 Desktop Has Changed To "warning: Spyware Threat Has Been Detected On Your Pc", Also Various Pop Ups, how do i get rid of these?? Total newbie. |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 May 8 2008, 07:25 PM
Post
#1
|
|
|
New Member  Group: Members Posts: 5 Joined: 8-May 08 Member No.: 207,814  |
-rebecca HERE IS MY KASPERSKY FILE: ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Thursday, May 08, 2008 8:03:20 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 8/05/2008 Kaspersky Anti-Virus database records: 748447 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ F:\ Scan Statistics: Total number of scanned objects: 64266 Number of viruses found: 6 Number of infected objects: 13 Number of suspicious objects: 0 Duration of the scan process: 00:46:22 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uizxhbfl.default\cert8.db Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uizxhbfl.default\history.dat Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uizxhbfl.default\key3.db Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uizxhbfl.default\search.sqlite Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\uizxhbfl.default\urlclassifier2.sqlite Object is locked skipped C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.exe/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.exe RAR: infected - 1 skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{917ADFDB-F144-4101-A37B-8A785BF70E2F} Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\uizxhbfl.default\Cache\_CACHE_001_ Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\uizxhbfl.default\Cache\_CACHE_002_ Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\uizxhbfl.default\Cache\_CACHE_003_ Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\uizxhbfl.default\Cache\_CACHE_MAP_ Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temp\~DF9DA8.tmp Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-05082008-162408.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-05-08_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\0D6012F0.TMP Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\194293B4.TMP Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{B5598DEB-F2FC-4675-A2A3-325EDA801C8B}\RP192\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\default.htm Infected: not-virus:Hoax.HTML.Secureinvites.b skipped C:\WINDOWS\lfn.exe Infected: not-virus:Hoax.Win32.Renos.cda skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{4F3AA2CE-F937-4257-AE00-0A5F84C395D8}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped C:\WINDOWS\system32\efcDVOeF.dll Infected: Trojan.Win32.Zapchast.gb skipped C:\WINDOWS\system32\geBuTLbx.dll Infected: Trojan.Win32.Monder.gen skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\khfEULcd.dll Infected: Trojan.Win32.Zapchast.gb skipped C:\WINDOWS\system32\pmnmjGxw.dll Infected: Trojan.Win32.Zapchast.gb skipped C:\WINDOWS\system32\qoMcbccY.dll Infected: Trojan.Win32.Monder.gen skipped C:\WINDOWS\system32\urqPJYom.dll Infected: Trojan.Win32.Zapchast.gb skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\system32\wmsdkns.exe Infected: not-virus:Hoax.Win32.Renos.cda skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped C:\WINDOWS\winself.exe Infected: Trojan-Downloader.Win32.Agent.oht skipped Scan process completed. HERE IS MY DSS MAIN FILE Deckard's System Scanner v20071014.68 Run by Administrator on 2008-05-08 20:08:00 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Administrator.exe) --------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:08:05 PM, on 5/8/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wmsdkns.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\crypserv.exe C:\WINDOWS\winself.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVA.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\WiFiConnector\NintendoWFCReg.