Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rundll32.exe Malware


  • This topic is locked This topic is locked
2 replies to this topic

#1 jefscott

jefscott

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 26 April 2008 - 08:28 PM

Hello,

I have noticed that a malware has hijacked Rundll32.exe on my computer, Everytime I open Internet Explorer, the malware opens a 2nd window and advertises for a company (rogue antispyware, trading, pornography....).
Reno unistaller is installed on my computer which enables me to see what program/process automatically starts. I have noticed that since the problem strarted, the following process started at the same time as my computer: BM6be77a06. The launch path for this shows as being: Rundll32.exe "C:WINDOWSsystem32esxjkhtl.dll",s. The description is " run a DLL as an app".

I have Norton 360 on my computer. I have also ran spyware Doctor and Spysweeper to no avail.
I have followed the steps in the section about what to do before posting a log and I have run Kapersky online scanner and Deckard scanner. Please find below the reports, first from Kapersky and then the two created through Deckard.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, April 26, 2008 8:48:27 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 26/04/2008
Kaspersky Anti-Virus database records: 726789
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:
C:
D:
E:
G:

Scan Statistics:
Total number of scanned objects: 114698
Number of viruses found: 5
Number of infected objects: 12
Number of suspicious objects: 0
Duration of the scan process: 02:52:55

