d-------- C:\Documents and Settings\Konata Izumi\Application Data\InstallShield 2008-07-27 19:25:40 0 d-------- C:\Program Files\CCleaner 2008-07-27 19:24:00 0 d-------- C:\Program Files\Common Files\Scanner 2008-07-27 19:23:58 0 d-------- C:\Program Files\CA Yahoo! Anti-Spy 2008-07-27 19:16:04 35378 --a------ C:\WINDOWS\DIIUnin.dat 2008-07-27 19:16:02 2829 --a------ C:\WINDOWS\DIIUnin.pif 2008-07-27 19:16:02 94208 --a------ C:\WINDOWS\DIIUnin.exe <Not Verified; Blizzard Entertainment; Diablo II Uninstaller> 2008-07-27 19:09:57 0 d-------- C:\Program Files\Diablo II 2008-07-27 19:07:13 0 d-------- C:\Documents and Settings\Konata Izumi\Application Data\Macromedia 2008-07-27 19:06:58 0 d-------- C:\Documents and Settings\Konata Izumi\Application Data\Adobe 2008-07-27 19:06:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! 2008-07-27 19:05:27 0 d-------- C:\Program Files\Yahoo! 2008-07-27 18:55:50 0 d-------- C:\Program Files\Alwil Software 2008-07-27 18:54:25 0 --a------ C:\WINDOWS\nsreg.dat 2008-07-27 18:54:23 0 d-------- C:\Documents and Settings\Konata Izumi\Application Data\Mozilla 2008-07-27 18:37:51 0 d-------- C:\Program Files\Alcohol Soft 2008-07-27 18:36:13 716272 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-07-27 18:34:27 0 d-------- C:\Documents and Settings\All Users\Application Data\WinZip 2008-07-27 18:21:22 49152 -r------- C:\WINDOWS\system32\ChCfg.exe 2008-07-27 18:21:07 0 d-------- C:\WINDOWS\system32\RTCOM 2008-07-27 18:20:48 0 d-------- C:\Program Files\Realtek 2008-07-27 18:20:47 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-07-27 18:20:41 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program> 2008-07-27 18:20:40 520192 -r------- C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library> -- Find3M Report --------------------------------------------------------------- 2008-08-08 22:50:46 61 --a------ C:\WINDOWS\hare.dat 2008-08-08 18:26:43 4527616 --a------ C:\WINDOWS\system32\logonuiX.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2008-07-28 02:05:41 62 --ahs---- C:\Documents and Settings\Konata Izumi\Application Data\desktop.ini -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}] 08/04/2008 10:01 PM 262144 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [08/04/2008 10:01 PM 262144] [-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [04/20/2007 07:57 AM] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [04/20/2007 07:57 AM] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [04/20/2007 07:57 AM] "RTHDCPL"="RTHDCPL.EXE" [04/12/2007 11:33 AM C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [04/13/2007 09:36 AM C:\WINDOWS\SkyTel.exe] "Alcmtr"="ALCMTR.EXE" [05/03/2005 12:43 PM C:\WINDOWS\Alcmtr.exe] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [04/28/2008 05:14 PM] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [02/18/2008 05:29 PM] "COMODO SafeSurf"="C:\Program Files\COMODO\SafeSurf\cssurf.exe" [07/29/2008 03:08 AM] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/26/2006 06:47 PM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/09/2008 10:27 PM] "WindowZones"="C:\Program Files\WindowZones\WindowZones.exe" [02/21/2007 09:33 AM] "BootSkin Startup Jobs"="C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [04/26/2004 10:21 AM] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [07/19/2008 04:38 PM] "LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [09/03/2002 12:38 PM] "COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\cfp.exe" [08/06/2008 02:28 AM] "SpeedBitVideoAccelerator"="C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe" [08/06/2008 02:33 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [07/27/2008 07:28 PM] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 05:43 PM] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 04:00 PM] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [02/28/2008 06:07 PM] "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [08/01/2008 02:31 AM] "@"="" [] C:\Documents and Settings\Konata Izumi\Start Menu\Programs\Startup\ Hare.lnk - C:\Program Files\Dachshund Software\Hare\Hare.exe [9/21/2002 12:26:40 PM] SDK Tray Menu.lnk - C:\Sun\SDK\jdk\bin\javaw.exe [8/1/2008 5:29:22 AM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ eBoostr Control Panel.lnk - C:\Program Files\eBoostr\eBoostrCP.exe [5/19/2008 7:55:22 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "RunStartupScriptSync"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMBalloonTip"=0 (0x0) "NoDesktopCleanupWizard"=1 (0x1) "NoLowDiskSpaceChecks"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy] C:\WINDOWS\System32\dimsntfy.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBSrv.dll 08/03/2008 04:06 AM 210168 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"= C:\WINDOWS\system32\cssdll32.dll,wbsys.dll C:\WINDOWS\system32\guard32.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Auto Shutdown Genius] C:\Program Files\Auto Shutdown Genius\Shutdown.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] eapsvcs eaphost dot3svc dot3svc HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs napagent hkmsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b68d436-5bfa-11dd-8c29-001bb9adbd67}] AutoRun\command- E:\SETUP.