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Administrator\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\ADMINI~1.EXE R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe, O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file) O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file) O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file) O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file) O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file) O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file) O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file) O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {787F1DB1-CCCD-4AB7-B949-95C839715223} - C:\WINDOWS\system32\efcDVOeF.dll O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file) O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file) O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file) O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file) O2 - BHO: (no name) - {DD4A65C7-61D7-445F-BCF1-5065F765EAF9} - C:\WINDOWS\system32\khfEULcd.dll O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file) O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [EPSON Stylus CX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVA.EXE /FU "C:\WINDOWS\TEMP\E_S1C2.tmp" /EF "HKLM" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{93B8740D-1241-4099-8C1E-56D1C095142F}: NameServer = 68.87.73.242,68.86.71.226 O20 - Winlogon Notify: khfEULcd - C:\WINDOWS\SYSTEM32\khfEULcd.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\winself.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 8632 bytes -- Files created between 2008-04-08 and 2008-05-08 ----------------------------- 2008-05-08 20:04:39 0 d-------- C:\Program Files\Trend Micro 2008-05-08 18:18:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-05-08 18:18:10 0 d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-05-08 18:18:10 0 d-------- C:\WINDOWS\LastGood 2008-05-08 16:24:02 0 d-------- C:\Program Files\Windows Defender 2008-05-08 13:59:44 3908 --a------ C:\WINDOWS\system32\tmp.reg 2008-05-08 13:58:59 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-05-08 13:58:59 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; > 2008-05-08 13:58:59 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix> 2008-05-08 13:58:59 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS> 2008-05-08 13:58:59 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility> 2008-05-08 13:58:59 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix> 2008-05-08 13:58:59 51200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-05-08 13:58:59 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix> 2008-05-08 12:42:49 32256 --a------ C:\WINDOWS\stcloader.exe 2008-05-08 12:42:48 29696 --a------ C:\WINDOWS\voiceip.dll 2008-05-08 12:42:48 21248 --a------ C:\WINDOWS\swin32.dll 2008-05-08 12:42:48 32000 --a------ C:\WINDOWS\cdsm32.dll 2008-05-08 12:42:48 26368 --a------ C:\WINDOWS\bokja.exe 2008-05-08 12:42:47 21760 --a------ C:\WINDOWS\mssvr.exe 2008-05-08 12:42:47 15104 --a------ C:\WINDOWS\mspphe.dll 2008-05-08 12:42:47 17408 --a------ C:\WINDOWS\bjam.dll 2008-05-08 12:42:47 27392 --a------ C:\WINDOWS\2020search2.dll 2008-05-08 12:42:47 30208 --a------ C:\WINDOWS\2020search.dll 2008-05-08 12:42:44 25344 --a------ C:\WINDOWS\saiemod.dll 2008-05-08 12:42:43 31488 --a------ C:\WINDOWS\msapasrc.dll 2008-05-08 12:42:43 25600 --a------ C:\WINDOWS\msa64chk.dll 2008-05-08 12:42:42 19200 --a------ C:\WINDOWS\shdocpl.dll 2008-05-08 12:42:41 10752 --a------ C:\WINDOWS\winsb.dll 2008-05-08 12:42:41 12544 --a------ C:\WINDOWS\shdocpe.dll 2008-05-08 12:42:41 20992 --a------ C:\WINDOWS\ntnut.exe 2008-05-08 12:42:41 18432 --a------ C:\WINDOWS\browserad.dll 2008-05-08 12:42:41 27904 --a------ C:\WINDOWS\aviwrap32.dll 2008-05-08 12:42:41 27904 --a------ C:\WINDOWS\avisynthex32.dll 2008-05-08 12:42:40 17664 --a------ C:\WINDOWS\avifile32.dll 2008-05-08 12:42:40 27904 --a------ C:\WINDOWS\autodisc32.dll 2008-05-08 12:42:40 13824 --a------ C:\WINDOWS\audiosrv32.dll 2008-05-08 12:42:40 28928 --a------ C:\WINDOWS\ati2dvag32.dll 2008-05-08 12:42:39 30976 --a------ C:\WINDOWS\changeurl_30.dll 2008-05-08 12:42:39 18176 --a------ C:\WINDOWS\ati2dvaa32.dll 2008-05-08 12:42:39 26624 --a------ C:\WINDOWS\athprxy32.dll 2008-05-08 12:42:39 9216 --a------ C:\WINDOWS\asycfilt32.dll 2008-05-08 12:42:39 21504 --a------ C:\WINDOWS\asferror32.dll 2008-05-08 12:42:39 8448 --a------ C:\WINDOWS\apphelp32.dll 2008-05-08 12:30:59 32475 --a------ C:\WINDOWS\system32\urqPJYom.dll 2008-05-08 12:29:40 58631 --ahs---- C:\WINDOWS\system32\FeOVDcfe.ini2 2008-05-08 12:29:38 396186 --a------ C:\WINDOWS\system32\efcDVOeF.dll 2008-05-08 12:25:19 45056 --a------ C:\WINDOWS\system32\qoMcbccY.dll 2008-05-08 12:25:12 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia 2008-05-08 12:25:08 45056 --a------ C:\WINDOWS\system32\geBuTLbx.dll 2008-05-08 12:25:07 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe 