Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

False Windows Security Notifications, Disabled Task Manager


  • This topic is locked This topic is locked
2 replies to this topic

#1 LukyDaDonky

LukyDaDonky

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 22 April 2008 - 03:17 PM

So, I'm fixing my mom's computer after her neighbor gave her a cd with a "free" copy of Photoshop. It's now infected 6 ways to sunday. Here's the symptoms:

Fake security control panel that takes you to a website to purchase spyware removal software. I found the service in Services.msc and it was titled "MsSecurity Updated", but I could not disable it.

It disabled the task manager, and even when going into regedit and changing the value of the "Disabled Task Manager" from 1 to 0, I would not be able to gain access to it.

Overall slow computer

Now, I ran ComboFix and it was able to repair most of those problems, but I know there are still some remnants of the Virus still rooted in the system. I also have that log file if it is needed. I also ran the Kapersky online virus scan, and will post that along with my DSS/HiJack This log.

I appreciate all your assistance in this situation.

I will be more than happy to answer any other questions you might have.

Kapersky Virus Scan Log

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, April 22, 2008 12:56:56 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 22/04/2008
Kaspersky Anti-Virus database records: 720686
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 124310
Number of viruses found: 14
Number of infected objects: 32
Number of suspicious objects: 0
Duration of the scan process: 02:35:59

