Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blue Screen Background/ Antivirus Xp 2008/ Malware


  • Please log in to reply
9 replies to this topic

#1 Chaves

Chaves

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:09:20 AM

Posted 08 July 2008 - 02:33 PM

When ever i log into my computer i have a blue background saying im infected. Then i get a pop up of AntiVirus XP 2008. Iv tried using Smitfraudfix but didn't work.

Heres my Hijack File.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:15:56, on 7/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\wltray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\lphc9acj0epba.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\rhccacj0epba\rhccacj0epba.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\AdVantage\AdVantage.exe
C:\WINDOWS\system32\pphc9acj0epba.exe
C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\utility.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11A7A749-0381-4AE2-940B-27EC006D6006} - C:\WINDOWS\system32\mlJyWqnN.dll (file missing)
O2 - BHO: (no name) - {152E341C-D055-4F6D-9043-C5053818FCF1} - C:\WINDOWS\system32\wvUnNhhg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: {fa1512d3-8744-ad59-43f4-6f619715042f} - {f2405179-16f6-4f34-95da-44783d2151af} - C:\WINDOWS\system32\jijgou.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [lphc9acj0epba] C:\WINDOWS\system32\lphc9acj0epba.exe
O4 - HKLM\..\Run: [SMshceacj0epba] C:\Program Files\shceacj0epba\shceacj0epba.exe
O4 - HKLM\..\Run: [94bc180a] rundll32.exe "C:\WINDOWS\system32\rfwmedwv.dll",b
O4 - HKLM\..\Run: [SMrhccacj0epba] C:\Program Files\rhccacj0epba\rhccacj0epba.exe
O4 - HKLM\..\Run: [BM978f2b96] Rundll32.exe "C:\WINDOWS\system32\hdxcrqfi.dll",s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [kfqk] C:\PROGRA~1\COMMON~1\kfqk\kfqkm.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKCU\..\Policies\Explorer\Run: [{94BC18A5-0BB8-1033-1228-040124060001}] "C:\Program Files\Common Files\{94BC18A5-0BB8-1033-1228-040124060001}\Update.exe" mc-110-12-0000140
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{94BC18A5-0BB8-1033-1228-040124060001}] "C:\Program Files\Common Files\{94BC18A5-0BB8-1033-1228-040124060001}\Update.exe" mc-110-12-0000140 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{94BC18A5-0BB8-1033-1228-040124060001}] "C:\Program Files\Common Files\{94BC18A5-0BB8-1033-1228-040124060001}\Update.exe" mc-110-12-0000140 (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: Registration IL-2 Sturmovik 1946.LNK = C:\Program Files\Ubisoft\IL-2 Sturmovik 1946\RegistrationReminder.exe
O4 - Global Startup: Belkin 802.11g Wireless PCI Card Configuration Utility.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab
O20 - AppInit_DLLs: dxclib303562752.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: mlJyWqnN - mlJyWqnN.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NNServ - Unknown owner - C:\Program Files\NewDotNet\nnrun.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe (file missing)
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe (file missing)

--
End of file - 8203 bytes


Ty in advance.

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 10 July 2008 - 12:31 PM

Hello, my name is fenzodahl512 and welcome to BC.. Please do the following...


Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • Please let your firewall allow the scanning/downloading process.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
If you are using Vista, you need to right-click at dss.exe icon and choose Run as Administrator



Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 Chaves

Chaves
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:09:20 AM

Posted 10 July 2008 - 04:45 PM

Yay thanks for helping. :thumbsup:
Here are my lists:

MAIN:
Deckard's System Scanner v20071014.68
Run by Thomas on 2008-07-10 17:31:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
88: 2008-07-10 21:31:35 UTC - RP617 - Deckard's System Scanner Restore Point
87: 2008-07-01 03:08:13 UTC - RP616 - System Checkpoint
86: 2008-06-30 02:07:58 UTC - RP615 - Last known good configuration
85: 2008-06-30 02:07:52 UTC - RP614 - SPTD setup V1.56
84: 2008-06-30 02:07:52 UTC - RP613 - Installed Rosetta Stone V3.


-- First Restore Point --
1: 2008-06-30 02:07:39 UTC - RP530 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Thomas.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:33:21, on 7/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\wltray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\lphc9acj0epba.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\AdVantage\AdVantage.exe
C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\utility.exe
C:\WINDOWS\system32\pphc9acj0epba.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Documents and Settings\Thomas\Local Settings\Temp\.ttC.tmp
C:\Documents and Settings\Thomas\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Thomas.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11A7A749-0381-4AE2-940B-27EC006D6006} - C:\WINDOWS\system32\mlJyWqnN.dll (file missing)
O2 - BHO: (no name) - {152E341C-D055-4F6D-9043-C5053818FCF1} - C:\WINDOWS\system32\wvUnNhhg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: {fa1512d3-8744-ad59-43f4-6f619715042f} - {f2405179-16f6-4f34-95da-44783d2151af} - C:\WINDOWS\system32\jijgou.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [lphc9acj0epba] C:\WINDOWS\system32\lphc9acj0epba.exe
O4 - HKLM\..\Run: [SMshceacj0epba] C:\Program Files\shceacj0epba\shceacj0epba.exe
O4 - HKLM\..\Run: [94bc180a] rundll32.exe "C:\WINDOWS\system32\rfwmedwv.dll",b
O4 - HKLM\..\Run: [SMrhccacj0epba] C:\Program Files\rhccacj0epba\rhccacj0epba.exe
O4 - HKLM\..\Run: [BM978f2b96] Rundll32.exe "C:\WINDOWS\system32\hdxcrqfi.dll",s
O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [kfqk] C:\PROGRA~1\COMMON~1\kfqk\kfqkm.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKCU\..\Policies\Explorer\Run: [{94BC18A5-0BB8-1033-1228-040124060001}] "C:\Program Files\Common Files\{94BC18A5-0BB8-1033-1228-040124060001}\Update.exe" mc-110-12-0000140
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{94BC18A5-0BB8-1033-1228-040124060001}] "C:\Program Files\Common Files\{94BC18A5-0BB8-1033-1228-040124060001}\Update.exe" mc-110-12-0000140 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{94BC18A5-0BB8-1033-1228-040124060001}] "C:\Program Files\Common Files\{94BC18A5-0BB8-1033-1228-040124060001}\Update.exe" mc-110-12-0000140 (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: Registration IL-2 Sturmovik 1946.LNK = C:\Program Files\Ubisoft\IL-2 Sturmovik 1946\RegistrationReminder.exe
O4 - Global Startup: Belkin 802.11g Wireless PCI Card Configuration Utility.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab
O20 - AppInit_DLLs: dxclib303562752.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: mlJyWqnN - mlJyWqnN.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NNServ - Unknown owner - C:\Program Files\NewDotNet\nnrun.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe (file missing)
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe (file missing)

