Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Virtumonde And ?


  • This topic is locked This topic is locked
3 replies to this topic

#1 driverjack

driverjack

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 08 April 2008 - 10:37 AM

Hello - I am having problems with Virtumonde and possibly other viruses. I run Norton Internet Security 2008 and Ad-aware 2007 and they find nothing. Spybot finds the Virtumonde, removes it and of course when I re-boot it comes back. I am technically inclined but this is beyond my abilities. Please help!!! Here are the logs from DSS and Kaspersky.

DSS Main.TXT

Deckard's System Scanner v20071014.68
Run by Big Daddy Jack on 2008-04-08 07:19:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-04-08 12:19:57 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Big Daddy Jack.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:25:27 AM, on 4/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Big Daddy Jack\Desktop\Set Up\dss.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\TRENDM~1\HIJACK~1\Big Daddy Jack.exe
C:\WINDOWS\system32\rundll32.exe

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8ED6FAF3-E9AE-4373-A14A-4F31F0FADF4C} - C:\WINDOWS\system32\mljjk.dll
O2 - BHO: {f9ca0473-94a5-e9c8-4474-2a4686a00d1a} - {a1d00a68-64a2-4744-8c9e-5a493740ac9f} - C:\WINDOWS\system32\jtqblrsy.dll (file missing)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [dc413296] rundll32.exe "C:\WINDOWS\system32\kbfspyhj.dll",b
O4 - HKLM\..\Run: [BMdf72010a] Rundll32.exe "C:\WINDOWS\system32\ldlppeiw.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 5335 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080407-103920-102 O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
backup-20080407-103920-142 O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
backup-20080407-103920-149 O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
backup-20080407-103920-159 O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
backup-20080407-103920-169 O4 - HKUS\S-1-5-21-776561741-1563985344-839522115-1004\..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray (User 'Travis')
backup-20080407-103920-186 O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
backup-20080407-103920-198 O4 - HKLM\..\Run: [dc413296] rundll32.exe "C:\WINDOWS\system32\xogtnjen.dll",b
backup-20080407-103920-254 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20080407-103920-272 O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
backup-20080407-103920-281 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20080407-103920-318 O4 - HKUS\S-1-5-21-776561741-1563985344-839522115-1004\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (User 'Travis')
backup-20080407-103920-319 O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
backup-20080407-103920-348 O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
backup-20080407-103920-370 O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
backup-20080407-103920-380 O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
backup-20080407-103920-440 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20080407-103920-452 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
backup-20080407-103920-474 O4 - HKUS\S-1-5-21-776561741-1563985344-839522115-1004\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User 'Travis')
backup-20080407-103920-480 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r302.regserver.com/webreg?surveyID=...mp;ConnType=lan
backup-20080407-103920-490 O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
backup-20080407-103920-534 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=wsignin...px&id=64855
backup-20080407-103920-582 O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
backup-20080407-103920-621 O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
backup-20080407-103920-688 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
backup-20080407-103920-700 O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
backup-20080407-103920-705 O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
backup-20080407-103920-726 O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
backup-20080407-103920-727 O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
backup-20080407-103920-741 O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
backup-20080407-103920-742 O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
backup-20080407-103920-752 O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
backup-20080407-103920-762 O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
backup-20080407-103920-790 O4 - Global Startup: NETGEAR WG311v3 Wireless Assistant.lnk = ?
backup-20080407-103920-797 O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
backup-20080407-103920-843 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
backup-20080407-103920-857 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20080407-103920-858 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20080407-103920-894 O4 - HKUS\S-1-5-21-776561741-1563985344-839522115-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Travis')
backup-20080407-103920-970 O4 - HKLM\..\Run: [BMdf72010a] Rundll32.exe "C:\WINDOWS\system32\ddeaowop.dll",s
backup-20080407-103921-233 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
backup-20080407-103921-466 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20080407-103921-689 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
backup-20080407-103922-490 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20080407-103922-808 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20080407-103922-836 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20080407-103923-906 O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
backup-20080407-103923-963 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
backup-20080407-103924-697 O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
backup-20080407-103924-751 O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ss/sa...abs/tgctlsr.cab
backup-20080407-103925-124 O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
backup-20080407-103926-259 O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
backup-20080407-103927-516 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
backup-20080407-103927-778 O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
backup-20080407-103928-809 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1196112899890
backup-20080407-103929-152 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
backup-20080407-103929-367 O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
backup-20080407-103930-338 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
backup-20080407-103930-965 O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
backup-20080407-103931-299 O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zuma/sis/...ploader_v10.cab
backup-20080407-103931-574 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
backup-20080407-103932-136 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
backup-20080407-103932-146 O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
backup-20080407-103932-162 O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
backup-20080407-103932-183 O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
backup-20080407-103932-224 O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
backup-20080407-103932-290 O23 - Service: Autodesk Data Management Job Dispatch - Autodesk - C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
backup-20080407-103932-303 O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
backup-20080407-103932-305 O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
backup-20080407-103932-346 O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
backup-20080407-103932-362 O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
backup-20080407-103932-417 O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
backup-20080407-103932-438 O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
backup-20080407-103932-491 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
backup-20080407-103932-515 O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
backup-20080407-103932-621 O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
backup-20080407-103932-690 O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
backup-20080407-103932-735 O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
backup-20080407-103932-781 O23 - Service: Autodesk EDM Server - Autodesk - C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
backup-20080407-103932-852 O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
backup-20080407-103932-898 O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
backup-20080407-103932-899 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
backup-20080407-103932-951 O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