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\fivadmri\rgzofuny.exe Infected: Trojan.Win32.Obfuscated.we skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\08dae449f3868f39688f40cff7387cda_3c39885a-7523-47e2-a728-da6c16aeb222 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\7a59c9c8e05d1a01f3a08ff8f48c3987_3c39885a-7523-47e2-a728-da6c16aeb222 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\23d75f2b073cfe16c7cc190fa4db6f8c_3c39885a-7523-47e2-a728-da6c16aeb222 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4afb2170ac18d2a2d9bd7cf862754b2c_3c39885a-7523-47e2-a728-da6c16aeb222 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\539da9d6d03452eb7e2b5559624051f2_3c39885a-7523-47e2-a728-da6c16aeb222 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7ff15d97ab8b18a34f394671f0abea3e_3c39885a-7523-47e2-a728-da6c16aeb222 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9f87bd4a345f8ff352aecebfc0f6b6f3_3c39885a-7523-47e2-a728-da6c16aeb222 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\aa02950bcf8f68774e131d6cd40c5c92_3c39885a-7523-47e2-a728-da6c16aeb222 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c4945c4942330a9720ad602df6c77bf7_3c39885a-7523-47e2-a728-da6c16aeb222 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c4c17e2d031885acc4bbd8f4aba53eaa_3c39885a-7523-47e2-a728-da6c16aeb222 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d3199c04b529e3cb765cecb559e401a6_3c39885a-7523-47e2-a728-da6c16aeb222 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e9633c51fe4aef6ff057659491a3cb75_3c39885a-7523-47e2-a728-da6c16aeb222 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Lucky\.housecall6.6\Quarantine\count.jar-70f99707-393ab683.zip.bac_a03044/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Lucky\.housecall6.6\Quarantine\count.jar-70f99707-393ab683.zip.bac_a03044/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Lucky\.housecall6.6\Quarantine\count.jar-70f99707-393ab683.zip.bac_a03044/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\Lucky\.housecall6.6\Quarantine\count.jar-70f99707-393ab683.zip.bac_a03044 ZIP: infected - 3 skipped
C:\Documents and Settings\Lucky\.housecall6.6\Quarantine\count.jar-70f99707-393ab683.zip.bac_a03044 CryptFF.b: infected - 3 skipped
C:\Documents and Settings\Lucky\.housecall6.6\Quarantine\statistic.jar-7ba8ab78-51c46cd4.zip.bac_a03044/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\Lucky\.housecall6.6\Quarantine\statistic.jar-7ba8ab78-51c46cd4.zip.bac_a03044/VaaaaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\Lucky\.housecall6.6\Quarantine\statistic.jar-7ba8ab78-51c46cd4.zip.bac_a03044/Baaaaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\Lucky\.housecall6.6\Quarantine\statistic.jar-7ba8ab78-51c46cd4.zip.bac_a03044 ZIP: infected - 3 skipped
C:\Documents and Settings\Lucky\.housecall6.6\Quarantine\statistic.jar-7ba8ab78-51c46cd4.zip.bac_a03044 CryptFF.b: infected - 3 skipped
C:\Documents and Settings\Lucky\Application Data\Mozilla\Firefox\Profiles\8mf2kaui.default\cert8.db Object is locked skipped
C:\Documents and Settings\Lucky\Application Data\Mozilla\Firefox\Profiles\8mf2kaui.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Lucky\Application Data\Mozilla\Firefox\Profiles\8mf2kaui.default\history.dat Object is locked skipped
C:\Documents and Settings\Lucky\Application Data\Mozilla\Firefox\Profiles\8mf2kaui.default\key3.db Object is locked skipped
C:\Documents and Settings\Lucky\Application Data\Mozilla\Firefox\Profiles\8mf2kaui.default\parent.lock Object is locked skipped
C:\Documents and Settings\Lucky\Application Data\Mozilla\Firefox\Profiles\8mf2kaui.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Lucky\Application Data\Mozilla\Firefox\Profiles\8mf2kaui.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Lucky\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Lucky\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped
C:\Documents and Settings\Lucky\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
C:\Documents and Settings\Lucky\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Lucky\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Lucky\Local Settings\Application Data\Mozilla\Firefox\Profiles\8mf2kaui.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Lucky\Local Settings\Application Data\Mozilla\Firefox\Profiles\8mf2kaui.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Lucky\Local Settings\Application Data\Mozilla\Firefox\Profiles\8mf2kaui.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Lucky\Local Settings\Application Data\Mozilla\Firefox\Profiles\8mf2kaui.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Lucky\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Lucky\Local Settings\Temp\~nreydzo.tmp\main.txt Object is locked skipped
C:\Documents and Settings\Lucky\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Lucky\My Documents\Downloads\Adobe Photoshop CS3 Extended + KEYGEN & ACTIVATION.zip/Adobe Photoshop CS3 Extended + KEYGEN & ACTIVATION/Adobe Photoshop CS3 Extended Keygen + Activation.exe/data0000.cab/atiiila.exe Infected: Trojan.Win32.Pakes.cgn skipped
C:\Documents and Settings\Lucky\My Documents\Downloads\Adobe Photoshop CS3 Extended + KEYGEN & ACTIVATION.zip/Adobe Photoshop CS3 Extended + KEYGEN & ACTIVATION/Adobe Photoshop CS3 Extended Keygen + Activation.exe/data0000.cab/_launcher.exe Infected: Trojan-Downloader.Win32.Small.uny skipped
C:\Documents and Settings\Lucky\My Documents\Downloads\Adobe Photoshop CS3 Extended + KEYGEN & ACTIVATION.zip/Adobe Photoshop CS3 Extended + KEYGEN & ACTIVATION/Adobe Photoshop CS3 Extended Keygen + Activation.exe/data0000.cab Infected: Trojan-Downloader.Win32.Small.uny skipped
C:\Documents and Settings\Lucky\My Documents\Downloads\Adobe Photoshop CS3 Extended + KEYGEN & ACTIVATION.zip/Adobe Photoshop CS3 Extended + KEYGEN & ACTIVATION/Adobe Photoshop CS3 Extended Keygen + Activation.exe Infected: Trojan-Downloader.Win32.Small.uny skipped
C:\Documents and Settings\Lucky\My Documents\Downloads\Adobe Photoshop CS3 Extended + KEYGEN & ACTIVATION.zip ZIP: infected - 4 skipped
C:\Documents and Settings\Lucky\My Documents\Random Crap\Nero-7.7.5.1_eng_trial(2).exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Documents and Settings\Lucky\My Documents\Random Crap\Nero-7.7.5.1_eng_trial(2).exe RAR: infected - 1 skipped
C:\Documents and Settings\Lucky\My Documents\Random Crap\New Folder\WinAircrackPack.zip/WinAircrackPack/aircrack.exe Infected: not-a-virus:PSWTool.Win32.AirCrack.a skipped
C:\Documents and Settings\Lucky\My Documents\Random Crap\New Folder\WinAircrackPack.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Lucky\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Lucky\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\Bat\Bat.dll Infected: not-a-virus:AdWare.Win32.Rabio.m skipped
C:\Program Files\Bat\Info.dll Infected: not-a-virus:AdWare.Win32.Rabio.m skipped
C:\QooBox\Quarantine\C\WINDOWS\default.htm.vir Infected: not-virus:Hoax.HTML.Secureinvites.b skipped
C:\QooBox\Quarantine\C\WINDOWS\lfn.exe.vir Infected: not-virus:Hoax.Win32.Renos.bso skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\svehost.exe.vir Infected: Backdoor.Win32.SdBot.doy skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wmsdkns.exe.vir Infected: not-virus:Hoax.Win32.Renos.bso skipped
C:\QooBox\Quarantine\C\WINDOWS\Web\def.htm.vir Infected: not-virus:Hoax.HTML.Secureinvites.c skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A7052985-66C4-42BC-8C77-054E892ED9B7}\RP849\A0138172.exe Infected: Backdoor.Win32.SdBot.doy skipped
C:\System Volume Information\_restore{A7052985-66C4-42BC-8C77-054E892ED9B7}\RP849\A0138254.exe Infected: not-virus:Hoax.Win32.Renos.bso skipped
C:\System Volume Information\_restore{A7052985-66C4-42BC-8C77-054E892ED9B7}\RP849\A0138255.exe Infected: not-virus:Hoax.Win32.Renos.bso skipped
C:\System Volume Information\_restore{A7052985-66C4-42BC-8C77-054E892ED9B7}\RP850\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\accwiz.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hhctrl.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\locator.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\magnify.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\migwiz.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\mrxsmb.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\narrator.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\newdev.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ntdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ntkrnlpa.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\osk.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\pchshell.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\raspptp.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\shmedia.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\srv.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\sysmain.sdb Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\winsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826939$\zipfldr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\fldrclnr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\shell32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\sxs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\wmpcore.dll Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\mrofinu1799.exe Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\vimc.exe/WISE0005.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
C:\WINDOWS\system32\vimc.exe WiseSFX: infected - 1 skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_430.dat Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_680.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