2008-05-08 12:24:59 0 dr------- C:\Documents and Settings\LocalService\Favorites 2008-05-08 12:24:55 91563 --a------ C:\WINDOWS\system32\wmsdkns.exe <Not Verified; Microsoft; XML Media> 2008-05-08 12:24:55 91563 --a------ C:\WINDOWS\lfn.exe <Not Verified; Microsoft; XML Media> 2008-05-08 12:24:52 25600 --a------ C:\WINDOWS\winself.exe 2008-05-08 12:24:49 32475 --a------ C:\WINDOWS\system32\pmnmjGxw.dll 2008-05-08 12:24:35 32475 --a------ C:\WINDOWS\system32\khfEULcd.dll 2008-05-08 11:00:34 0 d-------- C:\Program Files\MusicBrainz Picard 2008-05-07 19:28:22 0 d-------- C:\Program Files\MixMeister BPM Analyzer 2008-05-07 19:18:37 0 d-------- C:\Documents and Settings\Administrator\.beaTunes 2008-05-07 19:18:32 0 d-------- C:\Program Files\tagtraum industries 2008-04-18 10:07:53 0 d-------- C:\WINDOWS\Cache 2008-04-18 10:07:53 0 d-------- C:\Program Files\Coupons 2008-04-17 15:09:26 0 d-------- C:\Program Files\Apple Software Update 2008-04-10 02:08:49 348160 --a------ C:\WINDOWS\system32\WMAFile.dll <Not Verified; NCT Company Ltd.; NCTWMAFile2 ActiveX DLL> 2008-04-10 02:08:49 458752 --a------ C:\WINDOWS\system32\AudPlayer.dll <Not Verified; NCT Company Ltd.; NCTAudioPlayer2 ActiveX DLL> 2008-04-10 02:08:49 479232 --a------ C:\WINDOWS\system32\AudioVisu.dll <Not Verified; NCT Company Ltd.; NCTAudioVisualization2 ActiveX DLL> 2008-04-10 02:08:49 454656 --a------ C:\WINDOWS\system32\AudioRecord.dll <Not Verified; NCT Company Ltd.; NCTAudioRecord2 ActiveX DLL> 2008-04-10 02:08:49 1212416 --a------ C:\WINDOWS\system32\AudioInfos.dll <Not Verified; NCT Company Ltd.; NCTAudioInformation2 ActiveX DLL> 2008-04-10 02:08:48 101888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic pour Windows> 2008-04-10 02:08:48 119568 --a------ C:\WINDOWS\system32\VB6FR.DLL <Not Verified; Microsoft Corporation; Environnement Visual Basic> 2008-04-10 02:08:48 21504 --a------ C:\WINDOWS\system32\TABCTFR.DLL <Not Verified; Microsoft Corporation; Bibliothèque d'objets TabCtl32> 2008-04-10 02:08:48 141312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL <Not Verified; Microsoft Corporation; COMCTL> 2008-04-10 02:08:48 59904 --a------ C:\WINDOWS\system32\Mscc2fr.dll <Not Verified; Microsoft Corporation; Bibliothèque d'objets de Microsoft Common Controls 2> 2008-04-10 02:08:48 15360 --a------ C:\WINDOWS\system32\inetfr.DLL <Not Verified; Microsoft Corporation; DLL du contrôle Microsoft Internet Transfer> 2008-04-10 02:08:48 32768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL <Not Verified; Microsoft Corporation; CMDIALOG> 2008-04-10 02:08:48 1986560 --a------ C:\WINDOWS\system32\AudFile.dll <Not Verified; NCT Company Ltd.; NCTAudioFile2 ActiveX DLL> 2008-04-10 02:08:48 417792 --a------ C:\WINDOWS\system32\AudDisplay.dll <Not Verified; NCT Company Ltd.; NCTAudioDisplay2 ActiveX DLL> 2008-04-10 02:08:48 2084864 --a------ C:\WINDOWS\system32\AudDesign.dll <Not Verified; NCT Company Ltd.; NCTAudioDesign2 ActiveX DLL> 2008-04-10 02:08:47 237568 --a------ C:\WINDOWS\system32\lame_enc.dll 2008-04-10 02:08:47 0 d-------- C:\Program Files\Free Audio Pack -- Find3M Report --------------------------------------------------------------- 2008-05-08 14:42:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\Azureus 2008-05-08 12:24:34 0 d-------- C:\Program Files\Common Files\Adobe 2008-05-08 11:00:50 0 d-------- C:\Program Files\Common Files\Symantec Shared 2008-05-08 10:22:43 0 d-------- C:\Program Files\Java 2008-05-07 22:21:44 0 d-------- C:\Program Files\Last.fm 2008-04-17 15:10:29 0 d-------- C:\Program Files\Safari 2008-04-16 00:16:26 0 d-------- C:\Program Files\Azureus 2008-04-03 15:15:16 0 d-------- C:\Program Files\iTunes 2008-04-03 15:15:10 0 d-------- C:\Program Files\iPod 2008-04-03 15:14:18 0 d-------- C:\Program Files\QuickTime 2008-03-29 15:07:11 0 d-------- C:\Program Files\Mozilla Sunbird 2008-03-08 19:17:04 0 d-------- C:\Program Files\Common Files 2008-03-08 19:17:04 0 d-------- C:\Program Files\Common Files\eSellerate 2008-03-08 19:16:56 0 d-------- C:\Program Files\iPod To Computer Transfer 2008-03-08 18:28:45 3834 --a------ C:\Documents and Settings\Administrator\Application Data\wklnhst.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{787F1DB1-CCCD-4AB7-B949-95C839715223}] 05/08/2008 12:29 PM 396186 --a------ C:\WINDOWS\system32\efcDVOeF.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD4A65C7-61D7-445F-BCF1-5065F765EAF9}] 05/08/2008 12:24 PM 32475 --a------ C:\WINDOWS\system32\khfEULcd.