--
End of file - 8408 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
R3 DNINDIS5 (DNINDIS5 NDIS Protocol Driver) - c:\program files\belkin\belkin 802.11g wireless pci card configuration utility\dnindis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S1 core - c:\windows\system32\drivers\core.sys (file missing)
S3 hamachi_oem (PlayLinc Adapter) - c:\windows\system32\drivers\gan_adapter.sys <Not Verified; Applied Networking Inc.; Hamachi Virtual Network Interface Driver, OEM>
S3 sysrest.sys - c:\windows\system32\sysrest.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 NNServ - "c:\program files\newdotnet\nnrun.exe" "c:\program files\newdotnet\nncore.dll" servicestart (file missing)
S2 ProtexisLicensing - c:\windows\system32\psiservice.exe (file missing)
S2 wltrysvc (Broadcom Wireless LAN Tray Service) - c:\windows\system32\wltrysvc.exe c:\windows\system32\bcmwltry.exe (file missing)
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-06-10 and 2008-07-10 -----------------------------

2008-07-10 17:30:14 23040 --a------ C:\WINDOWS\system32\sysrest32.exe
2008-07-08 14:58:14 0 d-------- C:\Program Files\Trend Micro
2008-07-08 14:33:16 2188 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-08 14:32:44 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-08 14:32:44 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-07-08 14:32:44 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-07-08 14:32:44 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-07-08 14:32:44 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-07-08 14:32:44 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-07-08 14:32:44 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-08 14:32:44 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-07-08 14:24:48 94208 --a------ C:\WINDOWS\system32\pphc9acj0epba.exe
2008-07-08 14:24:47 0 d-------- C:\Documents and Settings\Thomas\Application Data\rhccacj0epba
2008-07-08 14:23:42 0 d-------- C:\Program Files\rhccacj0epba
2008-07-08 14:19:28 81104 --a------ C:\WINDOWS\system32\rfwmedwv.dll
2008-07-08 14:16:30 105296 --a------ C:\WINDOWS\system32\xqaeruwi.dll
2008-07-08 14:14:09 90880 --a------ C:\WINDOWS\system32\hdxcrqfi.dll
2008-07-01 02:24:14 0 d-------- C:\Program Files\shceacj0epba
2008-07-01 02:24:04 60928 --a------ C:\WINDOWS\system32\blphc9acj0epba.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
2008-07-01 02:23:54 109056 --a------ C:\WINDOWS\system32\lphc9acj0epba.exe
2008-06-29 22:07:28 618341 --ahs---- C:\WINDOWS\system32\ghhNnUvw.ini2
2008-06-29 08:37:58 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-06-29 06:47:28 0 d-------- C:\Program Files\AdVantage
2008-06-29 06:46:48 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-06-29 06:44:02 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-29 06:43:57 0 d-------- C:\Documents and Settings\Thomas\Application Data\DAEMON Tools
2008-06-29 06:01:17 0 d-------- C:\Program Files\Rosetta Stone
2008-06-29 05:52:42 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-06-29 05:52:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
2008-06-27 19:33:42 0 d-------- C:\Program Files\Japanese
2008-06-27 19:30:09 0 d-------- C:\Program Files\MagicISO
2008-06-27 14:55:22 399944 --a------ C:\WINDOWS\84.exe
2008-06-27 14:39:36 0 d-------- C:\Documents and Settings\Thomas\Application Data\LimeWire
2008-06-27 14:39:18 0 d-------- C:\Program Files\LimeWire
2008-06-27 14:29:55 0 d-------- C:\WINDOWS\network diagnostic
2008-06-27 00:37:16 0 d-------- C:\Program Files\directx
2008-06-27 00:27:35 0 d-------- C:\Program Files\Total War
2008-06-14 20:06:06 0 d-------- C:\WINDOWS\nvidia icons
2008-06-14 20:05:28 0 d-------- C:\NVIDIA
2008-06-14 17:46:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Funcom
2008-06-10 21:58:33 0 d-------- C:\Program Files\Common Files\Logitech
2008-06-10 21:58:28 0 d-------- C:\Program Files\Logitech


-- Find3M Report ---------------------------------------------------------------

2008-07-10 17:29:25 0 d-------- C:\Documents and Settings\Thomas\Application Data\AVG7
2008-06-29 05:52:42 0 d-------- C:\Program Files\Common Files
2008-06-27 14:48:41 0 d-------- C:\Program Files\Java
2008-06-26 23:08:28 0 d-------- C:\Program Files\SEGA
2008-06-25 19:13:16 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-22 14:55:13 0 d-------- C:\Program Files\World of Warcraft
2008-06-13 02:03:21 0 d-------- C:\Documents and Settings\Thomas\Application Data\Google
2008-06-12 23:46:18 0 d-------- C:\Program Files\Ubisoft
2008-06-11 15:50:12 0 d-------- C:\Documents and Settings\Thomas\Application Data\Adobe
2008-06-11 09:45:07 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-10 20:21:27 0 d-------- C:\Program Files\PlayLinc
2008-06-10 20:15:05 0 d-------- C:\Program Files\NewzToolz
2008-06-10 19:56:53 0 d-------- C:\Documents and Settings\Thomas\Application Data\Petroglyph
2008-06-10 13:08:24 0 d-------- C:\Program Files\Electronic Arts
2008-06-10 13:06:50 0 d-------- C:\Program Files\EA GAMES
2008-06-01 12:40:26 0 d-------- C:\Program Files\EVEMon
2008-06-01 12:40:18 0 d-------- C:\Documents and Settings\Thomas\Application Data\EVEMon
2008-05-31 12:09:14 0 d-------- C:\Program Files\Google
2008-05-28 21:58:05 0 d-------- C:\Program Files\Yahoo!
2008-05-02 22:46:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-02 22:46:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-02 22:46:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-02 22:46:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-02 22:46:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-02 22:46:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-02 22:46:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-02 22:46:00 425984 --a------ C:\WINDOWS\system32\keystone.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11A7A749-0381-4AE2-940B-27EC006D6006}]
C:\WINDOWS\system32\mlJyWqnN.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{152E341C-D055-4F6D-9043-C5053818FCF1}]
C:\WINDOWS\system32\wvUnNhhg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f2405179-16f6-4f34-95da-44783d2151af}]
C:\WINDOWS\system32\jijgou.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [06/20/2005 19:53]
"Cmaudio"="cmicnfg.cpl" []
"wltray.exe"="C:\WINDOWS\system32\wltray.exe" [06/08/2005 17:32]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/02/2008 22:46]
"nwiz"="nwiz.exe" [05/02/2008 22:46 C:\WINDOWS\system32\nwiz.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25]
"cmonitor"="" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [06/27/2008 14:27]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" []
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/02/2008 22:46]
"lphc9acj0epba"="C:\WINDOWS\system32\lphc9acj0epba.exe" [07/01/2008 02:23]
"SMshceacj0epba"="C:\Program Files\shceacj0epba\shceacj0epba.exe" []
"94bc180a"="C:\WINDOWS\system32\rfwmedwv.dll" [07/08/2008 14:19]
"SMrhccacj0epba"="C:\Program Files\rhccacj0epba\rhccacj0epba.exe" []
"BM978f2b96"="C:\WINDOWS\system32\hdxcrqfi.dll" [07/08/2008 14:14]
"sysrest32.exe"="C:\WINDOWS\system32\sysrest32.exe" [07/10/2008 17:29]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24]
"SystemDoctor 2006 Free"="" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/11/2008 09:45]
"kfqk"="C:\PROGRA~1\COMMON~1\kfqk\kfqkm.exe" []
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/02/2008 13:17]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [04/01/2008 05:39]
"AdVantage"="C:\Program Files\AdVantage\AdVantage.exe" [11/05/2007 11:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"{94BC18A5-0BB8-1033-1228-040124060001}"="C:\Program Files\Common Files\{94BC18A5-0BB8-1033-1228-040124060001}\Update.exe" mc-110-12-0000140

