Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Error Cleaner, Privacy Protector, Spyware&malwere Protection Icons On My Desktop


  • This topic is locked This topic is locked
16 replies to this topic

#1 Dan Tran

Dan Tran

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 25 April 2008 - 01:39 AM

Hello, please help me with this mal ware problem which also keeps popping up security
alert Spyware alert. The work around is to kill my explorer.exe and therefor lose my start menu bar aswell).

here is my main.txt
=============================================================
Deckard's System Scanner v20071014.68
Run by dtran on 2008-04-24 23:10:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-04-25 06:10:20 UTC - RP950 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as dtran.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:16:20 PM, on 4/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\SYSTEM32\cmd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\dtran\Desktop\dss.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\dtran.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll (disabled by BHODemon)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (disabled by BHODemon)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: dpevflbg - {859D10F7-0E0F-43A8-8DF7-EC0466A40301} - C:\WINDOWS\dpevflbg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Policies\Explorer\Run: [ZEcCf6LNFf] C:\Documents and Settings\All Users\Application Data\xazetyts\hwhmxsjm.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = engineering.net
O17 - HKLM\Software\..\Telephony: DomainName = engineering.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{A9927829-FAE2-45E9-ABB8-44792957DB35}: Domain = iplocks.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{A9927829-FAE2-45E9-ABB8-44792957DB35}: NameServer = 192.168.1.8 192.168.1.6 192.168.1.7 192.168.1.7 192.168.1.6
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = engineering.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = iplocks.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = engineering.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = iplocks.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = iplocks.com
O20 - Winlogon Notify: vtUomkhH - vtUomkhH.dll (file missing)
O21 - SSODL: wdpoefan - {BBCE53EC-1C63-4CDB-A95D-B9164A47EC32} - C:\WINDOWS\wdpoefan.dll
O21 - SSODL: vadokmxt - {12545625-F116-4CD5-A82B-B0F025FD7F79} - C:\WINDOWS\vadokmxt.dll
O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Broadcom ASF IP monitoring service v3.0.1 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Apache Continuum (continuum) - Unknown owner - C:\dev\continuum\continuum-1.1-beta-1\bin\windows-x86-32\wrapper.exe (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\SYSTEM32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPLocksVA Application Server (IPLocksVATomcat) - Apache Software Foundation - C:\IPLocksVA\tomcat\bin\tomcat6.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - c:\dev\tomcat\5.5.23-EXE\bin\tomcat5.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 9098 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 npkcrypt - c:\program files\wizet\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>

S2 SC1BLPT - c:\windows\system32\sc1blpt.sys (file missing)
S3 BtAudio (Bluetooth Audio) - c:\windows\system32\drivers\btaudio.sys (file missing)
S3 BTDriver (Bluetooth Virtual Communications Driver) - c:\windows\system32\drivers\btport.sys (file missing)
S3 btwhid - c:\windows\system32\drivers\btwhid.sys <Not Verified; WIDCOMM, Inc.; Bluetooth Software 1.4.2 Build 10>
S3 BTWUSB (WIDCOMM USB Bluetooth Driver) - c:\windows\system32\drivers\btwusb.sys (file missing)
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
S3 LMouKE (Logitech SetPoint Mouse Filter Driver) - c:\windows\system32\drivers\lmouke.sys (file missing)
S3 ndisva (Avaya VPNet Virtual Adapter Driver) - c:\windows\system32\drivers\vadapter.sys (file missing)
S3 urvpndrv (F5 Networks VPN Adapter) - c:\windows\system32\drivers\urvpndrv.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BAsfIpM (Broadcom ASF IP monitoring service v3.0.1) - c:\windows\system32\basfipm.exe <Not Verified; Broadcom Corp.; Broadcom ASF IP monitoring service>

S2 .NET Connection Service (.NET Framework Service) - c:\windows\svchost.exe (file missing)
S3 continuum (Apache Continuum) - c:\dev\continuum\continuum-1.1-beta-1\bin\windows-x86-32\wrapper.exe -s c:\dev\continuum\continuum-1.1-beta-1\bin\windows-x86-32\wrapper.conf set.plexushome=c:\dev\continuum\continuum-1.1-beta-1\bin\windows-x86-32\..\.. set.plexusbase=c:\dev\continuum\continuum-1.1-beta-1\bin\windows-x86-32\..\.. "set.tools_jar=c:\program files\java\jdk1.5.0_08\lib\tools.jar" (file missing)
S3 IPLocksVATomcat (IPLocksVA Application Server) - c:\iplocksva\tomcat\bin\tomcat6.exe //rs//iplocksvatomcat <Not Verified; Apache Software Foundation; Service Runner>
S3 Tomcat5 (Apache Tomcat) - c:\dev\tomcat\5.5.23-exe\bin\tomcat5.exe //rs//tomcat5 <Not Verified; Apache Software Foundation; Service Runner>
S3 winvnc (VNC Server) - "c:\program files\tightvnc\winvnc.exe" -service (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-21 09:40:05 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-04-15 07:09:37 340 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-01-01 02:10:23 332 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2008-03-24 and 2008-04-24 -----------------------------