-- File Associations -----------------------------------------------------------

.scr - AOEMViewScriptFile - shell\open\command - "%windir%\system32\notepad.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path ManagerŪ (32-bit)>

S1 LIKECDN2 - c:\windows\system32\drivers\likecdn2.sys (file missing)
S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections>
S3 catchme - c:\docume~1\travis\locals~1\temp\catchme.sys (file missing)
S3 W8335XP (NETGEAR WG311v3 802.11g Wireless PCI Adapter for Windows XP (8335)) - c:\windows\system32\drivers\wg311v3xp.sys <Not Verified; Marvell Semiconductor, Inc; Device driver for Marvell 802.11 NIC>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S4 Autodesk Data Management Job Dispatch - "c:\program files\autodesk\data management server 2008\server\dispatch\connectivity.windowsservice.jobdispatch.exe" <Not Verified; Autodesk; >
S4 Autodesk EDM Server - "c:\program files\autodesk\data management server 2008\server\webserver\connectivity.edmws.server.exe" <Not Verified; Autodesk; EDMWS>
S4 Autodesk Licensing Service - "c:\program files\common files\autodesk shared\service\adskscsrv.exe" <Not Verified; Autodesk; Autodesk Licensing Service>
S4 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
S4 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S4 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NETGEAR WG311v3 802.11g Wireless PCI Adapter
Device ID: PCI\VEN_11AB&DEV_1FAA&SUBSYS_6B001385&REV_03\4&1351887D&0&50F0
Manufacturer: NETGEAR
Name: NETGEAR WG311v3 802.11g Wireless PCI Adapter
PNP Device ID: PCI\VEN_11AB&DEV_1FAA&SUBSYS_6B001385&REV_03\4&1351887D&0&50F0
Service: W8335XP

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&268D196D&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&268D196D&0
Service: i8042prt


-- Scheduled Tasks -------------------------------------------------------------

2008-04-08 07:16:30 640 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Big Daddy Jack.job
2008-03-14 15:00:50 308 --ah----- C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job


-- Files created between 2008-03-08 and 2008-04-08 -----------------------------

2008-04-08 07:25:21 83520 --a------ C:\WINDOWS\system32\dduumvqo.dll
2008-04-08 07:19:19 3648 --a------ C:\WINDOWS\system32\achlnoly.dll
2008-04-08 07:18:31 88640 --a------ C:\WINDOWS\system32\ldlppeiw.dll
2008-04-07 14:39:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-07 14:39:32 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-07 11:26:04 0 d-------- C:\Program Files\Enigma Software Group
2008-04-07 10:14:26 0 d-------- C:\Program Files\Trend Micro
2008-04-06 15:52:07 87104 --a------ C:\WINDOWS\system32\ddeaowop.dll
2008-04-05 15:52:04 87104 --a------ C:\WINDOWS\system32\abciamfi.dll
2008-04-05 11:42:51 0 d-------- C:\Documents and Settings\Travis\Application Data\Webroot
2008-04-04 20:22:59 0 d-------- C:\Documents and Settings\Big Daddy Jack\Application Data\Autodesk
2008-03-31 20:52:10 0 d-------- C:\Program Files\InterActual
2008-03-30 21:15:17 0 d-------- C:\Program Files\Bad Apple ESIMS
2008-03-28 12:18:37 87616 --a------ C:\WINDOWS\system32\bwpvbiyw.dll
2008-03-23 19:32:35 0 d-------- C:\WINDOWS\ERUNT
2008-03-23 13:24:50 363702 --ahs---- C:\WINDOWS\system32\kjjlm.ini2
2008-03-23 13:24:46 298048 --a------ C:\WINDOWS\system32\mljjk.dll
2008-03-22 11:01:13 0 d-------- C:\Documents and Settings\Big Daddy Jack\Application Data\Tunebite
2008-03-21 21:25:56 58368 --a------ C:\hlkhyer.exe
2008-03-21 21:19:47 0 d-------- C:\Documents and Settings\Travis\Application Data\RTPlayer
2008-03-21 21:10:44 0 d-------- C:\Program Files\PixiePack Codec Pack
2008-03-21 21:09:15 0 d-------- C:\Documents and Settings\Travis\Application Data\Tunebite
2008-03-21 21:08:03 0 d-------- C:\Program Files\RapidSolution
2008-03-21 21:08:03 0 d-------- C:\Documents and Settings\All Users\Application Data\RapidSolution
2008-03-20 00:18:16 0 d-------- C:\GRAPHPAP
2008-03-18 14:38:00 0 d-------- C:\Documents and Settings\Nikki\Application Data\Symantec
2008-03-17 16:22:17 0 d-------- C:\Documents and Settings\Travis\Application Data\Symantec
2008-03-17 16:05:30 0 d-------- C:\Program Files\Windows Sidebar
2008-03-17 16:04:26 0 d-------- C:\Program Files\Norton Internet Security
2008-03-17 15:41:28 0 d-------- C:\Documents and Settings\Big Daddy Jack\Application Data\Symantec
2008-03-14 23:06:00 0 d-------- C:\Documents and Settings\Nikki\Application Data\Snapfish
2008-03-14 14:59:21 0 d-------- C:\Program Files\Microsoft IntelliPoint
2008-03-14 10:28:16 0 d-------- C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
2008-03-11 13:48:32 0 d-------- C:\Program Files\Memorex exPressit Label Design Studio
2008-03-11 13:26:19 0 d-------- C:\Documents and Settings\Big Daddy Jack\Application Data\Acoustica
2008-03-11 13:26:12 0 d-------- C:\Program Files\Acoustica CD Label Maker
2008-03-11 10:44:54 0 d-------- C:\Program Files\exPressit S.E. 2.2