Infected Object Name / Virus Name / Last Action
C:DeckardSystem ScannerbackupWINDOWSDownloaded Program Filespopcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.a skipped
C:Documents and SettingsAll UsersApplication DataMicrosoftCryptoRSAMachineKeys216f6a5eab142fcfafe363256791ddde_38bc07f1-b442-473f-8dd1-dfc0ebbc7dc0 Object is locked skipped
C:Documents and SettingsAll UsersApplication DataMicrosoftCryptoRSAMachineKeys2b4e174cd8dba859ebbf90a405ff1901_38bc07f1-b442-473f-8dd1-dfc0ebbc7dc0 Object is locked skipped
C:Documents and SettingsAll UsersApplication DataMicrosoftCryptoRSAMachineKeys2de434d3cf6a85de73fdc97948c44750_38bc07f1-b442-473f-8dd1-dfc0ebbc7dc0 Object is locked skipped
C:Documents and SettingsAll UsersApplication DataMicrosoftCryptoRSAMachineKeys310e0139e83b2f1d32c749b9c72d95c6_38bc07f1-b442-473f-8dd1-dfc0ebbc7dc0 Object is locked skipped
C:Documents and SettingsAll UsersApplication DataMicrosoftCryptoRSAMachineKeys3b52e9add6b393d8638cda7b4a1c0cae_38bc07f1-b442-473f-8dd1-dfc0ebbc7dc0 Object is locked skipped
C:Documents and SettingsAll UsersApplication DataMicrosoftCryptoRSAMachineKeys401a37a8eb149beb7b52fea4f1bd8d4a_38bc07f1-b442-473f-8dd1-dfc0ebbc7dc0 Object is locked skipped
C:Documents and SettingsAll UsersApplication DataMicrosoftCryptoRSAMachineKeys528571f49f28ae8765b89cc86d9b485b_38bc07f1-b442-473f-8dd1-dfc0ebbc7dc0 Object is locked skipped
C:Documents and SettingsAll UsersApplication DataMicrosoftCryptoRSAMachineKeys55f0d052765da70758f553c6e374963b_38bc07f1-b442-473f-8dd1-dfc0ebbc7dc0 Object is locked skipped
C:Documents and SettingsAll UsersApplication DataMicrosoftCryptoRSAMachineKeys5979228e863ab7da4d671c51e6233430_38bc07f1-b442-473f-8dd1-dfc0ebbc7dc0 Object is locked skipped
C:Documents and SettingsAll UsersApplication DataMicrosoftCryptoRSAMachineKeys5e04375946fa5e04457438d76d123e2f_38bc07f1-b442-473f-8dd1-dfc0ebbc7dc0 Object is locked skipped
C:Documents and SettingsAll UsersApplication DataMicrosoftCryptoRSAMachineKeys6fb1c84fb1df8acb14a91c5fc6977058_38bc07f1-b442-473f-8dd1-dfc0ebbc7dc0 Object is locked skipped
C:Documents and SettingsAll UsersApplication DataMicrosoftCryptoRSAMachineKeys95b3b00ac6b923196f9ba1a9a298c9cb_38bc07f1-b442-473f-8dd1-dfc0ebbc7dc0 Object is locked skipped
C:Documents and SettingsAll UsersApplication DataMicrosoftCryptoRSAMachineKeys9be1222e5339242da2a74dfc78915b99_38bc07f1-b442-473f-8dd1-dfc0ebbc7dc0 Object is locked skipped
C:Documents and SettingsAll UsersApplication DataMicrosoftCryptoRSAMachineKeys9bf08e4f561d7d4630124fc8d6e0e2a7_38bc07f1-b442-473f-8dd1-dfc0ebbc7dc0 Object is locked skipped
C:Documents and SettingsAll UsersApplication DataMicrosoftCryptoRSAMachineKeys9c6d68db4affa0203671c87769a41be9_38bc07f1-b442-473f-8dd1-dfc0ebbc7dc0 Object is locked skipped
C:Documents and SettingsAll UsersApplication DataMicrosoftCryptoRSAMachineKeysaa85f58f1100bf00392a0b9870a9f50b_38bc07f1-b442-473f-8dd1-dfc0ebbc7dc0 Object is locked skipped
C:Documents and SettingsAll UsersApplication DataMicrosoftCryptoRSAMachineKeyscc34ecb67d1df6121832af956e705393_38bc07f1-b442-473f-8dd1-dfc0ebbc7dc0 Object is locked skipped
C:Documents and SettingsAll UsersApplication DataMicrosoftCryptoRSAMachineKeysd9495a731d3d4b9611dfb9fa4a45f867_38bc07f1-b442-473f-8dd1-dfc0ebbc7dc0 Object is locked skipped
C:Documents and SettingsAll UsersApplication DataSymantecCommon ClientConfid.log Object is locked skipped
C:Documents and SettingsAll UsersApplication DataSymantecCommon ClientContent.log Object is locked skipped
C:Documents and SettingsAll UsersApplication DataSymantecCommon ClientPrivacy.log Object is locked skipped
C:Documents and SettingsAll UsersApplication DataSymantecCommon ClientRestrict.log Object is locked skipped
C:Documents and SettingsAll UsersApplication DataSymantecCommon Clientsettings.dat Object is locked skipped
C:Documents and SettingsAll UsersApplication DataSymantecCommon ClientWebHist.log Object is locked skipped
C:Documents and SettingsAll UsersApplication DataSymantecSharedQBackupindex.qbs Object is locked skipped
C:Documents and SettingsAll UsersApplication DataSymantecSPBBCBBConfig.log Object is locked skipped
C:Documents and SettingsAll UsersApplication DataSymantecSPBBCBBDebug.log Object is locked skipped
C:Documents and SettingsAll UsersApplication DataSymantecSPBBCBBDetect.log Object is locked skipped
C:Documents and SettingsAll UsersApplication DataSymantecSPBBCBBNotify.log Object is locked skipped
C:Documents and SettingsAll UsersApplication DataSymantecSPBBCBBRefr.log Object is locked skipped
C:Documents and SettingsAll UsersApplication DataSymantecSPBBCBBSetCfg.log Object is locked skipped
C:Documents and SettingsAll UsersApplication DataSymantecSPBBCBBSetCfg2.log Object is locked skipped
C:Documents and SettingsAll UsersApplication DataSymantecSPBBCBBSetDev.log Object is locked skipped
C:Documents and SettingsAll UsersApplication DataSymantecSPBBCBBSetLoc.log Object is locked skipped
C:Documents and SettingsAll UsersApplication DataSymantecSPBBCBBSetUsr.log Object is locked skipped
C:Documents and SettingsAll UsersApplication DataSymantecSPBBCBBStHash.log Object is locked skipped
C:Documents and SettingsAll UsersApplication DataSymantecSPBBCBBValid.log Object is locked skipped
C:Documents and SettingsAll UsersApplication DataSymantecSPBBCSPPolicy.log Object is locked skipped
C:Documents and SettingsAll UsersApplication DataSymantecSPBBCSPStart.log Object is locked skipped
C:Documents and SettingsAll UsersApplication DataSymantecSPBBCSPStop.log Object is locked skipped
C:Documents and SettingsAll UsersApplication DataSymantecSRTSPSrtErEvt.log Object is locked skipped
C:Documents and SettingsAll UsersApplication DataSymantecSRTSPSrtETmp3E9DFAB6.TMP Object is locked skipped
C:Documents and SettingsAll UsersApplication DataSymantecSRTSPSrtETmp5A8B2C92.TMP Object is locked skipped
C:Documents and SettingsAll UsersApplication DataSymantecSRTSPSrtMoEvt.log Object is locked skipped