DSS/HiJack This Log

Deckard's System Scanner v20071014.68
Run by Lucky on 2008-04-21 21:48:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-21 21:54:48
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\NMSSvc.Exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe
C:\WINDOWS\system32\SK9910DM.EXE
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\browser\ycommon.exe
C:\Documents and Settings\Lucky\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Dictionary.com - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\lexbar.dll (file missing)
O2 - BHO: (no name) - {1a8523dc-1dd2-11b2-8f50-a0f5b7cb9b7f} - C:\WINDOWS\pstovype.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: (no name) - {5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} - C:\Program Files\Starware337\bin\Starware337.dll (file missing)
O2 - BHO: BatBHO - {63F7460B-C831-4142-A4AA-5EC303EC4343} - C:\Program Files\Bat\Bat.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\lexbar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar3.dll
O3 - Toolbar: Starware Recipe Toolbar - {1962c5bc-e475-465b-823b-133e711bceb9} - C:\Program Files\Starware337\bin\Starware337.dll (file missing)
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Echovoice Gamer Statistics] C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O4 - HKCU\..\Run: [jbcdgkxk] C:\WINDOWS\system32\bihwlsvq.exe
O4 - HKCU\..\Run: [gakmhjoa] C:\WINDOWS\system32\vqnclqpq.exe
O4 - HKLM\..\Policies\Explorer\Run: [bH23w1G02s] C:\Documents and Settings\All Users\Application Data\fivadmri\rgzofuny.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - CmdMapping - (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://travelers.com (HKLM)
O15 - Trusted Zone: https://travelers.com (HKLM)
O15 - Trusted Zone: http://travelerspc.com (HKLM)
O15 - Trusted Zone: https://travelerspc.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...irector7/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shock...director/sw.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} () - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1167297915968
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} () - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} () - http://download.yahoo.com/dl/installs/yab_af.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shock...ash/swflash.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} () - http://dictionary.reference.com/tools/toolbar/lexico.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} () - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: xxywTLdC - C:\WINDOWS\system32\xxywTLdC.dll (file missing)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.Exe
O23 - Service: Pervasive.SQL Workgroup Engine - Unknown owner - C:\WINDOWS\system32\srvany.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\system32\PCTKRNT.SYS
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