2008-04-24 23:15:55 0 d-------- C:\Program Files\Trend Micro
2008-04-24 23:14:35 0 d-------- C:\WINDOWS\privacy_danger
2008-04-22 22:34:37 0 d-------- C:\Documents and Settings\dtran\Application Data\Grisoft
2008-04-22 22:33:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-22 21:33:57 0 d-------- C:\Documents and Settings\dantran\Application Data\Google
2008-04-22 21:33:56 0 d-------- C:\Documents and Settings\dantran\Application Data\TmpRecentIcons
2008-04-22 21:33:55 0 dr------- C:\Documents and Settings\dantran\Start Menu
2008-04-22 21:33:55 0 dr-h----- C:\Documents and Settings\dantran\SendTo
2008-04-22 21:33:55 0 dr-h----- C:\Documents and Settings\dantran\Recent
2008-04-22 21:33:55 0 d--h----- C:\Documents and Settings\dantran\PrintHood
2008-04-22 21:33:55 0 d--h----- C:\Documents and Settings\dantran\NetHood
2008-04-22 21:33:55 0 dr------- C:\Documents and Settings\dantran\My Documents
2008-04-22 21:33:55 0 d-------- C:\Documents and Settings\dantran\Desktop
2008-04-22 21:33:55 0 d-------- C:\Documents and Settings\dantran\Application Data\Identities
2008-04-22 20:26:38 0 d-------- C:\Documents and Settings\dtran\Application Data\McAfee
2008-04-22 20:06:36 0 d-------- C:\Documents and Settings\dantran\Application Data\Subversion
2008-04-22 20:02:22 106496 --a------ C:\WINDOWS\system32\ojidgxyt.exe
2008-04-22 20:00:03 0 d--h----- C:\Documents and Settings\dantran\Local Settings
2008-04-22 20:00:03 0 dr------- C:\Documents and Settings\dantran\Favorites
2008-04-22 20:00:03 0 d---s---- C:\Documents and Settings\dantran\Cookies
2008-04-22 20:00:03 0 dr-h----- C:\Documents and Settings\dantran\Application Data
2008-04-22 20:00:03 0 d---s---- C:\Documents and Settings\dantran\Application Data\Microsoft
2008-04-22 20:00:02 0 d--h----- C:\Documents and Settings\dantran\Templates
2008-04-22 20:00:02 786432 --ah----- C:\Documents and Settings\dantran\ntuser.dat
2008-04-21 23:41:54 0 d-------- C:\Program Files\Lavasoft
2008-04-21 23:41:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-21 23:38:59 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-21 19:39:02 0 d-------- C:\Documents and Settings\dtran\Application Data\TmpRecentIcons
2008-04-21 16:19:43 344865 --ahs---- C:\WINDOWS\system32\Suxadfii.ini2
2008-04-21 16:13:39 90112 --a------ C:\WINDOWS\wxvgsdbq.exe
2008-04-21 16:13:39 270336 --a------ C:\WINDOWS\wdpoefan.dll
2008-04-21 16:13:39 212992 --a------ C:\WINDOWS\vadokmxt.dll
2008-04-21 16:13:39 102400 --a------ C:\WINDOWS\olgdqarf.exe
2008-04-21 16:13:39 200704 --a------ C:\WINDOWS\dpevflbg.dll
2008-04-21 16:13:14 4096 --a------ C:\WINDOWS\system32\winlogonpc.exe
2008-04-21 16:13:13 4096 --a------ C:\WINDOWS\system32\mwin32.exe
2008-04-21 16:13:13 4096 --a------ C:\WINDOWS\system32\hoproxy.dll
2008-04-21 16:13:12 4096 --a------ C:\WINDOWS\system32\taack.exe
2008-04-21 16:13:12 4096 --a------ C:\WINDOWS\system32\taack.dat
2008-04-21 16:13:12 4096 --a------ C:\WINDOWS\system32\ssurf022.dll
2008-04-21 16:13:12 4096 --a------ C:\WINDOWS\system32\sncntr.exe
2008-04-21 16:13:12 0 d-------- C:\WINDOWS\system32\smp
2008-04-21 16:13:12 4096 --a------ C:\WINDOWS\system32\psoft1.exe
2008-04-21 16:13:12 4096 --a------ C:\WINDOWS\system32\psof1.exe
2008-04-21 16:13:12 4096 --a------ C:\WINDOWS\system32\ps1.exe
2008-04-21 16:13:12 4096 --a------ C:\WINDOWS\system32\netode.exe
2008-04-21 16:13:12 4096 --a------ C:\WINDOWS\system32\mtr2.exe
2008-04-21 16:13:12 4096 --a------ C:\WINDOWS\system32\msnbho.dll
2008-04-21 16:13:12 4096 --a------ C:\WINDOWS\system32\medup012.dll
2008-04-21 16:13:12 4096 --a------ C:\WINDOWS\system32\hxiwlgpm.exe
2008-04-21 16:13:12 4096 --a------ C:\WINDOWS\system32\hxiwlgpm.dat
2008-04-21 16:13:12 4096 --a------ C:\WINDOWS\system32\bsva-egihsg52.exe
2008-04-21 16:13:11 4096 --a------ C:\WINDOWS\system32\thun32.dll
2008-04-21 16:13:11 4096 --a------ C:\WINDOWS\system32\thun.dll
2008-04-21 16:13:11 4096 --a------ C:\WINDOWS\system32\temp#01.exe
2008-04-21 16:13:11 4096 --a------ C:\WINDOWS\system32\ssvchost.exe
2008-04-21 16:13:11 4096 --a------ C:\WINDOWS\system32\ssvchost.com
2008-04-21 16:13:11 4096 --a------ C:\WINDOWS\system32\Rundl1.exe
2008-04-21 16:13:11 4096 --a------ C:\WINDOWS\system32\regm64.dll
2008-04-21 16:13:11 4096 --a------ C:\WINDOWS\system32\regc64.dll
2008-04-21 16:13:11 4096 --a------ C:\WINDOWS\system32\msvchost.exe
2008-04-21 16:13:11 4096 --a------ C:\WINDOWS\system32\msgp.exe
2008-04-21 16:13:11 4096 --a------ C:\WINDOWS\system32\dpcproxy.exe
2008-04-21 16:13:10 4096 --a------ C:\WINDOWS\system32\vcatchpi.dll
2008-04-21 16:13:10 4096 --a------ C:\WINDOWS\system32\newsd32.exe
2008-04-21 16:13:10 4096 --a------ C:\WINDOWS\system32\emesx.dll
2008-04-21 16:13:10 4096 --a------ C:\WINDOWS\system32\anticipator.dll
2008-04-21 16:13:10 4096 --a------ C:\WINDOWS\system32\akttzn.exe
2008-04-21 16:13:09 4096 --a------ C:\WINDOWS\system32\WINWGPX.EXE
2008-04-21 16:13:09 4096 --a------ C:\WINDOWS\system32\winsystem.exe
2008-04-21 16:13:09 4096 --a------ C:\WINDOWS\system32\vbsys2.dll
2008-04-21 16:13:09 4096 --a------ C:\WINDOWS\system32\sysreq.exe
2008-04-21 16:13:09 4096 --a------ C:\WINDOWS\system32\mssecu.exe
2008-04-21 16:13:09 4096 --a------ C:\WINDOWS\system32\bdn.com
2008-04-21 16:13:09 4096 --a------ C:\WINDOWS\system32\awtoolb.dll
2008-04-19 19:09:36 0 d-------- C:\Documents and Settings\dtran\.subversion
2008-04-10 10:24:54 0 d-------- C:\Program Files\SHARP
2008-04-10 10:24:20 159744 --a------ C:\WINDOWS\_isusr32.dll
2008-04-10 10:24:09 122880 --a------ C:\WINDOWS\system32\usc1.dll
2008-04-10 10:24:09 142 --a------ C:\WINDOWS\system32\Usc0Msg.dat
2008-04-10 10:24:09 45056 --a------ C:\WINDOWS\system32\_isusr2k.dll
2008-04-10 10:24:03 0 d-------- C:\WINDOWS\system32\SCDRV
2008-04-10 10:21:00 88296 --a------ C:\WINDOWS\system32\Scpmonal.dll <Not Verified; SHARP CORPORATION; SC-Print AL for Windows NT/2000/XP>
2008-04-10 10:20:55 0 d-------- C:\Program Files\SC-Print AL
2008-04-06 00:20:00 0 d-------- C:\Program Files\Xilisoft
2008-04-05 11:45:38 0 d-------- C:\Program Files\PQDVD
2008-03-28 21:54:04 0 d-------- C:\IPLocksVA


-- Find3M Report ---------------------------------------------------------------

2008-04-22 20:02:35 126633 --a------ C:\WINDOWS\system32\nvModes.dat
2008-04-21 23:38:59 0 d-------- C:\Program Files\Common Files
2008-04-21 21:58:37 0 d-------- C:\Documents and Settings\dtran\Application Data\Lavasoft
2008-04-21 17:33:39 0 d-------- C:\Program Files\McAfee
2008-04-21 17:29:33 0 d-------- C:\Documents and Settings\dtran\Application Data\SharpReader
2008-04-21 17:28:05 0 d-------- C:\Program Files\Magic Workstation
2008-04-19 21:19:07 0 d-------- C:\Program Files\Java
2008-04-14 00:18:20 0 d-------- C:\Documents and Settings\dtran\Application Data\BitTorrent
2008-02-13 02:23:35 10600 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/26/2004 01:01 PM]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [01/16/2007 01:59 PM]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [01/08/2007 11:22 AM]

C:\Documents and Settings\dtran\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 11:36:04 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 11:36:04 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"ZEcCf6LNFf"=C:\Documents and Settings\All Users\Application Data\xazetyts\hwhmxsjm.exe

