Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unsure? Think It All Has Had Something To Do With Comething Called Cftmon.exe (and More Too)d


  • This topic is locked This topic is locked
2 replies to this topic

#1 Delacy

Delacy

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:33 PM

Posted 30 April 2008 - 06:09 PM

Deckard's System Scanner v20071014.68
Run by Gamer on 2008-04-30 23:49:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
14: 2008-04-30 22:49:29 UTC - RP409 - Deckard's System Scanner Restore Point
13: 2008-04-30 22:41:07 UTC - RP408 - Installed AVG 7.5
12: 2008-04-30 22:39:18 UTC - RP407 - Installed AVG 7.5
11: 2008-04-29 21:39:31 UTC - RP406 - Restore Operation
10: 2008-04-29 21:25:51 UTC - RP405 - Restore Operation


-- First Restore Point --
1: 2008-04-13 19:16:23 UTC - RP396 - RegRun Virus Scan


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 2.5 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-30 23:50:43
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\QWxleCBQcmllc3QtTGFjZXk\COMMAND.EXE
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\M-Audio\Install\EvoInst.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\drivers\spools.exe
C:\Documents and Settings\Gamer\Desktop\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.acer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {20362A5A-9E88-4EDD-A94A-8BD9123731EF} - C:\WINDOWS\system32\AWVTQ.DLL
O2 - BHO: (no name) - {22342B44-5B98-4B30-9D53-C182AD8DF217} - C:\WINDOWS\system32\HGGGGFD.DLL
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Gamer\cftmon.exe
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt
O4 - HKLM\..\RunOnce: [*Restore] C:\WINDOWS\system32\restore\rstrui.exe -i
O4 - HKLM\..\RunOnceEx: [Flags] 128
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [autoload] C:\Documents and Settings\LocalService\cftmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [IESet] IExplorer.dll .dbt (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [autoload] C:\Documents and Settings\LocalService\cftmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [IESet] IExplorer.dll .dbt (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{5AD36528-1485-4458-A13F-AF2B7990AC11}: NameServer = 85.255.114.6,85.255.112.8
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{70A6F6E3-99E6-4F8A-B476-41BACB2C267F}: NameServer = 85.255.114.6,85.255.112.8
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{8A79A50F-48D5-42C0-87E7-C93A93359F40}: NameServer = 85.255.114.6,85.255.112.8
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{9D0AB07C-BED2-4573-87A4-5F00721BDB92}: NameServer = 85.255.114.6,85.255.112.8
O17 - HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.6 85.255.112.8
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.6 85.255.112.8
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O20 - Winlogon Notify: crypt32chain - C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet - C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll - C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: hggggfd - C:\WINDOWS\system32\hggggfd.dll
O20 - Winlogon Notify: ScCertProp - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: SensLogn - C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon - C:\WINDOWS\system32\wlnotify.dll
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ATM Service (ATMsrvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\ATMsrvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QWxleCBQcmllc3QtTGFjZXk\COMMAND.EXE
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: M-Audio Installer (EvoInstallerService) - Unknown owner - C:\Program Files\M-Audio\Install\EvoInst.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\system32\TuneUpDefragService.exe


--
End of file - 9435 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - shell\edit\command - nmtyyrgbg.exe %1
.exe - exefile - shell\open\command - C:\WINDOWS\system32\drivers\spools.exe "%1" %*
.ini - inifile - shell\open\command - nmtyyrgbg.exe %1
.reg - regfile - shell\edit\command - nmtyyrgbg.exe %1
.txt - txtfile - shell\open\command - nmtyyrgbg.exe %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 DigiFilter - c:\windows\system32\drivers\digifilt.sys <Not Verified; Digidesign, A Division of Avid Technology, Inc.; Pro Tools®>
R0 MDPMGRNT - c:\windows\system32\drivers\mdpmgrnt.sys <Not Verified; Mediafour Corporation; Mediafour Disk Partition Manager>
R0 TPkd - c:\windows\system32\drivers\tpkd.sys <Not Verified; PACE Anti-Piracy, Inc.; InterLok®>
R0 xfilt (VIA SATA IDE Hot-plug Driver) - c:\windows\system32\drivers\xfilt.sys <Not Verified; VIA Technologies,Inc; VIA filter driver>
R1 MDFSYSNT - c:\windows\system32\drivers\mdfsysnt.sys <Not Verified; Mediafour Corporation; MacDrive>
R2 atksgt - c:\windows\system32\drivers\atksgt.sys
R2 DigiNet (Digidesign Ethernet Support) - c:\windows\system32\drivers\diginet.sys <Not Verified; Digidesign, A Division of Avid Technology, Inc.; Pro Tools®>
R2 irda (IrDA Protocol) - c:\windows\system32\drivers\irda.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys
R2 SetupNT - c:\windows\system32\setupnt.sys
R3 dalwdmservice (dal service) - c:\windows\system32\drivers\dalwdm.sys <Not Verified; Digidesign, A Division of Avid Technology, Inc.; Pro Tools®>
R3 MBX2DFU - c:\windows\system32\drivers\mbx2dfu.sys <Not Verified; Digidesign, A Division of Avid Technology, Inc.; Digidesign Mbox 2>
R3 MBX2MIDK (Digidesign Mbox 2 Midi Driver) - c:\windows\system32\drivers\mbx2midk.sys <Not Verified; Digidesign, A Division of Avid Technology, Inc.; Digidesign Mbox 2>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 Rasirda (WAN Miniport (IrDA)) - c:\windows\system32\drivers\rasirda.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 WmBEnum (Logitech Virtual Bus Enumerator Driver) - c:\windows\system32\drivers\wmbenum.sys <Not Verified; Logitech Inc.; Logitech WingMan Software>
R3 WmXlCore (Logitech WingMan Translation Layer Driver) - c:\windows\system32\drivers\wmxlcore.sys <Not Verified; Logitech Inc.; Logitech WingMan Software>