--
End of file - 13960 bytes

-- Files created between 2008-03-21 and 2008-04-21 -----------------------------

2008-04-21 20:54:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-21 20:54:01 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-21 20:54:00 0 d-------- C:\WINDOWS\LastGood
2008-04-21 20:30:42 98304 --a------ C:\WINDOWS\system32\vqnclqpq.exe
2008-04-21 20:00:40 98304 --a------ C:\WINDOWS\system32\bihwlsvq.exe
2008-04-21 19:35:25 68096 --a------ C:\WINDOWS\zip.exe
2008-04-21 19:35:25 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-21 19:35:25 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-21 19:35:25 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-21 19:35:25 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-21 19:35:25 98816 --a------ C:\WINDOWS\sed.exe
2008-04-21 19:35:25 80412 --a------ C:\WINDOWS\grep.exe
2008-04-21 19:35:25 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-20 14:01:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-04-20 14:01:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-04-20 14:01:00 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-04-20 13:53:43 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-04-20 13:51:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-04-20 13:50:17 4096 --a------ C:\Documents and Settings\Lucky\Desktopfilemanagerclient.exe
2008-04-20 13:50:16 4096 --a------ C:\Documents and Settings\Lucky\DesktopFWebdEditor.exe
2008-04-20 13:50:16 4096 --a------ C:\Documents and Settings\Lucky\Desktopfwebd.exe
2008-04-20 13:49:45 0 d-------- C:\Documents and Settings\All Users\Application Data\fivadmri
2008-04-20 13:49:43 102400 --a------ C:\WINDOWS\system32\jotspoja.exe
2008-04-20 13:49:28 65024 --a------ C:\Documents and Settings\All Users\Application Data\hytczixm.dll
2008-04-20 13:49:22 192512 --a------ C:\WINDOWS\talqhgjo.dll
2008-04-20 13:49:16 65024 --a------ C:\WINDOWS\pstovype.dll
2008-04-20 13:49:13 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-04-20 13:49:09 0 d-------- C:\Program Files\Bat
2008-04-20 13:48:15 38400 --a------ C:\WINDOWS\mrofinu1799.exe
2008-04-20 12:31:03 0 d-------- C:\Program Files\ToneThis 3.5
2008-04-18 16:32:51 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-04-18 16:32:28 57344 --a------ C:\WINDOWS\system32\HPZisn12.dll <Not Verified; HP; HP SNMP Windows>
2008-04-18 16:32:28 94208 --a------ C:\WINDOWS\system32\HPZipt12.dll <Not Verified; HP; HP SNMP Windows>
2008-04-18 16:32:28 204800 --a------ C:\WINDOWS\system32\HPZipr12.dll <Not Verified; HP; HP PmlRtl>
2008-04-18 16:32:28 69632 --a------ C:\WINDOWS\system32\HPZipm12.exe <Not Verified; HP; HP PML>
2008-04-18 16:32:28 61440 --a------ C:\WINDOWS\system32\HPZinw12.exe <Not Verified; HP; HP Dot4Net Windows>
2008-04-18 16:32:27 278584 --a------ C:\WINDOWS\system32\HPZidr12.dll <Not Verified; HP; HP Dot4Rtl>
2008-04-18 16:31:55 0 d-------- C:\Program Files\HP
2008-04-18 16:31:30 19696 -----n--- C:\WINDOWS\hpomdl05.dat
2008-04-18 16:31:30 69443 --a------ C:\WINDOWS\hpoins05.dat
2008-04-18 16:18:35 0 d-------- C:\Documents and Settings\Lucky\HP_WebRelease
2008-04-16 21:05:00 0 d-------- C:\Program Files\iTunes
2008-04-16 21:03:08 0 d-------- C:\Program Files\Bonjour
2008-04-16 21:01:43 0 d-------- C:\Program Files\QuickTime
2008-04-16 20:59:55 0 d-------- C:\Program Files\Apple Software Update
2008-04-16 20:59:25 0 d-------- C:\Program Files\Common Files\Apple
2008-04-16 11:14:56 0 d-------- C:\Program Files\TmNationsForever
2008-04-05 01:23:19 0 d-------- C:\Documents and Settings\Lucky\data
2008-04-04 20:52:58 0 d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-04-04 20:41:46 0 d-------- C:\Program Files\support.com
2008-04-04 20:41:40 0 d-------- C:\Program Files\Common Files\SupportSoft
2008-04-02 20:52:55 0 d-------- C:\Documents and Settings\Jeanne\Application Data\MySpace
2008-03-29 08:40:46 0 d-------- C:\Program Files\Idealign
2008-03-29 08:40:46 0 d-------- C:\Documents and Settings\Lucky\Application Data\Idealign
2008-03-29 08:40:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Idealign
2008-03-29 00:25:43 0 d-------- C:\Documents and Settings\Lucky\Application Data\Intuit
2008-03-24 03:42:23 0 d-------- C:\Documents and Settings\Lucky\Application Data\Opera
2008-03-23 21:37:21 0 d-------- C:\Program Files\Echovoice
2008-03-21 17:57:09 0 d-------- C:\Program Files\uTorrent
2008-03-21 17:57:06 0 d-------- C:\Documents and Settings\Lucky\Application Data\uTorrent