-- Find3M Report ---------------------------------------------------------------

2008-04-08 07:25:40 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-30 20:55:39 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-30 00:40:18 0 d-------- C:\Program Files\Wolfenstein - Enemy Territory
2008-03-26 11:17:04 0 d-------- C:\Program Files\Xfire
2008-03-24 15:56:12 0 d-------- C:\Program Files\LimeWire
2008-03-23 09:18:35 0 d-------- C:\Program Files\WinAce
2008-03-22 11:05:59 0 d-------- C:\Documents and Settings\Big Daddy Jack\Application Data\uTorrent
2008-03-22 10:14:47 0 d-------- C:\Program Files\QuickTime
2008-03-21 15:15:05 4 --a------ C:\WINDOWS\system32\1C9DC0
2008-03-17 16:06:19 0 d-------- C:\Program Files\Symantec
2008-03-17 16:05:14 0 d-------- C:\Program Files\Common Files
2008-03-11 13:48:33 0 d-------- C:\Program Files\Common Files\SureThing Shared
2008-03-05 08:39:31 0 d-------- C:\Program Files\uTorrent
2008-03-04 21:42:34 0 d-------- C:\Documents and Settings\Big Daddy Jack\Application Data\ArcSoft
2008-03-04 21:34:18 0 d-------- C:\Program Files\ImTOO
2008-03-04 21:15:09 0 d-------- C:\Program Files\Common Files\AVSMedia
2008-03-04 21:12:47 0 d-------- C:\Program Files\AVSMedia
2008-03-04 21:11:58 0 d-------- C:\Program Files\Common Files\Download Manager
2008-03-04 10:49:37 0 d-------- C:\Program Files\Winter Fun Pack 2004 for Windows XP
2008-03-03 16:30:21 0 d-------- C:\Program Files\The Rosetta Stone
2008-03-03 16:19:18 0 d-------- C:\Program Files\MagicISO
2008-03-03 13:45:52 0 d-------- C:\Documents and Settings\Big Daddy Jack\Application Data\Apple Computer
2008-03-03 13:08:50 0 d-------- C:\Program Files\Common Files\Webroot Shared
2008-03-03 13:08:47 0 d-------- C:\Documents and Settings\Big Daddy Jack\Application Data\Webroot
2008-03-03 13:08:45 0 d-------- C:\Program Files\Webroot
2008-03-03 10:32:31 0 d-------- C:\Program Files\Goolag Scanner
2008-03-01 13:11:46 0 d-------- C:\Program Files\GtkRadiant 1.5.0
2008-02-29 21:04:03 0 d-------- C:\Program Files\Mplayer
2008-02-29 21:01:55 0 d-------- C:\Program Files\Quake III Arena
2008-02-27 04:23:52 0 d-------- C:\Program Files\Microsoft SQL Server
2008-02-27 04:00:49 0 d-------- C:\Program Files\MSXML 6.0
2008-02-27 04:00:36 0 d-------- C:\Program Files\MSXML 4.0
2008-02-26 18:59:27 0 d-------- C:\Program Files\Autodesk
2008-02-26 18:55:04 0 d-------- C:\Program Files\Microsoft.NET
2008-02-26 18:41:59 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2008-02-26 18:30:48 0 d-------- C:\Program Files\AOEMView 2008
2008-02-26 18:29:32 0 d-------- C:\Program Files\Microsoft WSE
2008-02-26 18:26:31 0 d-------- C:\Program Files\DWG TrueView 2007
2008-02-25 14:37:22 2559 --a------ C:\WINDOWS\unins000.dat
2008-02-25 13:05:26 691545 --a------ C:\WINDOWS\unins000.exe
2008-02-23 18:26:31 0 d-------- C:\Program Files\EA GAMES
2008-02-22 23:37:53 0 d-------- C:\Program Files\Common Files\Alias Shared
2008-02-18 00:09:45 0 d-------- C:\Program Files\iTunes
2008-02-18 00:09:33 0 d-------- C:\Program Files\iPod
2008-02-18 00:08:57 0 d-------- C:\Program Files\Bonjour
2008-02-18 00:06:56 0 d-------- C:\Program Files\Apple Software Update
2008-02-18 00:06:18 0 d-------- C:\Program Files\Common Files\Apple
2008-02-17 16:33:21 0 d-------- C:\Program Files\America's Army
2008-02-17 16:33:20 0 d-------- C:\Program Files\America's Army Server Manager
2008-02-16 17:24:38 0 d-------- C:\Program Files\Google
2008-02-12 20:30:39 0 d-------- C:\Program Files\Microsoft IntelliPoint 5.2
2008-02-08 18:25:25 0 d-------- C:\Program Files\PictureProject In Touch Downloader
2008-02-08 18:24:47 0 d-------- C:\Program Files\Common Files\Nikon
2008-02-08 18:24:04 0 d-------- C:\Program Files\Common Files\muvee Technologies
2008-02-08 18:23:56 0 d-------- C:\Program Files\Nikon
2008-02-08 18:21:42 0 d-------- C:\Program Files\ArcSoft
2008-01-14 18:35:00 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
02/06/2008 08:05 PM 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
03/17/2008 04:05 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8ED6FAF3-E9AE-4373-A14A-4F31F0FADF4C}]
03/23/2008 01:24 PM 298048 --a------ C:\WINDOWS\system32\mljjk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1d00a68-64a2-4744-8c9e-5a493740ac9f}]
C:\WINDOWS\system32\jtqblrsy.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [02/06/2008 08:05 PM 349552]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dc413296"="C:\WINDOWS\system32\dduumvqo.dll" [04/08/2008 07:25 AM]
"BMdf72010a"="C:\WINDOWS\system32\ldlppeiw.dll" [04/08/2008 07:18 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/28/2006 07:00 AM]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mljjk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{582610B8-E496-4813-993C-4B027173FE38}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe



-- Hosts -----------------------------------------------------------------------

127.0.0.1 .supercocklol.com
127.0.0.1 www..webloyalty.com
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com

8118 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-04-08 07:26:48 ------------

DSS Extra.TXT

Deckard's System Scanner v20071014.68
Run by Big Daddy Jack on 2008-04-08 07:19:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-04-08 12:19:57 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Big Daddy Jack.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:25:27 AM, on 4/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Big Daddy Jack\Desktop\Set Up\dss.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\TRENDM~1\HIJACK~1\Big Daddy Jack.exe
C:\WINDOWS\system32\rundll32.exe

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8ED6FAF3-E9AE-4373-A14A-4F31F0FADF4C} - C:\WINDOWS\system32\mljjk.dll
O2 - BHO: {f9ca0473-94a5-e9c8-4474-2a4686a00d1a} - {a1d00a68-64a2-4744-8c9e-5a493740ac9f} - C:\WINDOWS\system32\jtqblrsy.dll (file missing)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [dc413296] rundll32.exe "C:\WINDOWS\system32\kbfspyhj.dll",b
O4 - HKLM\..\Run: [BMdf72010a] Rundll32.exe "C:\WINDOWS\system32\ldlppeiw.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 5335 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080407-103920-102 O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
backup-20080407-103920-142 O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
backup-20080407-103920-149 O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
backup-20080407-103920-159 O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
backup-20080407-103920-169 O4 - HKUS\S-1-5-21-776561741-1563985344-839522115-1004\..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray (User 'Travis')
backup-20080407-103920-186 O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
backup-20080407-103920-198 O4 - HKLM\..\Run: [dc413296] rundll32.exe "C:\WINDOWS\system32\xogtnjen.dll",b
backup-20080407-103920-254 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20080407-103920-272 O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
backup-20080407-103920-281 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20080407-103920-318 O4 - HKUS\S-1-5-21-776561741-1563985344-839522115-1004\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (User 'Travis')
backup-20080407-103920-319 O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
backup-20080407-103920-348 O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
backup-20080407-103920-370 O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
backup-20080407-103920-380 O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
backup-20080407-103920-440 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20080407-103920-452 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
backup-20080407-103920-474 O4 - HKUS\S-1-5-21-776561741-1563985344-839522115-1004\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User 'Travis')
backup-20080407-103920-480 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r302.regserver.com/webreg?surveyID=...mp;ConnType=lan
backup-20080407-103920-490 O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
backup-20080407-103920-534 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=wsignin...px&id=64855
backup-20080407-103920-582 O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
backup-20080407-103920-621 O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
backup-20080407-103920-688 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
backup-20080407-103920-700 O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
backup-20080407-103920-705 O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
backup-20080407-103920-726 O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
backup-20080407-103920-727 O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
backup-20080407-103920-741 O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
backup-20080407-103920-742 O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
backup-20080407-103920-752 O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
backup-20080407-103920-762 O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
backup-20080407-103920-790 O4 - Global Startup: NETGEAR WG311v3 Wireless Assistant.lnk = ?
backup-20080407-103920-797 O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
backup-20080407-103920-843 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
backup-20080407-103920-857 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20080407-103920-858 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20080407-103920-894 O4 - HKUS\S-1-5-21-776561741-1563985344-839522115-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Travis')
backup-20080407-103920-970 O4 - HKLM\..\Run: [BMdf72010a] Rundll32.exe "C:\WINDOWS\system32\ddeaowop.dll",s
backup-20080407-103921-233 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
backup-20080407-103921-466 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20080407-103921-689 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
backup-20080407-103922-490 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20080407-103922-808 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20080407-103922-836 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20080407-103923-906 O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