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"wdpoefan"= {BBCE53EC-1C63-4CDB-A95D-B9164A47EC32} - C:\WINDOWS\wdpoefan.dll [04/21/2008 04:48 AM 270336]
"vadokmxt"= {12545625-F116-4CD5-A82B-B0F025FD7F79} - C:\WINDOWS\vadokmxt.dll [04/21/2008 04:48 AM 212992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUomkhH]
vtUomkhH.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\iifdaxuS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{369dac8a-b49b-11dc-9678-000bdb99dbc7}]
AutoRun\command- Data.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bad53ece-2ccd-11dc-965a-00904b2e49a2}]
AutoRun\command- F:\LaunchU3.exe




-- Hosts -----------------------------------------------------------------------

192.168.0.101 glvnsjc
192.168.0.101 maihoa


-- End of Deckard's System Scanner: finished at 2008-04-24 23:17:46 ------------



and my extra.txt
=============================================================
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1600MHz
Percentage of Memory in Use: 57%
Physical Memory (total/avail): 1023.23 MiB / 438.83 MiB
Pagefile Memory (total/avail): 2971.51 MiB / 2468.61 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.98 MiB

C: is Fixed (NTFS) - 55.84 GiB total, 19.37 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - FUJITSU MHT2060AT - 55.89 GiB - 2 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 55.84 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"="C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe:*:Enabled:McAfee Data Backup"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Disabled:AOL Loader"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Disabled:BitTorrent"
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"="C:\\Program Files\\BitTorrent_DNA\\dna.exe:*:Disabled:BitTorrent DNA"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Disabled:DNA"
"C:\\ijji\\ENGLISH\\gunster.exe"="C:\\ijji\\ENGLISH\\gunster.exe:*:Disabled:Gunster"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Disabled:Skype"
"C:\\WINDOWS\\SYSTEM32\\symantec32.exe"="C:\\WINDOWS\\SYSTEM32\\symantec32.exe:*:Disabled:symantec32"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
ANT_HOME=c:\dev\ant\apache-ant-1.6.5
APPDATA=C:\Documents and Settings\dtran\Application Data
APR_ICONV_PATH=c:\dev\svn\iconv
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DAN
ComSpec=C:\WINDOWS\system32\cmd.exe
CYGWIN_HOME=c:\cygwin
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\dtran
INTEL_LICENSE_FILE=C:\Program Files\Common Files\Intel\Licenses
JAVA_HOME=C:\Program Files\Java\jdk1.6.0_06
LOGONSERVER=\\DAN
M2_HOME=c:\dev\maven\apache-maven-2.0.9
MAVEN_HOME=c:\dev\maven\maven-1.0.2
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\QuickTime\QTSystem;c:\dev\svn\bin;c:\cygwin\bin;c:\dev\maven\apache-maven-2.0.9\bin;C:\Program Files\Java\jdk1.6.0_06\BIN;C:\Documents and Settings\dtran\bin;c:\dev\maven\maven-1.0.2\bin;c:\dev\ant\apache-ant-1.6.5\bin;c:\dev\nmap\nmap-4.20
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 9 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0905
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
StarTeamApp=C:\Program Files\Borland\StarTeam 2005 R2
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\dtran\LOCALS~1\Temp
TMP=C:\DOCUME~1\dtran\LOCALS~1\Temp
USERDOMAIN=DAN
USERNAME=dtran
USERPROFILE=C:\Documents and Settings\dtran
VS80COMNTOOLS=C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

vijayn (admin)
ttran (admin)
tharnett (new local)
ASPNET (new local)
ASPNET.TTRANLT (new local)
dtran (admin)
postgres (new local)
postgres.TTRANLT
GauntletUser
dantran (new local, admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{510582B9-2633-11D4-99DC-0000F49094C7}\Setup.exe" UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
ALPS Touch Pad Driver --> C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
Apache Tomcat 5.5 (remove only) --> "c:\dev\tomcat\5.5.23-EXE\Uninstall.exe"
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Avery Wizard 3.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{6B10045E-6789-49C4-BFED-52575F5B76BF}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Broadcom Advanced Control Suite --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{468190DA-FB4C-45BA-8E40-4B165FF1A939} /l1033
Broadcom ASF Management Applications --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{25D24E84-64A9-40D2-85CF-540B1C4A6D52} /l1033
Combined Community Codec Pack 2006-07-28 (Remove Only) --> C:\Program Files\Combined Community Codec Pack\Uninstall.exe
Conexant D480 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Dell TrueMobile 1400 Dual Band WLAN Mini-PCI Card --> C:\WINDOWS\system32\BCMWLU00.exe verbose
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVDSentry --> MsiExec.exe /I{98DF85D9-96C0-4F57-A92E-C3539477EF5E}
Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
Fisher Price ABC 32 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Davidson\FPABC32\DeIsL1.isu"
Free Mp3 Wma Converter V 1.6.3 --> "C:\Program Files\Free Audio Pack\unins000.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
IPLocksVA --> "c:\IPLocksVA\uninstall\uninstall.exe"
iPod Updater 2004-11-15 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{06E73C0B-7DE7-4F41-860B-587033B75BD9} /l1033
iTunes --> MsiExec.exe /I{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}
J2SE Development Kit 5.0 Update 8 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0150080}
Java™ SE Development Kit 6 Update 6 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160060}
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office XP Standard --> MsiExec.exe /I{90120409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Express Edition - ENU --> C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual C++ 2005 Express Edition - ENU\setup.exe
Microsoft Visual C++ 2005 Express Edition - ENU --> MsiExec.exe /X{AB6F4AB9-AC85-4002-9829-B6EEA55AE3A5}
Microsoft Visual Studio .NET Enterprise Architect 2003 - English --> "c:\Program Files\Microsoft Visual Studio .NET 2003\Setup\Visual Studio .NET Enterprise Architect 2003 - English\setup.exe" /MaintMode
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
NVIDIA Drivers --> C:\WINDOWS\System32\nvudisp.exe UninstallGUI
PSP Video 9 2.25 --> C:\Program Files\Red Kawa\Video Converter\uninstaller.exe
Scholastic Phonics Booster Books --> C:\PROGRA~1\SCHOLA~1\PHONIC~1\UNWISE.EXE C:\PROGRA~1\SCHOLA~1\PHONIC~1\INSTALL.LOG
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SHARP AL-1500/1600CS Series MFP Driver --> C:\WINDOWS\ISUNINST.EXE -fC:\WINDOWS\sc1.isu -cC:\WINDOWS\system32\usc1.dll
SHARP SC-Print AL --> C:\Program Files\SC-Print AL\SPUNINST.EXE
SharpReader 0.9.7.0 --> "C:\Program Files\SharpReader\unins000.exe"
Sony Digital Voice Editor 3 --> C:\PROGRA~1\SONY\DIGITA~1\UNINST.EXE
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Subversion 1.4.2-r22196 --> "c:\dev\svn\unins000.exe"
TextPad 4.7 --> MsiExec.exe /X{B510A987-487E-4C66-9F4F-D386AC275715}
TortoiseSVN 1.4.1.7992 (32 bit) --> MsiExec.exe /X{BD1F16BE-7B1B-4C8B-9C37-C99724513225}
Tweak UI --> "C:\WINDOWS\System32\mshta.exe" "res://C:\WINDOWS\System32\TweakUI.exe/uninstall.hta"
VNC Free Edition 4.1.2 --> "C:\Program Files\RealVNC\VNC4\unins000.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Yahoo! Address AutoComplete --> C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\yaddbook.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type13809 / Error
Event Submitted/Written: 04/24/2008 08:10:38 AM
Event ID/Source: 24 / WinMgmt
Event Description:
Event provider attempted to register query "SELECT * FROM __InstanceDeletionEvent where TargetInstance ISA "BRCM_NetworkVirtualAdapter"" whose target class "BRCM_NetworkVirtualAdapter"
does not exist.
The query will be ignored.