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]
"{94BC18A5-0BB8-1033-1228-040124060001}"="C:\Program Files\Common Files\{94BC18A5-0BB8-1033-1228-040124060001}\Update.exe" mc-110-12-0000140
"{94BC18A5-0BB9-1033-1228-040124060001}"="C:\Program Files\Common Files\{94BC18A5-0BB9-1033-1228-040124060001}\Update.exe" mc-110-12-0000140

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/28/2008 18:08 77824]
"{11A7A749-0381-4AE2-940B-27EC006D6006}"= C:\WINDOWS\system32\mlJyWqnN.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJyWqnN]
mlJyWqnN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=dxclib303562752.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\wvUnNhhg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\setup\rsrc\Autorun.exe
dinstall\command- D:\Directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32ddfe4c-36e4-11dc-9889-00502ca71bbb}]
AutoRun\command- E:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3df5b428-16de-11db-9613-806d6172696f}]
AutoRun\command- D:\setup\rsrc\Autorun.exe
dinstall\command- D:\Directx\dxsetup.exe




-- End of Deckard's System Scanner: finished at 2008-07-10 17:35:14 ------------




EXTRA:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 26%
Physical Memory (total/avail): 2047.48 MiB / 1495.48 MiB
Pagefile Memory (total/avail): 2665.68 MiB / 2151.42 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1915.39 MiB

C: is Fixed (NTFS) - 114.48 GiB total, 36.29 GiB free.
D: is CDROM (CDFS)
E: is CDROM (CDFS)
F: is CDROM (No Media)
G: is Removable (FAT)

\\.\PHYSICALDRIVE0 - Maxtor 6Y120P0 - 114.49 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 114.48 GiB - C:

\\.\PHYSICALDRIVE1 - USB 2.0 USB Flash Drive USB Device - 957 MiB - 1 partition
\PARTITION0 (bootable) - MS-DOS V4 Huge - 963.97 MiB - G:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntivirusOverride is set.