C:Documents and SettingsAll UsersApplication DataSymantecSRTSPSrtNvEvt.log Object is locked skipped
C:Documents and SettingsAll UsersApplication DataSymantecSRTSPSrtScEvt.log Object is locked skipped
C:Documents and SettingsAll UsersApplication DataSymantecSRTSPSrtTxFEvt.log Object is locked skipped
C:Documents and SettingsAll UsersApplication DataSymantecSRTSPSrtViEvt.log Object is locked skipped
C:Documents and SettingsGuestLocal SettingsTemporary Internet FilesAntiPhishing6729BBF9-D54C-48CB-A4D7-AD400339D808.dat Object is locked skipped
C:Documents and Settingsjean-francois floresApplication DataMozillaFirefoxProfilescgrdjmh3.defaultcert8.db Object is locked skipped
C:Documents and Settingsjean-francois floresApplication DataMozillaFirefoxProfilescgrdjmh3.defaulthistory.dat Object is locked skipped
C:Documents and Settingsjean-francois floresApplication DataMozillaFirefoxProfilescgrdjmh3.defaultkey3.db Object is locked skipped
C:Documents and Settingsjean-francois floresApplication DataMozillaFirefoxProfilescgrdjmh3.defaultparent.lock Object is locked skipped
C:Documents and Settingsjean-francois floresApplication DataMozillaFirefoxProfilescgrdjmh3.defaultsearch.sqlite Object is locked skipped
C:Documents and Settingsjean-francois floresApplication DataMozillaFirefoxProfilescgrdjmh3.defaulturlclassifier2.sqlite Object is locked skipped
C:Documents and Settingsjean-francois floresCookiesindex.dat Object is locked skipped
C:Documents and Settingsjean-francois floresDesktopSecuritySmitfraudFixReboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:Documents and Settingsjean-francois floresDesktopSecuritySmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:Documents and Settingsjean-francois floresDesktopSecuritySmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:Documents and Settingsjean-francois floresDesktopSecuritySmitfraudFix.exe RarSFX: infected - 2 skipped
C:Documents and Settingsjean-francois floresLocal SettingsApplication DataMicrosoftFeeds Cacheindex.dat Object is locked skipped
C:Documents and Settingsjean-francois floresLocal SettingsApplication DataMicrosoftWindowsUsrClass.dat Object is locked skipped
C:Documents and Settingsjean-francois floresLocal SettingsApplication DataMicrosoftWindowsUsrClass.dat.LOG Object is locked skipped
C:Documents and Settingsjean-francois floresLocal SettingsApplication DataMozillaFirefoxProfilescgrdjmh3.defaultCache_CACHE_001_ Object is locked skipped
C:Documents and Settingsjean-francois floresLocal SettingsApplication DataMozillaFirefoxProfilescgrdjmh3.defaultCache_CACHE_002_ Object is locked skipped
C:Documents and Settingsjean-francois floresLocal SettingsApplication DataMozillaFirefoxProfilescgrdjmh3.defaultCache_CACHE_003_ Object is locked skipped
C:Documents and Settingsjean-francois floresLocal SettingsApplication DataMozillaFirefoxProfilescgrdjmh3.defaultCache_CACHE_MAP_ Object is locked skipped
C:Documents and Settingsjean-francois floresLocal SettingsHistoryHistory.IE5index.dat Object is locked skipped
C:Documents and Settingsjean-francois floresLocal SettingsHistoryHistory.IE5MSHist012008042620080427index.dat Object is locked skipped
C:Documents and Settingsjean-francois floresLocal SettingsTemp~DF2475.tmp Object is locked skipped
C:Documents and Settingsjean-francois floresLocal SettingsTemp~DF253E.tmp Object is locked skipped
C:Documents and Settingsjean-francois floresLocal SettingsTemp~DF25B1.tmp Object is locked skipped
C:Documents and Settingsjean-francois floresLocal SettingsTemp~DF25BA.tmp Object is locked skipped
C:Documents and Settingsjean-francois floresLocal SettingsTemporary Internet FilesAntiPhishingB3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:Documents and Settingsjean-francois floresLocal SettingsTemporary Internet FilesContent.IE5index.dat Object is locked skipped
C:Documents and Settingsjean-francois floresNTUSER.DAT Object is locked skipped
C:Documents and Settingsjean-francois floresntuser.dat.LOG Object is locked skipped
C:Documents and SettingsLocalServiceApplication DataWebrootSpy SweeperDatasettings.dat Object is locked skipped
C:Documents and SettingsLocalServiceCookiesindex.dat Object is locked skipped
C:Documents and SettingsLocalServiceLocal SettingsApplication DataMicrosoftWindowsUsrClass.dat Object is locked skipped
C:Documents and SettingsLocalServiceLocal SettingsApplication DataMicrosoftWindowsUsrClass.dat.LOG Object is locked skipped
C:Documents and SettingsLocalServiceLocal SettingsHistoryHistory.IE5index.dat Object is locked skipped
C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat Object is locked skipped
C:Documents and SettingsLocalServiceNTUSER.DAT Object is locked skipped
C:Documents and SettingsLocalServicentuser.dat.LOG Object is locked skipped
C:Documents and SettingsNetworkServiceLocal SettingsApplication DataMicrosoftWindowsUsrClass.dat Object is locked skipped
C:Documents and SettingsNetworkServiceLocal SettingsApplication DataMicrosoftWindowsUsrClass.dat.LOG Object is locked skipped
C:Documents and SettingsNetworkServiceNTUSER.DAT Object is locked skipped
C:Documents and SettingsNetworkServicentuser.dat.LOG Object is locked skipped
C:My DownloadsSpywaresdsetup.exe/file090 Infected: not-a-virus:Monitor.Win32.KeyLogger.dq skipped
C:My DownloadsSpywaresdsetup.exe Inno: infected - 1 skipped
C:Program FilesCommon FilesSymantec SharedAntiSpamLogSpam.log Object is locked skipped
C:Program FilesCommon FilesSymantec SharedBonusLogShazam.log Object is locked skipped
C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcrst.dll Object is locked skipped
C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsys.dll Object is locked skipped
C:Program FilesCommon FilesSymantec SharedcoSharedWA1.5NCOWAD.dat Object is locked skipped
C:Program FilesCommon FilesSymantec SharedcoSharedWA1.5NCOWADMT.dat Object is locked skipped
