Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help Forums Windows Startup Programs Database Spyware and Malware Removal Guides Computer Tutorials Uninstall Database File Database Computer Glossary Computer Resources
 

Welcome Guest ( Log In | Click here to Register a free account now! )



Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.
MalwareByte's Anti-Malware Download

> Forum Guidelines

Read this topic before posting a log.


DO NOT post a ComboFix log unless requested to.


Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

4 Pages V   1 2 3 > »   
Closed TopicStart new topic
> Fatal Error 0xc0000022 Then> Warning! Spyware Detected On Ur Computer., don't know what happened. did it get worse???
hookedforever
post Jul 2 2008, 09:16 AM
Post #1


Member
**

Group: Members
Posts: 35
Joined: 2-July 08
From: philippines
Member No.: 219,978
HI!

Hope you could help me with my problem.
Last night, I downloaded a java update ( i guess it's Java™ 6 update 5). the update took a long time and as soon as i finished it, a lot of trojans (something like SHeur, fakealert.k, i really can't

remember the other ones .sorry.) were detected by my AVG 7.5 Email Server Edition. i tried healing each and every one of them and avg said that they had been healed. but for like every 5 minutes

especially when i open another Firefox window, avg would start popping out alerts about those trojans. i tried putting them to quarantine because i thought that might help but it didn't. Then this morning when my sister opened my laptop, she said that AVG again detected those trojan so she just healed them and then the laptop restarted. When the LAN is connected, it would show the BSOD saying:


Stop c000021a {Fatal System Error}
The session manager initialization system process terminated unexpectedly with a status of 0xc0000022 (0x00000000, 0x0000000)
The system has been shut down.


But, when i disconnect the internet, the laptop just keeps on restarting. i then search for possible solutions on the internet through my other computer and it seemed that there weren't any definite solution. i got so desperate that i just wanted to find a way to just save the files on my laptop. i tried running my laptop on safe mode with networking because it asked for a password when i tried logging in on "safe mode". i was able to connect on the internet while on safe mode with networking and then i downloaded the Microsoft Windows Malicious Software Removal Tool. i then saw this post on some thread saying that i should uninstall my AVG so i did and it worked. The laptop was back to normal mode. This text file pops up every startup "blphcepbj0ev7g.scr" and this window too:


Can not find script file "C:\documents and settings\administrator\local settings\temp\.tt4.tmp.vbs".



I then ran the Malware Removal Tool and it detected around 77 threats, around 3 were not totally healed. (sorry i don't have a copy of the result). The tool asked me to run my antivirus before


restarting to complete the process but since i uninstalled it already, i downloaded AVG Free but the installation kept on rolling back. It gave this message:

Local machine: installation failed
Installation:
Error: Action failed for file avgmfx86.sys: starting service....
Error 0x80070002

I then tried Panda Antivirus+Firewall 2007 and after installing it, a threat was healed and then i was asked to restart.

I was so happy because the computer started in Normal mode but i was shocked when a blue screen saying "Warning! Spyware detected on ur computer. Install antivirus or spyware remover to clean ur

computer." It also became my Wallpaper. The text file "blphcepbj0ev7g.scr" still opens and the window saying: Can not find script file "C:\documents and settings\administrator\local settings\temp\.tt4.tmp.vbs" also appears. But this time my laptop was very very slow and Panda wouldn't work anymore so i just uninstalled it.

i also tried enabling firewall since it was a requirement before posting but i couldn't.

Now I don't really know if my problem became worse because of the methods i did. Please help me. I really don't know what more to do. I don't want to resort to reprogramming my laptop. I don't

want to loose my files and I really really can't afford to pay someone to program it.

Here are the required files:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Deckard's System Scanner v20071014.68
Run by Administrator on 2008-07-02 21:18:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; System Restore is disabled (service is not running).


-- Last 5 Restore Point(s) --
24: 2008-07-03 00:06:20 UTC - RP24 - Installed AVG Free 8.0
23: 2008-07-02 09:32:13 UTC - RP23 - Restore Operation
22: 2008-07-02 09:22:19 UTC - RP22 - Restore Operation
21: 2008-07-02 03:16:55 UTC - RP21 - Installed Java™ 6 Update 5
20: 2008-07-01 06:08:19 UTC - RP20 - Last known good configuration