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/31/2006 02:35 AM] "nwiz"="nwiz.exe" [10/31/2006 02:35 AM C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/31/2006 02:35 AM] "RTHDCPL"="RTHDCPL.EXE" [07/05/2007 04:08 AM C:\WINDOWS\RTHDCPL.exe] "Alcmtr"="ALCMTR.EXE" [05/03/2005 06:43 AM C:\WINDOWS\Alcmtr.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM] "Microsoft Updates"="svehost.exe" [] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 01:59 AM] "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [01/14/2007 03:11 AM] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 08:51 PM] "EPSON Stylus CX5000 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVA.exe" [02/14/2006 05:00 AM] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [01/29/2008 06:38 PM] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM] "KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM] "AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [03/01/2007 11:37 AM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] "Microsoft Updates"=svehost.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [12/24/2007 9:39:55 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"=1 (0x1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{DD4A65C7-61D7-445F-BCF1-5065F765EAF9}"= C:\WINDOWS\system32\khfEULcd.dll [05/08/2008 12:24 PM 32475] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe," [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfEULcd] khfEULcd.dll 05/08/2008 12:24 PM 32475 C:\WINDOWS\system32\khfEULcd.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\efcDVOeF [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2209c13d-9e7d-11dc-bd58-806d6172696f}] AutoRun\command- D:\Run.exe -- End of Deckard's System Scanner: finished at 2008-05-08 20:08:25 ------------ HERE IS MY EXTRA FILE FROM DSS Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 4200+ CPU 1: AMD Athlon™ 64 X2 Dual Core Processor 4200+ Percentage of Memory in Use: 35% Physical Memory (total/avail): 1983.48 MiB / 1282.2 MiB Pagefile Memory (total/avail): 3876.75 MiB / 3291.1 MiB Virtual Memory (total/avail): 2047.88 MiB / 1919.1 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 232.88 GiB total, 95.02 GiB free. D: is CDROM (No Media) F: is Removable (No Media) \\.\PHYSICALDRIVE0 - ST3250310AS - 232.88 GiB - 1 partition \PARTITION0 (bootable) - Installable File System - 232.88 GiB - C: \\.\PHYSICALDRIVE1 - EPSON Stylus Storage USB Device -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. FirstRunDisabled is set. AntiVirusDisableNotify is set. FW: Norton AntiVirus v2007 (Symantec Corporation) AV: Norton AntiVirus v2007 (Symantec Corporation) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\LEGO Media\\Games\\LEGO Chess\\Lego Chess.exe"="C:\\Program Files\\LEGO Media\\Games\\LEGO Chess\\Lego Chess.exe:*:Enabled:Lego Chess" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"="C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi USB Connector" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Disabled:Azureus" "C:\\Program Files\\MusicBrainz Picard\\picard.exe"="C:\\Program Files\\MusicBrainz Picard\\picard.exe:*:Disabled:The next generation MusicBrainz tagger" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Administrator\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=AM2X2 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Administrator LOGONSERVER=\\AM2X2 NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 75 Stepping 2, AuthenticAMD PROCESSOR_LEVEL=15 PROCESSOR_REVISION=4b02 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp USERDOMAIN=AM2X2 USERNAME=Administrator USERPROFILE=C:\Documents and Settings\Administrator windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Administrator (admin) -- Add/Remove Programs --------------------------------------------------------- --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003} AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B} Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543} Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F} AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA} Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3} ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3} CollegeBAR 8.4 --> "C:\Program Files\CollegeBAR\unins000.exe" Coupon Printer for Windows --> "C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml" EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r Free Mp3 Wma Converter V 1.7.2 --> "C:\Program Files\Free Audio Pack\unins000.exe" High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4} iPod To Computer Transfer 3.1 --> "C:\Program Files\iPod To Computer Transfer\unins000.exe" iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B} Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe Last.fm 1.5.0.24910 --> "C:\Program Files\Last.fm\unins000.exe" LEGO Chess --> C:\WINDOWS\uninst.exe -f"C:\Program Files\LEGO Media\Games\LEGO Chess\DeIsL1.isu" LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8} LucasArts' Grim Fandango --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Games\DeIsL1.isu" Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44} MixMeister BPM Analyzer 1.0 --> "C:\Program Files\MixMeister BPM Analyzer\unins000.exe" Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe Mozilla Sunbird (0.7) --> C:\Program Files\Mozilla Sunbird\uninstall\uninst.exe MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP MusicBrainz Picard 0.9.0 --> C:\Program Files\MusicBrainz Picard\uninst.exe Netflix Movie Viewer --> MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2} Nintendo Wi-Fi USB Connector Registration Tool --> C:\Program Files\WiFiConnector\SoftAPUninst.exe Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0} Norton AntiVirus (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_2_0_29\{830D8CBD-C668-49e2-A969-C2C2106332E0}.exe" /X Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8} Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43} Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8} Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8} NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI Pattern Maker for cross stitch - v4 --> MsiExec.exe /I{9CE2B4FB-8127-4058-B028-C5961242A480} QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD} Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x9 -removeonly Safari --> MsiExec.exe /I{40589552-3892-409E-B92C-9F5032A4B2F0} SCRABBLE® --> C:\PROGRA~1\SHOCKW~1.COM\SCRABBLE\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\SCRABBLE\INSTALL.LOG Sid Meier's Civilization 4 Gold --> C:\Program Files\InstallShield Installation Information\{55502C49-F061-428C-BF26-06ECDFB3AC29}\setup.exe -runfromtemp -l0x0009 -removeonly SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56} Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09} Ultra iPod Movie Converter 3.9.1108 --> "C:\Program Files\Ultra iPod Movie Converter\unins000.exe" VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401} Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_6FE44FCD212D4A086C7BC0C98B9A619782073FB7\amdk8.inf Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe Yahoo! SiteBuilder --> "C:\Program Files\Yahoo SiteBuilder\uninstall.exe" -- Application Event Log ------------------------------------------------------- Event Record #/Type5299 / Error Event Submitted/Written: 05/08/2008 06:04:02 PM Event ID/Source: 1000 / Application Error Event Description: Faulting application ccapp.exe, version 106.2.0.21, faulting module unknown, version 0.0.0.0, fault address 0x42c79aee. Processing media-specific event for [ccapp.exe!ws!] Event Record #/Type5278 / Warning Event Submitted/Written: 05/08/2008 04:34:04 PM Event ID/Source: 1524 / Userenv Event Description: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use. Event Record #/Type5276 / Error Event Submitted/Written: 05/08/2008 04:33:43 PM Event ID/Source: 5000 / MPSampleSubmission Event Description: EventType mptelemetry, P1 80072ee2, P2 endsearch, P3 search, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1. Event Record #/Type5272 / Error Event Submitted/Written: 05/08/2008 04:27:20 PM Event ID/Source: 1001 / Application Hang Event Description: Fault bucket 126648864. Event Record #/Type5271 / Error Event Submitted/Written: 05/08/2008 04:27:12 PM Event ID/Source: 1002 / Application Hang Event Description: Hanging application rundll32.