C:Program FilesCommon FilesSymantec SharedcoSharedWA1.5NCOWAS.dat Object is locked skipped
C:Program FilesCommon FilesSymantec SharedcoSharedWA1.5NCOWAS.ldb Object is locked skipped
C:Program FilesCommon FilesSymantec SharedEENGINEEPERSIST.DAT Object is locked skipped
C:Program FilesCommon FilesSymantec SharedSNDALRT.log Object is locked skipped
C:Program FilesCommon FilesSymantec SharedSNDCON.log Object is locked skipped
C:Program FilesCommon FilesSymantec SharedSNDDBG.log Object is locked skipped
C:Program FilesCommon FilesSymantec SharedSNDFW.log Object is locked skipped
C:Program FilesCommon FilesSymantec SharedSNDIDS.log Object is locked skipped
C:Program FilesCommon FilesSymantec SharedSNDSYS.log Object is locked skipped
C:Program FilesNorton 360LogAutoProtect.log Object is locked skipped
C:Program FilesNorton 360LogAVContext.log Object is locked skipped
C:Program FilesNorton 360LogAVManual.log Object is locked skipped
C:Program FilesNorton 360LogBackup.log Object is locked skipped
C:Program FilesNorton 360LogCUInternetPageViewHistory.log Object is locked skipped
C:Program FilesNorton 360LogCUInternetSearchHistory.log Object is locked skipped
C:Program FilesNorton 360LogCUInternetTempFiles.log Object is locked skipped
C:Program FilesNorton 360LogCUWindowsTempFiles.log Object is locked skipped
C:Program FilesNorton 360LogEmailScan.log Object is locked skipped
C:Program FilesNorton 360LogInternetSecurity.log Object is locked skipped
C:Program FilesNorton 360LogISIntrusionPrevented.log Object is locked skipped
C:Program FilesNorton 360LogISIOTraffic.log Object is locked skipped
C:Program FilesNorton 360LogISNewNetwork.log Object is locked skipped
C:Program FilesNorton 360LogLiveUpdate.log Object is locked skipped
C:Program FilesNorton 360LogNCO.log Object is locked skipped
C:Program FilesNorton 360LogVABrowserSettings.log Object is locked skipped
C:Program FilesNorton 360LogVAIPAddresses.log Object is locked skipped
C:Program FilesNorton 360LogVAWeakPasswords.log Object is locked skipped
C:Program FilesNorton 360LogWDFScanner.log Object is locked skipped
C:Program FilesSymantecNorton AntiBotagentlogNABAgent.log Object is locked skipped
C:Program FilesSymantecNorton AntiBotagentlogNABAgent_boot.log Object is locked skipped
C:Program FilesSymantecNorton AntiBotagentlogNABAgent_graph.log Object is locked skipped
C:Program FilesSymantecNorton AntiBotagentlogNABAgent_malware.log Object is locked skipped
C:Program FilesSymantecNorton AntiBotagentlogNABAgent_node.log Object is locked skipped
C:Program FilesSymantecNorton AntiBotagentlogNABAgent_removed.log Object is locked skipped
C:Program FilesSymantecNorton AntiBotagentlogNortonAntiBot_boot.log Object is locked skipped
C:Program FilesWebrootSpy SweeperMastersmasters.bak Object is locked skipped
C:Program FilesWebrootSpy SweeperMastersMasters.const Object is locked skipped
C:Program FilesWebrootSpy SweeperMastersmasters.mst Object is locked skipped
C:Program FilesWebrootSpy SweeperMasters.base Object is locked skipped
C:System Volume InformationMountPointManagerRemoteDatabase Object is locked skipped
C:System Volume Information_restore{9A740221-9D7E-4265-B015-811737DA6B23}RP1467A0613511.dll Infected: Packed.Win32.Monder.gen skipped
C:System Volume Information_restore{9A740221-9D7E-4265-B015-811737DA6B23}RP1470A0615698.exe/data0000.cab/is153202.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.qpu skipped
C:System Volume Information_restore{9A740221-9D7E-4265-B015-811737DA6B23}RP1470A0615698.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.qpu skipped
C:System Volume Information_restore{9A740221-9D7E-4265-B015-811737DA6B23}RP1470A0615698.exe Rsrc-Package: infected - 2 skipped
C:System Volume Information_restore{9A740221-9D7E-4265-B015-811737DA6B23}RP1470A0615703.dll Infected: Packed.Win32.Monder.gen skipped
C:System Volume Information_restore{9A740221-9D7E-4265-B015-811737DA6B23}RP1470change.log Object is locked skipped
C:WINDOWSDebugPASSWD.LOG Object is locked skipped
C:WINDOWSSchedLgU.Txt Object is locked skipped
C:WINDOWSSoftwareDistributionReportingEvents.log Object is locked skipped
C:WINDOWSSti_Trace.log Object is locked skipped
C:WINDOWSsystem32configACEEvent.evt Object is locked skipped
C:WINDOWSsystem32configAppEvent.Evt Object is locked skipped
C:WINDOWSsystem32configdefault Object is locked skipped
C:WINDOWSsystem32configdefault.LOG Object is locked skipped
C:WINDOWSsystem32configInternet.evt Object is locked skipped
C:WINDOWSsystem32configSAM Object is locked skipped
C:WINDOWSsystem32configSAM.LOG Object is locked skipped
C:WINDOWSsystem32configSecEvent.Evt Object is locked skipped
C:WINDOWSsystem32configSECURITY Object is locked skipped
C:WINDOWSsystem32configSECURITY.LOG Object is locked skipped
C:WINDOWSsystem32configsoftware Object is locked skipped
C:WINDOWSsystem32configsoftware.LOG Object is locked skipped
C:WINDOWSsystem32configSysEvent.Evt Object is locked skipped
C:WINDOWSsystem32configsystem Object is locked skipped
C:WINDOWSsystem32configsystem.LOG Object is locked skipped
C:WINDOWSsystem32driverssptd.sys Object is locked skipped
C:WINDOWSsystem32h323log.txt Object is locked skipped
C:WINDOWSsystem32LogFilesWUDFWUDFTrace.etl Object is locked skipped
C:WINDOWSsystem32wbemRepositoryFSINDEX.BTR Object is locked skipped
C:WINDOWSsystem32wbemRepositoryFSINDEX.MAP Object is locked skipped
C:WINDOWSsystem32wbemRepositoryFSMAPPING.VER Object is locked skipped
C:WINDOWSsystem32wbemRepositoryFSMAPPING1.MAP Object is locked skipped
C:WINDOWSsystem32wbemRepositoryFSMAPPING2.MAP Object is locked skipped
C:WINDOWSsystem32wbemRepositoryFSOBJECTS.DATA Object is locked skipped
C:WINDOWSsystem32wbemRepositoryFSOBJECTS.MAP Object is locked skipped
C:WINDOWSTempJET3FCD.tmp Object is locked skipped
C:WINDOWSTempJET4FEA.tmp Object is locked skipped
C:WINDOWSwiadebug.log Object is locked skipped
C:WINDOWSwiaservc.log Object is locked skipped
C:WINDOWSWindowsUpdate.log Object is locked skipped