-- Find3M Report ---------------------------------------------------------------

2008-04-20 14:07:06 0 d-------- C:\Program Files\Steam
2008-04-20 01:29:31 0 d-------- C:\Documents and Settings\Lucky\Application Data\Adobe
2008-04-19 09:46:41 0 d-------- C:\Documents and Settings\Lucky\Application Data\Xfire
2008-04-19 09:46:31 0 d---s---- C:\Program Files\Xfire
2008-04-18 16:32:51 0 d-------- C:\Program Files\Common Files
2008-04-16 21:05:28 0 d-------- C:\Program Files\iPod
2008-04-13 17:48:54 0 d-------- C:\Program Files\Logitech
2008-04-13 17:47:05 0 d-------- C:\Program Files\Common Files\Logitech
2008-04-13 15:01:30 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-13 14:06:35 0 d-------- C:\Program Files\Azureus
2008-04-12 13:56:37 0 d-------- C:\Program Files\Java
2008-04-11 18:44:20 43 --a----c- C:\WINDOWS\popcinfo.dat
2008-04-04 20:43:02 0 d-------- C:\Program Files\BroadJump
2008-03-22 02:33:09 0 d-------- C:\Program Files\DivX
2008-03-13 11:59:42 0 d-------- C:\Program Files\Common Files\AOL
2008-03-11 15:13:21 0 d-------- C:\Program Files\Common Files\Nullsoft
2008-03-05 12:27:05 0 d-------- C:\Documents and Settings\Lucky\Application Data\Media Player Classic
2008-03-03 23:03:30 0 d-------- C:\Program Files\Viewpoint
2008-02-28 20:55:47 0 d-------- C:\Documents and Settings\Lucky\Application Data\Azureus
2008-02-28 11:05:14 0 d-------- C:\Documents and Settings\Lucky\Application Data\foobar2000
2008-02-27 23:48:42 0 d-------- C:\Documents and Settings\Lucky\Application Data\MySpace
2008-02-27 23:48:36 0 d-------- C:\Program Files\MySpace
2008-02-27 09:19:07 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-26 19:33:46 0 d-------- C:\Program Files\Google
2008-02-26 09:46:24 0 d-------- C:\Program Files\ASUS
2008-02-20 19:04:16 196608 --a----c- C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-02-20 19:04:16 81920 --a----c- C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-02-20 19:04:04 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-02-20 19:04:04 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX>
2008-02-20 19:04:04 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX>
2008-02-20 19:04:04 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX>
2008-02-20 19:03:24 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1a8523dc-1dd2-11b2-8f50-a0f5b7cb9b7f}]
04/20/2008 01:49 PM 65024 --a------ C:\WINDOWS\pstovype.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e}]
C:\Program Files\Starware337\bin\Starware337.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63F7460B-C831-4142-A4AA-5EC303EC4343}]
03/07/2008 09:15 PM 413696 --a------ C:\Program Files\Bat\Bat.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="C:\Program Files\LClock\LClock.exe" [09/20/2004 02:27 AM]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [06/19/2002 01:05 AM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09 AM]
"Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe" [04/26/2007 05:54 PM]
"Launch LGDCore"="C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [04/26/2007 06:22 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"Echovoice Gamer Statistics"="C:\Program Files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe" [11/28/2006 02:52 PM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [11/18/2003 01:24 AM]
"Hot Key Kbd 9910 Daemon"="SK9910DM.EXE" [01/03/2001 12:50 PM C:\WINDOWS\system32\SK9910DM.EXE]
"GWMDMMSG"="GWMDMMSG.exe" [05/06/2002 05:12 PM C:\WINDOWS\GWMDMMSG.exe]
"EPSON Stylus Photo R200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.exe" [07/08/2003 03:00 AM]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" []
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [08/04/2004 12:56 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"jbcdgkxk"="C:\WINDOWS\system32\bihwlsvq.exe" [04/21/2008 08:00 PM]
"gakmhjoa"="C:\WINDOWS\system32\vqnclqpq.exe" [04/21/2008 08:30 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Microsoft Updates"=svehost.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\Lucky\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 8:16:50 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"bH23w1G02s"=C:\Documents and Settings\All Users\Application Data\fivadmri\rgzofuny.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxywTLdC]
xxywTLdC.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk
backup=C:\WINDOWS\pss\Image Transfer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Install Pending Files.LNK]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install Pending Files.LNK
backup=C:\WINDOWS\pss\Install Pending Files.LNKCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Lucky^Start Menu^Programs^Startup^Bat - Auto Update.lnk]
path=C:\Documents and Settings\Lucky\Start Menu\Programs\Startup\Bat - Auto Update.lnk
backup=C:\WINDOWS\pss\Bat - Auto Update.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0c07c0f5]
rundll32.exe "C:\WINDOWS\system32\fpugpcmr.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Blaero Start Orb]
C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM0f34f369]
Rundll32.exe "C:\WINDOWS\system32\exwjmwjo.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameRail]
C:\DOCUME~1\Lucky\LOCALS~1\Temp\e4j5.tmp_dir28490\GameRail.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hytczixm]
regsvr32 /u "C:\Documents and Settings\All Users\Application Data\hytczixm.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ldcfdtcl]
C:\WINDOWS\system32\jotspoja.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Updates]
svehost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Windows Installer]
C:\DOCUME~1\Lucky\LOCALS~1\Temp\ie.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\mrofinu1799.exe 61A847B5BBF72813359231466188719AB689201522886B092CBD44BD8689220221DD3257