Event Record #/Type13808 / Error
Event Submitted/Written: 04/24/2008 08:10:38 AM
Event ID/Source: 24 / WinMgmt
Event Description:
Event provider attempted to register query "SELECT * FROM __InstanceCreationEvent where TargetInstance ISA "BRCM_NetworkVirtualAdapter"" whose target class "BRCM_NetworkVirtualAdapter"
does not exist.
The query will be ignored.

Event Record #/Type13796 / Error
Event Submitted/Written: 04/24/2008 07:04:09 AM
Event ID/Source: 24 / WinMgmt
Event Description:
Event provider attempted to register query "SELECT * FROM __InstanceDeletionEvent where TargetInstance ISA "BRCM_NetworkVirtualAdapter"" whose target class "BRCM_NetworkVirtualAdapter"
does not exist.
The query will be ignored.

Event Record #/Type13795 / Error
Event Submitted/Written: 04/24/2008 07:04:09 AM
Event ID/Source: 24 / WinMgmt
Event Description:
Event provider attempted to register query "SELECT * FROM __InstanceCreationEvent where TargetInstance ISA "BRCM_NetworkVirtualAdapter"" whose target class "BRCM_NetworkVirtualAdapter"
does not exist.
The query will be ignored.

Event Record #/Type13779 / Error
Event Submitted/Written: 04/24/2008 00:18:21 AM
Event ID/Source: 24 / WinMgmt
Event Description:
Event provider attempted to register query "SELECT * FROM __InstanceDeletionEvent where TargetInstance ISA "BRCM_NetworkVirtualAdapter"" whose target class "BRCM_NetworkVirtualAdapter"
does not exist.
The query will be ignored.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type91800 / Error
Event Submitted/Written: 04/24/2008 07:04:11 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The SC1BLPT service failed to start due to the following error:
%%2

Event Record #/Type91799 / Error
Event Submitted/Written: 04/24/2008 07:04:11 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The .NET Framework Service service failed to start due to the following error:
%%2

Event Record #/Type91798 / Warning
Event Submitted/Written: 04/24/2008 07:03:21 AM
Event ID/Source: 2511 / Server
Event Description:
The server service was unable to recreate the share Borland because the directory C:\Borland no longer exists. Please run "net share Borland /delete" to delete the share, or recreate the directory C:\Borland.

Event Record #/Type91797 / Warning
Event Submitted/Written: 04/24/2008 07:03:21 AM
Event ID/Source: 2511 / Server
Event Description:
The server service was unable to recreate the share vbqa because the directory C:\vbqa no longer exists. Please run "net share vbqa /delete" to delete the share, or recreate the directory C:\vbqa.

Event Record #/Type91795 / Warning
Event Submitted/Written: 04/24/2008 07:02:48 AM / 04/24/2008 07:03:15 AM
Event ID/Source: 4 / b57w2k
Event Description:
Broadcom 570x Gigabit Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.



-- End of Deckard's System Scanner: finished at 2008-04-24 23:17:46 ------------

BC AdBot (Login to Remove)

 


m

#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:09 PM

Posted 25 April 2008 - 02:03 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download ComboFix and save it to your desktop.

Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Dan Tran

Dan Tran
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 25 April 2008 - 06:48 PM

thank you so much for the help, below is combofix log

ComboFix 08-04-24.1 - dtran 2008-04-25 16:15:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.531 [GMT -7:00]
Running from: C:\Documents and Settings\dtran\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\dtran\Desktop\Error Cleaner.url
C:\Documents and Settings\dtran\Desktop\Privacy Protector.url
C:\Documents and Settings\dtran\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\dtran\Favorites\Error Cleaner.url
C:\Documents and Settings\dtran\Favorites\Privacy Protector.url
C:\Documents and Settings\dtran\Favorites\Spyware&Malware Protection.url
C:\Documents and Settings\dtran\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
C:\Documents and Settings\dtran\Local Settings\Temporary Internet Files\ijjistarter2FxB.exe
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\bsva-egihsg52.exe
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\emesx.dll
C:\WINDOWS\SYSTEM32\Suxadfii.ini
C:\WINDOWS\SYSTEM32\Suxadfii.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2008-03-25 to 2008-04-25 )))))))))))))))))))))))))))))))
.

2008-04-24 23:15 . 2008-04-24 23:15 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-24 23:09 . 2008-04-24 23:09 <DIR> d-------- C:\Deckard
2008-04-22 22:34 . 2008-04-22 22:34 <DIR> d-------- C:\Documents and Settings\dtran\Application Data\Grisoft
2008-04-22 22:33 . 2008-04-22 22:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-22 22:33 . 2007-05-30 05:10 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2008-04-22 21:33 . 2008-04-22 21:33 <DIR> d-------- C:\Documents and Settings\dantran\Application Data\TmpRecentIcons
2008-04-22 20:26 . 2008-04-22 20:26 <DIR> d-------- C:\Documents and Settings\dtran\Application Data\McAfee
2008-04-22 20:06 . 2008-04-22 21:33 <DIR> d-------- C:\Documents and Settings\dantran\Application Data\Subversion
2008-04-22 20:02 . 2008-04-22 20:02 106,496 --a------ C:\WINDOWS\SYSTEM32\ojidgxyt.exe
2008-04-22 20:00 . 2008-04-23 19:39 <DIR> d-------- C:\Documents and Settings\dantran
2008-04-22 20:00 . 2008-04-25 16:14 1,024 --ah----- C:\Documents and Settings\dantran\ntuser.dat.LOG
2008-04-22 07:46 . 2008-04-22 21:40 1,541,037 --ahs---- C:\WINDOWS\SYSTEM32\wggjpgbw.ini
2008-04-21 23:41 . 2008-04-21 23:41 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-21 23:41 . 2008-04-21 23:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-21 23:38 . 2008-04-21 23:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-21 22:47 . 2007-03-29 05:56 409,600 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\qmgr.dll
2008-04-21 22:47 . 2007-03-29 05:56 18,944 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\qmgrprxy.dll
2008-04-21 22:47 . 2007-03-29 05:56 8,192 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\bitsprx2.dll
2008-04-21 22:47 . 2007-03-29 05:56 7,168 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\bitsprx4.dll
2008-04-21 22:47 . 2007-03-29 05:56 7,168 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\bitsprx3.dll
2008-04-21 22:47 . 2007-03-29 05:56 7,168 --a------ C:\WINDOWS\SYSTEM32\bitsprx4.dll
2008-04-21 19:39 . 2008-04-24 23:55 <DIR> d-------- C:\Documents and Settings\dtran\Application Data\TmpRecentIcons
2008-04-19 20:31 . 2008-04-19 20:31 0 --a------ C:\WINDOWS\SYSTEM32\REN496.tmp
2008-04-19 20:31 . 2008-04-19 20:31 0 --a------ C:\WINDOWS\SYSTEM32\REN495.tmp
2008-04-19 19:09 . 2008-04-23 22:44 <DIR> d-------- C:\Documents and Settings\dtran\.subversion
2008-04-10 10:24 . 2008-04-10 10:24 <DIR> d-------- C:\Program Files\SHARP
2008-04-10 10:21 . 2003-12-09 21:01 88,296 --a------ C:\WINDOWS\SYSTEM32\Scpmonal.dll
2008-04-10 10:20 . 2008-04-10 10:21 <DIR> d-------- C:\Program Files\SC-Print AL
2008-04-10 00:51 . 2008-04-10 00:51 2,238 --a------ C:\WINDOWS\SYSTEM32\cmd$3.ico
2008-04-10 00:51 . 2008-04-10 00:51 2,238 --a------ C:\WINDOWS\SYSTEM32\cmd$2.ico
2008-04-10 00:51 . 2008-04-10 00:51 2,238 --a------ C:\WINDOWS\SYSTEM32\cmd$1.ico
2008-04-10 00:50 . 2008-04-10 00:51 2,238 --a------ C:\WINDOWS\explorer.ico
2008-04-06 00:20 . 2008-04-06 00:20 <DIR> d-------- C:\Program Files\Xilisoft
2008-04-05 11:45 . 2008-04-05 11:45 <DIR> d-------- C:\Program Files\PQDVD
2008-03-28 21:54 . 2008-04-10 00:51 <DIR> d-------- C:\IPLocksVA