AV: AVG 7.5.526 v7.5.526 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"="C:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application"
"C:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\win\\RosettaStoneLtdServices.exe"="C:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\win\\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\World of Warcraft\\WoW-1.11.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.11.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Program Files\\Sony\\Station\\LaunchPad\\_aunchPad.exe"="C:\\Program Files\\Sony\\Station\\LaunchPad\\_aunchPad.exe:*:Enabled:_aunchPad"
"C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"="C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe:*:Enabled:LaunchPad"
"C:\\Program Files\\Sudden Strike\\game_exe.exe"="C:\\Program Files\\Sudden Strike\\game_exe.exe:*:Enabled:Game_Exe"
"C:\\Program Files\\World of Warcraft\\WoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\EA GAMES\\The Battle for Middle-earth ™\\game.dat"="C:\\Program Files\\EA GAMES\\The Battle for Middle-earth ™\\game.dat:*:Enabled:The Battle for Middle-earth ™"
"C:\\Program Files\\Medieval_TW.exe"="C:\\Program Files\\Medieval_TW.exe:*:Enabled:Medieval_TW"
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\SEGA\\Medieval II Total War\\medieval2.exe"="C:\\Program Files\\SEGA\\Medieval II Total War\\medieval2.exe:*:Enabled:Medieval 2: Total War"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth ™ II\\game.dat"="C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth ™ II\\game.dat:*:Enabled:The Battle for Middle-earth™ II"
"C:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat"="C:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat:*:Enabled:The Lord of the Rings, The Rise of the Witch-king"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\CCP\\EVE-TRAINING\\bin\\ExeFile.exe"="C:\\Program Files\\CCP\\EVE-TRAINING\\bin\\ExeFile.exe:*:Enabled:CCP ExeFile"
"C:\\Program Files\\Steam\\SteamApps\\sainthubbins77\\dark messiah might and magic multi-player\\mm.exe"="C:\\Program Files\\Steam\\SteamApps\\sainthubbins77\\dark messiah might and magic multi-player\\mm.exe:*:Enabled:mm"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Counter-Strike Source\\hl2.exe"="C:\\Program Files\\Counter-Strike Source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe"="C:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe:*:Enabled:PlayOnline Viewer"
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"="C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe:*:Enabled:Age of Empires 3"
"C:\\Program Files\\LucasArts\\Star Wars Empire at War Forces of Corruption\\swfoc.exe"="C:\\Program Files\\LucasArts\\Star Wars Empire at War Forces of Corruption\\swfoc.exe:*:Enabled:Star Wars®: Empire at War™: Forces of Corruption™"
"C:\\Program Files\\CCP\\Test Server(dredgineer grindoidnnnnn)\\bin\\ExeFile.exe"="C:\\Program Files\\CCP\\Test Server(dredgineer grindoidnnnnn)\\bin\\ExeFile.exe:*:Enabled:CCP ExeFile"
"C:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe"="C:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe:*:Enabled:CCP ExeFile"
"C:\\Westwood\\Dune2000\\DUNE2000.DAT"="C:\\Westwood\\Dune2000\\DUNE2000.DAT:*:Enabled:Dune2000"
"C:\\Program Files\\Lionhead Studios Ltd\\Black & White\\runblack.exe"="C:\\Program Files\\Lionhead Studios Ltd\\Black & White\\runblack.exe:*:Enabled:lh"
"C:\\Program Files\\Steam\\SteamApps\\onarru\\garrysmod\\hl2.exe"="C:\\Program Files\\Steam\\SteamApps\\onarru\\garrysmod\\hl2.exe:*:Enabled:hl2"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"="C:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application"
"C:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\win\\RosettaStoneLtdServices.exe"="C:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\win\\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services"
"C:\\Documents and Settings\\Thomas\\Local Settings\\Temp\\.ttC.tmp"="C:\\Documents and Settings\\Thomas\\Local Settings\\Temp\\.ttC.tmp:*:Enabled:enable"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Thomas\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BOWNE-BBE1L7M6W
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Thomas
LOGONSERVER=\\BOWNE-BBE1L7M6W
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0303
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Thomas\LOCALS~1\Temp
TMP=C:\DOCUME~1\Thomas\LOCALS~1\Temp
USERDOMAIN=BOWNE-BBE1L7M6W
USERNAME=Thomas
USERPROFILE=C:\Documents and Settings\Thomas
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Thomas (admin)
Administrator.BOWNE-BBE1L7M6W (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
1503 A.D. --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBBB1DEF-8878-4CB8-BC0D-1196B30E7527}\Setup.exe"
Adobe Flash Player 9 --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AdVantage (Powering DAEMON Tools) --> "C:\Program Files\AdVantage\AdVUninst.exe" /r DAEM /d "AdVantage (Powering DAEMON Tools)" /m "AdVantage is safe advertising software that supports Freeze.com.\nAdVantage is certified by TRUSTe as a Trusted Download.\n\nAre you sure you want to uninstall AdVantage support for DAEMON Tools?"
AntivirXP08 --> "C:\Program Files\rhccacj0epba\uninstall.exe"
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{D9C7478D-ADB5-412C-AA0C-764D757B0642}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Bar888 --> C:\Program Files\Common Files\{34BC18A5-0BB8-1033-1228-040124060001}\UnInstall.exe
Belkin 802.11g Wireless PCI Card --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59C2635E-336A-4CDF-8936-994F989E67D1}\Setup.exe"
Belkin Wireless Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{80CD64AA-7406-4508-BFDF-2DFE7F1F8EF0}\setup.exe" -l0x9
C-Media WDM Audio Driver --> C:\WINDOWS\system32\cmirmdrv.exe
Corel Paint Shop Pro Photo XI --> MsiExec.exe /X{93A1B09E-BAFA-4628-A5B6-921CB026955A}
D&D Character Generator Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9915F060-19D4-11D4-A682-00105AA6FA07}\setup.exe"
Dune 2000 --> C:\Westwood\Dune2000\Uninstll.exe C:\WINDOWS\UNINST.EXE -fC:\Westwood\Dune2000\DeIsL1.isu
Enhancement Browser Tools Banneradsgalore --> C:\WINDOWS\system32\{007d2559-7fc4-5d9c-26c1-547b6e8570a7}.dll-uninst.exe
EVE-ONLINE (remove only) --> C:\Program Files\CCP\Test Server(dredgineer grindoidnnnnn)\Uninstall.exe
EveIncomeAnalyzer --> rundll32.exe dfshim.dll,ShArpMaintain EveIncomeAnalyzer.application, Culture=neutral, PublicKeyToken=7aa4f9d43a78ebc2, processorArchitecture=msil
EVEMon --> C:\Program Files\EVEMon\uninstall.exe
EVGA Display Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}\Setup.exe" -l0x9 -removeonly
FINAL FANTASY XI --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{678F6475-D227-432A-94FF-806178A34520}
FINAL FANTASY XI: Rise of the Zilart --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Heroes of Might and Magic® III Complete --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\3DO\Heroes 3 Complete\Heroes of Might and Magic® III.isu" -c"C:\Program Files\Common Files\3DO Shared\3DOUnInst.dll
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
IL-2 Sturmovik 1946 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{79438F1E-DEC3-443D-9DCD-FECE2D68C605} /l1033
IpWins --> C:\Program Files\Ipwindows\UnInstall.exe
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
JScreenFix deluxe --> C:\WINDOWS\system32\javaws.exe -uninstall -prompt "http://www.jscreenfix.com/Deluxe.jnlp"
LimeWire 4.18.3 --> "C:\Program Files\LimeWire\uninstall.exe"
Logitech Gaming Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9242864-2841-4ADE-86E0-8F90F91B04DD}\setup.exe" -l0x9
Medieval - Total War ™ - Viking Invasion ™ --> C:\PROGRA~1\TOTALW~1\MEDIEV~1\Uninstall\Unwise.exe /u C:\PROGRA~1\TOTALW~1\MEDIEV~1\Uninstall\Install.log
Medieval II Total War --> C:\Program Files\InstallShield Installation Information\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\Setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft Rise Of Nations --> "C:\Program Files\Microsoft Games\Rise of Nations\UNINSTAL.EXE" /runtemp /addremove
Microsoft Visual J# .NET Redistributable Package 1.1 --> MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
MProtector --> "C:\Program Files\shceacj0epba\uninstall.exe"
Nero Media Player --> C:\WINDOWS\UNNMP.exe /UNINSTALL
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express 2 --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Oblivion --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
Outerinfo --> "C:\Program Files\Common Files\Yazzle1396OinUninstaller.exe"
PlayGATE Setup --> C:\PROGRA~1\Playnet\Playgate\UNWISE.EXE C:\PROGRA~1\Playnet\Playgate\INSTALL.LOG
PlayOnline Viewer and Tetra Master --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{47004155-7376-403E-89E9-4C9F44AAF0D0}
Rosetta Stone V3 --> MsiExec.exe /X{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}
Sudden Strike --> C:\WINDOWS\SudUS\UNWISE.EXE C:\WINDOWS\SudUS\INSTALL.LOG
Sudden Strike - Additional Missions --> C:\WINDOWS\SudUS\UNWISE.EXE C:\WINDOWS\SudUS\INSTALL.LOG
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
The Battle for Middle-earth ™ --> C:\Program Files\EA GAMES\The Battle for Middle-earth ™\EAUninstall.exe
The Sims 2 --> C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
The Sims 2 University --> C:\Program Files\EA GAMES\The Sims 2 University\EAUninstall.exe
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
Westwood Shared Internet Components --> C:\Westwood\Internet\UNINSTAP.EXE
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type8980 / Warning
Event Submitted/Written: 07/08/2008 03:35:24 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{D9C7478D-ADB5-412C-AA0C-764D757B0642}', feature 'Main' failed during request for component '{F8E3F37E-A31A-4749-92E4-C2D60EB20E31}'

Event Record #/Type8979 / Warning
Event Submitted/Written: 07/08/2008 03:35:24 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{D9C7478D-ADB5-412C-AA0C-764D757B0642}', feature 'Main', component '{F8E3F37E-A31A-4749-92E4-C2D60EB20E31}' failed. The resource 'C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll' does not exist.

Event Record #/Type8978 / Warning
Event Submitted/Written: 07/08/2008 03:35:23 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{D9C7478D-ADB5-412C-AA0C-764D757B0642}', feature 'Main' failed during request for component '{F8E3F37E-A31A-4749-92E4-C2D60EB20E31}'

Event Record #/Type8977 / Warning
Event Submitted/Written: 07/08/2008 03:35:23 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{D9C7478D-ADB5-412C-AA0C-764D757B0642}', feature 'Main', component '{F8E3F37E-A31A-4749-92E4-C2D60EB20E31}' failed. The resource 'C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll' does not exist.

Event Record #/Type8976 / Warning
Event Submitted/Written: 07/08/2008 03:35:22 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{D9C7478D-ADB5-412C-AA0C-764D757B0642}', feature 'Main' failed during request for component '{F8E3F37E-A31A-4749-92E4-C2D60EB20E31}'



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type8715 / Error
Event Submitted/Written: 07/10/2008 05:28:44 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The ProtexisLicensing service failed to start due to the following error:
%%2

Event Record #/Type8714 / Error
Event Submitted/Written: 07/10/2008 05:28:44 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Broadcom Wireless LAN Tray Service service failed to start due to the following error:
%%2

Event Record #/Type8691 / Error
Event Submitted/Written: 07/08/2008 03:14:14 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The ProtexisLicensing service failed to start due to the following error:
%%2

Event Record #/Type8690 / Error
Event Submitted/Written: 07/08/2008 03:14:14 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Broadcom Wireless LAN Tray Service service failed to start due to the following error:
%%2

Event Record #/Type8670 / Error
Event Submitted/Written: 07/08/2008 02:56:24 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The ProtexisLicensing service failed to start due to the following error:
%%2



-- End of Deckard's System Scanner: finished at 2008-07-10 17:35:14 ------------

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 11 July 2008 - 05:46 AM

Please visit below webpage for instructions for downloading and running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 Chaves

Chaves
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:09:20 AM

Posted 11 July 2008 - 11:50 AM

"Once the Windows Recovery Console has finished installed, ComboFix will open a prompt stating that it was installed and asking if you would like to proceed with scanning your computer. If you wish to continue, then press the Yes button and continue reading the tutorial from here. Otherwise, please continue with the rest of the tutorial below."