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type6879 / Warning Event Submitted/Written: 05/08/2008 07:42:53 PM Event ID/Source: 3004 / WinDefend Event Description: %AM2X227 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %AM2X227 can't undo changes that you allow. For more information please see the following: %AM2X2275 Scan ID: {872CC00B-82EB-4FA1-B668-C674DEF97DEA} User: AM2X2\Administrator Name: %AM2X2271 ID: %AM2X2272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %AM2X2276 Alert Type: %AM2X2278 Detection Type: 1.1.1593.02 Event Record #/Type6878 / Warning Event Submitted/Written: 05/08/2008 07:42:53 PM Event ID/Source: 3004 / WinDefend Event Description: %AM2X227 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %AM2X227 can't undo changes that you allow. For more information please see the following: %AM2X2275 Scan ID: {045445E6-0316-4402-82E7-E23D0761B0F2} User: AM2X2\Administrator Name: %AM2X2271 ID: %AM2X2272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %AM2X2276 Alert Type: %AM2X2278 Detection Type: 1.1.1593.02 Event Record #/Type6877 / Warning Event Submitted/Written: 05/08/2008 07:42:53 PM Event ID/Source: 3004 / WinDefend Event Description: %AM2X227 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %AM2X227 can't undo changes that you allow. For more information please see the following: %AM2X2275 Scan ID: {E5197BA6-9E15-4AA8-B149-AAE80B53A16D} User: AM2X2\Administrator Name: %AM2X2271 ID: %AM2X2272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %AM2X2276 Alert Type: %AM2X2278 Detection Type: 1.1.1593.02 Event Record #/Type6876 / Warning Event Submitted/Written: 05/08/2008 07:42:51 PM Event ID/Source: 3004 / WinDefend Event Description: %AM2X227 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %AM2X227 can't undo changes that you allow. For more information please see the following: %AM2X2275 Scan ID: {275F7D3B-891F-4606-BAC3-48B67B3EE34D} User: AM2X2\Administrator Name: %AM2X2271 ID: %AM2X2272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %AM2X2276 Alert Type: %AM2X2278 Detection Type: 1.1.1593.02 Event Record #/Type6875 / Warning Event Submitted/Written: 05/08/2008 07:42:51 PM Event ID/Source: 3004 / WinDefend Event Description: %AM2X227 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %AM2X227 can't undo changes that you allow. For more information please see the following: %AM2X2275 Scan ID: {28881781-D898-45ED-BA74-8705122A1D26} User: AM2X2\Administrator Name: %AM2X2271 ID: %AM2X2272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %AM2X2276 Alert Type: %AM2X2278 Detection Type: 1.1.1593.02 -- End of Deckard's System Scanner: finished at 2008-05-08 19:43:18 ------------ Thanks again! |
 |
 
|
|
May 9 2008, 02:30 PM
Post
#2
|
|
 Malware Killer Dog Group: HJT Team Posts: 15,116 Joined: 18-February 05 From: Belgium Member No.: 12,408 |
Hi,
* Please visit this webpage for instructions for downloading and running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofix This includes installing the Windows XP Recovery Console in case you have not installed it yet. Post the log from ComboFix when you've accomplished that, along with a new HijackThis log. -------------------- AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum. |
|
|
|
|
May 13 2008, 06:46 PM
Post
#3
|
|
|
New Member Group: Members Posts: 5 Joined: 8-May 08 Member No.: 207,814 |
Here's the combofix log:
ComboFix 08-05-12.1 - Administrator 2008-05-13 19:31:14.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1471 [GMT -4:00] Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\123messenger.per C:\WINDOWS\2020search.dll C:\WINDOWS\2020search2.dll C:\WINDOWS\apphelp32.dll C:\WINDOWS\asferror32.dll C:\WINDOWS\asycfilt32.dll C:\WINDOWS\athprxy32.dll C:\WINDOWS\ati2dvaa32.dll C:\WINDOWS\ati2dvag32.dll C:\WINDOWS\audiosrv32.dll C:\WINDOWS\autodisc32.dll C:\WINDOWS\avifile32.dll C:\WINDOWS\avisynthex32.dll C:\WINDOWS\aviwrap32.dll C:\WINDOWS\bjam.dll C:\WINDOWS\bokja.exe C:\WINDOWS\browserad.dll C:\WINDOWS\cdsm32.dll C:\WINDOWS\changeurl_30.dll C:\WINDOWS\cookies.ini C:\WINDOWS\default.htm C:\WINDOWS\didduid.ini C:\WINDOWS\lfn.exe C:\WINDOWS\licencia.txt C:\WINDOWS\mainms.vpi C:\WINDOWS\megavid.cdt C:\WINDOWS\msa64chk.dll C:\WINDOWS\msapasrc.dll C:\WINDOWS\mspphe.dll C:\WINDOWS\mssvr.exe C:\WINDOWS\muotr.so C:\WINDOWS\ntnut.exe C:\WINDOWS\pskt.ini C:\WINDOWS\saiemod.dll C:\WINDOWS\shdocpe.dll C:\WINDOWS\shdocpl.dll C:\WINDOWS\stcloader.exe C:\WINDOWS\swin32.dll C:\WINDOWS\system32\BKTAKRqr.ini C:\WINDOWS\system32\BKTAKRqr.ini2 C:\WINDOWS\system32\cerwfqor.ini C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\FeOVDcfe.ini C:\WINDOWS\system32\FeOVDcfe.ini2 C:\WINDOWS\system32\fNqBeMoq.ini C:\WINDOWS\system32\fNqBeMoq.ini2 C:\WINDOWS\system32\geBuTLbx.dll C:\WINDOWS\system32\jhawrvtg.ini C:\WINDOWS\system32\packet.dll C:\WINDOWS\system32\qAdNWvut.ini C:\WINDOWS\system32\qAdNWvut.ini2 C:\WINDOWS\system32\qbehcphy.ini C:\WINDOWS\system32\qoMcbccY.dll C:\WINDOWS\system32\skdexgvd.ini C:\WINDOWS\system32\wpcap.dll C:\WINDOWS\system32\WvvGNXbc.ini C:\WINDOWS\system32\WvvGNXbc.ini2 C:\WINDOWS\telefonos.txt C:\WINDOWS\textos.txt C:\WINDOWS\voiceip.dll C:\WINDOWS\winsb.dll C:\WINDOWS\winself.