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-23 06:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-23 04:45 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-22 04:58 --------- d-----w C:\Documents and Settings\dtran\Application Data\Lavasoft
2008-04-22 00:33 --------- d-----w C:\Program Files\McAfee
2008-04-22 00:29 --------- d-----w C:\Documents and Settings\dtran\Application Data\SharpReader
2008-04-22 00:28 --------- d-----w C:\Program Files\Magic Workstation
2008-04-21 11:48 90,112 ----a-w C:\WINDOWS\wxvgsdbq.exe
2008-04-21 11:48 270,336 ----a-w C:\WINDOWS\wdpoefan.dll
2008-04-21 11:48 212,992 ----a-w C:\WINDOWS\vadokmxt.dll
2008-04-21 11:48 200,704 ----a-w C:\WINDOWS\dpevflbg.dll
2008-04-21 11:48 102,400 ----a-w C:\WINDOWS\olgdqarf.exe
2008-04-20 04:19 --------- d-----w C:\Program Files\Java
2008-04-14 07:18 --------- d-----w C:\Documents and Settings\dtran\Application Data\BitTorrent
2008-03-01 04:42 141,612 ----a-w C:\WINDOWS\system32\drivers\dump_wmimmc.sys
2007-08-20 21:08 46,168 ----a-w C:\Documents and Settings\dtran\Application Data\GDIPFONTCACHEV1.DAT
2007-02-09 06:16 3,143,680 ----a-w C:\Program Files\winzip.tar
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{859D10F7-0E0F-43A8-8DF7-EC0466A40301}"= "C:\WINDOWS\dpevflbg.dll" [2008-04-21 04:48 200704]

[HKEY_CLASSES_ROOT\clsid\{859d10f7-0e0f-43a8-8df7-ec0466a40301}]
[HKEY_CLASSES_ROOT\dpevflbg.1]
[HKEY_CLASSES_ROOT\TypeLib\{486966C8-91EF-4511-B1E6-9140EF231857}]
[HKEY_CLASSES_ROOT\dpevflbg]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@={30351346-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@={30351347-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@={30351348-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@={3035134B-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@={3035134C-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@={3035134D-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@={3035134E-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2006-11-11 16:46 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2006-11-11 16:46 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2006-11-11 16:46 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2006-11-11 16:46 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2006-11-11 16:46 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2006-11-11 16:46 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2006-11-11 16:46 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-26 13:01 4632576]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 13:59 4838952]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"ZEcCf6LNFf"= C:\Documents and Settings\All Users\Application Data\xazetyts\hwhmxsjm.exe

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"wdpoefan"= {BBCE53EC-1C63-4CDB-A95D-B9164A47EC32} - C:\WINDOWS\wdpoefan.dll [2008-04-21 04:48 270336]
"vadokmxt"= {12545625-F116-4CD5-A82B-B0F025FD7F79} - C:\WINDOWS\vadokmxt.dll [2008-04-21 04:48 212992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUomkhH]
vtUomkhH.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.WMV3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R3 GTICARD;GTICARD;C:\WINDOWS\system32\DRIVERS\gticard.sys [2003-02-14 13:03]
S2 .NET Connection Service;.NET Framework Service;C:\WINDOWS\svchost.exe []
S2 SC1BLPT;SC1BLPT;C:\WINDOWS\system32\SC1BLPT.SYS []
S3 continuum;Apache Continuum;C:\dev\continuum\continuum-1.1-beta-1\bin\windows-x86-32\wrapper.exe []
S3 ICDUSB2;Sony IC Recorder (P);C:\WINDOWS\system32\Drivers\ICDUSB2.sys [2002-11-28 22:23]
S3 IPLocksVATomcat;IPLocksVA Application Server;C:\IPLocksVA\tomcat\bin\tomcat6.exe [2008-02-12 17:38]
S3 ndisva;Avaya VPNet Virtual Adapter Driver;C:\WINDOWS\system32\DRIVERS\vadapter.sys []
S3 Tomcat5;Apache Tomcat;c:\dev\tomcat\5.5.23-EXE\bin\tomcat5.exe [2007-03-05 08:26]
S3 urvpndrv;F5 Networks VPN Adapter;C:\WINDOWS\system32\DRIVERS\urvpndrv.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{369dac8a-b49b-11dc-9678-000bdb99dbc7}]
\Shell\AutoRun\command - Data.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bad53ece-2ccd-11dc-965a-00904b2e49a2}]
\Shell\AutoRun\command - F:\LaunchU3.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-21 16:40:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-15 14:09:37 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-01-01 09:10:23 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-25 16:28:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\TEMP\mcafee_8qhqAlEjWOuQ4ru 0 bytes
C:\WINDOWS\TEMP\mcafee_8qhqAlEjWOuQ4ru-journal 20 bytes

scan completed successfully
hidden files: 2

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\TortoiseSVN\iconv\_tbl_simple.so
-> C:\Program Files\TortoiseSVN\iconv\windows-1252.so
-> C:\Program Files\TortoiseSVN\iconv\utf-8.so
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\scardsvr.exe
C:\WINDOWS\SYSTEM32\BAsfIpM.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\COMMON~1\McAfee\RedirSvc\RedirSvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\SYSTEM32\nvsvc32.exe
C:\WINDOWS\SYSTEM32\WLTRYSVC.EXE
C:\WINDOWS\SYSTEM32\BCMWLTRY.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\McAfee\MPS\mpsevh.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
C:\WINDOWS\SYSTEM32\taskmgr.exe
C:\WINDOWS\SYSTEM32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-04-25 16:45:31 - machine was rebooted [dtran]
ComboFix-quarantined-files.txt 2008-04-25 23:45:20

Pre-Run: 20,689,641,472 bytes free
Post-Run: 20,620,353,536 bytes free

235 --- E O F --- 2008-04-22 10:07:44

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:09 PM

Posted 26 April 2008 - 02:15 AM

Ready for the second round? :thumbsup:

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

File::
C:\WINDOWS\SYSTEM32\ojidgxyt.exe
C:\WINDOWS\SYSTEM32\wggjpgbw.ini
C:\WINDOWS\wxvgsdbq.exe
C:\WINDOWS\wdpoefan.dll
C:\WINDOWS\vadokmxt.dll
C:\WINDOWS\dpevflbg.dll
C:\WINDOWS\olgdqarf.exe

Folder::
C:\Documents and Settings\All Users\Application Data\xazetyts

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{859D10F7-0E0F-43A8-8DF7-EC0466A40301}"=-
[-HKEY_CLASSES_ROOT\clsid\{859d10f7-0e0f-43a8-8df7-ec0466a40301}]
[-HKEY_CLASSES_ROOT\dpevflbg.1]
[-HKEY_CLASSES_ROOT\TypeLib\{486966C8-91EF-4511-B1E6-9140EF231857}]
[-HKEY_CLASSES_ROOT\dpevflbg]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"ZEcCf6LNFf"=-
[-HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"wdpoefan"=-
"vadokmxt"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUomkhH]
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply along with a new HijackThis log.