Should I allow it to scan?

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 11 July 2008 - 04:35 PM

"Once the Windows Recovery Console has finished installed, ComboFix will open a prompt stating that it was installed and asking if you would like to proceed with scanning your computer. If you wish to continue, then press the Yes button and continue reading the tutorial from here. Otherwise, please continue with the rest of the tutorial below."

Should I allow it to scan?



Yup.. Then post the log here :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 Chaves

Chaves
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:09:20 AM

Posted 15 July 2008 - 01:30 PM

ComboFix:

ComboFix 08-07-11.1 - Thomas 2008-07-15 14:05:51.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1481 [GMT -4:00]
Running from: C:\Documents and Settings\Thomas\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Thomas\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU-1.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\How to Register Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Register Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Uninstall.lnk
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\Thomas\Application Data\macromedia\Flash Player\#SharedObjects\9QZT9WY3\www.broadcaster.com
C:\Documents and Settings\Thomas\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Thomas\Application Data\rhccacj0epba
C:\Program Files\Common Files\{34BC1~1
C:\Program Files\Common Files\{94BC1~1
C:\Program Files\Common Files\{94BC1~2
C:\Program Files\outlook
C:\Program Files\rhccacj0epba
C:\Program Files\shceacj0epba
C:\WINDOWS\84.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\stem~1
C:\WINDOWS\system32\blphc9acj0epba.scr
C:\WINDOWS\system32\bund1
C:\WINDOWS\system32\bund1\ClientBundle1.exe
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\curity~1
C:\WINDOWS\system32\ghhNnUvw.ini
C:\WINDOWS\system32\lphc9acj0epba.exe
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\phc9acj0epba.bmp
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\pphc9acj0epba.exe
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\sembly~1
C:\WINDOWS\system32\sysrest.sys
C:\WINDOWS\system32\sysrest32.exe
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\vwdemwfr.ini
C:\WINDOWS\system32\zxdnt3d.cfg
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\How to Register Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Register Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Uninstall.lnk
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\Thomas\Application Data\macromedia\Flash Player\#SharedObjects\9QZT9WY3\www.broadcaster.com
C:\Documents and Settings\Thomas\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Thomas\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Thomas\Application Data\rhccacj0epba
C:\Program Files\Common Files\{34BC1~1
C:\Program Files\Common Files\{94BC1~1
C:\Program Files\Common Files\{94BC1~2
C:\Program Files\outlook
C:\Program Files\rhccacj0epba
C:\Program Files\shceacj0epba
C:\WINDOWS\84.exe
C:\WINDOWS\BM978f2b96.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\stem~1
C:\WINDOWS\system32\blphc9acj0epba.scr
C:\WINDOWS\system32\bund1
C:\WINDOWS\system32\bund1\ClientBundle1.exe
C:\WINDOWS\system32\bund1\temp.txt
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\curity~1
C:\WINDOWS\system32\ghhNnUvw.ini
C:\WINDOWS\system32\ghhNnUvw.ini2
C:\WINDOWS\system32\lphc9acj0epba.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\phc9acj0epba.bmp
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\pphc9acj0epba.exe
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\sembly~1
C:\WINDOWS\system32\sysrest32.exe
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\vwdemwfr.ini
C:\WINDOWS\system32\zxdnt3d.cfg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CORE
-------\Legacy_NNSERV
-------\Service_core
-------\Service_NNServ
-------\Service_sysrest.sys
-------\Legacy_CORE
-------\Legacy_NNSERV
-------\Service_core
-------\Service_NNServ
-------\Service_sysrest.sys


((((((((((((((((((((((((( Files Created from 2008-06-15 to 2008-07-15 )))))))))))))))))))))))))))))))
.

2008-07-11 14:57 . 2008-07-11 15:19 <DIR> d-------- C:\ComboFix(2)
2008-07-10 17:30 . 2008-07-10 17:30 <DIR> d-------- C:\Deckard
2008-07-08 14:58 . 2008-07-08 14:58 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-08 14:33 . 2008-07-08 14:33 2,188 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-08 14:32 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-08 14:32 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-08 14:32 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-08 14:32 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-08 14:32 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-08 14:32 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-08 14:32 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-08 14:32 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-08 14:32 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-08 14:19 . 2008-07-08 14:19 81,104 --a------ C:\WINDOWS\system32\rfwmedwv.dll
2008-07-08 14:16 . 2008-07-08 14:16 105,296 --a------ C:\WINDOWS\system32\xqaeruwi.dll
2008-07-08 14:14 . 2008-07-15 14:15 110,419 --a------ C:\WINDOWS\BM978f2b96.xml
2008-07-08 14:14 . 2008-07-08 14:14 90,880 --a------ C:\WINDOWS\system32\hdxcrqfi.dll
2008-06-29 08:50 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-06-29 08:50 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-06-29 08:50 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-06-29 08:50 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-06-29 08:37 . 2008-06-29 08:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-06-29 06:47 . 2008-07-15 14:02 <DIR> d-------- C:\Program Files\AdVantage
2008-06-29 06:46 . 2008-06-29 06:47 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-06-29 06:44 . 2008-06-29 06:44 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-29 06:43 . 2008-06-29 06:43 <DIR> d-------- C:\Documents and Settings\Thomas\Application Data\DAEMON Tools
2008-06-29 06:01 . 2008-06-29 06:01 <DIR> d-------- C:\Program Files\Rosetta Stone
2008-06-29 05:52 . 2008-06-29 05:52 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-06-29 05:52 . 2008-06-29 18:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
2008-06-27 19:33 . 2008-06-27 19:35 <DIR> d-------- C:\Program Files\Japanese
2008-06-27 19:30 . 2008-06-29 09:24 <DIR> d-------- C:\Program Files\MagicISO
2008-06-27 14:55 . 2008-06-27 19:39 63,925 --a------ C:\WINDOWS\system32\{007d2559-7fc4-5d9c-26c1-547b6e8570a7}.dll-uninst.exe
2008-06-27 14:39 . 2008-06-27 14:39 <DIR> d-------- C:\Program Files\LimeWire
2008-06-27 14:39 . 2008-06-29 17:59 <DIR> d-------- C:\Documents and Settings\Thomas\Application Data\LimeWire
2008-06-27 14:29 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-06-27 00:38 . 2008-06-30 17:07 731 --a------ C:\WINDOWS\Vtw.INI
2008-06-27 00:37 . 2008-06-27 00:37 <DIR> d-------- C:\Program Files\directx
2008-06-27 00:27 . 2008-06-27 00:27 <DIR> d-------- C:\Program Files\Total War

