Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help Me With My Vundo


  • Please log in to reply
23 replies to this topic

#1 travislyw

travislyw

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:singapore
  • Local time:12:44 PM

Posted 08 April 2008 - 11:19 AM

Hi guys hope you can help me out. I have tried possible way but the vundo is always in my mcafee quarantine. Here are the programs i tried both in normal modes and safe mode.

Vundofix
virtumondobegone
Spywaredoctor
windows defender
SDfix
Norman malware cleaner
procexp

Even sometimes wh spywaredoctor detected it and remove and rebooted, it will land up in mcafee everytime. So i guess i have the latest vundo trojan in my laptop. Hope someone out there can help me out thanks.

Edited by travislyw, 08 April 2008 - 11:43 AM.


BC AdBot (Login to Remove)

 


m

#2 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:44 AM

Posted 12 April 2008 - 04:09 PM

Hello!

Please download Deckard's System Scanner (DSS) to your desktop.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, a text file will open - Main.txt
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of Main.txt in your thread in the HijackThis Log Help Forum.
  • A folder, C:\Deckard\System Scanner, will also open. In it will be another text file, Extra.txt.
  • Please also copy the contents of Extra.txt to your post as well.
  • Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.
  • What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#3 travislyw

travislyw
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:singapore
  • Local time:12:44 PM

Posted 16 April 2008 - 01:54 PM

HI

I suspect that i no longer have vundo in my laptop anymore, however im not so sure. Heres the log.



Deckard's System Scanner v20071014.68
Run by Travis on 2008-04-17 02:48:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
8: 2008-04-16 18:48:16 UTC - RP8 - Deckard's System Scanner Restore Point
7: 2008-04-16 18:20:20 UTC - RP7 - Cleaned registry with Windows Live OneCare safety scanner
6: 2008-04-15 18:16:10 UTC - RP6 - Software Distribution Service 3.0
5: 2008-04-15 10:23:39 UTC - RP5 - System Checkpoint
4: 2008-04-14 07:05:11 UTC - RP4 - System Checkpoint


-- First Restore Point --
1: 2008-04-10 18:24:05 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 2.54 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-17 02:50:06
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\vghd\vghd.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\vghd\VirtuaGirl_Downloader.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\McAfee\VirusScan\mcsysmon.exe
C:\Documents and Settings\Travis\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENSG/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENSG/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENSG/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asus.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll
O2 - BHO: (no name) - {E6A8332F-CB9E-4B71-AEB0-70F3113F1915} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: VirtuaGirl HD.LNK = C:\Program Files\vghd\vghd.exe
O4 - Global Startup: MultiFrame.lnk = C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
O4 - Global Startup: Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-sg\msntabres.dll.mui/229?610b7d632512429fb399cc7b23397a54
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-sg\msntabres.dll.mui/230?610b7d632512429fb399cc7b23397a54
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/8/b...heckControl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab Class) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: hgGvUOEw - C:\WINDOWS\system32\hgGvUOEw.dll (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\msksrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe


--
End of file - 13465 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.10.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.10.0>
R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 AnyDVD - c:\windows\system32\drivers\anydvd.sys <Not Verified; SlySoft, Inc.; AnyDVD>
R3 ElbyDelay - c:\windows\system32\drivers\elbydelay.sys <Not Verified; Elaborate Bytes; CDRTools>
R3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver>

S3 ipswuio - c:\windows\system32\drivers\ipswuio.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
S3 toshidpt (TOSHIBA Bluetooth HID port driver) - c:\windows\system32\drivers\toshidpt.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Bluetooth HID Mini Port Driver>
S3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)>
S3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - c:\windows\system32\drivers\tosrfbnp.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFBNEP Driver from TOSHIBA>
S3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA>
S3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - c:\windows\system32\drivers\tosrfnds.sys <Not Verified; TOSHIBA Corporation.; Bluetooth BNEP Driver from TOSHIBA>
S3 TosRfSnd (Bluetooth Audio Device (WDM) from TOSHIBA) - c:\windows\system32\drivers\tosrfsnd.sys <Not Verified; TOSHIBA Corporation; Bluetooth Audio Driver>
S3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Microsoft® Windows NT® Operating System>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-17 02:00:02 256 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-04-17 01:53:48 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-04-15 04:14:28 342 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-03-01 01:00:12 334 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2008-03-17 and 2008-04-17 -----------------------------