backup-20080407-103923-963 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
backup-20080407-103924-697 O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
backup-20080407-103924-751 O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ss/sa...abs/tgctlsr.cab
backup-20080407-103925-124 O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
backup-20080407-103926-259 O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
backup-20080407-103927-516 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
backup-20080407-103927-778 O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
backup-20080407-103928-809 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1196112899890
backup-20080407-103929-152 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
backup-20080407-103929-367 O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
backup-20080407-103930-338 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
backup-20080407-103930-965 O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
backup-20080407-103931-299 O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zuma/sis/...ploader_v10.cab
backup-20080407-103931-574 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
backup-20080407-103932-136 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
backup-20080407-103932-146 O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
backup-20080407-103932-162 O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
backup-20080407-103932-183 O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
backup-20080407-103932-224 O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
backup-20080407-103932-290 O23 - Service: Autodesk Data Management Job Dispatch - Autodesk - C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
backup-20080407-103932-303 O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
backup-20080407-103932-305 O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
backup-20080407-103932-346 O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
backup-20080407-103932-362 O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
backup-20080407-103932-417 O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
backup-20080407-103932-438 O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
backup-20080407-103932-491 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
backup-20080407-103932-515 O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
backup-20080407-103932-621 O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
backup-20080407-103932-690 O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
backup-20080407-103932-735 O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
backup-20080407-103932-781 O23 - Service: Autodesk EDM Server - Autodesk - C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
backup-20080407-103932-852 O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
backup-20080407-103932-898 O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
backup-20080407-103932-899 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
backup-20080407-103932-951 O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

-- File Associations -----------------------------------------------------------

.scr - AOEMViewScriptFile - shell\open\command - "%windir%\system32\notepad.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path ManagerŪ (32-bit)>

S1 LIKECDN2 - c:\windows\system32\drivers\likecdn2.sys (file missing)
S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections>
S3 catchme - c:\docume~1\travis\locals~1\temp\catchme.sys (file missing)
S3 W8335XP (NETGEAR WG311v3 802.11g Wireless PCI Adapter for Windows XP (8335)) - c:\windows\system32\drivers\wg311v3xp.sys <Not Verified; Marvell Semiconductor, Inc; Device driver for Marvell 802.11 NIC>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S4 Autodesk Data Management Job Dispatch - "c:\program files\autodesk\data management server 2008\server\dispatch\connectivity.windowsservice.jobdispatch.exe" <Not Verified; Autodesk; >
S4 Autodesk EDM Server - "c:\program files\autodesk\data management server 2008\server\webserver\connectivity.edmws.server.exe" <Not Verified; Autodesk; EDMWS>
S4 Autodesk Licensing Service - "c:\program files\common files\autodesk shared\service\adskscsrv.exe" <Not Verified; Autodesk; Autodesk Licensing Service>
S4 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
S4 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S4 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NETGEAR WG311v3 802.11g Wireless PCI Adapter
Device ID: PCI\VEN_11AB&DEV_1FAA&SUBSYS_6B001385&REV_03\4&1351887D&0&50F0
Manufacturer: NETGEAR
Name: NETGEAR WG311v3 802.11g Wireless PCI Adapter
PNP Device ID: PCI\VEN_11AB&DEV_1FAA&SUBSYS_6B001385&REV_03\4&1351887D&0&50F0
Service: W8335XP

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&268D196D&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&268D196D&0
Service: i8042prt


-- Scheduled Tasks -------------------------------------------------------------

2008-04-08 07:16:30 640 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Big Daddy Jack.job
2008-03-14 15:00:50 308 --ah----- C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job