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-15 18:00 --------- d-----w C:\Documents and Settings\Thomas\Application Data\AVG7
2008-06-27 18:48 --------- d-----w C:\Program Files\Java
2008-06-27 03:08 --------- d-----w C:\Program Files\SEGA
2008-06-25 23:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-22 18:55 --------- d-----w C:\Program Files\World of Warcraft
2008-06-14 21:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Funcom
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 03:46 --------- d-----w C:\Program Files\Ubisoft
2008-06-11 13:45 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-06-11 01:58 --------- d-----w C:\Program Files\Logitech
2008-06-11 01:58 --------- d-----w C:\Program Files\Common Files\Logitech
2008-06-11 00:21 --------- d-----w C:\Program Files\PlayLinc
2008-06-11 00:15 --------- d-----w C:\Program Files\NewzToolz
2008-06-10 23:56 --------- d-----w C:\Documents and Settings\Thomas\Application Data\Petroglyph
2008-06-10 17:08 --------- d-----w C:\Program Files\Electronic Arts
2008-06-10 17:06 --------- d-----w C:\Program Files\EA GAMES
2008-06-01 16:40 --------- d-----w C:\Program Files\EVEMon
2008-06-01 16:40 --------- d-----w C:\Documents and Settings\Thomas\Application Data\EVEMon
2008-05-31 16:09 --------- d-----w C:\Program Files\Google
2008-05-29 01:58 --------- d-----w C:\Program Files\Yahoo!
2007-06-11 03:55 1 ----a-w C:\Documents and Settings\Thomas\SI.bin
2007-04-23 01:45 167 ----a-w C:\Documents and Settings\Thomas\2124.bat
2007-04-22 20:16 167 ----a-w C:\Documents and Settings\Thomas\8248.bat
2006-11-02 03:46 3,742 ----a-w C:\Program Files\Z_Stats.Txt
2006-11-02 03:42 65 ----a-w C:\Program Files\ZTexture.TXT
2006-11-02 03:42 5 ----a-w C:\Program Files\Medieval.ver
2006-11-02 03:42 0 ----a-w C:\Program Files\ZVerify.Txt
2006-11-02 03:42 0 ----a-w C:\Program Files\report.txt
2006-10-28 23:20 142,028 ----a-w C:\Program Files\ZPostStrat.TXT
2006-10-28 23:06 336 ----a-w C:\Program Files\ZStrat.TXT
2006-10-28 23:06 17 ----a-w C:\Program Files\ZTexMax.TXT
2006-10-28 23:06 141,710 ----a-w C:\Program Files\ZPostBat.TXT
2006-10-28 22:52 99 ----a-w C:\Program Files\Vidram.TXT
2006-10-28 22:52 735 ----a-w C:\Program Files\ZTexRam.TXT
2006-10-28 22:52 6,354 ----a-w C:\Program Files\Textures.TXT
2006-10-28 22:52 179 ----a-w C:\Program Files\error.log
2006-10-28 22:52 141 ----a-w C:\Program Files\TexRam.TXT
2006-10-28 22:14 0 ----a-w C:\Program Files\jm_log.txt
2006-10-28 22:10 2,136 ----a-w C:\Program Files\Medieval.Cfg
2006-10-28 21:58 4 ----a-w C:\Program Files\lang.cfg
2005-01-08 12:24 167 ----a-w C:\Documents and Settings\Thomas\8558.bat
2005-01-08 11:13 167 ----a-w C:\Documents and Settings\Thomas\4168.bat
2005-01-08 11:10 167 ----a-w C:\Documents and Settings\Thomas\1001.bat
2005-01-08 10:58 167 ----a-w C:\Documents and Settings\Thomas\8045.bat
2005-01-08 09:45 167 ----a-w C:\Documents and Settings\Thomas\9817.bat
2005-01-08 07:42 167 ----a-w C:\Documents and Settings\Thomas\1795.bat
2005-01-08 06:26 167 ----a-w C:\Documents and Settings\Thomas\1015.bat
2005-01-07 10:55 167 ----a-w C:\Documents and Settings\Thomas\3691.bat
2005-01-07 08:57 167 ----a-w C:\Documents and Settings\Thomas\1063.bat
2005-01-06 07:39 167 ----a-w C:\Documents and Settings\Thomas\2517.bat
2005-01-06 07:38 41,792 ----a-w C:\Documents and Settings\Thomas\app.exe
2007-10-28 15:11 88 --sha-r C:\WINDOWS\system32\B81A618492.sys
2007-10-28 15:11 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-11 09:45 1506544]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-02 13:17 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 05:39 486856]
"AdVantage"="C:\Program Files\AdVantage\AdVantage.exe" [2007-11-05 11:12 884176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2005-06-20 19:53 1056768]
"wltray.exe"="C:\WINDOWS\system32\wltray.exe" [2005-06-08 17:32 778318]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-06-27 14:27 580096]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]
"94bc180a"="C:\WINDOWS\system32\rfwmedwv.dll" [2008-07-08 14:19 81104]
"BM978f2b96"="C:\WINDOWS\system32\hdxcrqfi.dll" [2008-07-08 14:14 90880]
"nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 21:26 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Belkin 802.11g Wireless PCI Card Configuration Utility.lnk - C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\utility.exe [2006-07-19 00:48:37 327765]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-28 18:08 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.11.0-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe"=
"C:\\Program Files\\Sudden Strike\\game_exe.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe"=
"C:\\Program Files\\EA GAMES\\The Battle for Middle-earth ™\\game.dat"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\SEGA\\Medieval II Total War\\medieval2.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe"=
"C:\\Program Files\\CCP\\Test Server(dredgineer grindoidnnnnn)\\bin\\ExeFile.exe"=
"C:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe"=
"C:\\Westwood\\Dune2000\\DUNE2000.DAT"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"=
"C:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3754:TCP"= 3754:TCP:TCP
"6881:TCP"= 6881:TCP:TCP
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"44901:UDP"= 44901:UDP:*:Disabled:uTorrent
"<NO NAME>"=

R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\PROGRA~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS [2003-07-24 12:10]
S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-08-28 23:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setup\rsrc\Autorun.exe
\Shell\dinstall\command - D:\Directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\SETUP.EXE