2008-04-10 17:11:23 0 d-------- C:\Program Files\Windows Live Safety Center
2008-04-08 20:45:42 3648 --a------ C:\WINDOWS\system32\ldvumuqa.dll
2008-04-08 20:38:35 0 d--h----- C:\WINDOWS\system32\Settings
2008-04-08 20:38:11 0 d-------- C:\Documents and Settings\Travis\McAfee
2008-04-08 02:59:07 0 d-------- C:\Program Files\Windows Defender
2008-04-07 16:58:51 96978 --a------ C:\VirtumundoBeGone.exe <VIRTUM~1.EXE> <Not Verified; Business Information Solutions; VirtumundoBeGone v1.5 by secured2k@msn.com>
2008-04-07 16:58:49 147456 --a------ C:\VundoFix.exe <Not Verified; Atribune.org; VundoFix>
2008-04-06 13:39:07 1415295 --a------ C:\SDFix.exe
2008-04-06 02:02:04 0 d-------- C:\WINDOWS\ERUNT
2008-04-05 02:41:02 0 d-------- C:\Documents and Settings\LocalService\Application Data\McAfee
2008-04-04 22:16:19 0 d-------- C:\Program Files\Spyware Doctor
2008-04-04 20:30:36 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-04 16:40:29 0 d-------- C:\VundoFix Backups
2008-04-03 17:20:26 0 d-------- C:\Documents and Settings\Travis\Application Data\McAfee
2008-04-01 19:58:00 177839 --ahs---- C:\WINDOWS\system32\acIkSvut.ini2
2008-04-01 19:27:33 0 d-------- C:\Program Files\vghd
2008-04-01 19:27:31 0 d-------- C:\Documents and Settings\Travis\Application Data\vghd
2008-04-01 16:15:55 0 d-------- C:\Program Files\SystemRequirementsLab
2008-03-28 14:53:51 0 d-------- C:\WINDOWS\system32\appmgmt
2008-03-28 03:42:25 0 d-------- C:\Documents and Settings\All Users\Application Data\SimCity Societies


-- Find3M Report ---------------------------------------------------------------

2008-04-08 03:41:52 45056 --a------ C:\WINDOWS\system32\acovcnt.exe
2008-03-04 18:13:22 0 d--hs---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-04 18:13:16 0 d-------- C:\Program Files\Windows Live
2008-03-03 22:13:18 550 --a------ C:\WINDOWS\eReg.dat
2008-03-03 22:11:42 0 d-------- C:\Program Files\EA Games
2008-02-18 22:38:10 0 d-------- C:\Program Files\easetech
2008-02-18 18:04:34 0 d-------- C:\Documents and Settings\Travis\Application Data\Search Settings
2008-02-18 18:02:14 0 d-------- C:\Program Files\Search Settings
2008-02-18 18:02:10 0 d-------- C:\Program Files\Common Files\SWF Studio
2008-02-18 18:00:50 0 d-------- C:\Program Files\Free Audio Pack


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
11/26/2007 10:46 AM 324936 --a------ c:\PROGRA~1\mcafee\msk\mcapbho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
02/06/2008 05:47 PM 1160544 --a------ C:\Program Files\Search Settings\kb126\SearchSettings.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E6A8332F-CB9E-4B71-AEB0-70F3113F1915}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [08/23/2006 10:22 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [03/17/2006 12:16 AM]
"nwiz"="nwiz.exe" [03/17/2006 12:16 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [03/17/2006 12:16 AM]
"RemoteControl"="C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" [11/02/2004 08:24 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [10/21/2005 02:26 AM]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [10/17/2005 05:09 PM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [04/14/2006 11:51 AM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [04/14/2006 11:52 AM]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [04/14/2006 11:56 AM]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [05/16/2006 04:29 PM]
"ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [02/21/2006 03:20 PM]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [03/06/2006 05:13 PM]
"ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [02/21/2006 07:36 PM]
"ABLKSR"="C:\WINDOWS\ABLKSR\ABLKSR.exe" [01/02/2006 09:14 PM]
"SMSERIAL"="sm56hlpr.exe" [01/19/2006 11:34 PM C:\WINDOWS\sm56hlpr.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"ElbyCheckAnyDVD"="C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" [09/20/2003 11:23 AM]
"CloneDVDElbyDelay"="C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" [11/01/2002 10:33 PM]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [09/29/2003 10:17 PM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/03/2007 10:33 PM]
"SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [02/06/2008 05:47 PM]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [01/16/2007 01:59 PM]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [01/08/2007 11:22 AM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [12/10/2007 02:53 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 PM]
"updateMgr"="c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 08:05 PM]

C:\Documents and Settings\Travis\Start Menu\Programs\Startup\
VirtuaGirl HD.LNK - C:\Program Files\vghd\vghd.exe [4/1/2008 7:29:33 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
MultiFrame.lnk - C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe [8/30/2006 5:25:46 PM]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [6/16/2005 11:11:42 AM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgGvUOEw]
hgGvUOEw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\tuvSkIca

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"




-- End of Deckard's System Scanner: finished at 2008-04-17 02:50:52 ------------








Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Genuine Intel® CPU T2250 @ 1.73GHz
CPU 1: Genuine Intel® CPU T2250 @ 1.73GHz
Percentage of Memory in Use: 66%
Physical Memory (total/avail): 1023.29 MiB / 347.41 MiB
Pagefile Memory (total/avail): 2460.26 MiB / 1584.72 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1918.4 MiB

C: is Fixed (FAT32) - 54.83 GiB total, 2.54 GiB free.
D: is Fixed (FAT32) - 36.45 GiB total, 33.45 GiB free.
E: is CDROM (UDF)
F: is CDROM (No Media)
G: is Fixed (NTFS) - 298.09 GiB total, 93.29 GiB free.