Scan process completed.




Deckard's System Scanner v20071014.68
Run by jean-francois flores on 2008-04-26 17:13:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
49: 2008-04-26 21:14:22 UTC - RP1470 - Deckard's System Scanner Restore Point
48: 2008-04-26 12:48:41 UTC - RP1469 - Uniblue RegistryBooster
47: 2008-04-26 11:29:01 UTC - RP1468 - Installed SUPERAntiSpyware Free Edition
46: 2008-04-25 21:59:49 UTC - RP1467 - Last known good configuration
45: 2008-04-25 05:47:27 UTC - RP1466 - System Checkpoint


-- First Restore Point --
1: 2008-03-10 03:03:45 UTC - RP1422 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as jean-francois flores.exe) --------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:18:02 PM, on 4/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
C:Program FilesCommon FilesSymantec SharedccProxy.exe
C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
C:Program FilesLavasoftAd-Aware 2007aawservice.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesSymantecNorton AntiBotagentBinNABAgent.exe
C:WINDOWSsystem32LEXPPS.EXE
C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe
C:WINDOWSSystem32NMSSvc.exe
C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesSymantecNorton AntiBotagentBinNABWatcher.exe
C:Program FilesWebrootSpy SweeperSpySweeper.exe
C:Program FilesCanonCALCALMAIN.exe
C:WINDOWSsystem32Ati2evxx.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesSymantecNorton AntiBotagentbinNortonAntiBot.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesSymantecNorton AntiBotagentbinNABMonitor.exe
C:WINDOWSexplorer.exe
C:Documents and Settingsjean-francois floresDesktopdss.exe
C:PROGRA~1TRENDM~1HIJACK~1jean-francois flores.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://weather.msn.com/local.aspx?wealocations=wc:CAXX0343
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Anonymizer Proxy - {0DB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:Program FilesNetConealAnonymity ShieldProxyNew.dll
O2 - BHO: (no name) - {1BBF353F-1144-47DC-903D-5283867E939E} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:Program FilesCommon FilesSymantec SharedcoSharedBrowser1.5NppBho.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:Program FilesSpywareGuarddlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_03binssv.dll
O2 - BHO: (no name) - {A4564C3A-0A61-4983-80EE-2FCE789E2EDE} - C:WINDOWSsystem32wvUkLeBR.dll
O2 - BHO: {eaf625b3-7675-7179-3d94-da3ced0a27ef} - {fe72a0de-c3ad-49d3-9717-57673b526fae} - C:WINDOWSsystem32btcnqytr.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:Program FilesCommon FilesSymantec SharedcoSharedBrowser1.5UIBHO.dll
O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 - HKLM..Run: [NortonAntiBot] "C:Program FilesSymantecNorton AntiBotagentbinNortonAntiBot.exe"
O4 - HKLM..Run: [BM6be77a06] Rundll32.exe "C:WINDOWSsystem32esxjkhtl.dll",s
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKUSS-1-5-18..Run: [DWQueuedReporting] "C:PROGRA~1COMMON~1MICROS~1DWdwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUSS-1-5-18..RunServices: [Window Monitor] winmon32.exe (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [DWQueuedReporting] "C:PROGRA~1COMMON~1MICROS~1DWdwtrig20.exe" -t (User 'Default user')
O4 - HKUS.DEFAULT..RunServices: [Window Monitor] winmon32.exe (User 'Default user')
O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03binssv.dll
O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:WINDOWSsystem32SHDOCVW.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} - http://musicstore.sonyconnect.ca/XSL/mb_ca...ALStreaming.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsr.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/14c769849aae8b...ip/RdxIE601.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1119050283890
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1119050227343
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photolab.ca/Upload/ImageUploader4.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://chambery.dyndns.org/activex/AMC.cab
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - http://www.shockwave.com/content/luxor/mjolauncher.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/...gr.cab31267.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photolab.ca/en/Photo/ImageUploader3.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - http://game09.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.od2.com/common/musicmanager/in...nagerPlugin.CAB
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://zone.msn.com/bingame/jobo/default/A...ersion=1,0,0,10
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://games.pogo.com/online2/pogo/zuma/popcaploader_v5.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup152.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} - http://entimg.msn.com/client/msnmusax2729.cab
O16 - DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} (DGTx.uc1) - http://66.98.144.30/DGTx.CAB
O17 - HKLMSystemCCSServicesTcpip..{60DB7AF6-E6D3-4B70-B0B2-7B88945354F0}: NameServer = 216.58.97.21 216.58.97.20
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:Program FilesSUPERAntiSpywareSASWINLO.dll
O20 - Winlogon Notify: tuvTmMcc - tuvTmMcc.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:Program FilesLavasoftAd-Aware 2007aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:Program FilesCanonCALCALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedVAScannercomHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:Program FilesiPodbiniPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:Program FilesCommon FilesSony SharedAVLibMSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:Program FilesNeroNero 7Nero BackItUpNBService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:WINDOWSSystem32NMSSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:Program FilesCommon FilesSony SharedAVLibPACSPTISVR.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:Program FilesSpyware Doctorsvcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:Program FilesSpyware Doctorswdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:Program FilesCommon FilesSony SharedAVLibSPTISRV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:Program FilesCommon FilesSymantec SharedCCPD-LCsymlcsvc.exe
O23 - Service: SymantecAntiBotAgent - Symantec - C:Program FilesSymantecNorton AntiBotagentBinNABAgent.exe
O23 - Service: SymantecAntiBotWatcher - Symantec - C:Program FilesSymantecNorton AntiBotagentBinNABWatcher.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:Program FilesWebrootSpy SweeperSpySweeper.exe