====================



Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Dan Tran

Dan Tran
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 26 April 2008 - 07:30 PM

after the first combofix run, the problem went await, below the another requested combofix log and hijack log. I will run the SUPERAntiSpyware after this.

thank you and thank you

Edited by Buckeye_Sam, 27 April 2008 - 07:40 AM.


#6 Dan Tran

Dan Tran
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 26 April 2008 - 07:48 PM

sorry last combofix log was the wrong one

here is the right one

ComboFix 08-04-24.1 - dtran 2008-04-26 17:01:25.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.490 [GMT -7:00]
Running from: C:\Documents and Settings\dtran\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\dtran\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\dpevflbg.dll
C:\WINDOWS\olgdqarf.exe
C:\WINDOWS\SYSTEM32\ojidgxyt.exe
C:\WINDOWS\SYSTEM32\wggjpgbw.ini
C:\WINDOWS\vadokmxt.dll
C:\WINDOWS\wdpoefan.dll
C:\WINDOWS\wxvgsdbq.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\dpevflbg.dll
C:\WINDOWS\olgdqarf.exe
C:\WINDOWS\SYSTEM32\ojidgxyt.exe
C:\WINDOWS\SYSTEM32\wggjpgbw.ini
C:\WINDOWS\vadokmxt.dll
C:\WINDOWS\wdpoefan.dll
C:\WINDOWS\wxvgsdbq.exe

.
((((((((((((((((((((((((( Files Created from 2008-03-27 to 2008-04-27 )))))))))))))))))))))))))))))))
.

2008-04-25 23:12 . 2008-04-25 23:12 2,238 --a------ C:\WINDOWS\SYSTEM32\cmd$3.ico
2008-04-25 23:12 . 2008-04-25 23:12 2,238 --a------ C:\WINDOWS\SYSTEM32\cmd$2.ico
2008-04-25 23:12 . 2008-04-25 23:12 2,238 --a------ C:\WINDOWS\SYSTEM32\cmd$1.ico
2008-04-25 23:12 . 2008-04-25 23:12 2,238 --a------ C:\WINDOWS\explorer.ico
2008-04-24 23:15 . 2008-04-24 23:15 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-24 23:09 . 2008-04-24 23:09 <DIR> d-------- C:\Deckard
2008-04-22 22:34 . 2008-04-22 22:34 <DIR> d-------- C:\Documents and Settings\dtran\Application Data\Grisoft
2008-04-22 22:33 . 2008-04-22 22:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-22 22:33 . 2007-05-30 05:10 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2008-04-22 21:33 . 2008-04-22 21:33 <DIR> d-------- C:\Documents and Settings\dantran\Application Data\TmpRecentIcons
2008-04-22 20:26 . 2008-04-22 20:26 <DIR> d-------- C:\Documents and Settings\dtran\Application Data\McAfee
2008-04-22 20:06 . 2008-04-22 21:33 <DIR> d-------- C:\Documents and Settings\dantran\Application Data\Subversion
2008-04-22 20:00 . 2008-04-23 19:39 <DIR> d-------- C:\Documents and Settings\dantran
2008-04-22 20:00 . 2008-04-25 21:11 1,024 --ah----- C:\Documents and Settings\dantran\ntuser.dat.LOG
2008-04-21 23:41 . 2008-04-21 23:41 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-21 23:41 . 2008-04-21 23:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-21 23:38 . 2008-04-21 23:38 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-21 22:47 . 2007-03-29 05:56 409,600 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\qmgr.dll
2008-04-21 22:47 . 2007-03-29 05:56 18,944 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\qmgrprxy.dll
2008-04-21 22:47 . 2007-03-29 05:56 8,192 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\bitsprx2.dll
2008-04-21 22:47 . 2007-03-29 05:56 7,168 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\bitsprx4.dll
2008-04-21 22:47 . 2007-03-29 05:56 7,168 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\bitsprx3.dll
2008-04-21 22:47 . 2007-03-29 05:56 7,168 --a------ C:\WINDOWS\SYSTEM32\bitsprx4.dll
2008-04-21 19:39 . 2008-04-24 23:55 <DIR> d-------- C:\Documents and Settings\dtran\Application Data\TmpRecentIcons
2008-04-19 20:31 . 2008-04-19 20:31 0 --a------ C:\WINDOWS\SYSTEM32\REN496.tmp
2008-04-19 20:31 . 2008-04-19 20:31 0 --a------ C:\WINDOWS\SYSTEM32\REN495.tmp
2008-04-19 19:09 . 2008-04-23 22:44 <DIR> d-------- C:\Documents and Settings\dtran\.subversion
2008-04-10 10:24 . 2008-04-10 10:24 <DIR> d-------- C:\Program Files\SHARP
2008-04-10 10:21 . 2003-12-09 21:01 88,296 --a------ C:\WINDOWS\SYSTEM32\Scpmonal.dll
2008-04-10 10:20 . 2008-04-10 10:21 <DIR> d-------- C:\Program Files\SC-Print AL
2008-04-06 00:20 . 2008-04-06 00:20 <DIR> d-------- C:\Program Files\Xilisoft
2008-04-05 11:45 . 2008-04-05 11:45 <DIR> d-------- C:\Program Files\PQDVD
2008-03-28 21:54 . 2008-04-25 23:13 <DIR> d-------- C:\IPLocksVA