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3e0ba22-5e25-11dd-8c40-001bb9adbd67}] AutoRun\command- I:\rqb0v2ot.bat explore\Command- I:\rqb0v2ot.bat open\Command- I:\rqb0v2ot.bat -- Hosts ----------------------------------------------------------------------- 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 8940 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2008-08-08 22:53:35 ------------ and this is the extra.txt from DSS Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 3.0 Architecture: X86; Language: English CPU 0: Intel® Core™2 Duo CPU E4500 @ 2.20GHz Percentage of Memory in Use: 50% Physical Memory (total/avail): 1014.17 MiB / 500.89 MiB Pagefile Memory (total/avail): 2443.26 MiB / 1983.41 MiB Virtual Memory (total/avail): 2047.88 MiB / 1868.19 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 97.66 GiB total, 81.45 GiB free. D: is Fixed (NTFS) - 51.39 GiB total, 49.26 GiB free. E: is CDROM (CDFS) F: is CDROM (No Media) G: is Removable (FAT32) H: is Fixed (NTFS) - 74.53 GiB total, 9.72 GiB free. \\.\PHYSICALDRIVE1 - Hitachi HDS721680PLA380 - 74.53 GiB - 1 partition \PARTITION0 - Installable File System - 74.53 GiB - H: \\.\PHYSICALDRIVE0 - WDC WD1600AAJS-00PSA0 - 149.05 GiB - 2 partitions \PARTITION0 (bootable) - Installable File System - 97.66 GiB - C: \PARTITION1 - Extended w/Extended Int 13 - 51.39 GiB - D: \\.\PHYSICALDRIVE2 - JetFlash TS2GJFV60 USB Device - 1937.53 MiB - 1 partition \PARTITION0 - Unknown - 1937.22 MiB - G: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Konata Izumi\Application Data CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=XPSP3-WBB ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Konata Izumi LOGONSERVER=\\XPSP3-WBB NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Sun\SDK\bin PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0f0d ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\KONATA~1\LOCALS~1\Temp TMP=C:\DOCUME~1\KONATA~1\LOCALS~1\Temp USERDOMAIN=XPSP3-WBB USERNAME=Konata Izumi USERPROFILE=C:\Documents and Settings\Konata Izumi windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Konata Izumi (admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE --> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL --> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL --> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL --> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL --> C:\WINDOWS\UNRecode.exe /UNINSTALL --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Ask Toolbar --> rundll32 C:\PROGRA~1\AskSBar\bar\1.bin\AskSBar.dll,O Auto Shutdown Genius 2.2.8 --> "C:\Program Files\Auto Shutdown Genius\unins000.exe" avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup BitTorrent --> C:\Program Files\BitTorrent\uninst.exe BootSkin --> C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\UNWISE.EXE C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\INSTALL.LOG CA Yahoo! Anti-Spy (remove only) --> "C:\Program Files\CA Yahoo! Anti-Spy\uninstall.exe" CachemanXP 1.7.0.1 --> C:\PROGRA~1\CACHEM~1\UNINST~1\Trialpay.exe C:\PROGRA~1\CACHEM~1\UNINST~1\install.log CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" ClearType Tuning Control Panel Applet --> MsiExec.exe /I{C9E4932C-8417-4E4C-A0E3-EE534810AB4D} COMODO Firewall Pro --> C:\Program Files\COMODO\Firewall\cfpconfg.exe -u COMODO SafeSurf --> C:\Program Files\COMODO\SafeSurf\cssconfg.exe -u Defraggler (remove only) --> "C:\Program Files\Defraggler\uninst.exe" Diablo II --> C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL eBoostr 2 --> C:\Program Files\eBoostr\uninstall.exe Frets On Fire --> "C:\Program Files\Frets on Fire\Uninstall.exe" Garena --> C:\Program Files\InstallShield Installation Information\{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}\setup.exe -runfromtemp -l0x0009 -removeonly GlassFish V2 UR2 --> "C:\Program Files\glassfish-v2ur2\uninstall.exe" Hare 1.5.1 --> "C:\Program Files\Dachshund Software\Hare\Uninstall.exe" "C:\Program Files\Dachshund Software\Hare\install.log" HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Intel® Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall Java Platform, Enterprise Edition 5 SDK --> "C:\Sun\SDK\uninstall.exe" -javahome "C:\Sun\SDK\jdk" Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} LogonStudio --> C:\PROGRA~1\WINCUS~1\LOGONS~1\UNWISE.EXE C:\PROGRA~1\WINCUS~1\LOGONS~1\INSTALL.LOG Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE} Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE} Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE} Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE} Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE} Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE} Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Ultimate 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ULTIMATER /dll OSETUP.DLL Microsoft Office Ultimate 2007 --> MsiExec.exe /X{91120000-002E-0000-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe Nero 8 --> MsiExec.exe /X{3C5F1B30-B10B-4579-86DD-D00F662E1033} neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} NetBeans IDE 6.1 --> "C:\Program Files\NetBeans 6.1\uninstall.exe" O2jam --> "C:\Program Files\e-Games\O2jam\uninstall.exe" Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly SpeedBit Video Accelerator --> C:\PROGRA~1\SPEEDB~1\UNWISE.EXE