\\.\PHYSICALDRIVE0 - HTS541010G9AT00 - 93.16 GiB - 3 partitions
\PARTITION0 - Unknown - 1906.12 MiB
\PARTITION1 (bootable) - Unknown - 54.84 GiB - C:
\PARTITION2 - Extended w/Extended Int 13 - 36.46 GiB - D:

\\.\PHYSICALDRIVE1 - Seagate FreeAgentDesktop USB Device - 298.09 GiB - 1 partition
\PARTITION0 - Installable File System - 298.09 GiB - G:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\MSNMSGR.EXE"="C:\\Program Files\\Windows Live\\Messenger\\MSNMSGR.EXE:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"="C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"="C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword"
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"="C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss"
"C:\\Program Files\\Java\\jre1.5.0_03\\BIN\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_03\\BIN\\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\Program Files\\TVAnts\\Tvants.exe"="C:\\Program Files\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
"C:\\Program Files\\Java\\jre1.6.0_03\\BIN\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0_03\\BIN\\javaw.exe:*:Enabled:Java™ Platform SE binary"
"C:\\Program Files\\Windows Live\\Messenger\\MSNMSGR.EXE"="C:\\Program Files\\Windows Live\\Messenger\\MSNMSGR.EXE:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\vghd\\VirtuaGirl_Downloader.exe"="C:\\Program Files\\vghd\\VirtuaGirl_Downloader.exe:*:Enabled:VirtuaGirl_Downloader"
"C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"="C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe:*:Enabled:McAfee Data Backup"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Travis\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TRAVISASUS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Travis
LOGONSERVER=\\TRAVISASUS
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Windows Live\Messenger\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Travis\LOCALS~1\Temp
TMP=C:\DOCUME~1\Travis\LOCALS~1\Temp
USERDOMAIN=TRAVISASUS
USERNAME=Travis
USERPROFILE=C:\Documents and Settings\Travis
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Travis (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E47302B-8081-46D3-9FEA-BEB2E5F5C3EC}\setup.exe" -l0x9 anything
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\Install.log
AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
ASUS InstantFun --> MsiExec.exe /I{57B15AD4-8C9D-4164-82BB-E33D8644E757}
ASUS Live Update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}\setup.exe" -l0x9
Asus MultiFrame --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D48531D-2135-49FC-BC29-ACCDA5396A76}\setup.exe" -l0x9
ASUS Splendid Video Enhancement Technology --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C0FC1C14-4824-4A73-87A6-9E888C9C3102}\SETUP.exe" -l0x9 -removeonly
Asus_A_Series_ScreenSaver --> C:\WINDOWS\ASUS A Series ScreenSaver Uninstaller.exe
ASUSDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
ATK Media --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}\setup.exe" -l0x9
ATK0100 ACPI UTILITY --> C:\WINDOWS\ATK0100\XPunin.exe
BitComet 0.70 --> C:\Program Files\BitComet\uninst.exe
Bluetooth Stack for Windows --> MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Brothers In Arms EiB --> C:\Program Files\Ubisoft\Gearbox Software\BrothersInArmsEiB\System\Setup.exe uninstall "BrothersInArmsEiB"
ChartNexus 2.2.1 --> "C:\Program Files\ChartNexus\unins000.exe"
CloneDVD --> "C:\Program Files\Elaborate Bytes\CloneDVD\CloneDVD-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD"
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Digital Media Converter 2.4 --> "C:\Program Files\Deskshare\Digital Media Converter\unins000.exe"
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EA SPORTS online 2008 --> C:\Program Files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
Ease Audio Converter 4.80 --> "C:\Program Files\easetech\EaseAudioConverter\unins000.exe"
High Definition Audio Driver Package - KB888111 -->
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HouseCall 6.6 --> "C:\Documents and Settings\Travis\Application Data\HouseCall 6.6\uninstaller.exe"
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
K-Lite Codec Pack 3.4.5 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
LifeFrame2 --> MsiExec.exe /I{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
Medieval II Total War --> C:\Program Files\InstallShield Installation Information\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\setup.exe -runfromtemp -l0x0009 -removeonly
Medieval II Total War : Kingdoms : Americas --> C:\Program Files\InstallShield Installation Information\{75983B66-804C-40D1-BA13-64DAF652A6F1}\setup.exe -runfromtemp -l0x0009 -removeonly
Medieval II Total War : Kingdoms : Britannia --> C:\Program Files\InstallShield Installation Information\{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}\setup.exe -runfromtemp -l0x0009 -removeonly
Medieval II Total War : Kingdoms : Crusades --> C:\Program Files\InstallShield Installation Information\{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}\setup.exe -runfromtemp -l0x0009 -removeonly
Medieval II Total War : Kingdoms : Teutonic --> C:\Program Files\InstallShield Installation Information\{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}\setup.exe -runfromtemp -l0x0009 -removeonly
mEoU --> MsiExec.exe /I{B502B428-3386-40A9-98DB-079AAB72E64F}
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual J# .NET Redistributable Package 1.1 --> MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Motorola SM56 Data Fax Modem --> rundll32.exe sm56co.dll,SM56UnInstaller
Mozilla Firefox (2.0.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\uninst.exe
mpegable DS decoder --> C:\WINDOWS\AKDeInstall.exe "/C:\Program Files\mpegable\"
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Net4Switch --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D6D7811-43B3-463C-BC79-5D1755269989}\setup.exe" -l0x9
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Power4 Gear --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4462AD13-F2AA-4CBD-9F95-293C38EED870}\setup.exe" -l0x9
REALTEK PCIE NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E2F183-BAC4-4D01-BD7A-59F781E17EFA}\setup.exe" -l0x9 REMOVE
Search Settings 1.1 --> MsiExec.exe /X{32AD1A7A-25F1-44B9-A396-EA8A4A6605B0}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shutdown Monster 4.0.5.2 --> C:\Program Files\Shutdown Monster\Uninst.exe
Sid Meier's Civilization 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly
Sid Meier's Civilization 4 - Beyond the Sword --> C:\Program Files\InstallShield Installation Information\{32E4F0D2-C135-475E-A841-1D59A0D22989}\setup.exe -runfromtemp -l0x0009 -removeonly
Sid Meier's SimGolf --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8C4504A1-9280-11D5-9F7E-00902712427E}\setup.exe"
Skype 3.0 --> "C:\Program Files\Skype\Phone\unins000.exe"
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
SMSC IrCC V5.1.3600.9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}\setup.exe" -l0x9 UNINSTALL
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
SPSS 15.0 for Windows --> MsiExec.exe /X{15B25E12-3E5F-4C13-A637-9EC72A55491E}
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
SubDownloader --> "C:\Program Files\Subdownloader\uninstall.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
Tabbed Browsing (Windows Live Toolbar) --> MsiExec.exe /X{47FBF7F9-FBD3-43EF-823B-7684D56C1962}
The Godfather™ The Game --> C:\Program Files\Electronic Arts\The Godfather The Game\EAUninstall.exe
Tiger Woods PGA TOUR 08 --> C:\Program Files\EA Sports\Tiger Woods PGA TOUR 08\EAUninstall.exe
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoLAN VLC media player 0.8.6b --> C:\Program Files\VideoLAN\VLC\uninstall.exe
VirtuaGirl HD --> C:\Documents and Settings\Travis\Start Menu\Programs\VirtuaGirl HD\uninstall.lnk
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar Feed Detector (Windows Live Toolbar) --> MsiExec.exe /X{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinFlash --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE10AB76-4756-4913-BE25-55D1C1051F9A}\setup.exe" -l0x9
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Wireless Console 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83F73CB1-7705-49D1-9852-84D839CA2A45}\setup.exe" -l0x9 -removeonly
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type4293 / Warning
Event Submitted/Written: 04/17/2008 00:37:39 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type4292 / Error
Event Submitted/Written: 04/17/2008 00:01:28 AM
Event ID/Source: 1000 / Windows Live Messenger
Event Description:
msnmsgr.exe8.5.1302.10184717a53bunknown0.0.0.0000000000000e0005