.
- - - - ORPHANS REMOVED - - - -

BHO-{152E341C-D055-4F6D-9043-C5053818FCF1} - C:\WINDOWS\system32\wvUnNhhg.dll
BHO-{f2405179-16f6-4f34-95da-44783d2151af} - C:\WINDOWS\system32\jijgou.dll
HKCU-Run-kfqk - C:\PROGRA~1\COMMON~1\kfqk\kfqkm.exe
HKCU-Run-BitTorrent - C:\Program Files\BitTorrent\bittorrent.exe
HKLM-Run-ATICCC - C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe
HKLM-Run-lphc9acj0epba - C:\WINDOWS\system32\lphc9acj0epba.exe
HKLM-Run-SMshceacj0epba - C:\Program Files\shceacj0epba\shceacj0epba.exe
HKLM-Run-SMrhccacj0epba - C:\Program Files\rhccacj0epba\rhccacj0epba.exe
HKLM-Run-sysrest32.exe - C:\WINDOWS\system32\sysrest32.exe
HKLM-Run-Cmaudio - cmicnfg.cpl
HKCU-Explorer_Run-{94BC18A5-0BB8-1033-1228-040124060001} - C:\Program Files\Common Files\{94BC18A5-0BB8-1033-1228-040124060001}\Update.exe
HKU-Default-Explorer_Run-{94BC18A5-0BB8-1033-1228-040124060001} - C:\Program Files\Common Files\{94BC18A5-0BB8-1033-1228-040124060001}\Update.exe
HKU-Default-Explorer_Run-{94BC18A5-0BB9-1033-1228-040124060001} - C:\Program Files\Common Files\{94BC18A5-0BB9-1033-1228-040124060001}\Update.exe
Notify-mlJyWqnN - mlJyWqnN.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-15 14:15:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-07-15 14:22:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-15 18:22:43

Pre-Run: 38,745,120,768 bytes free
Post-Run: 38,575,747,072 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU-1.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

330 --- E O F --- 2008-06-29 04:40:00


Hijack Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:23:58, on 7/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\wltray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\utility.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [94bc180a] rundll32.exe "C:\WINDOWS\system32\rfwmedwv.dll",b
O4 - HKLM\..\Run: [BM978f2b96] Rundll32.exe "C:\WINDOWS\system32\hdxcrqfi.dll",s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: Registration IL-2 Sturmovik 1946.LNK = C:\Program Files\Ubisoft\IL-2 Sturmovik 1946\RegistrationReminder.exe
O4 - Global Startup: Belkin 802.11g Wireless PCI Card Configuration Utility.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe (file missing)
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe (file missing)

--
End of file - 6735 bytes

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 15 July 2008 - 01:58 PM

1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
C:\WINDOWS\system32\rfwmedwv.dll
C:\WINDOWS\system32\xqaeruwi.dll
C:\WINDOWS\BM978f2b96.xml
C:\WINDOWS\system32\hdxcrqfi.dll
C:\WINDOWS\system32\{007d2559-7fc4-5d9c-26c1-547b6e8570a7}.dll-uninst.exe
C:\Documents and Settings\Thomas\2124.bat
C:\Documents and Settings\Thomas\8248.bat
C:\Documents and Settings\Thomas\8558.bat
C:\Documents and Settings\Thomas\4168.bat
C:\Documents and Settings\Thomas\1001.bat
C:\Documents and Settings\Thomas\8045.bat
C:\Documents and Settings\Thomas\9817.bat
C:\Documents and Settings\Thomas\1795.bat
C:\Documents and Settings\Thomas\1015.bat
C:\Documents and Settings\Thomas\3691.bat
C:\Documents and Settings\Thomas\1063.bat
C:\Documents and Settings\Thomas\2517.bat
C:\Documents and Settings\Thomas\app.exe

Folder::
C:\Program Files\AdVantage

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdVantage"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"94bc180a"=-
"BM978f2b96"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 Chaves

Chaves
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:09:20 AM

Posted 15 July 2008 - 02:47 PM

ComboFix Log

ComboFix 08-07-11.1 - Thomas 2008-07-15 15:20:14.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1668 [GMT -4:00]
Running from: C:\Documents and Settings\Thomas\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Thomas\Desktop\CFScript.txt.txt
* Created a new restore point

FILE ::
C:\Documents and Settings\Thomas\1001.bat
C:\Documents and Settings\Thomas\1015.bat
C:\Documents and Settings\Thomas\1063.bat
C:\Documents and Settings\Thomas\1795.bat
C:\Documents and Settings\Thomas\2124.bat
C:\Documents and Settings\Thomas\2517.bat
C:\Documents and Settings\Thomas\3691.bat
C:\Documents and Settings\Thomas\4168.bat
C:\Documents and Settings\Thomas\8045.bat
C:\Documents and Settings\Thomas\8248.bat
C:\Documents and Settings\Thomas\8558.bat
C:\Documents and Settings\Thomas\9817.bat
C:\Documents and Settings\Thomas\app.exe
C:\WINDOWS\BM978f2b96.xml
C:\WINDOWS\system32\{007d2559-7fc4-5d9c-26c1-547b6e8570a7}.dll-uninst.exe
C:\WINDOWS\system32\hdxcrqfi.dll
C:\WINDOWS\system32\rfwmedwv.dll
C:\WINDOWS\system32\xqaeruwi.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Thomas\1001.bat
C:\Documents and Settings\Thomas\1015.bat
C:\Documents and Settings\Thomas\1063.bat
C:\Documents and Settings\Thomas\1795.bat
C:\Documents and Settings\Thomas\2124.bat
C:\Documents and Settings\Thomas\2517.bat
C:\Documents and Settings\Thomas\3691.bat
C:\Documents and Settings\Thomas\4168.bat
C:\Documents and Settings\Thomas\8045.bat
C:\Documents and Settings\Thomas\8248.bat
C:\Documents and Settings\Thomas\8558.bat
C:\Documents and Settings\Thomas\9817.bat
C:\Documents and Settings\Thomas\app.exe
C:\Program Files\AdVantage
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome.manifest
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\advantage.png
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\contents.rdf
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\overlay.js
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\overlay.xul
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\vssver2.scc
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\overlay.dtd
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\vssver2.scc
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\IMeMedia_FF.xpt
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\MeMedia_FF.dll
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.js
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.rdf
C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\vssver2.scc
C:\Program Files\AdVantage\AdVantage.db
C:\Program Files\AdVantage\AdVantage.exe
C:\Program Files\AdVantage\AdVantage.htm
C:\Program Files\AdVantage\AdVUninst.exe
C:\Program Files\AdVantage\ffext.mod
C:\Program Files\AdVantage\TR.dll
C:\Program Files\AdVantage\user.db
C:\WINDOWS\BM978f2b96.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\{007d2559-7fc4-5d9c-26c1-547b6e8570a7}.dll-uninst.exe
C:\WINDOWS\system32\hdxcrqfi.dll
C:\WINDOWS\system32\rfwmedwv.dll
C:\WINDOWS\system32\xqaeruwi.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-15 to 2008-07-15 )))))))))))))))))))))))))))))))
.