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-23 06:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-23 04:45 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-22 04:58 --------- d-----w C:\Documents and Settings\dtran\Application Data\Lavasoft
2008-04-22 00:33 --------- d-----w C:\Program Files\McAfee
2008-04-22 00:29 --------- d-----w C:\Documents and Settings\dtran\Application Data\SharpReader
2008-04-22 00:28 --------- d-----w C:\Program Files\Magic Workstation
2008-04-20 04:19 --------- d-----w C:\Program Files\Java
2008-04-14 07:18 --------- d-----w C:\Documents and Settings\dtran\Application Data\BitTorrent
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
2008-03-01 04:42 141,612 ----a-w C:\WINDOWS\system32\drivers\dump_wmimmc.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\SYSTEM32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\SYSTEM32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-02-15 09:07 18,432 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
2007-08-20 21:08 46,168 ----a-w C:\Documents and Settings\dtran\Application Data\GDIPFONTCACHEV1.DAT
2007-02-09 06:16 3,143,680 ----a-w C:\Program Files\winzip.tar
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@={30351346-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@={30351347-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@={30351348-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@={3035134B-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@={3035134C-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@={3035134D-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@={3035134E-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2006-11-11 16:46 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2006-11-11 16:46 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2006-11-11 16:46 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2006-11-11 16:46 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2006-11-11 16:46 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2006-11-11 16:46 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2006-11-11 16:46 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-26 13:01 4632576]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 13:59 4838952]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.WMV3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 IPLocksVATomcat;IPLocksVA Application Server;C:\IPLocksVA\tomcat\bin\tomcat6.exe [2008-02-12 17:38]
R3 GTICARD;GTICARD;C:\WINDOWS\system32\DRIVERS\gticard.sys [2003-02-14 13:03]
S2 .NET Connection Service;.NET Framework Service;C:\WINDOWS\svchost.exe []
S2 SC1BLPT;SC1BLPT;C:\WINDOWS\system32\SC1BLPT.SYS []
S3 continuum;Apache Continuum;C:\dev\continuum\continuum-1.1-beta-1\bin\windows-x86-32\wrapper.exe []
S3 ICDUSB2;Sony IC Recorder (P);C:\WINDOWS\system32\Drivers\ICDUSB2.sys [2002-11-28 22:23]
S3 ndisva;Avaya VPNet Virtual Adapter Driver;C:\WINDOWS\system32\DRIVERS\vadapter.sys []
S3 Tomcat5;Apache Tomcat;c:\dev\tomcat\5.5.23-EXE\bin\tomcat5.exe [2007-03-05 08:26]
S3 urvpndrv;F5 Networks VPN Adapter;C:\WINDOWS\system32\DRIVERS\urvpndrv.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{369dac8a-b49b-11dc-9678-000bdb99dbc7}]
\Shell\AutoRun\command - Data.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bad53ece-2ccd-11dc-965a-00904b2e49a2}]
\Shell\AutoRun\command - F:\LaunchU3.exe

*Newly Created Service* - IPLOCKSVATOMCAT
.
Contents of the 'Scheduled Tasks' folder
"2008-04-21 16:40:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-15 14:09:37 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-01-01 09:10:23 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-26 17:07:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-26 17:21:52
ComboFix-quarantined-files.txt 2008-04-27 00:21:48
ComboFix2.txt 2008-04-25 23:45:32

Pre-Run: 20,693,602,304 bytes free
Post-Run: 20,676,112,384 bytes free

177 --- E O F --- 2008-04-22 10:07:44

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:09 PM

Posted 27 April 2008 - 07:42 AM

Looking pretty good. Just post the log from Superantispyware once you've had a chance to run it. :thumbsup:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 Dan Tran

Dan Tran
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 27 April 2008 - 07:19 PM

Here is Superantispyware log. Thank you

============================================================================

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/26/2008 at 09:47 PM

Application Version : 4.0.1154

Core Rules Database Version : 3448
Trace Rules Database Version: 1440

Scan type : Complete Scan
Total Scan Time : 03:49:24

Memory items scanned : 494
Memory threats detected : 0
Registry items scanned : 5724
Registry threats detected : 4
File items scanned : 147199
File threats detected : 61

Adware.2020Search
HKLM\Software\Classes\CLSID\{4E1075F4-EEC4-4a86-ADD7-CD5F52858C31}
HKCR\CLSID\{4E1075F4-EEC4-4A86-ADD7-CD5F52858C31}
HKCR\CLSID\{4E1075F4-EEC4-4A86-ADD7-CD5F52858C31}\Implemented Categories

Adware.Tracking Cookie
C:\Documents and Settings\dtran\Cookies\dtran@trustedantivirus[1].txt
C:\Documents and Settings\dtran\Cookies\dtran@protect.trustedantivirus[1].txt
C:\Documents and Settings\dtran\Cookies\dtran@antispywaremaster[1].txt
C:\Documents and Settings\dtran\Cookies\dtran@advancedcleaner[1].txt
C:\Documents and Settings\dtran\Cookies\dtran@shandler[2].txt
C:\Documents and Settings\dtran\Cookies\dtran@OS[3].txt
C:\Documents and Settings\dtran\Cookies\dtran@atdmt[1].txt
C:\Documents and Settings\dtran\Cookies\dtran@sale.antispywaremaster[1].txt
C:\Documents and Settings\dtran\Cookies\dtran@adnetserver[1].txt
C:\Documents and Settings\dtran\Cookies\dtran@gomyhit[2].txt
C:\Documents and Settings\dtran\Cookies\dtran@OS[2].txt
C:\Documents and Settings\dtran\Cookies\dtran@ad.zanox[1].txt
C:\Documents and Settings\dantran\Cookies\dantran@adnetserver[1].txt

Trojan.Unknown Origin
C:\WINDOWS\system32\smp\msrc.exe
C:\WINDOWS\system32\smp

Browser Hijacker.Internet Explorer Settings Hijack
HKU\S-1-5-21-3617025308-160184702-2513138193-1016\Software\Microsoft\Internet Explorer\Main#Start Page [ http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 ]

Desktop Hijacker.AboutYourPrivacy
C:\QOOBOX\QUARANTINE\C\WINDOWS\PRIVACY_DANGER\IMAGES\CAPT.GIF.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\PRIVACY_DANGER\IMAGES\DOWN.GIF.VIR

Trojan.Unclassified/Multi-Dropper
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\OJIDGXYT.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP952\A0114726.EXE

Trojan.Unclassified/GTS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP952\A0114724.DLL

Adware.Vundo-Variant/J
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP952\A0114728.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP952\A0114729.DLL

Trojan.Fake-Drop/Gen
C:\WINDOWS\SYSTEM32\AKTTZN.EXE
C:\WINDOWS\SYSTEM32\ANTICIPATOR.DLL
C:\WINDOWS\SYSTEM32\AWTOOLB.DLL
C:\WINDOWS\SYSTEM32\BDN.COM
C:\WINDOWS\SYSTEM32\HOPROXY.DLL
C:\WINDOWS\SYSTEM32\HXIWLGPM.DAT
C:\WINDOWS\SYSTEM32\HXIWLGPM.EXE
C:\WINDOWS\SYSTEM32\MEDUP012.DLL
C:\WINDOWS\SYSTEM32\MSGP.EXE
C:\WINDOWS\SYSTEM32\MSNBHO.DLL
C:\WINDOWS\SYSTEM32\MSSECU.EXE
C:\WINDOWS\SYSTEM32\MSVCHOST.EXE
C:\WINDOWS\SYSTEM32\MTR2.EXE
C:\WINDOWS\SYSTEM32\MWIN32.EXE
C:\WINDOWS\SYSTEM32\NETODE.EXE
C:\WINDOWS\SYSTEM32\NEWSD32.EXE
C:\WINDOWS\SYSTEM32\PS1.EXE
C:\WINDOWS\SYSTEM32\REGC64.DLL
C:\WINDOWS\SYSTEM32\REGM64.DLL
C:\WINDOWS\SYSTEM32\RUNDL1.EXE
C:\WINDOWS\SYSTEM32\SSURF022.DLL
C:\WINDOWS\SYSTEM32\SSVCHOST.COM
C:\WINDOWS\SYSTEM32\SSVCHOST.EXE
C:\WINDOWS\SYSTEM32\SYSREQ.EXE
C:\WINDOWS\SYSTEM32\TAACK.DAT
C:\WINDOWS\SYSTEM32\TAACK.EXE
C:\WINDOWS\SYSTEM32\TEMP#01.EXE
C:\WINDOWS\SYSTEM32\THUN.DLL
C:\WINDOWS\SYSTEM32\THUN32.DLL
C:\WINDOWS\SYSTEM32\VBIEWER.OCX
C:\WINDOWS\SYSTEM32\VBSYS2.DLL
C:\WINDOWS\SYSTEM32\VCATCHPI.DLL
C:\WINDOWS\SYSTEM32\WINLOGONPC.EXE
C:\WINDOWS\SYSTEM32\WINSYSTEM.EXE
C:\WINDOWS\SYSTEM32\WINWGPX.EXE