C:\PROGRA~1\SPEEDB~1\INSTALL.LOG Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" StepMania (remove only) --> "C:\Program Files\StepMania\uninstall.exe" Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta" VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027} VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409 WindowBlinds --> C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\INSTALL.LOG Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" WindowZones 1.0 --> "C:\Program Files\WindowZones\unins000.exe" WinZip 11.2 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6} Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE -- Application Event Log ------------------------------------------------------- Event Record #/Type455 / Warning Event Submitted/Written: 08/08/2008 07:09:54 PM Event ID/Source: 1524 / Userenv Event Description: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use. Event Record #/Type357 / Warning Event Submitted/Written: 08/03/2008 09:17:14 PM Event ID/Source: 63 / WinMgmt Event Description: A provider, OffProv12, has been registered in the WMI namespace, Root\MSAPPS12, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Event Record #/Type356 / Warning Event Submitted/Written: 08/03/2008 09:17:14 PM Event ID/Source: 63 / WinMgmt Event Description: A provider, OffProv12, has been registered in the WMI namespace, Root\MSAPPS12, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Event Record #/Type263 / Error Event Submitted/Written: 08/01/2008 05:23:53 AM Event ID/Source: 11904 / MsiInstaller Event Description: Product: VeohTV BETA -- Error 1904.Module C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll failed to register. HRESULT -2147220473. Contact your support personnel. Event Record #/Type259 / Warning Event Submitted/Written: 08/01/2008 03:01:50 AM Event ID/Source: 2002 / LoadPerf Event Description: The MOF file created for the Outlook service could not be loaded. The error code returned by the MOF Compiler is contained in the Record Data. Before the performance counters of this service can be collected by WMI the MOF file will need to be loaded manually. Contact the vendor of this service for additional information. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type2757 / Error Event Submitted/Written: 08/08/2008 08:00:48 PM Event ID/Source: 7023 / Service Control Manager Event Description: The DNS Client service terminated with the following error: %%1714 Event Record #/Type2752 / Error Event Submitted/Written: 08/08/2008 08:00:48 PM Event ID/Source: 11004 / dnscache Event Description: Unable to start DNS Client service. Could not start the Remote Procedure Call (RPC) interface for this service. To correct the problem, you may restart the RPC and DNS Client services. To do so, use the following commands at a command prompt: (1) type "net start rpc" to start the RPC service, and (2) type "net start dnscache" to start the DNS Client service. For specific error code information, see the record data displayed below. Event Record #/Type2749 / Error Event Submitted/Written: 08/08/2008 08:00:40 PM Event ID/Source: 7023 / Service Control Manager Event Description: The DNS Client service terminated with the following error: %%1714 Event Record #/Type2744 / Error Event Submitted/Written: 08/08/2008 08:00:40 PM Event ID/Source: 11004 / dnscache Event Description: Unable to start DNS Client service. Could not start the Remote Procedure Call (RPC) interface for this service. To correct the problem, you may restart the RPC and DNS Client services. To do so, use the following commands at a command prompt: (1) type "net start rpc" to start the RPC service, and (2) type "net start dnscache" to start the DNS Client service. For specific error code information, see the record data displayed below. Event Record #/Type2717 / Warning Event Submitted/Written: 08/08/2008 08:00:14 PM Event ID/Source: 1007 / Dhcp Event Description: Your computer has automatically configured the IP address for the Network Card with network address 001BB9ADBD67. The IP address being used is 169.254.43.116. -- End of Deckard's System Scanner: finished at 2008-08-08 22:53:35 ------------ |
 |
 
|
|
Aug 19 2008, 05:42 AM
Post
#2
|
|
 Koutsi Group: HJT Team Coach Posts: 5,768 Joined: 8-July 06 From: Finland Member No.: 75,186 |
Hello and welcome to BC
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware. Thanks and again sorry for the delay. Please see here for instructions how to install HijackThis and make a logfile. Save it into convenient location and include it to your next reply, please. Next Please do a scan with Kaspersky Online Scanner Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan. Click on the Accept button and install any components it needs.
Please post back with HijackThis log and Kaspersky report. Regards -------------------- Microsoft MVP Consumer Security
  |
|
|
|
|
Aug 24 2008, 05:19 AM
Post
#3
|
|
|
Koutsi Group: HJT Team Coach Posts: 5,768 Joined: 8-July 06 From: Finland Member No.: 75,186 |
Due to the lack of feedback this Topic is closed.
If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic. -------------------- Microsoft MVP Consumer Security
|
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 21st November 2009 - 07:36 PM |
© 2003-2009 All Rights Reserved Bleeping Computer LLC.