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\program files\steam\steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Styler]
C:\Program Files\Styler\Styler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar]
C:\Program Files\Vista Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip]
C:\Program Files\VisualTooltip\VisualToolTip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent]
C:\Program Files\webHancer\Programs\whagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\winampa.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
C:\Program Files\Logitech\iTouch\iTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PictureTaker"=3 (0x3)
"iPod Service"=3 (0x3)
"helpsvc"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"SPTISRV"=3 (0x3)
"sprtsvc_ddoctorv2"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Apple Mobile Device"=2 (0x2)




-- End of Deckard's System Scanner: finished at 2008-04-21 21:59:24 ------------

BC AdBot (Login to Remove)

 


#2 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 08 May 2008 - 12:05 PM

Hello LukyDaDonky,

I apologise for the delay. The forum is too busy.

Your pc is still infected.

Please avoid running any other tools, or making fixes on your own.
----------------------------------------------
I will be assisting you with your malware issues.
  • Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • Continue to respond to this thread until I give you the All Clean! If you have any question or you're stuck in there please reply it to me. I will try my best to help you!
  • Please bookmark or favourite this page. In case you need it as reference or etc.
IMPORTANT NOTE:
If you are using Windows Vista you must right click on the desktop icon and choose Run as Administrator all tools.
----------------------------------------------
UNINSTALL COMBOFIX
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK.
  • Note the space between the X and the U, it needs to be there.
  • Posted Image
You can also delete any logs we have produced, and empty your Recycle bin.
----------------------------------------------
Download and Run HijackThis
Download HJTInstall.exe to your Desktop.
  • Doubleclick HJTInstall.exe to install it.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Copy/Paste the log to your next reply please.
Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
----------------------------------------------
Post back:
A new HijackThis log.
Is your Task manager still disabled?
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#3 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 13 May 2008 - 12:39 PM

Due to the lack of feedback, this Topic is now closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users