Dpcproxy
C:\WINDOWS\SYSTEM32\DPCPROXY.EXE

Unclassified.Unknown Origin/System
C:\WINDOWS\SYSTEM32\PSOF1.EXE

Adware.Pacer D
C:\WINDOWS\SYSTEM32\PSOFT1.EXE

Trojan.Dluca-I
C:\WINDOWS\SYSTEM32\SNCNTR.EXE

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:09 PM

Posted 28 April 2008 - 08:08 AM

Looking good! :thumbsup:

Please post a log from DSS, which was the first log you posted.
How is your computer behaving now? Any problems?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 Dan Tran

Dan Tran
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 28 April 2008 - 09:33 AM

every think is back to normal, thank you. Here is the dss log

Deckard's System Scanner v20071014.68
Run by dtran on 2008-04-28 07:30:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 82% (more than 75%).


-- HijackThis (run as dtran.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:30:54 AM, on 4/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\basfipm.exe
C:\IPLocksVA\tomcat\bin\tomcat6.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\cmd.exe
C:\WINDOWS\SYSTEM32\cmd.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\eclipse\eclipse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\dtran\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\dtran.exe
C:\WINDOWS\system32\taskmgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:/DOCUME~1/dtran/LOCALS~1/Temp/customProfileDir927557/proxy.pac
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = engineering.net
O17 - HKLM\Software\..\Telephony: DomainName = engineering.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = engineering.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = iplocks.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = engineering.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = iplocks.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = iplocks.com
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: Broadcom ASF IP monitoring service v3.0.1 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Apache Continuum (continuum) - Unknown owner - C:\dev\continuum\continuum-1.1-beta-1\bin\windows-x86-32\wrapper.exe (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\SYSTEM32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPLocksVA Application Server (IPLocksVATomcat) - Apache Software Foundation - C:\IPLocksVA\tomcat\bin\tomcat6.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - c:\dev\tomcat\5.5.23-EXE\bin\tomcat5.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe (file missing)
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8054 bytes

-- Files created between 2008-03-28 and 2008-04-28 -----------------------------

2008-04-27 13:10:22 0 d-------- C:\Program Files\Graphviz2.16
2008-04-26 17:48:28 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-26 17:46:44 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-26 17:46:44 0 d-------- C:\Documents and Settings\dtran\Application Data\SUPERAntiSpyware.com
2008-04-26 17:45:43 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-25 16:13:53 68096 --a------ C:\WINDOWS\zip.exe
2008-04-25 16:13:53 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-25 16:13:53 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-25 16:13:53 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-25 16:13:53 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-25 16:13:53 98816 --a------ C:\WINDOWS\sed.exe
2008-04-25 16:13:53 80412 --a------ C:\WINDOWS\grep.exe
2008-04-25 16:13:53 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-24 23:15:55 0 d-------- C:\Program Files\Trend Micro
2008-04-22 22:33:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-22 20:26:38 0 d-------- C:\Documents and Settings\dtran\Application Data\McAfee
2008-04-21 23:41:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-21 19:39:02 0 d-------- C:\Documents and Settings\dtran\Application Data\TmpRecentIcons
2008-04-19 19:09:36 0 d-------- C:\Documents and Settings\dtran\.subversion
2008-04-10 10:24:54 0 d-------- C:\Program Files\SHARP
2008-04-10 10:24:20 159744 --a------ C:\WINDOWS\_isusr32.dll
2008-04-10 10:24:09 122880 --a------ C:\WINDOWS\system32\usc1.dll
2008-04-10 10:24:09 142 --a------ C:\WINDOWS\system32\Usc0Msg.dat
2008-04-10 10:24:09 45056 --a------ C:\WINDOWS\system32\_isusr2k.dll
2008-04-10 10:24:03 0 d-------- C:\WINDOWS\system32\SCDRV
2008-04-10 10:21:00 88296 --a------ C:\WINDOWS\system32\Scpmonal.dll <Not Verified; SHARP CORPORATION; SC-Print AL for Windows NT/2000/XP>
2008-04-10 10:20:55 0 d-------- C:\Program Files\SC-Print AL
2008-04-06 00:20:00 0 d-------- C:\Program Files\Xilisoft
2008-04-05 11:45:38 0 d-------- C:\Program Files\PQDVD
2008-03-28 21:54:04 0 d-------- C:\IPLocksVA


-- Find3M Report ---------------------------------------------------------------

2008-04-27 22:38:11 0 d-------- C:\Program Files\Java
2008-04-26 17:45:43 0 d-------- C:\Program Files\Common Files
2008-04-22 20:02:35 126633 --a------ C:\WINDOWS\system32\nvModes.dat
2008-04-21 21:58:37 0 d-------- C:\Documents and Settings\dtran\Application Data\Lavasoft
2008-04-21 17:33:39 0 d-------- C:\Program Files\McAfee
2008-04-21 17:29:33 0 d-------- C:\Documents and Settings\dtran\Application Data\SharpReader
2008-04-21 17:28:05 0 d-------- C:\Program Files\Magic Workstation
2008-04-14 00:18:20 0 d-------- C:\Documents and Settings\dtran\Application Data\BitTorrent
2008-02-13 02:23:35 10600 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown



-- End of Deckard's System Scanner: finished at 2008-04-28 07:31:21 ------------

#11 Dan Tran

Dan Tran
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 28 April 2008 - 10:27 AM

BTW, my more.exe, find.exe, attrib.exe, find.exe are now gone, which is suspisious, do you super scan accdidentally remove them?

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:09 PM

Posted 28 April 2008 - 01:51 PM

BTW, my more.exe, find.exe, attrib.exe, find.exe are now gone, which is suspisious, do you super scan accdidentally remove them?

I don't see any indication of that in the log. How did you determine that they were missing?


Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:/DOCUME~1/dtran/LOCALS~1/Temp/customProfileDir927557/proxy.pac
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present



Otherwise your log looks clean to me.
Are you having any problems?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 Dan Tran

Dan Tran
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 28 April 2008 - 09:17 PM

I figured out the problem with my missing find.exe, etc. The PATH system variable used %systemroot%, which is wrong.
I ended to change it use %SystemRoot%.

Also I am a little lost about you asking me to run

"un Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button."

I only have dss.exe to run which is a console executable, I have no way doing what you asked.

-D

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:09 PM

Posted 29 April 2008 - 08:50 AM

When you downloaded and installed DSS it also downloaded Hijackthis onto your computer. It runs every time you run DSS.
You can find Hijackthis here.

C:\PROGRA~1\TRENDM~1\HIJACK~1\dtran.exe or C:\Program Files\Trendmicro\Hijackthis

Just double click on dtran.exe and it will run.

Edited by Buckeye_Sam, 29 April 2008 - 08:50 AM.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 Dan Tran

Dan Tran
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 29 April 2008 - 10:52 AM

all done, thank you and thank you so much




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users