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MSSECURITY1.209.4 -------\Service_MsSecurity1.209.4 -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2008-04-13 to 2008-05-13 ))))))))))))))))))))))))))))))) . 2008-05-12 20:34 . 2008-05-12 20:34 370,688 --a------ C:\WINDOWS\system32\tuvWNdAq.dll 2008-05-12 19:13 . 2008-05-12 19:13 <DIR> d-------- C:\7412f067ce89bbbe9806c3108a 2008-05-12 19:13 . 2008-05-12 19:13 370,688 --a------ C:\WINDOWS\system32\rqRKATKB.dll_old 2008-05-12 19:03 . 2008-05-12 19:03 <DIR> d--hs---- C:\found.000 2008-05-10 10:40 . 2008-05-10 10:40 134,656 --a------ C:\WINDOWS\system32\qspoghta.dll 2008-05-10 10:37 . 2008-05-10 10:37 125,440 --a------ C:\WINDOWS\system32\drthkans.dll 2008-05-09 21:49 . 2008-05-09 21:49 1,505,455 --ahs---- C:\WINDOWS\system32\jhawrvtg.tmp 2008-05-09 21:46 . 2008-05-09 21:46 133,120 --a------ C:\WINDOWS\system32\idbtihnw.dll 2008-05-09 21:43 . 2008-05-09 21:43 123,392 --a------ C:\WINDOWS\system32\qcdwslib.dll 2008-05-09 21:18 . 2008-05-12 19:36 385 --a------ C:\WINDOWS\wininit.ini 2008-05-09 21:04 . 2008-05-12 20:37 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-05-09 21:04 . 2008-05-12 20:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-05-09 11:14 . 2008-05-09 11:14 133,120 --a------ C:\WINDOWS\system32\pseovcup.dll 2008-05-09 11:10 . 2008-05-09 11:10 123,392 --a------ C:\WINDOWS\system32\sxbwfugf.dll 2008-05-09 11:10 . 2008-05-13 16:04 109,807 --a------ C:\WINDOWS\BM2f305012.xml 2008-05-08 20:04 . 2008-05-08 20:04 <DIR> d-------- C:\Program Files\Trend Micro 2008-05-08 19:40 . 2008-05-08 19:40 <DIR> d-------- C:\Deckard 2008-05-08 18:18 . 2008-05-08 18:18 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-05-08 18:18 . 2008-05-08 18:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-05-08 16:24 . 2008-05-08 16:24 <DIR> d-------- C:\Program Files\Windows Defender 2008-05-08 15:06 . 2008-05-08 15:06 0 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG 2008-05-08 13:59 . 2008-05-10 17:24 4,350 --a------ C:\WINDOWS\system32\tmp.reg 2008-05-08 13:58 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-05-08 13:58 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-05-08 13:58 . 2008-04-24 08:10 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-05-08 13:58 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-05-08 13:58 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe 2008-05-08 13:58 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-05-08 13:58 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-05-08 13:58 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-05-08 11:00 . 2008-05-08 11:00 <DIR> d-------- C:\Program Files\MusicBrainz Picard 2008-05-07 19:28 . 2008-05-07 19:28 <DIR> d-------- C:\Program Files\MixMeister BPM Analyzer 2008-05-07 19:18 . 2008-05-08 10:48 <DIR> d-------- C:\Program Files\tagtraum industries 2008-05-07 19:18 . 2008-05-08 10:49 <DIR> d-------- C:\Documents and Settings\Administrator\.beaTunes 2008-04-18 10:07 . 2008-04-18 10:07 <DIR> d-------- C:\WINDOWS\Cache 2008-04-18 10:07 . 2008-04-18 10:07 <DIR> d-------- C:\Program Files\Coupons 2008-04-18 10:07 . 2008-04-18 10:07 193,880 -ra------ C:\WINDOWS\system32\cpnprt2.cid 2008-04-17 15:09 . 2008-04-17 15:09 <DIR> d-------- C:\Program Files\Apple Software Update . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-08 18:42 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Azureus 2008-05-08 16:24 --------- d-----w C:\Program Files\Common Files\Adobe 2008-05-08 15:00 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-05-08 14:22 --------- d-----w C:\Program Files\Java 2008-05-08 02:21 --------- d-----w C:\Program Files\Last.fm 2008-04-17 19:10 --------- d-----w C:\Program Files\Safari 2008-04-16 04:16 --------- d-----w C:\Program Files\Azureus 2008-04-10 06:08 --------- d-----w C:\Program Files\Free Audio Pack 2008-04-03 19:15 --------- d-----w C:\Program Files\iTunes 2008-04-03 19:15 --------- d-----w C:\Program Files\iPod 2008-04-03 19:14 --------- d-----w C:\Program Files\QuickTime 2008-03-29 19:07 --------- d-----w C:\Program Files\Mozilla Sunbird 2008-03-25 01:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-03-08 22:28 3,834 ----a-w C:\Documents and Settings\Administrator\Application Data\wklnhst.