-- First Restore Point --
1: 2008-07-01 06:07:21 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 126 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-02 21:36:51
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\CameraFixer.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\system32\lphcepbj0ev7g.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myhpf.co.uk/mypage.asp?OrgID=125218
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: C:\WINDOWS\system32\hdxjd4g.dll - {B5AC49A2-94F2-42BD-F434-2604812C897D} - C:\WINDOWS\system32\hdxjd4g.dll
O2 - BHO: C:\WINDOWS\system32\djki397g.dll - {B5AF0562-94F3-42BD-F434-2604812C797D} - C:\WINDOWS\system32\djki397g.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [lphcepbj0ev7g] C:\WINDOWS\system32\lphcepbj0ev7g.exe
O4 - HKLM\..\Run: [SMrhcapbj0ev7g] C:\Program Files\rhcapbj0ev7g\rhcapbj0ev7g.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msvecurity] C:\WINDOWS\msvecurity.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Hhjg5jfd93dftdf] C:\WINDOWS\TEMP\winlagon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows update loader] C:\Windows\xpupdate.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [autoload] C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [InstallProgram] C:\WINDOWS\TEMP\lprn32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Service Pack 1] C:\WINDOWS\system32\vedxg6ame4.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Brave-Sentry] C:\Program Files\BraveSentry\BraveSentry.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [msvecurity] C:\WINDOWS\msvecurity.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Hhjg5jfd93dftdf] C:\WINDOWS\TEMP\winlagon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Windows update loader] C:\Windows\xpupdate.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [autoload] C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [InstallProgram] C:\WINDOWS\TEMP\lprn32.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Service Pack 1] C:\WINDOWS\system32\vedxg6ame4.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Brave-Sentry] C:\Program Files\BraveSentry\BraveSentry.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{08DEFBAF-8C03-4A64-9615-A52E6774408E}: NameServer = 66.93.87.2
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{33B00AD3-10D1-47B7-ACCF-DDBE9246973A}: NameServer = 66.93.87.2
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{9B888C2C-27CF-45F6-BBF0-A29EE52D6356}: NameServer = 66.93.87.2
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: crypt - C:\WINDOWS\system32\crypts.dll
O20 - Winlogon Notify: fccaXQhg - C:\WINDOWS\system32\fccaXQhg.dll (file missing)
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\system32\WinCtrl32.dll
O21 - SSODL: nqHIBFLbqf - {606FD787-CAC5-7D2D-C387-DABE79CDEE95} - C:\WINDOWS\system32\xso.dll (file missing)
O22 - SharedTaskScheduler: Hkjr94jdfdgj - {B5AC49A2-94F2-42BD-F434-2604812C897D} - C:\WINDOWS\system32\hdxjd4g.dll
O22 - SharedTaskScheduler: Hjkfj93dffd - {B5AF0562-94F3-42BD-F434-2604812C797D} - C:\WINDOWS\system32\djki397g.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: CcEvtSvc - Unknown owner - C:\WINDOWS\system32\CcEvtSvc.exe
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: Google Online Services - Unknown owner - C:\Documents and Settings\Administrator\ie_updates3r.exe -A
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:exe.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe


--
End of file - 12857 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - shell\edit\command - C:\WINDOWS\system32\NOTEPAD2.EXE %1
.cmd - cmdfile - shell\edit\command - C:\WINDOWS\system32\NOTEPAD2.EXE %1
.inf - inffile - shell\open\command - C:\WINDOWS\system32\NOTEPAD2.EXE %1
.ini - inifile - shell\open\command - C:\WINDOWS\system32\NOTEPAD2.EXE %1
.reg - regfile - shell\edit\command - C:\WINDOWS\system32\NOTEPAD2.EXE %1
.scr - AutoCADScriptFile - shell\open\command - C:\WINDOWS\NOTEPAD.EXE "%1"
.txt - txtfile - shell\open\command - C:\WINDOWS\system32\NOTEPAD2.EXE %1
.vbs - VBSFile - shell\edit\command - C:\WINDOWS\system32\Notepad2.exe %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Vch40 - c:\windows\system32\drivers\vch40.sys
R0 Winye05 - c:\windows\system32\drivers\winye05.sys
R3 tcpsr - c:\windows\system32\drivers\tcpsr.sys (file missing)

S0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil©>
S1 ShldDrv (Panda File Shield Driver) - c:\windows\system32\drivers\shldrv51.sys (file missing)
S2 PavProc (Panda Process Protection Driver) - c:\windows\system32\drivers\pavproc.sys (file missing)
S3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver>
S3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
S3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
S3 SNPSTD3 (USB PC Camera (SNPSTD3)) - c:\windows\system32\drivers\snpstd3.sys <Not Verified; ; PC Camera driver>
S3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
S3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

S2 CcEvtSvc - c:\windows\system32\ccevtsvc.exe -k netsvcs
S2 FCI - c:\windows\system32\svchost.exe:ext.exe
S2 Google Online Services - c:\documents and settings\administrator\ie_updates3r.exe -a (file missing)
S2 ICF - c:\windows\system32\svchost.exe:exe.exe
S2 PavPrSrv (Panda Process Protection Service) - "c:\program files\common files\panda software\pavshld\pavprsrv.exe" (file missing)
S2 Schedule (Task Scheduler) - c:\windows\system32\drivers\spools.exe (file missing)
S3 Scarbmg -


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\ABECC68004603
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\ABECC68004603
Service: NIC1394

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_2449&SUBSYS_30138086&REV_03\4&13B53951&0&40F0
Manufacturer: Intel
Name: Intel® PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_2449&SUBSYS_30138086&REV_03\4&13B53951&0&40F0
Service: E100B

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Modem
Device ID: PCI\VEN_8086&DEV_2446&SUBSYS_80DF104D&REV_03\3&61AAA01&0&FE
Manufacturer:
Name: PCI Modem
PNP Device ID: PCI\VEN_8086&DEV_2446&SUBSYS_80DF104D&REV_03\3&61AAA01&0&FE
Service:


-- Files created between 2008-06-02 and 2008-07-02 -----------------------------

2008-07-02 20:54:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVGTOOLBAR
2008-07-02 19:23:06 0 d-------- C:\Program Files\Panda Software
2008-07-02 19:13:41 0 d-------- C:\Program Files\Common Files\Panda Software
2008-07-02 17:02:35 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-02 17:01:46 0 d-------- C:\Program Files\AVG
2008-07-02 17:01:40 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-02 16:04:04 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-07-02 12:17:19 0 d--hs---- C:\WINDOWS\CSC
2008-07-02 11:02:32 40960 --a------ C:\WINDOWS\winlogon.exe
2008-07-02 11:02:28 40 --a------ C:\WINDOWS\file.bat
2008-07-02 11:00:45 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-07-02 11:00:34 87552 --a------ C:\WINDOWS\system32\CcEvtSvc.exe
2008-07-02 11:00:17 22590 --a------ C:\WINDOWS\system32\dllgh8jkd1q7.exe
2008-07-02 11:00:17 0 --a------ C:\1617942406
2008-07-02 11:00:08 0 d-------- C:\Program Files\rhcapbj0ev7g
2008-07-02 11:00:03 22154 --a------ C:\WINDOWS\system32\dllgh8jkd1q6.exe
2008-07-02 11:00:03 41984 --a------ C:\WINDOWS\17PHolmes27.exe
2008-07-02 10:59:58 20992 --a------ C:\WINDOWS\system32\vedxga4m1et4.exe
2008-07-02 10:59:58 21874 --a------ C:\WINDOWS\system32\dllgh8jkd1q5.exe
2008-07-02 10:58:10 0 d-------- C:\Program Files\BraveSentry
2008-07-02 10:58:09 44406 --a------ C:\WINDOWS\system32\dllgh8jkd1q2.exe
2008-07-02 10:57:35 26624 --a------ C:\WINDOWS\system32\vedxg4am1et2.exe
2008-07-02 10:57:33 25088 --a------ C:\WINDOWS\system32\vedxg6ame4.exe
2008-07-02 10:57:33 17782 --a------ C:\WINDOWS\system32\dllgh8jkd1q1.exe
2008-07-02 10:57:24 8780 --a------ C:\WINDOWS\system32\vedxga5me3.exe
2008-07-02 10:57:16 25084 --a------ C:\WINDOWS\system32\vedxga1me4t1.exe
2008-07-02 10:57:15 13312 --a------ C:\WINDOWS\system32\maxpaynowti.exe
2008-07-02 10:57:12 3 --a------ C:\WINDOWS\system32\dllgh8jkd1q8.exe
2008-07-02 10:57:04 0 d-------- C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd
2008-07-02 10:57:00 41984 --a------ C:\WINDOWS\system32\vedxga4me1.exe
2008-07-02 10:56:59 60928 --a------ C:\WINDOWS\system32\blphcepbj0ev7g.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
2008-07-02 10:56:42 31744 --a------ C:\WINDOWS\system32\crypts.dll
2008-07-02 10:56:31 5120 --a------ C:\Documents and Settings\LocalService\ftpdll.dll
2008-07-02 10:56:30 5120 --a------ C:\WINDOWS\system32\ftpdll.dll
2008-07-02 10:56:19 109056 --a------ C:\WINDOWS\system32\lphcepbj0ev7g.exe
2008-07-02 10:56:15 1086512 --a------ C:\Documents and Settings\LocalService\Application Data\Install.dat
2008-07-02 10:56:13 48502 --a------ C:\WINDOWS\xpupdate.exe
2008-07-02 10:55:58 15360 --a------ C:\WINDOWS\system32\WinCtrl32.dll
2008-07-02 10:55:41 0 dr------- C:\Documents and Settings\LocalService\My Documents
2008-07-02 10:55:39 26686 --a------ C:\WINDOWS\system32\dflgh8jkd2q7.exe
2008-07-02 10:55:35 26250 --a------ C:\WINDOWS\system32\dflgh8jkd2q6.exe
2008-07-02 10:55:30 25970 --a------ C:\WINDOWS\system32\dflgh8jkd2q5.exe
2008-07-02 10:55:28 48502 --a------ C:\WINDOWS\system32\dflgh8jkd2q2.exe
2008-07-02 10:55:26 10 --a------ C:\WINDOWS\system32\kr_done1
2008-07-02 10:55:23 21878 --a------ C:\WINDOWS\system32\dflgh8jkd2q1.exe
2008-07-02 10:55:21 17 --a------ C:\WINDOWS\system32\dflgh8jkd2q8.exe
2008-07-02 10:55:16 10000 --a------ C:\WINDOWS\system32\djki397g.dll
2008-07-02 10:55:11 10000 --a------ C:\WINDOWS\system32\hdxjd4g.dll
2008-07-02 03:01:39 6144 --a------ C:\WINDOWS\system32\goht738.exe
2008-07-02 02:46:58 28672 --a------ C:\WINDOWS\system32\goht701.exe
2008-07-01 20:08:33 30208 --a------ C:\WINDOWS\system32\drivers\Vch40.sys
2008-07-01 20:08:18 41472 --a------ C:\WINDOWS\system32\goht734.exe
2008-07-01 20:06:32 58 --a------ C:\WINDOWS\system32\goht265.exe
2008-07-01 15:11:00 119296 --a------ C:\WINDOWS\msvecurity.exe
2008-07-01 15:09:48 8192 --a------ C:\WINDOWS\system32\goht534.exe
2008-06-30 23:07:08 38824 --ahs---- C:\WINDOWS\system32\QYxHgfii.ini2
2008-06-30 22:53:10 0 d-------- C:\Program Files\PCHealthCenter
2008-06-25 10:49:01 0 d-------- C:\WINDOWS\Sun
2008-06-21 17:27:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\BearShare
2008-06-21 17:26:01 0 d-------- C:\Program Files\BearShare Applications
2008-06-19 15:56:59 4007835 --a------ C:\Documents and Settings\Administrator\Desktop(3)
2008-06-19 15:56:52 2742692 --a------ C:\Documents and Settings\Administrator\Desktop(2)
2008-06-18 18:27:46 4456448 --a------ C:\Documents and Settings\Administrator\ntuser.dat
2008-06-16 19:22:40 338 --a------ C:\Program Files\Setupinf.dat
2008-06-16 19:22:37 246972 --a------ C:\Program Files\FPFntDat.bin
2008-06-16 19:22:36 279781 --a------ C:\Program Files\BarRes.dat
2008-06-16 19:10:54 0 d-------- C:\Spedia
2008-06-16 18:48:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-06-13 14:20:40 0 d-------- C:\Program Files\QuickFix
2008-06-08 12:02:53 0 d-------- C:\WINDOWS\system32\appmgmt
2008-06-05 03:15:05 0 d-------- C:\Documents and Settings\Administrator\Application Data\ShoppingReport
2008-06-05 03:14:51 0 d-------- C:\Program Files\ShoppingReport
2008-06-04 15:25:52 0 d-------- C:\Program Files\Free PDF Downloader
2008-06-03 15:34:14 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-06-03 15:34:14 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-06-03 15:34:13 0 d-------- C:\Program Files\Xvid