--
End of file - 13436 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 ntcdrdrv - c:windowssystem32driversntcdrdrv.sys <Not Verified; NoteBurn Software; NoteBurn>
R2 SbcpHid - c:windowssystem32driverssbcphid.sys
R3 NMSCFG (NIC Management Service Configuration Driver) - c:windowssystem32driversnmscfg.sys <Not Verified; Intel Corporation; Intel® NMSCFG Driver>
R3 pcouffin (VSO Software pcouffin) - c:windowssystem32driverspcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 pfc (Padus ASPI Shell) - c:windowssystem32driverspfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 109b7baf-c7a7-4ead-a1cf-5202c19269cb - e:cds300cds300.dll (file missing)
S3 ASPI (Advanced SCSI Programming Interface Driver) - c:windowssystem32driversaspi32.sys <Not Verified; Adaptec; Adaptec's ASPI Layer>
S3 DCamUSBSQTECH (Dual-Mode DSC(2770)) - c:windowssystem32driverssqcaptur.sys <Not Verified; Service & Quality Technology.; SQ905>
S3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:windowssystem32driversmcdbus.sys (file missing)
S3 pgfilter - c:program filespeerguardian2pgfilter.sys
S3 PSI - c:windowssystem32driverspsi_mf.sys <Not Verified; Secunia; Secunia Personal Software Inspector>
S3 SASENUM - c:program filessuperantispywaresasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 SBAPIFS - c:windowssystem32driverssbapifs.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CCALib8 (Canon Camera Access Library 8) - c:program filescanoncalcalmain.exe <Not Verified; Canon Inc.; >
R2 NMSSvc (Intel® NMS) - c:windowssystem32nmssvc.exe <Not Verified; Intel Corporation; NMS>

S3 iPod Service - "c:program filesipodbinipodservice.exe" (file missing)
S3 NBService - c:program filesneronero 7nero backitupnbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-26 01:18:24 452 --ah----- C:WINDOWSTasksUser_Feed_Synchronization-{FF6BAD0B-3E76-4B29-813D-9205FE030843}.job
2008-04-24 07:01:00 310 --a------ C:WINDOWSTasksSpywareBlaster AutoUpdate Configuration.job
2008-04-20 07:00:00 330 --a------ C:WINDOWSTasksExpress Cleanup.job
2008-04-19 19:30:00 330 --a------ C:WINDOWSTasksAd-Aware SE Personal.job
2008-04-12 18:22:43 330 --ah----- C:WINDOWSTasksMicrosoft_Hardware_Launch_IType_exe.job