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3C2AE005-A5B2-4203-A804-C76F446FF94F}] C:\WINDOWS\system32\qoMeBqNf.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6C9F6E3C-BE46-4033-9118-40D38FE791F6}] 2008-05-12 20:34 370688 --a------ C:\WINDOWS\system32\tuvWNdAq.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C145C72F-C177-4EAD-BB17-978249E78F90}] C:\WINDOWS\system32\efcDVOeF.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D2EBB859-040F-4673-A0A0-B6764A105452}] C:\WINDOWS\system32\cbXNGvvW.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e221ea3d-81d5-4bf6-8c09-3cfc0fe32730}] 2008-05-10 10:40 134656 --a------ C:\WINDOWS\system32\qspoghta.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F19163CA-2A1C-4487-8D71-60407B800EA2}] C:\WINDOWS\system32\rqRKATKB.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-31 02:35 7634944] "nwiz"="nwiz.exe" [2006-10-31 02:35 1622016 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-31 02:35 86016] "RTHDCPL"="RTHDCPL.EXE" [2007-07-05 04:08 16380416 C:\WINDOWS\RTHDCPL.exe] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 01:59 115816] "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-01-14 03:11 771704] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Microsoft Updates"="svehost.exe" [] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2007-12-24 21:39:55 1073152] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\LEGO Media\\Games\\LEGO Chess\\Lego Chess.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Azureus\\Azureus.exe"= "C:\\Program Files\\MusicBrainz Picard\\picard.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "49153:TCP"= 49153:TCP:*:Disabled:azureus S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-11-29 12:55] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2209c13d-9e7d-11dc-bd58-806d6172696f}] \Shell\AutoRun\command - D:\Run.exe . Contents of the 'Scheduled Tasks' folder "2008-05-07 12:44:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-05-13 23:38:42 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe "2008-05-13 00:29:22 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Administrator.job" - C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK: . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-13 19:36:10 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\Crypserv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\WINDOWS\SoftwareDistribution\Download\71346ae154833814462aa3a4477d3137\update\update.exe . ************************************************************************** . Completion time: 2008-05-13 19:41:42 - machine was rebooted [Administrator] ComboFix-quarantined-files.txt 2008-05-13 23:41:39 Pre-Run: 101,633,499,136 bytes free Post-Run: 101,595,631,616 bytes free 238 Here's a new Hijack this log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:45:02 PM, on 5/13/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\crypserv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WiFiConnector\NintendoWFCReg.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: (no name) - {3C2AE005-A5B2-4203-A804-C76F446FF94F} - C:\WINDOWS\system32\qoMeBqNf.dll (file missing) O2 - BHO: (no name) - {6C9F6E3C-BE46-4033-9118-40D38FE791F6} - C:\WINDOWS\system32\tuvWNdAq.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {C145C72F-C177-4EAD-BB17-978249E78F90} - C:\WINDOWS\system32\efcDVOeF.dll (file missing) O2 - BHO: (no name) - {D2EBB859-040F-4673-A0A0-B6764A105452} - C:\WINDOWS\system32\cbXNGvvW.dll (file missing) O2 - BHO: {03723ef0-cfc3-90c8-6fb4-5d18d3ae122e} - {e221ea3d-81d5-4bf6-8c09-3cfc0fe32730} - C:\WINDOWS\system32\qspoghta.dll O2 - BHO: (no name) - {F19163CA-2A1C-4487-8D71-60407B800EA2} - C:\WINDOWS\system32\rqRKATKB.dll (file missing) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{93B8740D-1241-4099-8C1E-56D1C095142F}: NameServer = 68.87.73.242,68.86.71.226 O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 7422 bytes Sorry it took a bit, my computer is acting wonkier than ever! Thanks again for your attention. |
|
|
|
|
May 13 2008, 06:55 PM
Post
#4
|
|
|
Malware Killer Dog |