-- Find3M Report ---------------------------------------------------------------

2008-07-02 20:07:10 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-02 19:13:41 0 d-------- C:\Program Files\Common Files
2008-07-02 18:34:00 0 d-------- C:\Program Files\Java
2008-07-02 15:45:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-07-02 11:00:04 17408 --a------ C:\WINDOWS\system32\svchost.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-26 02:37:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-06-24 23:21:32 5853 --a------ C:\WINDOWS\mozver.dat
2008-06-24 21:59:27 0 d-------- C:\Program Files\Google
2008-06-08 12:01:50 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2008-06-01 19:27:41 0 d-------- C:\Program Files\uTorrent
2008-06-01 04:39:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\Google
2008-06-01 04:35:39 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-01 04:35:28 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-05-28 16:55:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-05-28 14:18:33 0 dr-h----- C:\Documents and Settings\Administrator\Application Data\yahoo!
2008-05-28 13:59:25 0 d-------- C:\Program Files\Yahoo!
2008-05-28 13:43:20 0 d-------- C:\Program Files\Chikka
2008-05-27 22:40:13 4096 --a------ C:\WINDOWS\d3dx.dat
2008-05-27 22:39:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\GameHouse
2008-05-27 22:38:49 0 d-------- C:\Program Files\GameHouse
2008-05-25 22:34:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-05-14 11:11:10 356352 --a------ C:\WINDOWS\eSellerateEngine.dll <Not Verified; eSellerate Inc.; eSellerateEngine>
2008-05-12 21:19:48 0 d-------- C:\Program Files\Video-AVI to GIF-JPEG
2008-05-05 01:49:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\Nokia
2008-05-04 10:54:49 0 d-------- C:\Program Files\DIFX
2008-05-04 10:52:54 0 d-------- C:\Program Files\Common Files\PCSuite
2008-05-04 10:52:16 0 d-------- C:\Program Files\Common Files\Nokia
2008-05-04 10:51:18 0 d-------- C:\Program Files\Nokia
2008-05-04 10:49:17 0 d-------- C:\Documents and Settings\Administrator\Application Data\PC Suite
2008-05-04 10:48:53 0 d-------- C:\Program Files\PC Connectivity Solution


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B5AC49A2-94F2-42BD-F434-2604812C897D}]
07/02/2008 10:55 AM 10000 --a------ C:\WINDOWS\system32\hdxjd4g.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B5AF0562-94F3-42BD-F434-2604812C797D}]
07/02/2008 10:55 AM 10000 --a------ C:\WINDOWS\system32\djki397g.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CameraFixer"="C:\WINDOWS\CameraFixer.exe" [10/03/2005 12:23 PM]
"tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [11/04/2005 04:05 PM]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [09/05/2005 04:55 PM]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [03/23/2007 01:20 PM]
"lphcepbj0ev7g"="C:\WINDOWS\system32\lphcepbj0ev7g.exe" [07/02/2008 10:56 AM]
"SMrhcapbj0ev7g"="C:\Program Files\rhcapbj0ev7g\rhcapbj0ev7g.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 02:11 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" []
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nlsf"=cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
"nlhr"=RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"TaskSwitchXP"=C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
"Free Download Manager"=C:\Program Files\Free Download Manager\fdm.exe -autorun
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
"msvecurity"=C:\WINDOWS\msvecurity.exe
"Hhjg5jfd93dftdf"=C:\WINDOWS\TEMP\winlagon.exe
"Windows update loader"=C:\Windows\xpupdate.exe
"autoload"=C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe
"ntuser"=C:\WINDOWS\system32\drivers\spools.exe
"InstallProgram"=C:\WINDOWS\TEMP\lprn32.exe
"Service Pack 1"=C:\WINDOWS\system32\vedxg6ame4.exe
"Brave-Sentry"=C:\Program Files\BraveSentry\BraveSentry.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/9/2008 4:18:17 PM]
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [3/5/2006 5:43:54 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 2:01:04 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=1 (0x1)
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)
"Wallpaper"=C:\WINDOWS\desktop.html