2008-07-15 14:22 . 2008-07-15 14:29 354 ---hs---- C:\WINDOWS\system32\vwdemwfr.ini
2008-07-11 14:57 . 2008-07-11 15:19 <DIR> d-------- C:\ComboFix(2)
2008-07-10 17:30 . 2008-07-10 17:30 <DIR> d-------- C:\Deckard
2008-07-08 14:58 . 2008-07-08 14:58 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-08 14:33 . 2008-07-08 14:33 2,188 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-08 14:32 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-08 14:32 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-08 14:32 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-08 14:32 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-08 14:32 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-08 14:32 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-08 14:32 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-08 14:32 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-08 14:32 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-29 08:50 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-06-29 08:50 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-06-29 08:50 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-06-29 08:50 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-06-29 08:37 . 2008-06-29 08:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-06-29 06:46 . 2008-06-29 06:47 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-06-29 06:44 . 2008-06-29 06:44 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-29 06:43 . 2008-06-29 06:43 <DIR> d-------- C:\Documents and Settings\Thomas\Application Data\DAEMON Tools
2008-06-29 06:01 . 2008-06-29 06:01 <DIR> d-------- C:\Program Files\Rosetta Stone
2008-06-29 05:52 . 2008-06-29 05:52 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-06-29 05:52 . 2008-06-29 18:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
2008-06-27 19:33 . 2008-06-27 19:35 <DIR> d-------- C:\Program Files\Japanese
2008-06-27 19:30 . 2008-06-29 09:24 <DIR> d-------- C:\Program Files\MagicISO
2008-06-27 14:39 . 2008-06-27 14:39 <DIR> d-------- C:\Program Files\LimeWire
2008-06-27 14:39 . 2008-06-29 17:59 <DIR> d-------- C:\Documents and Settings\Thomas\Application Data\LimeWire
2008-06-27 14:29 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-06-27 00:38 . 2008-06-30 17:07 731 --a------ C:\WINDOWS\Vtw.INI
2008-06-27 00:37 . 2008-06-27 00:37 <DIR> d-------- C:\Program Files\directx
2008-06-27 00:27 . 2008-06-27 00:27 <DIR> d-------- C:\Program Files\Total War

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-15 18:00 --------- d-----w C:\Documents and Settings\Thomas\Application Data\AVG7
2008-06-27 18:48 --------- d-----w C:\Program Files\Java
2008-06-27 03:08 --------- d-----w C:\Program Files\SEGA
2008-06-25 23:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-22 18:55 --------- d-----w C:\Program Files\World of Warcraft
2008-06-14 21:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Funcom
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 03:46 --------- d-----w C:\Program Files\Ubisoft
2008-06-11 13:45 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-06-11 01:58 --------- d-----w C:\Program Files\Logitech
2008-06-11 01:58 --------- d-----w C:\Program Files\Common Files\Logitech
2008-06-11 00:21 --------- d-----w C:\Program Files\PlayLinc
2008-06-11 00:15 --------- d-----w C:\Program Files\NewzToolz
2008-06-10 23:56 --------- d-----w C:\Documents and Settings\Thomas\Application Data\Petroglyph
2008-06-10 17:08 --------- d-----w C:\Program Files\Electronic Arts
2008-06-10 17:06 --------- d-----w C:\Program Files\EA GAMES
2008-06-01 16:40 --------- d-----w C:\Program Files\EVEMon
2008-06-01 16:40 --------- d-----w C:\Documents and Settings\Thomas\Application Data\EVEMon
2008-05-31 16:09 --------- d-----w C:\Program Files\Google
2008-05-29 01:58 --------- d-----w C:\Program Files\Yahoo!
2007-06-11 03:55 1 ----a-w C:\Documents and Settings\Thomas\SI.bin
2006-11-02 03:46 3,742 ----a-w C:\Program Files\Z_Stats.Txt
2006-11-02 03:42 65 ----a-w C:\Program Files\ZTexture.TXT
2006-11-02 03:42 5 ----a-w C:\Program Files\Medieval.ver
2006-11-02 03:42 0 ----a-w C:\Program Files\ZVerify.Txt
2006-11-02 03:42 0 ----a-w C:\Program Files\report.txt
2006-10-28 23:20 142,028 ----a-w C:\Program Files\ZPostStrat.TXT
2006-10-28 23:06 336 ----a-w C:\Program Files\ZStrat.TXT
2006-10-28 23:06 17 ----a-w C:\Program Files\ZTexMax.TXT
2006-10-28 23:06 141,710 ----a-w C:\Program Files\ZPostBat.TXT
2006-10-28 22:52 99 ----a-w C:\Program Files\Vidram.TXT
2006-10-28 22:52 735 ----a-w C:\Program Files\ZTexRam.TXT
2006-10-28 22:52 6,354 ----a-w C:\Program Files\Textures.TXT
2006-10-28 22:52 179 ----a-w C:\Program Files\error.log
2006-10-28 22:52 141 ----a-w C:\Program Files\TexRam.TXT
2006-10-28 22:14 0 ----a-w C:\Program Files\jm_log.txt
2006-10-28 22:10 2,136 ----a-w C:\Program Files\Medieval.Cfg
2006-10-28 21:58 4 ----a-w C:\Program Files\lang.cfg
2007-10-28 15:11 88 --sha-r C:\WINDOWS\system32\B81A618492.sys
2007-10-28 15:11 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-07-15_14.22.29.65 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-15 18:13:37 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-15 19:28:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-11 09:45 1506544]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-02 13:17 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 05:39 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2005-06-20 19:53 1056768]
"wltray.exe"="C:\WINDOWS\system32\wltray.exe" [2005-06-08 17:32 778318]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-06-27 14:27 580096]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]
"nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 21:26 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Belkin 802.11g Wireless PCI Card Configuration Utility.lnk - C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\utility.exe [2006-07-19 00:48:37 327765]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-28 18:08 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.11.0-enUS-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe"=
"C:\\Program Files\\Sudden Strike\\game_exe.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe"=
"C:\\Program Files\\EA GAMES\\The Battle for Middle-earth ™\\game.dat"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\SEGA\\Medieval II Total War\\medieval2.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe"=
"C:\\Program Files\\CCP\\Test Server(dredgineer grindoidnnnnn)\\bin\\ExeFile.exe"=
"C:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe"=
"C:\\Westwood\\Dune2000\\DUNE2000.DAT"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"=
"C:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3754:TCP"= 3754:TCP:TCP
"6881:TCP"= 6881:TCP:TCP
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"44901:UDP"= 44901:UDP:*:Disabled:uTorrent
"<NO NAME>"=

R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\PROGRA~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS [2003-07-24 12:10]
S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-08-28 23:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setup\rsrc\Autorun.exe
\Shell\dinstall\command - D:\Directx\dxsetup.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-15 15:30:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-07-15 15:38:20 - machine was rebooted [Thomas]
ComboFix-quarantined-files.txt 2008-07-15 19:38:16
ComboFix2.txt 2008-07-15 18:22:49

Pre-Run: 38,571,073,536 bytes free
Post-Run: 38,495,608,832 bytes free

246 --- E O F --- 2008-06-29 04:40:00


Hijack Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:38:48, on 7/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\wltray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\utility.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: Registration IL-2 Sturmovik 1946.LNK = C:\Program Files\Ubisoft\IL-2 Sturmovik 1946\RegistrationReminder.exe
O4 - Global Startup: Belkin 802.11g Wireless PCI Card Configuration Utility.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe (file missing)
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe (file missing)

--
End of file - 6364 bytes

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 15 July 2008 - 04:39 PM

Please find and delete this file manually C:\WINDOWS\system32\vwdemwfr.ini



Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Please also include a fresh DSS log (after Malwarebytes' step) in your next reply.. Tell me about your computer behaviour..


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users