-- Files created between 2008-03-26 and 2008-04-26 -----------------------------

2008-04-26 17:17:22 0 d-------- C:Program FilesTrend Micro
2008-04-26 15:02:54 0 d-------- C:Documents and SettingsAll UsersApplication DataKaspersky Lab
2008-04-26 15:02:44 0 d-------- C:WINDOWSsystem32Kaspersky Lab
2008-04-26 15:02:37 0 d-------- C:WINDOWSLastGood
2008-04-26 07:39:08 0 d-------- C:Documents and SettingsNetworkServiceApplication DataWebroot
2008-04-26 07:30:21 0 d-------- C:Documents and SettingsAll UsersApplication DataSUPERAntiSpyware.com
2008-04-26 07:29:09 0 d-------- C:Program FilesSUPERAntiSpyware
2008-04-26 07:29:06 0 d-------- C:Documents and Settingsjean-francois floresApplication DataSUPERAntiSpyware.com
2008-04-26 07:16:50 2276 --a------ C:WINDOWSsystem32tmp.reg
2008-04-26 07:15:07 86528 --a------ C:WINDOWSsystem32VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-26 07:15:07 82944 --a------ C:WINDOWSsystem32IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-26 07:15:07 82944 --a------ C:WINDOWSsystem32404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-26 07:15:06 25600 --a------ C:WINDOWSsystem32WS2Fix.exe
2008-04-26 07:15:06 289144 --a------ C:WINDOWSsystem32VCCLSID.exe <Not Verified; S!Ri; >
2008-04-26 07:15:06 288417 --a------ C:WINDOWSsystem32SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-04-26 07:15:06 51200 --a------ C:WINDOWSsystem32dumphive.exe
2008-04-26 07:15:05 53248 --a------ C:WINDOWSsystem32Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-04-26 06:07:43 107072 --a------ C:WINDOWSsystem32btcnqytr.dll
2008-04-26 06:04:07 106048 --a------ C:WINDOWSsystem32esxjkhtl.dll
2008-04-25 22:42:13 27648 ---hs---- C:WINDOWSsystem32Smab0.dll
2008-04-25 22:42:12 31232 -r-hs---- C:WINDOWSsystem32msfDX.dll <Not Verified; Hans Mayerl; msfDX.dll>
2008-04-25 22:42:12 163328 -r-hs---- C:WINDOWSsystem32flvDX.dll <Not Verified; Gabest; FLV Splitter>
2008-04-25 22:41:41 0 d-------- C:Program FileseRightSoft
2008-04-25 17:59:25 330092 --ahs---- C:WINDOWSsystem32RBeLkUvw.ini2
2008-04-25 17:59:18 281088 -----n--- C:WINDOWSsystem32wvUkLeBR.dll
2008-04-25 17:56:57 65602 --a------ C:WINDOWSsystem32cook3260.dll <Not Verified; RealNetworks, Inc.; RealPlayer 10>
2008-04-25 17:56:53 626688 --a------ C:WINDOWSsystem32vp7vfw.dll <Not Verified; On2.com; On2_VP70>
2008-04-25 17:54:26 0 --a------ C:WINDOWSsystem32wvUlmjkl.dll
2008-04-23 19:39:38 0 d--hs---- C:WINDOWSftpcache
2008-04-23 19:39:18 0 d-------- C:Program FilesNorton PC Checkup
2008-04-20 08:42:50 164352 --a------ C:WINDOWSsystem32unrar.dll
2008-04-20 08:42:46 70656 --a------ C:WINDOWSsystem32yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-04-20 08:42:44 159839 --a------ C:WINDOWSsystem32xvidvfw.dll
2008-04-20 08:42:44 755027 --a------ C:WINDOWSsystem32xvidcore.dll
2008-04-20 08:42:42 7680 --a------ C:WINDOWSsystem32ff_vfw.dll
2008-04-16 18:14:59 0 d-------- C:log
2008-04-13 07:48:35 0 d-------- C:Program FilesDVDFab HD Decrypter 4
2008-04-12 18:20:27 0 d-------- C:Program FilesMicrosoft IntelliType Pro
2008-04-12 18:18:48 0 d-------- C:Program FilesMSXML 6.0
2008-04-04 19:12:22 0 d-------- C:Documents and Settingsjean-francois floresApplication DataWindows Search
2008-04-04 18:38:42 0 d-------- C:WINDOWSsystem32GroupPolicy
2008-04-04 18:38:42 0 d-------- C:Program FilesWindows Desktop Search
2008-03-31 17:25:48 823296 --a------ C:WINDOWSsystem32divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 17:25:48 823296 --a------ C:WINDOWSsystem32divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 17:25:46 802816 --a------ C:WINDOWSsystem32divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 17:25:46 831488 --a------ C:WINDOWSsystem32divx_xx0a.dll
2008-03-31 17:25:46 682496 --a------ C:WINDOWSsystem32DivX.dll <Not Verified; DivX, Inc.; DivX®>