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"=1 (0x1)
"ForceClassicControlPanel"=1 (0x1)
"NoRemoteRecursiveEvents"=1 (0x1)
"MemCheckBoxInRunDlg"=1 (0x1)
"DisableCAD"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=1 (0x1)
"ClearRecentDocsOnExit"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)
"NoRecentDocsHistory"=1 (0x1)
"NoInstrumentation"=1 (0x1)
"NoSMHelp"=1 (0x1)
"NoSaveSettings"=0 (0x0)
"DisableCAD"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=1 (0x1)
"ClearRecentDocsOnExit"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)
"NoRecentDocsHistory"=1 (0x1)
"NoInstrumentation"=1 (0x1)
"NoSMHelp"=1 (0x1)
"NoActiveDesktop"=0 (0x0)
"ForceActiveDesktopOn"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{B5AC49A2-94F2-42BD-F434-2604812C897D}"= C:\WINDOWS\system32\hdxjd4g.dll [07/02/2008 10:55 AM 10000]
"{B5AF0562-94F3-42BD-F434-2604812C797D}"= C:\WINDOWS\system32\djki397g.dll [07/02/2008 10:55 AM 10000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{84C53226-C282-41FE-A4B4-8F05CC5EC24B}"= C:\WINDOWS\system32\fccaXQhg.dll [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"nqHIBFLbqf"= {606FD787-CAC5-7D2D-C387-DABE79CDEE95} - C:\WINDOWS\system32\xso.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt]
crypts.dll 07/02/2008 10:56 AM 31744 C:\WINDOWS\system32\crypts.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccaXQhg]
fccaXQhg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32]
WinCtrl32.dll 07/02/2008 08:07 PM 15360 C:\WINDOWS\system32\WinCtrl32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\iifgHxYQ

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Reserved]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vch40.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winye05.sys]
@="Driver"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04dae2b1-f7be-11dc-bd86-08004628ffc6}]
Auto\command- G:\RECYCLER.exe
AutoRun\command- G:\RECYCLER.exe
explore\Command- vuts0e.cmd
open\Command- vuts0e.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e4db760-f157-11dc-bd66-08004628ffc6}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d419bec0-ee96-11dc-bd59-08004628ffc6}]
AutoRun\command- SilentSoftech.exe
explore\command- SilentSoftech.exe
open\command- SilentSoftech.exe
var1\command- SilentSoftech.exe




-- End of Deckard's System Scanner: finished at 2008-07-02 21:41:14 ------------



<<<EXTRA.TXT>>>>

Attached File  extra.txt ( 10.85k ) Number of downloads: 6


This post has been edited by hookedforever: Jul 2 2008, 10:42 AM
Go to the top of the page
 
+Quote Post
Buckeye_Sam
post Jul 2 2008, 11:32 AM
Post #2


Malware Expert
******

Group: HJT Team
Posts: 9,576
Joined: 23-December 04
Member No.: 7,762

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. smile.gif



Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    CODE
    C:\WINDOWS\system32\dllgh8jkd1q7.exe
    C:\Program Files\rhcapbj0ev7g
    C:\WINDOWS\system32\dllgh8jkd1q6.exe
    C:\WINDOWS\17PHolmes27.exe
    C:\WINDOWS\system32\vedxga4m1et4.exe
    C:\WINDOWS\system32\dllgh8jkd1q5.exe
    C:\Program Files\BraveSentry
    C:\WINDOWS\system32\dllgh8jkd1q2.exe
    C:\WINDOWS\system32\vedxg4am1et2.exe
    C:\WINDOWS\system32\vedxg6ame4.exe
    C:\WINDOWS\system32\dllgh8jkd1q1.exe
    C:\WINDOWS\system32\vedxga5me3.exe
    C:\WINDOWS\system32\vedxga1me4t1.exe
    C:\WINDOWS\system32\maxpaynowti.exe
    C:\WINDOWS\system32\dllgh8jkd1q8.exe
    C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd
    C:\WINDOWS\system32\vedxga4me1.exe
    C:\WINDOWS\system32\blphcepbj0ev7g.scr
    C:\WINDOWS\system32\crypts.dll
    C:\Documents and Settings\LocalService\ftpdll.dll
    C:\WINDOWS\system32\ftpdll.dll
    C:\WINDOWS\system32\lphcepbj0ev7g.exe
    C:\Documents and Settings\LocalService\Application Data\Install.dat
    C:\WINDOWS\xpupdate.exe
    C:\WINDOWS\system32\WinCtrl32.dll
    C:\WINDOWS\system32\dflgh8jkd2q7.exe
    C:\WINDOWS\system32\dflgh8jkd2q6.exe
    C:\WINDOWS\system32\dflgh8jkd2q5.exe
    C:\WINDOWS\system32\dflgh8jkd2q2.exe
    C:\WINDOWS\system32\dflgh8jkd2q1.exe
    C:\WINDOWS\system32\dflgh8jkd2q8.exe
    C:\WINDOWS\system32\djki397g.dll
    C:\WINDOWS\system32\hdxjd4g.dll
    C:\WINDOWS\system32\goht738.exe
    C:\WINDOWS\system32\goht701.exe
    C:\WINDOWS\system32\drivers\Vch40.sys
    C:\WINDOWS\system32\goht734.exe
    C:\WINDOWS\system32\goht265.exe
    C:\WINDOWS\msvecurity.exe
    C:\WINDOWS\system32\goht534.exe
    C:\WINDOWS\system32\QYxHgfii.ini2

  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Also post a new log from DSS.


--------------------
If I have helped you in any way, please consider a donation to help me continue the fight against malware.
[ Start Here ] [ Adaware 2008 ] [ Spybot ] [ AVG Antivirus ] [ Superantispyware ] [ MalwareBytes ]
[ Spyware Blaster ] [ Windows Update ] [ How to install Windows XP Recovery Console ]
Go to the top of the page
 
+Quote Post
hookedforever
post Jul 2 2008, 12:04 PM
Post #3


Member
**

Group: Members
Posts: 35
Joined: 2-July 08
From: philippines
Member No.: 219,978
Thank you for the quick reply!