Event Record #/Type4285 / Warning
Event Submitted/Written: 04/16/2008 09:20:18 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type4268 / Warning
Event Submitted/Written: 04/16/2008 02:59:47 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type4266 / Error
Event Submitted/Written: 04/15/2008 05:40:47 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module comctl32.dll, version 6.0.2900.2982, fault address 0x0004dbc9.
Processing media-specific event for [explorer.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type34518 / Warning
Event Submitted/Written: 04/17/2008 02:50:27 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%TRAVISASUS27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %TRAVISASUS27 can't undo changes that you allow.

For more information please see the following:
%TRAVISASUS275

Scan ID: {3252FDCC-89FD-4B84-9CC3-FBCC155A6281}

User: TRAVISASUS\Travis

Name: %TRAVISASUS271

ID: %TRAVISASUS272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %TRAVISASUS276

Alert Type: %TRAVISASUS278

Detection Type: 1.1.1593.02

Event Record #/Type34517 / Warning
Event Submitted/Written: 04/17/2008 02:50:27 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%TRAVISASUS27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %TRAVISASUS27 can't undo changes that you allow.

For more information please see the following:
%TRAVISASUS275

Scan ID: {C52170F8-AEBC-4BB8-A8B7-899300B7DEB3}

User: TRAVISASUS\Travis

Name: %TRAVISASUS271

ID: %TRAVISASUS272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %TRAVISASUS276

Alert Type: %TRAVISASUS278

Detection Type: 1.1.1593.02

Event Record #/Type34516 / Warning
Event Submitted/Written: 04/17/2008 02:50:27 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%TRAVISASUS27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %TRAVISASUS27 can't undo changes that you allow.

For more information please see the following:
%TRAVISASUS275

Scan ID: {BD659CAA-7FDB-4022-A434-2732F4D03EE2}

User: TRAVISASUS\Travis

Name: %TRAVISASUS271

ID: %TRAVISASUS272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %TRAVISASUS276

Alert Type: %TRAVISASUS278

Detection Type: 1.1.1593.02

Event Record #/Type34515 / Warning
Event Submitted/Written: 04/17/2008 02:50:27 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%TRAVISASUS27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %TRAVISASUS27 can't undo changes that you allow.

For more information please see the following:
%TRAVISASUS275

Scan ID: {2D372836-7CCD-450C-993D-23E39464D990}

User: TRAVISASUS\Travis

Name: %TRAVISASUS271

ID: %TRAVISASUS272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %TRAVISASUS276

Alert Type: %TRAVISASUS278

Detection Type: 1.1.1593.02

Event Record #/Type34514 / Warning
Event Submitted/Written: 04/17/2008 02:50:24 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%TRAVISASUS27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %TRAVISASUS27 can't undo changes that you allow.