-- Find3M Report ---------------------------------------------------------------

2008-04-26 17:17:13 0 d-------- C:Program FilesCommon FilesSymantec Shared
2008-04-26 09:53:08 0 d-------- C:Program FilesSpyware Doctor
2008-04-26 07:28:32 0 d-------- C:Program FilesCommon FilesWise Installation Wizard
2008-04-26 07:07:57 0 d-------- C:Documents and Settingsjean-francois floresApplication DataVso
2008-04-26 07:07:39 668 --a------ C:Documents and Settingsjean-francois floresApplication Datavso_ts_preview.xml
2008-04-26 06:35:15 0 d-------- C:Documents and Settingsjean-francois floresApplication DatauTorrent
2008-04-25 17:56:49 0 d-------- C:Program FilesVSO
2008-04-25 16:58:25 0 d-------- C:Program FilesDivX
2008-04-23 20:42:31 0 d-------- C:Documents and Settingsjean-francois floresApplication DataAdobe
2008-04-22 18:28:19 0 d-------- C:Program FilesScreenShot Wizard
2008-04-21 17:49:39 0 d-------- C:Program FilesNorton 360
2008-04-20 20:05:24 0 d-------- C:Documents and Settingsjean-francois floresApplication DataDoppler
2008-04-20 08:42:43 0 d-------- C:Program FilesK-Lite Codec Pack
2008-04-16 18:31:15 0 d-------- C:Documents and Settingsjean-francois floresApplication DataSymantec
2008-04-12 22:35:45 0 d-------- C:Documents and Settingsjean-francois floresApplication DataRipIt4Me
2008-03-30 21:32:33 0 d-------- C:Program FilesInternet Radio Recorder
2008-03-21 16:30:08 3596288 --a------ C:WINDOWSsystem32qt-dx331.dll
2008-03-21 16:28:54 196608 --a------ C:WINDOWSsystem32dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 16:28:54 81920 --a------ C:WINDOWSsystem32dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 16:28:20 12288 --a------ C:WINDOWSsystem32DivXWMPExtType.dll
2008-03-15 06:24:09 0 d-------- C:Program FilesiWin
2008-03-14 21:50:47 0 d-------- C:Program FilesMicrosoft Silverlight
2008-03-11 22:04:11 0 d-------- C:Program FilesSpeedItUpFree
2008-03-06 00:30:26 0 d-------- C:Program FilesLavasoft
2008-03-06 00:30:24 0 d-------- C:Documents and Settingsjean-francois floresApplication DataLavasoft
2008-03-01 21:36:37 0 d-------- C:Program FilesUFile 2007
2008-02-20 21:58:21 3532 --a------ C:drmHeader.bin
2008-02-07 16:15:06 408576 --a------ C:WINDOWSsystem32Smab.dll
2008-02-03 21:51:59 737280 --a------ C:WINDOWSiun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-01-31 20:02:19 249856 --a------ C:WINDOWSsystem32pdfmona.dll <Not Verified; TODO: <Company name>; TODO: <Product name>>
2008-01-31 20:02:19 51716 --a------ C:WINDOWSsystem32pdf995mon.dll
2008-01-31 20:00:43 302 --a------ C:Program Filestemp995.bat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE~Browser Helper Objects{1BBF353F-1144-47DC-903D-5283867E939E}]

[HKEY_LOCAL_MACHINE~Browser Helper Objects{A4564C3A-0A61-4983-80EE-2FCE789E2EDE}]
04/25/2008 05:59 PM 281088 --------- C:WINDOWSsystem32wvUkLeBR.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{fe72a0de-c3ad-49d3-9717-57673b526fae}]
04/26/2008 06:07 AM 107072 --a------ C:WINDOWSsystem32btcnqytr.dll

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"ccApp"="C:Program FilesCommon FilesSymantec SharedccApp.exe" [03/14/2007 11:10 PM]
"NortonAntiBot"="C:Program FilesSymantecNorton AntiBotagentbinNortonAntiBot.exe" [11/12/2007 10:59 PM]
"BM6be77a06"="C:WINDOWSsystem32esxjkhtl.dll" [04/26/2008 06:04 AM]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [08/04/2004 01:56 AM]

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionrunservices]
"Window Monitor"=winmon32.exe

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionrun]
"DWQueuedReporting"="C:PROGRA~1COMMON~1MICROS~1DWdwtrig20.exe" -t

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
"NoViewOnDrive"=0 (0x0)

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:Program FilesSUPERAntiSpywareSASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotify!SASWinLogon]
C:Program FilesSUPERAntiSpywareSASWINLO.dll 04/19/2007 12:41 PM 294912 C:Program FilesSUPERAntiSpywareSASWINLO.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifytuvTmMcc]
tuvTmMcc.dll

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]
"Authentication Packages"= msv1_0 C:WINDOWSsystem32wvUkLeBR

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalaawservice]
@="Service"

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdauxservice"

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdcoreservice"

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalvds]
@="Service"

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{2b78ca52-3a4e-11dc-8fed-0007e97b061b}]
AutoRuncommand- C:Program FilesIRRautorun.exe

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-04-26 17:21:18 ------------
------------

Hello again,

I clicked on submit inaverdently. I omitted to attach the Extra report from Deckard. Here it is.

Thank you for any help anyone can offer.

Edit: Merged posts. ~ OB

Edited by Orange Blossom, 26 April 2008 - 10:22 PM.


BC AdBot (Login to Remove)

 


#2 jefscott

jefscott
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 29 April 2008 - 08:23 PM

Hello,

Just wanted to let you that I solved this issue thanks to SUPERAntiSpyware.
http://www.superantispyware.com/index.html
Thank you.

Edited by jefscott, 29 April 2008 - 08:58 PM.


#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:06:11 AM

Posted 29 April 2008 - 11:22 PM

Thanks for informing us.

This thread is closed.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users