Here's the OTMoveIt2 log which popped out after restarting the laptop:




File/Folder C:\WINDOWS\system32\dllgh8jkd1q7.exe not found.
File/Folder C:\Program Files\rhcapbj0ev7g not found.
File/Folder C:\WINDOWS\system32\dllgh8jkd1q6.exe not found.
File/Folder C:\WINDOWS\17PHolmes27.exe not found.
File/Folder C:\WINDOWS\system32\vedxga4m1et4.exe not found.
File/Folder C:\WINDOWS\system32\dllgh8jkd1q5.exe not found.
File/Folder C:\Program Files\BraveSentry not found.
File/Folder C:\WINDOWS\system32\dllgh8jkd1q2.exe not found.
File/Folder C:\WINDOWS\system32\vedxg4am1et2.exe not found.
File/Folder C:\WINDOWS\system32\vedxg6ame4.exe not found.
File/Folder C:\WINDOWS\system32\dllgh8jkd1q1.exe not found.
File/Folder C:\WINDOWS\system32\vedxga5me3.exe not found.
File/Folder C:\WINDOWS\system32\vedxga1me4t1.exe not found.
File/Folder C:\WINDOWS\system32\maxpaynowti.exe not found.
File/Folder C:\WINDOWS\system32\dllgh8jkd1q8.exe not found.
File/Folder C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd not found.
File/Folder C:\WINDOWS\system32\vedxga4me1.exe not found.
File/Folder C:\WINDOWS\system32\blphcepbj0ev7g.scr not found.
File/Folder C:\WINDOWS\system32\crypts.dll not found.
File/Folder C:\Documents and Settings\LocalService\ftpdll.dll not found.
File/Folder C:\WINDOWS\system32\ftpdll.dll not found.
File/Folder C:\WINDOWS\system32\lphcepbj0ev7g.exe not found.
File/Folder C:\Documents and Settings\LocalService\Application Data\Install.dat not found.
File/Folder C:\WINDOWS\xpupdate.exe not found.
File/Folder C:\WINDOWS\system32\WinCtrl32.dll not found.
File/Folder C:\WINDOWS\system32\dflgh8jkd2q7.exe not found.
File/Folder C:\WINDOWS\system32\dflgh8jkd2q6.exe not found.
File/Folder C:\WINDOWS\system32\dflgh8jkd2q5.exe not found.
File/Folder C:\WINDOWS\system32\dflgh8jkd2q2.exe not found.
File/Folder C:\WINDOWS\system32\dflgh8jkd2q1.exe not found.
File/Folder C:\WINDOWS\system32\dflgh8jkd2q8.exe not found.
File/Folder C:\WINDOWS\system32\djki397g.dll not found.
File/Folder C:\WINDOWS\system32\hdxjd4g.dll not found.
C:\WINDOWS\system32\goht738.exe moved successfully.
C:\WINDOWS\system32\goht701.exe moved successfully.
File move failed. C:\WINDOWS\system32\drivers\Vch40.sys scheduled to be moved on reboot.
C:\WINDOWS\system32\goht734.exe moved successfully.
C:\WINDOWS\system32\goht265.exe moved successfully.
C:\WINDOWS\msvecurity.exe moved successfully.
C:\WINDOWS\system32\goht534.exe moved successfully.
C:\WINDOWS\system32\QYxHgfii.ini2 moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07032008_004732

Files moved on Reboot...
File move failed. C:\WINDOWS\system32\drivers\Vch40.sys scheduled to be moved on reboot.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Im sorry but i did your instructions twice. When i first tried doing it, the window disappeared so i did it again...i looked at c:\_OTMoveIt\MovedFiles and now there are 2 folders (07032008_004456 and 07032008_004732), 07032008_004732.log and 07032008_004732.res.

By the way, "blphcepbj0ev7g.scr" and Can not find script file "C:\documents and settings\administrator\local settings\temp\.tt4.tmp.vbs". didn't show up after restart. thumbup.gif

Now here's the DSS (MAIN only, no EXTRA...):



Deckard's System Scanner v20071014.68
Run by Administrator on 2008-07-03 00:58:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 80% (more than 75%).
Total Physical Memory: 126 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-03 01:01:43
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\system32\CcEvtSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\WINDOWS\CameraFixer.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\sysrest32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myhpf.co.uk/mypage.asp?OrgID=125218
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: C:\WINDOWS\system32\hdxjd4g.dll - {B5AC49A2-94F2-42BD-F434-2604812C897D} - C:\WINDOWS\system32\hdxjd4g.dll (file missing)
O2 - BHO: C:\WINDOWS\system32\djki397g.dll - {B5AF0562-94F3-42BD-F434-2604812C797D} - C:\WINDOWS\system32\djki397g.dll (file missing)
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [lphcepbj0ev7g] C:\WINDOWS\system32\lphcepbj0ev7g.exe
O4 - HKLM\..\Run: [SMrhcapbj0ev7g] C:\Program Files\rhcapbj0ev7g\rhcapbj0ev7g.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msvecurity] C:\WINDOWS\msvecurity.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Hhjg5jfd93dftdf] C:\WINDOWS\TEMP\winlagon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows update loader] C:\Windows\xpupdate.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [autoload] C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [InstallProgram] C:\WINDOWS\TEMP\lprn32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Service Pack 1] C:\WINDOWS\system32\vedxg6ame4.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Brave-Sentry] C:\Program Files\BraveSentry\BraveSentry.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [msvecurity] C:\WINDOWS\msvecurity.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Hhjg5jfd93dftdf] C:\WINDOWS\TEMP\winlagon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Windows update loader] C:\Windows\xpupdate.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [autoload] C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [InstallProgram] C:\WINDOWS\TEMP\lprn32.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Service Pack 1] C:\WINDOWS\system32\vedxg6ame4.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Brave-Sentry] C:\Program Files\BraveSentry\BraveSentry.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{08DEFBAF-8C03-4A64-9615-A52E6774408E}: NameServer = 66.93.87.2
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{33B00AD3-10D1-47B7-ACCF-DDBE9246973A}: NameServer = 66.93.87.2
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{9B888C2C-27CF-45F6-BBF0-A29EE52D6356}: NameServer = 66.93.87.2
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: crypt - C:\WINDOWS\system32\crypts.dll (file missing)
O20 - Winlogon Notify: fccaXQhg - C:\WINDOWS\system32\fccaXQhg.dll (file missing)
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\system32\WinCtrl32.dll
O21 - SSODL: nqHIBFLbqf - {606FD787-CAC5-7D2D-C387-DABE79CDEE95} - C:\WINDOWS\system32\xso.dll (file missing)
O22 - SharedTaskScheduler: Hkjr94jdfdgj - {B5AC49A2-94F2-42BD-F434-2604812C897D} - C:\WINDOWS\system32\hdxjd4g.dll (file missing)
O22 - SharedTaskScheduler: Hjkfj93dffd - {B5AF0562-94F3-42BD-F434-2604812C797D} - C:\WINDOWS\system32\djki397g.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: CcEvtSvc - Unknown owner - C:\WINDOWS\system32\CcEvtSvc.exe
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: Google Online Services - Unknown owner - C:\Documents and Settings\Administrator\ie_updates3r.exe -A
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:exe.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe


--
End of file - 13061 bytes

-- Files created between 2008-06-03 and 2008-07-03 -----------------------------

2008-07-03 01:01:31 0 d-------- C:\Program Files\Trend Micro
2008-07-03 00:54:07 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-07-03 00:39:22 15360 --a------ C:\WINDOWS\system32\WinCtrl32.dll
2008-07-02 23:48:04 15328 --a------ C:\WINDOWS\system32\sysrest.sys
2008-07-02 23:48:03 23040 --a------ C:\WINDOWS\system32\sysrest32.exe
2008-07-02 20:54:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVGTOOLBAR
2008-07-02 19:23:06 0 d-------- C:\Program Files\Panda Software
2008-07-02 19:13:41 0 d-------- C:\Program Files\Common Files\Panda Software
2008-07-02 17:02:35 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-02 17:01:46 0 d-------- C:\Program Files\AVG
2008-07-02 17:01:40 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-02 12:17:19 0 d--hs---- C:\WINDOWS\CSC
2008-07-02 11:02:32 40960 --a------ C:\WINDOWS\winlogon.exe
2008-07-02 11:02:28 40 --a------ C:\WINDOWS\file.bat
2008-07-02 11:00:45 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-07-02 11:00:34 87552 --a------ C:\WINDOWS\system32\CcEvtSvc.exe
2008-07-02 11:00:17 0 --a------ C:\1617942406
2008-07-02 10:55:41 0 dr------- C:\Documents and Settings\LocalService\My Documents
2008-07-02 10:55:26 10 --a------ C:\WINDOWS\system32\kr_done1
2008-07-01 20:08:33 30208 --a------ C:\WINDOWS\system32\drivers\Vch40.sys
2008-06-30 22:53:10 0 d-------- C:\Program Files\PCHealthCenter
2008-06-25 10:49:01 0 d-------- C:\WINDOWS\Sun
2008-06-21 17:27:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\BearShare
2008-06-21 17:26:01 0 d-------- C:\Program Files\BearShare Applications
2008-06-19 15:56:59 4007835 --a------ C:\Documents and Settings\Administrator\Desktop(3)
2008-06-19 15:56:52 2742692 --a------ C:\Documents and Settings\Administrator\Desktop(2)
2008-06-18 18:27:46 4456448 --a------ C:\Documents and Settings\Administrator\ntuser.dat
2008-06-16 19:22:40 338 --a------ C:\Program Files\Setupinf.dat
2008-06-16 19:22:37 246972 --a------ C:\Program Files\FPFntDat.bin
2008-06-16 19:22:36 279781 --a------ C:\Program Files\BarRes.dat
2008-06-16 19:10:54 0 d-------- C:\Spedia
2008-06-16 18:48:12 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-06-13 14:20:40 0 d-------- C:\Program Files\QuickFix
2008-06-08 12:02:53 0 d-------- C:\WINDOWS\system32\appmgmt
2008-06-05 03:15:05 0 d-------- C:\Documents and Settings\Administrator\Application Data\ShoppingReport
2008-06-05 03:14:51 0 d-------- C:\Program Files\ShoppingReport
2008-06-04 15:25:52 0 d-------- C:\Program Files\Free PDF Downloader
2008-06-03 15:34:14 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-06-03 15:34:14 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-06-03 15:34:13 0 d-------- C:\Program Files\Xvid