For more information please see the following:
%TRAVISASUS275

Scan ID: {AC0C7AA7-1C91-4E55-9CAB-46A81C3B0C7F}

User: TRAVISASUS\Travis

Name: %TRAVISASUS271

ID: %TRAVISASUS272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %TRAVISASUS276

Alert Type: %TRAVISASUS278

Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2008-04-17 02:50:52 ------------

#4 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:44 AM

Posted 16 April 2008 - 03:44 PM

========================================================

Download ATF-Cleaner by Atribune to your desktop.

Run ATF Cleaner Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

========================================================

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Turn off the real time scanner of any existing antivirus program while performing the online scan
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

========================================================
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#5 travislyw

travislyw
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:singapore
  • Local time:12:44 PM

Posted 17 April 2008 - 12:53 PM

Friday, April 18, 2008 1:50:18 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 17/04/2008
Kaspersky Anti-Virus database records: 711959


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\

Scan Statistics
Total number of scanned objects 121296
Number of viruses found 6
Number of infected objects 17
Number of suspicious objects 0
Duration of the scan process 01:17:39

Infected Object Name Virus Name Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\drivers\sptddrv1.sys Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\ldvumuqa.dll Infected: Trojan.Win32.KillAV.rf skipped

C:\WINDOWS\system32\LogFiles\HTTPERR\httperr2.log Object is locked skipped

C:\WINDOWS\Temp\mcmsc_88ZU8E1pHMYMzjY Object is locked skipped

C:\WINDOWS\Temp\fb_1096.lck Object is locked skipped

C:\WINDOWS\Temp\sqlite_2iWiSWLkt4hNVA8 Object is locked skipped

C:\WINDOWS\Temp\sqlite_B2nNLvckcXF8XNW Object is locked skipped

C:\WINDOWS\Temp\mcafee_wrOIUD1fE5Xzlfw Object is locked skipped

C:\WINDOWS\Temp\mcmsc_xsGITdn8OAwlz77 Object is locked skipped

C:\WINDOWS\Temp\mcmsc_lXHbLmzMgOWxWaC Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-04082008-025919.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{D8FECE89-0D31-4082-9C7D-ACC0FEE710E9}.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFRD.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSK\RBLDB.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSK\settingsdb.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped

C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped

C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Travis\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\Temp\~DF6FCC.tmp Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\Temp\~DF701A.tmp Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\Temp\~DF7E51.tmp Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\Temp\fb_824.lck Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\Temp\~DFA321.tmp Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\Temp\~DFA333.tmp Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\Temp\sqlite_ZrZ2fRgKdWMNHCT Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\Temp\sqlite_H61fGnCCMTYzNhz Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\Temp\~DFB0D6.tmp Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\Temp\~DFB0E6.tmp Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\Temp\sqlite_NDoIf5VG0hbQqrg Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\Temp\sqlite_RgZ7UNMXe4uDIS8 Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\Temp\~DF9284.tmp Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\Temp\~DF92A2.tmp Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\History\History.IE5\MSHist012008041720080418\index.dat Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\Application Data\Microsoft\Windows Live Contacts\travislyw@hotmail.com\real\members.stg Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\Application Data\Microsoft\Windows Live Contacts\travislyw@hotmail.com\shadow\members.stg Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{2C578F6F-1E4F-459C-9BE3-4B4804EE04A4} Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\Application Data\ApplicationHistory\McAfeeDataBackup.exe.e548c4c.ini.inuse Object is locked skipped

C:\Documents and Settings\Travis\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Travis\Application Data\Search Settings\kb126\temp\ws-13986.log Object is locked skipped

C:\Documents and Settings\Travis\Application Data\McAfee\MBK\ARBUSFILE.GDB Object is locked skipped

C:\Documents and Settings\Travis\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Travis\.housecall6.6\Quarantine\Msn Live Password Stealer V4.rar.bac_a04016/Msn Live Password Stealer V4/Msn Live Password Stealer V4.exe Infected: Trojan-PSW.Win32.Delf.ux skipped

C:\Documents and Settings\Travis\.housecall6.6\Quarantine\Msn Live Password Stealer V4.rar.bac_a04016 RAR: infected - 1 skipped

C:\Documents and Settings\Travis\.housecall6.6\Quarantine\Msn Live Password Stealer V4.rar.bac_a04016 CryptFF.b: infected - 1 skipped

C:\Documents and Settings\Travis\.housecall6.6\Quarantine\Msn Live Password Stealer V4.exe.bac_a04016 Infected: Trojan-PSW.Win32.Delf.ux skipped

C:\Documents and Settings\Travis\.housecall6.6\Quarantine\Msn Live Password Stealer V4.rar.bac_a01936/Msn Live Password Stealer V4/Msn Live Password Stealer V4.exe Infected: Trojan-PSW.Win32.Delf.ux skipped

C:\Documents and Settings\Travis\.housecall6.6\Quarantine\Msn Live Password Stealer V4.rar.bac_a01936 RAR: infected - 1 skipped

C:\Documents and Settings\Travis\.housecall6.6\Quarantine\Msn Live Password Stealer V4.rar.bac_a01936 CryptFF.b: infected - 1 skipped