-- Files created between 2008-03-08 and 2008-04-08 -----------------------------

2008-04-08 07:25:21 83520 --a------ C:\WINDOWS\system32\dduumvqo.dll
2008-04-08 07:19:19 3648 --a------ C:\WINDOWS\system32\achlnoly.dll
2008-04-08 07:18:31 88640 --a------ C:\WINDOWS\system32\ldlppeiw.dll
2008-04-07 14:39:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-07 14:39:32 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-07 11:26:04 0 d-------- C:\Program Files\Enigma Software Group
2008-04-07 10:14:26 0 d-------- C:\Program Files\Trend Micro
2008-04-06 15:52:07 87104 --a------ C:\WINDOWS\system32\ddeaowop.dll
2008-04-05 15:52:04 87104 --a------ C:\WINDOWS\system32\abciamfi.dll
2008-04-05 11:42:51 0 d-------- C:\Documents and Settings\Travis\Application Data\Webroot
2008-04-04 20:22:59 0 d-------- C:\Documents and Settings\Big Daddy Jack\Application Data\Autodesk
2008-03-31 20:52:10 0 d-------- C:\Program Files\InterActual
2008-03-30 21:15:17 0 d-------- C:\Program Files\Bad Apple ESIMS
2008-03-28 12:18:37 87616 --a------ C:\WINDOWS\system32\bwpvbiyw.dll
2008-03-23 19:32:35 0 d-------- C:\WINDOWS\ERUNT
2008-03-23 13:24:50 363702 --ahs---- C:\WINDOWS\system32\kjjlm.ini2
2008-03-23 13:24:46 298048 --a------ C:\WINDOWS\system32\mljjk.dll
2008-03-22 11:01:13 0 d-------- C:\Documents and Settings\Big Daddy Jack\Application Data\Tunebite
2008-03-21 21:25:56 58368 --a------ C:\hlkhyer.exe
2008-03-21 21:19:47 0 d-------- C:\Documents and Settings\Travis\Application Data\RTPlayer
2008-03-21 21:10:44 0 d-------- C:\Program Files\PixiePack Codec Pack
2008-03-21 21:09:15 0 d-------- C:\Documents and Settings\Travis\Application Data\Tunebite
2008-03-21 21:08:03 0 d-------- C:\Program Files\RapidSolution
2008-03-21 21:08:03 0 d-------- C:\Documents and Settings\All Users\Application Data\RapidSolution
2008-03-20 00:18:16 0 d-------- C:\GRAPHPAP
2008-03-18 14:38:00 0 d-------- C:\Documents and Settings\Nikki\Application Data\Symantec
2008-03-17 16:22:17 0 d-------- C:\Documents and Settings\Travis\Application Data\Symantec
2008-03-17 16:05:30 0 d-------- C:\Program Files\Windows Sidebar
2008-03-17 16:04:26 0 d-------- C:\Program Files\Norton Internet Security
2008-03-17 15:41:28 0 d-------- C:\Documents and Settings\Big Daddy Jack\Application Data\Symantec
2008-03-14 23:06:00 0 d-------- C:\Documents and Settings\Nikki\Application Data\Snapfish
2008-03-14 14:59:21 0 d-------- C:\Program Files\Microsoft IntelliPoint
2008-03-14 10:28:16 0 d-------- C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
2008-03-11 13:48:32 0 d-------- C:\Program Files\Memorex exPressit Label Design Studio
2008-03-11 13:26:19 0 d-------- C:\Documents and Settings\Big Daddy Jack\Application Data\Acoustica
2008-03-11 13:26:12 0 d-------- C:\Program Files\Acoustica CD Label Maker
2008-03-11 10:44:54 0 d-------- C:\Program Files\exPressit S.E. 2.2