-- Find3M Report ---------------------------------------------------------------

2008-07-02 20:07:10 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-02 19:13:41 0 d-------- C:\Program Files\Common Files
2008-07-02 18:34:00 0 d-------- C:\Program Files\Java
2008-07-02 15:45:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-07-02 11:00:04 17408 --a------ C:\WINDOWS\system32\svchost.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-26 02:37:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-06-24 23:21:32 5853 --a------ C:\WINDOWS\mozver.dat
2008-06-24 21:59:27 0 d-------- C:\Program Files\Google
2008-06-08 12:01:50 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2008-06-01 19:27:41 0 d-------- C:\Program Files\uTorrent
2008-06-01 04:39:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\Google
2008-06-01 04:35:39 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-01 04:35:28 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-05-28 16:55:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-05-28 14:18:33 0 dr-h----- C:\Documents and Settings\Administrator\Application Data\yahoo!
2008-05-28 13:59:25 0 d-------- C:\Program Files\Yahoo!
2008-05-28 13:43:20 0 d-------- C:\Program Files\Chikka
2008-05-27 22:40:13 4096 --a------ C:\WINDOWS\d3dx.dat
2008-05-27 22:39:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\GameHouse
2008-05-27 22:38:49 0 d-------- C:\Program Files\GameHouse
2008-05-25 22:34:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-05-14 11:11:10 356352 --a------ C:\WINDOWS\eSellerateEngine.dll <Not Verified; eSellerate Inc.; eSellerateEngine>
2008-05-12 21:19:48 0 d-------- C:\Program Files\Video-AVI to GIF-JPEG
2008-05-05 01:49:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\Nokia
2008-05-04 10:54:49 0 d-------- C:\Program Files\DIFX
2008-05-04 10:52:54 0 d-------- C:\Program Files\Common Files\PCSuite
2008-05-04 10:52:16 0 d-------- C:\Program Files\Common Files\Nokia
2008-05-04 10:51:18 0 d-------- C:\Program Files\Nokia
2008-05-04 10:49:17 0 d-------- C:\Documents and Settings\Administrator\Application Data\PC Suite
2008-05-04 10:48:53 0 d-------- C:\Program Files\PC Connectivity Solution


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B5AC49A2-94F2-42BD-F434-2604812C897D}]
C:\WINDOWS\system32\hdxjd4g.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B5AF0562-94F3-42BD-F434-2604812C797D}]
C:\WINDOWS\system32\djki397g.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CameraFixer"="C:\WINDOWS\CameraFixer.exe" [10/03/2005 12:23 PM]
"tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [11/04/2005 04:05 PM]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [09/05/2005 04:55 PM]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [03/23/2007 01:20 PM]
"lphcepbj0ev7g"="C:\WINDOWS\system32\lphcepbj0ev7g.exe" []
"SMrhcapbj0ev7g"="C:\Program Files\rhcapbj0ev7g\rhcapbj0ev7g.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 02:11 AM]
"sysrest32.exe"="C:\WINDOWS\system32\sysrest32.exe" [07/02/2008 11:47 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" []
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nlsf"=cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
"nlhr"=RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"TaskSwitchXP"=C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
"Free Download Manager"=C:\Program Files\Free Download Manager\fdm.exe -autorun
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
"msvecurity"=C:\WINDOWS\msvecurity.exe
"Hhjg5jfd93dftdf"=C:\WINDOWS\TEMP\winlagon.exe
"Windows update loader"=C:\Windows\xpupdate.exe
"autoload"=C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe
"ntuser"=C:\WINDOWS\system32\drivers\spools.exe
"InstallProgram"=C:\WINDOWS\TEMP\lprn32.exe
"Service Pack 1"=C:\WINDOWS\system32\vedxg6ame4.exe
"Brave-Sentry"=C:\Program Files\BraveSentry\BraveSentry.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/9/2008 4:18:17 PM]
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [3/5/2006 5:43:54 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 2:01:04 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=1 (0x1)
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)
"Wallpaper"=C:\WINDOWS\desktop.html

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"=1 (0x1)
"ForceClassicControlPanel"=1 (0x1)
"NoRemoteRecursiveEvents"=1 (0x1)
"MemCheckBoxInRunDlg"=1 (0x1)
"DisableCAD"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=1 (0x1)
"ClearRecentDocsOnExit"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)
"NoRecentDocsHistory"=1 (0x1)
"NoInstrumentation"=1 (0x1)
"NoSMHelp"=1 (0x1)
"NoSaveSettings"=0 (0x0)
"DisableCAD"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=1 (0x1)
"ClearRecentDocsOnExit"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)
"NoRecentDocsHistory"=1 (0x1)
"NoInstrumentation"=1 (0x1)
"NoSMHelp"=1 (0x1)
"NoActiveDesktop"=0 (0x0)
"ForceActiveDesktopOn"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{B5AC49A2-94F2-42BD-F434-2604812C897D}"= C:\WINDOWS\system32\hdxjd4g.dll [ ]
"{B5AF0562-94F3-42BD-F434-2604812C797D}"= C:\WINDOWS\system32\djki397g.dll [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{84C53226-C282-41FE-A4B4-8F05CC5EC24B}"= C:\WINDOWS\system32\fccaXQhg.dll [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"nqHIBFLbqf"= {606FD787-CAC5-7D2D-C387-DABE79CDEE95} - C:\WINDOWS\system32\xso.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt]
crypts.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccaXQhg]
fccaXQhg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WinCtrl32]
WinCtrl32.dll 07/03/2008 12:55 AM 15360 C:\WINDOWS\system32\WinCtrl32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\iifgHxYQ

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Reserved]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vch40.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winye05.sys]
@="Driver"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04dae2b1-f7be-11dc-bd86-08004628ffc6}]
Auto\command- G:\RECYCLER.exe
AutoRun\command- G:\RECYCLER.exe
explore\Command- vuts0e.cmd
open\Command- vuts0e.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e4db760-f157-11dc-bd66-08004628ffc6}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d419bec0-ee96-11dc-bd59-08004628ffc6}]
AutoRun\command- SilentSoftech.exe
explore\command- SilentSoftech.exe
open\command- SilentSoftech.exe
var1\command- SilentSoftech.exe




-- End of Deckard's System Scanner: finished at 2008-07-03 01:06:53 ------------

This post has been edited by hookedforever: Jul 2 2008, 12:10 PM
Go to the top of the page
 
+Quote Post
Buckeye_Sam
post Jul 2 2008, 12:28 PM