C:\Documents and Settings\Travis\.housecall6.6\Quarantine\A0053958.exe.bac_a02432 Infected: Trojan-PSW.Win32.Delf.ux skipped

C:\Documents and Settings\Travis\.housecall6.6\Quarantine\tuvSkIca.dll.bac_a03844 Infected: not-a-virus:AdWare.Win32.Virtumonde.lwx skipped

C:\Documents and Settings\Travis\.housecall6.6\Quarantine\dbivisni.dll.bac_a03844 Infected: not-a-virus:AdWare.Win32.Agent.bgj skipped

C:\Documents and Settings\Travis\.housecall6.6\Quarantine\ulmyymjr.dll.bac_a03844 Infected: Packed.Win32.Monder.gen skipped

C:\Documents and Settings\Travis\.housecall6.6\Quarantine\ybyxdcbw.dll.bac_a03844 Infected: not-a-virus:AdWare.Win32.Virtumonde.lxl skipped

C:\Documents and Settings\Travis\.housecall6.6\Quarantine\A0069978.dll.bac_a03844 Infected: Packed.Win32.Monder.gen skipped

C:\Documents and Settings\Travis\.housecall6.6\Quarantine\A0070124.dll.bac_a03844 Infected: Packed.Win32.Monder.gen skipped

C:\Documents and Settings\Travis\.housecall6.6\Quarantine\A0070125.DLL.bac_a03844 Infected: Packed.Win32.Monder.gen skipped

C:\Documents and Settings\Travis\.housecall6.6\Quarantine\rrkswtcg.dll.bad.bac_a03844 Infected: Packed.Win32.Monder.gen skipped

C:\System Volume Information\_restore{60BB7204-0B79-4537-8255-1AF5BF8E3A50}\RP8\change.log Object is locked skipped

D:\System Volume Information\_restore{60BB7204-0B79-4537-8255-1AF5BF8E3A50}\RP8\change.log Object is locked skipped

Scan process completed.

#6 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:44 AM

Posted 17 April 2008 - 04:30 PM

Please OPEN housecall 6.6 and empty its quarantine.

Please visit this webpage for download links, and instructions for running this tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware, and will only take a few moments of your time.


After ensuring the Recovery Console is installed on your system...


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleaning the system:

C:\CF_RC.txt
C:\ComboFix.txt
New HijackThis log.

[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#7 travislyw

travislyw
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:singapore
  • Local time:12:44 PM

Posted 18 April 2008 - 02:05 AM

Hi

i do not know how to open housecall and empty its quanratine. Because i was using housecall online scanner.

And i also drag the xp file into the combo fix and my anti virus warn that its a trojan which is high level.

please advise thanks

Edited by travislyw, 18 April 2008 - 04:34 AM.


#8 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:44 AM

Posted 18 April 2008 - 05:31 AM

Sorry for that.

Please locate:

C:\Documents and Settings\Travis\.housecall6.6\Quarantine

Empty it.

Just do it, drag it into Combofix, neither of those applications is a trojan. Your av might detect it as a false positive. Just ignore it.
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#9 travislyw

travislyw
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:singapore
  • Local time:12:44 PM

Posted 18 April 2008 - 05:59 AM

ComboFix 08-04-16.5 - Travis 2008-04-18 18:47:32.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.520 [GMT 8:00]
Running from: C:\Documents and Settings\Travis\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Travis\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Travis\Application Data\macromedia\Flash Player\#SharedObjects\8HB8ZZLU\www.broadcaster.com
C:\Documents and Settings\Travis\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Travis\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\BMb370ec63.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\acIkSvut.ini
C:\WINDOWS\system32\acIkSvut.ini2
C:\WINDOWS\system32\gsrnykao.ini
C:\WINDOWS\system32\jmujovty.ini
C:\WINDOWS\system32\ldvumuqa.dll
C:\WINDOWS\system32\pfftofcw.ini
C:\WINDOWS\system32\tmaucevi.ini
C:\WINDOWS\system32\wetaabnb.ini
C:\WINDOWS\system32\wquqpdkl.ini
C:\WINDOWS\system32\ygvdbhwe.ini

.
((((((((((((((((((((((((( Files Created from 2008-03-18 to 2008-04-18 )))))))))))))))))))))))))))))))
.