-- Find3M Report ---------------------------------------------------------------

2008-04-08 07:25:40 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-30 20:55:39 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-30 00:40:18 0 d-------- C:\Program Files\Wolfenstein - Enemy Territory
2008-03-26 11:17:04 0 d-------- C:\Program Files\Xfire
2008-03-24 15:56:12 0 d-------- C:\Program Files\LimeWire
2008-03-23 09:18:35 0 d-------- C:\Program Files\WinAce
2008-03-22 11:05:59 0 d-------- C:\Documents and Settings\Big Daddy Jack\Application Data\uTorrent
2008-03-22 10:14:47 0 d-------- C:\Program Files\QuickTime
2008-03-21 15:15:05 4 --a------ C:\WINDOWS\system32\1C9DC0
2008-03-17 16:06:19 0 d-------- C:\Program Files\Symantec
2008-03-17 16:05:14 0 d-------- C:\Program Files\Common Files
2008-03-11 13:48:33 0 d-------- C:\Program Files\Common Files\SureThing Shared
2008-03-05 08:39:31 0 d-------- C:\Program Files\uTorrent
2008-03-04 21:42:34 0 d-------- C:\Documents and Settings\Big Daddy Jack\Application Data\ArcSoft
2008-03-04 21:34:18 0 d-------- C:\Program Files\ImTOO
2008-03-04 21:15:09 0 d-------- C:\Program Files\Common Files\AVSMedia
2008-03-04 21:12:47 0 d-------- C:\Program Files\AVSMedia
2008-03-04 21:11:58 0 d-------- C:\Program Files\Common Files\Download Manager
2008-03-04 10:49:37 0 d-------- C:\Program Files\Winter Fun Pack 2004 for Windows XP
2008-03-03 16:30:21 0 d-------- C:\Program Files\The Rosetta Stone
2008-03-03 16:19:18 0 d-------- C:\Program Files\MagicISO
2008-03-03 13:45:52 0 d-------- C:\Documents and Settings\Big Daddy Jack\Application Data\Apple Computer
2008-03-03 13:08:50 0 d-------- C:\Program Files\Common Files\Webroot Shared
2008-03-03 13:08:47 0 d-------- C:\Documents and Settings\Big Daddy Jack\Application Data\Webroot
2008-03-03 13:08:45 0 d-------- C:\Program Files\Webroot
2008-03-03 10:32:31 0 d-------- C:\Program Files\Goolag Scanner
2008-03-01 13:11:46 0 d-------- C:\Program Files\GtkRadiant 1.5.0
2008-02-29 21:04:03 0 d-------- C:\Program Files\Mplayer
2008-02-29 21:01:55 0 d-------- C:\Program Files\Quake III Arena
2008-02-27 04:23:52 0 d-------- C:\Program Files\Microsoft SQL Server
2008-02-27 04:00:49 0 d-------- C:\Program Files\MSXML 6.0
2008-02-27 04:00:36 0 d-------- C:\Program Files\MSXML 4.0
2008-02-26 18:59:27 0 d-------- C:\Program Files\Autodesk
2008-02-26 18:55:04 0 d-------- C:\Program Files\Microsoft.NET
2008-02-26 18:41:59 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2008-02-26 18:30:48 0 d-------- C:\Program Files\AOEMView 2008
2008-02-26 18:29:32 0 d-------- C:\Program Files\Microsoft WSE
2008-02-26 18:26:31 0 d-------- C:\Program Files\DWG TrueView 2007
2008-02-25 14:37:22 2559 --a------ C:\WINDOWS\unins000.dat
2008-02-25 13:05:26 691545 --a------ C:\WINDOWS\unins000.exe
2008-02-23 18:26:31 0 d-------- C:\Program Files\EA GAMES
2008-02-22 23:37:53 0 d-------- C:\Program Files\Common Files\Alias Shared
2008-02-18 00:09:45 0 d-------- C:\Program Files\iTunes
2008-02-18 00:09:33 0 d-------- C:\Program Files\iPod
2008-02-18 00:08:57 0 d-------- C:\Program Files\Bonjour
2008-02-18 00:06:56 0 d-------- C:\Program Files\Apple Software Update
2008-02-18 00:06:18 0 d-------- C:\Program Files\Common Files\Apple
2008-02-17 16:33:21 0 d-------- C:\Program Files\America's Army
2008-02-17 16:33:20 0 d-------- C:\Program Files\America's Army Server Manager
2008-02-16 17:24:38 0 d-------- C:\Program Files\Google
2008-02-12 20:30:39 0 d-------- C:\Program Files\Microsoft IntelliPoint 5.2
2008-02-08 18:25:25 0 d-------- C:\Program Files\PictureProject In Touch Downloader
2008-02-08 18:24:47 0 d-------- C:\Program Files\Common Files\Nikon
2008-02-08 18:24:04 0 d-------- C:\Program Files\Common Files\muvee Technologies
2008-02-08 18:23:56 0 d-------- C:\Program Files\Nikon
2008-02-08 18:21:42 0 d-------- C:\Program Files\ArcSoft
2008-01-14 18:35:00 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
02/06/2008 08:05 PM 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
03/17/2008 04:05 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8ED6FAF3-E9AE-4373-A14A-4F31F0FADF4C}]
03/23/2008 01:24 PM 298048 --a------ C:\WINDOWS\system32\mljjk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1d00a68-64a2-4744-8c9e-5a493740ac9f}]
C:\WINDOWS\system32\jtqblrsy.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [02/06/2008 08:05 PM 349552]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dc413296"="C:\WINDOWS\system32\dduumvqo.dll" [04/08/2008 07:25 AM]
"BMdf72010a"="C:\WINDOWS\system32\ldlppeiw.dll" [04/08/2008 07:18 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/28/2006 07:00 AM]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mljjk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{582610B8-E496-4813-993C-4B027173FE38}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe



-- Hosts -----------------------------------------------------------------------

127.0.0.1 .supercocklol.com
127.0.0.1 www..webloyalty.com
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com

8118 more entries in hosts file.