2008-04-17 15:28 . 2008-04-17 15:28 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-17 15:28 . 2008-04-17 15:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-17 02:47 . 2008-04-17 02:47 <DIR> d-------- C:\Deckard
2008-04-10 17:11 . 2008-04-10 17:11 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-04-09 15:19 . 2008-04-09 15:19 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-04-08 20:38 . 2008-04-08 20:38 <DIR> d--h----- C:\WINDOWS\system32\Settings
2008-04-08 20:38 . 2008-04-08 20:38 <DIR> d-------- C:\Documents and Settings\Travis\McAfee
2008-04-08 02:59 . 2008-04-08 02:59 <DIR> d-------- C:\Program Files\Windows Defender
2008-04-07 16:58 . 2008-04-04 15:40 147,456 --a------ C:\VundoFix.exe
2008-04-07 16:58 . 2008-04-07 16:25 96,978 --a------ C:\VirtumundoBeGone.exe
2008-04-06 13:39 . 2008-04-08 20:48 1,415,295 --a------ C:\SDFix.exe
2008-04-06 02:31 . 2008-04-06 02:31 244 --ah----- C:\sqmnoopt19.sqm
2008-04-06 02:31 . 2008-04-06 02:31 232 --ah----- C:\sqmdata19.sqm
2008-04-06 02:02 . 2008-04-06 02:02 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-06 01:29 . 2008-04-07 12:19 <DIR> d-------- C:\SDFix
2008-04-05 02:41 . 2008-04-05 02:41 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\McAfee
2008-04-04 22:16 . 2008-04-04 22:16 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-04-04 22:16 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-04-04 22:16 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-04-04 22:16 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-04-04 22:16 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-04-04 20:30 . 2008-04-04 20:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-04 16:40 . 2008-04-04 16:40 <DIR> d-------- C:\VundoFix Backups
2008-04-03 17:20 . 2008-04-03 17:20 <DIR> d-------- C:\Documents and Settings\Travis\Application Data\McAfee
2008-04-01 19:27 . 2008-04-01 19:27 <DIR> d-------- C:\Program Files\vghd
2008-04-01 19:27 . 2008-04-01 19:27 <DIR> d-------- C:\Documents and Settings\Travis\Application Data\vghd
2008-04-01 16:15 . 2008-04-01 16:15 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-03-28 03:42 . 2008-03-28 03:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SimCity Societies

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-07 19:41 45,056 ----a-w C:\WINDOWS\system32\acovcnt.exe
2008-04-07 11:51 96,256 ----a-w C:\WINDOWS\system32\drivers\sptddrv1.sys
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-04 10:13 --------- d-sh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-04 10:13 --------- d-----w C:\Program Files\Windows Live
2008-03-04 10:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-03 14:11 --------- d-----w C:\Program Files\EA Games
2008-03-01 10:36 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-18 14:38 --------- d-----w C:\Program Files\easetech
2008-02-18 10:04 --------- d-----w C:\Documents and Settings\Travis\Application Data\Search Settings
2008-02-18 10:02 --------- d-----w C:\Program Files\Search Settings
2008-02-18 10:02 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-02-18 10:00 --------- d-----w C:\Program Files\Free Audio Pack
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
2008-02-06 17:47 1160544 --a------ C:\Program Files\Search Settings\kb126\SearchSettings.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360]
"updateMgr"="c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-08-23 22:22 110592]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-17 00:16 7561216]
"nwiz"="nwiz.exe" [2006-03-17 00:16 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-17 00:16 86016]
"RemoteControl"="C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 02:26 761945]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09 987136]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 11:51 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 11:52 602182]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 11:56 569413]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-05-16 16:29 53248]
"ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 15:20 180224]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-06 17:13 86016]
"ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [2006-02-21 19:36 17920]
"ABLKSR"="C:\WINDOWS\ABLKSR\ABLKSR.exe" [2006-01-02 21:14 61440]
"SMSERIAL"="sm56hlpr.exe" [2006-01-19 23:34 544768 C:\WINDOWS\sm56hlpr.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ElbyCheckAnyDVD"="C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" [2003-09-20 11:23 45056]
"CloneDVDElbyDelay"="C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" [2002-11-01 22:33 45056]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2003-09-29 22:17 175616]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [2008-02-06 17:47 1036640]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 13:59 4838952]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

C:\Documents and Settings\Travis\Start Menu\Programs\Startup\
VirtuaGirl HD.LNK - C:\Program Files\vghd\vghd.exe [2008-04-01 19:29:33 11756864]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
MultiFrame.lnk - C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe [2006-08-30 17:25:46 491520]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 11:11:42 49152]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgGvUOEw]
hgGvUOEw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"C:\\Program Files\\Java\\jre1.5.0_03\\BIN\\javaw.exe"=
"C:\\Program Files\\Java\\jre1.6.0_03\\BIN\\javaw.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\MSNMSGR.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\vghd\\VirtuaGirl_Downloader.exe"=
"C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14041:TCP"= 14041:TCP:BitComet 14041 TCP
"14041:UDP"= 14041:UDP:BitComet 14041 UDP

S2 0101521208501369mcinstcleanup;McAfee Application Installer Cleanup (0101521208501369);C:\WINDOWS\TEMP\010152~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini []
S3 ipswuio;ipswuio;C:\WINDOWS\system32\DRIVERS\ipswuio.sys [2006-01-24 10:45]

*Newly Created Service* - 0101521208501369MCINSTCLEANUP
.
Contents of the 'Scheduled Tasks' folder
"2008-04-18 10:00:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-02-29 17:00:12 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-04-14 20:14:28 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-04-18 10:55:46 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-18 18:53:24
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\ASUS\Asus MultiFrame\HookTitle.dll
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\WINDOWS DEFENDER\MSMPENG.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE
C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE
C:\PROGRAM FILES\MCAFEE\MBK\MBACKMONITOR.EXE
C:\PROGRAM FILES\MCAFEE\MSC\MCMSCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\MCAFEE\MNA\MCNASVC.EXE
C:\PROGRAM FILES\COMMON FILES\MCAFEE\MCPROXY\MCPROXY.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\SYSTEM32\ACENGSVR.EXE
C:\WINDOWS\ATK0100\ATKOSD.EXE
C:\PROGRAM FILES\TOSHIBA\BLUETOOTH TOSHIBA STACK\TOSBTMNG.EXE
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\vghd\VirtuaGirl_downloader.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Completion time: 2008-04-18 18:56:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-18 10:56:36

Pre-Run: 3,151,200,256 bytes free
Post-Run: 3,211,001,856 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
.
2008-04-18 06:51:54 --- E O F ---

#10 travislyw

travislyw
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:singapore
  • Local time:12:44 PM

Posted 18 April 2008 - 06:04 AM

This is the only log that i have.
i could not find

C:\CF_RC.txt

New HijackThis log.

#11 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:44 AM

Posted 19 April 2008 - 08:57 AM

i could not find

C:\CF_RC.txt

It was included in the last part of the log you just posted. :thumbsup:

Did you install VirtuaGirl?

=====================================================

Please open HiJackThis and scan. Check the boxes next to all the entries listed below

O20 - Winlogon Notify: hgGvUOEw - C:\WINDOWS\system32\hgGvUOEw.dll (file missing)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis

=====================================================

Download ATF-Cleaner by Atribune to your desktop.

Run ATF Cleaner Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Please Re-scan using kaspersky online scanner.
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#12 travislyw

travislyw
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:singapore
  • Local time:12:44 PM

Posted 19 April 2008 - 03:37 PM

yes i have virtuagirl. I think its this software that land me into this mess...


Sunday, April 20, 2008 4:35:59 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 19/04/2008
Kaspersky Anti-Virus database records: 715596


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\

Scan Statistics
Total number of scanned objects 119622
Number of viruses found 1
Number of infected objects 2
Number of suspicious objects 0
Duration of the scan process 01:26:32

Infected Object Name Virus Name Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\drivers\sptddrv1.sys Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\Temp\mcmsc_dj6QuUYdhA3NsXP Object is locked skipped

C:\WINDOWS\Temp\fb_1128.lck Object is locked skipped

C:\WINDOWS\Temp\sqlite_xgJjtlw9bM7FbBe Object is locked skipped

C:\WINDOWS\Temp\sqlite_BtoGmP6IfBxPt00 Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{594E4C4F-E327-4BB8-89A5-5B111288ACEB}.bin Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-04082008-025919.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFRB.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSK\RBLDB.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSK\settingsdb.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped

C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped

C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Travis\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\Temp\~DF3E97.tmp Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\Temp\~DF3EAE.tmp Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\Temp\~DF620E.tmp Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\Temp\fb_3268.lck Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\Temp\~DFFA03.tmp Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\Temp\sqlite_WXeHcMd0QJ8oDzX Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\Temp\~DFFA6C.tmp Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\Temp\sqlite_tI2hHQi0xXrXeSn Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\Temp\~DF2A9.tmp Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\Temp\sqlite_qEmdC5DiLcRAcf1 Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\Temp\sqlite_UOt1xW45OSqkogT Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\History\History.IE5\MSHist012008042020080421\index.dat Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{041D1352-719E-4E90-A9D6-F559EE49DEC9} Object is locked skipped

C:\Documents and Settings\Travis\Local Settings\Application Data\ApplicationHistory\McAfeeDataBackup.exe.e548c4c.ini.inuse Object is locked skipped

C:\Documents and Settings\Travis\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Travis\Application Data\Search Settings\kb126\temp\ws-13988.log Object is locked skipped

C:\Documents and Settings\Travis\Application Data\McAfee\MBK\ARBUSFILE.GDB Object is locked skipped

C:\Documents and Settings\Travis\UserData\index.dat Object is locked skipped

C:\Documents and Settings\Travis\NTUSER.DAT Object is locked skipped

C:\System Volume Information\_restore{60BB7204-0B79-4537-8255-1AF5BF8E3A50}\RP11\A0000610.dll Infected: Trojan.Win32.KillAV.rf skipped

C:\System Volume Information\_restore{60BB7204-0B79-4537-8255-1AF5BF8E3A50}\RP12\change.log Object is locked skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\ldvumuqa.dll.vir Infected: Trojan.Win32.KillAV.rf skipped

D:\System Volume Information\_restore{60BB7204-0B79-4537-8255-1AF5BF8E3A50}\RP12\change.log Object is locked skipped

Scan process completed.

#13 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:44 AM

Posted 20 April 2008 - 08:58 AM

I would like to see a fresh Hijackthis logfile.
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#14 travislyw

travislyw
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:singapore
  • Local time:12:44 PM

Posted 20 April 2008 - 09:21 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:20:12 PM, on 4/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Search Settings\SearchSettings.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\vghd\VirtuaGirl_downloader.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENSG/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asus.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: VirtuaGirl HD.LNK = C:\Program Files\vghd\vghd.exe
O4 - Global Startup: MultiFrame.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-sg\msntabres.dll.mui/229?610b7d632512429fb399cc7b23397a54
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-sg\msntabres.dll.mui/230?610b7d632512429fb399cc7b23397a54
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 11636 bytes

#15 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:44 AM

Posted 20 April 2008 - 10:13 AM

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 6. The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
  • Click the "Download" button to the right.
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: "Accept License Agreement". Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH CheckedApplications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

There are some unnecessarry startup objects that we could disable, i can make a list of these if you want, let me know.
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users