Kaspersky

KASPERSKY ONLINE SCANNER REPORT
Tuesday, April 08, 2008 7:06:09 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 7/04/2008
Kaspersky Anti-Virus database records: 688898


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\

Scan Statistics
Total number of scanned objects 137769
Number of viruses found 10
Number of infected objects 19
Number of suspicious objects 0
Duration of the scan process 15:52:52

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4b30671101902709f13642ce858b0185_284f861b-f8bd-4dde-8285-056c3197bd66 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\ccSubSDK\submissions.idx Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.DAT Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\volatile.DAT Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-04-07_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{8B0BD278-AC76-42F4-AD49-1C3D4AC12D78}.ldb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{8B0BD278-AC76-42F4-AD49-1C3D4AC12D78}.sds Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\453569A4.TMP Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\653D1224.TMP Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped

C:\Documents and Settings\Big Daddy Jack\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Big Daddy Jack\Desktop\Set Up\Goolag_Scanner_1.0.0.40_Setup.exe/stream/data0009 Infected: HackTool.Win32.Scanner.g skipped

C:\Documents and Settings\Big Daddy Jack\Desktop\Set Up\Goolag_Scanner_1.0.0.40_Setup.exe/stream Infected: HackTool.Win32.Scanner.g skipped

C:\Documents and Settings\Big Daddy Jack\Desktop\Set Up\Goolag_Scanner_1.0.0.40_Setup.exe NSIS: infected - 2 skipped

C:\Documents and Settings\Big Daddy Jack\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\Big Daddy Jack\Local Settings\Application Data\Microsoft\Outlook\outlook.pst Object is locked skipped

C:\Documents and Settings\Big Daddy Jack\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Big Daddy Jack\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Big Daddy Jack\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Big Daddy Jack\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Big Daddy Jack\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Big Daddy Jack\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Big Daddy Jack\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\21D4CGHY\sdferw[1].htm Infected: not-a-virus:AdWare.Win32.E404.g skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_6f8.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Travis\Desktop\Zips\Stefan Evert\PLAY_MP3.exe Infected: not-a-virus:AdWare.Win32.Agent.zk skipped

C:\Documents and Settings\Travis\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Travis\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Travis\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Travis\Shared\Eighties classic (devil).wma Infected: Trojan-Downloader.WMA.Wimad.l skipped

C:\Documents and Settings\Travis\Shared\looking for some tush.mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped

C:\Documents and Settings\Travis\Shared\stairway to glory.mpg Infected: Trojan-Downloader.WMA.Wimad.n skipped

C:\hlkhyer.exe Infected: Trojan-Clicker.Win32.Costrat.fe skipped

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped

C:\Program Files\Goolag Scanner\bin\Release\GoolagScanner.exe Infected: HackTool.Win32.Scanner.g skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_70.trc Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped

C:\SDFix\backups\catchme.zip/hhlmken.scp Infected: Trojan-Clicker.Win32.Costrat.fe skipped

C:\SDFix\backups\catchme.zip ZIP: infected - 1 skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\abciamfi.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.msm skipped

C:\WINDOWS\system32\bwpvbiyw.dll Infected: Packed.Win32.Monder skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\ddeaowop.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.msm skipped

C:\WINDOWS\system32\dwsaxmeh.dll Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\jtqblrsy.dll Object is locked skipped

C:\WINDOWS\system32\kbfspyhj.dll Object is locked skipped

C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\system32\yiwmufsd.dll Object is locked skipped

C:\WINDOWS\Temp\JET2536.tmp Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\Set Up\ophcrack-win32-installer-2.3.4.exe/file36 Infected: not-a-virus:PSWTool.Win32.PWDump.2 skipped

D:\Set Up\ophcrack-win32-installer-2.3.4.exe/file64 Infected: not-a-virus:PSWTool.Win32.PWDump.d skipped

D:\Set Up\ophcrack-win32-installer-2.3.4.exe/file65 Infected: not-a-virus:PSWTool.Win32.PWDump.d skipped

D:\Set Up\ophcrack-win32-installer-2.3.4.exe Inno: infected - 3 skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.





-- End of Deckard's System Scanner: finished at 2008-04-08 07:26:48 ------------

BC AdBot (Login to Remove)

 


#2 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:54 AM

Posted 08 April 2008 - 03:27 PM

Hello There!

Please follow these instructions:

Download the latest version of Java Runtime Environment (JRE) 6/05

Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.

Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.

Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.

___________________

Please download Combofix to your desktop.
  • Double click on Combofix.exe & follow the prompts.
  • When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#3 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:54 AM

Posted 11 April 2008 - 06:10 AM

Let us Know if you still require help.
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#4 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:54 AM

Posted 30 April 2008 - 09:58 AM

Due lack of feedback this topic is now closed. If you want it Re-opened contact a team member or me.
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users