S0 Partizan - c:\windows\system32\drivers\partizan.sys (file missing)
S2 PfModNT - c:\windows\system32\pfmodnt.sys (file missing)
S3 dot4 (MS IEEE-1284.4 Driver) - c:\windows\system32\drivers\dot4.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 Dot4Print (Print Class Driver for IEEE-1284.4) - c:\windows\system32\drivers\dot4prt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 Dot4Scan (Scan Class Driver for IEEE-1284.4) - c:\windows\system32\drivers\dot4scan.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 dot4usb (Dot4USB Filter Dot4USB Filter) - c:\windows\system32\drivers\dot4usb.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 emu10kx (Creative EMU10K1/EMU10K2 Audio Driver (WDM)) - c:\windows\system32\drivers\e10kx2k.sys (file missing)
S3 EVOLUSB (%EVOL_USB.SvcDesc%) - c:\windows\system32\drivers\evolusb.sys <Not Verified; Evolution Electronics Ltd.; Evolution USB MIDI Keyboard Interface>
S3 Intels51 (Intel® 536EP V.92 Modem) - c:\windows\system32\drivers\intels51.sys <Not Verified; Intel Corporation; Intel® 536EP Modem Driver>
S3 irsir (Microsoft Serial Infrared Driver) - c:\windows\system32\drivers\irsir.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 MODEMCSA (Unimodem Streaming Filter Device) - c:\windows\system32\drivers\modemcsa.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 ossrv (Creative OS Services Driver) - c:\windows\system32\drivers\ctoss2k.sys (file missing)
S3 S3Psddr - c:\windows\system32\drivers\s3gnbm.sys <Not Verified; S3 Graphics, Inc.; S3 ProSavage & Twister Miniport Driver>
S3 WmFilter (Logitech WingMan HID Filter Driver) - c:\windows\system32\drivers\wmfilter.sys <Not Verified; Logitech Inc.; Logitech WingMan Software>
S3 WmVirHid (Logitech Virtual Hid Device Driver) - c:\windows\system32\drivers\wmvirhid.sys <Not Verified; Logitech Inc.; Logitech WingMan Software>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 cmdService (Command Service) - c:\windows\qwxlecbqcmllc3qttgfjzxk\command.exe
R2 DigiRefresh (Digidesign MME Refresh Service) - c:\program files\digidesign\drivers\mmerefresh.exe -s <Not Verified; Digidesign, A Division of Avid Technology, Inc.; Digidesign MME Binder>
R2 EvoInstallerService (M-Audio Installer) - c:\program files\m-audio\install\evoinst.exe <Not Verified; ; EvoUno USB Installer Service>
R2 Irmon (Infrared Monitor) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 Network Monitor - c:\program files\network monitor\netmon.exe service
R2 UxTuneUp (TuneUp Theme Extension) - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

S3 digiSPTIService - "c:\program files\digidesign\pro tools\digisptiservice.exe" <Not Verified; Digidesign, A Division of Avid Technology, Inc.; Pro Tools CD Ripping Service>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>
S3 TuneUp.Defrag (TuneUp Drive Defrag Service) - c:\windows\system32\tuneupdefragservice.exe <Not Verified; TuneUp Software GmbH; TuneUp Utilities>
S4 ATMsrvc (ATM Service) - c:\windows\system32\atmsrvc.exe <Not Verified; Adobe Systems Incorporated; Adobe Type Manager>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VIA Rhine II Fast Ethernet Adapter
Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_30651849&REV_7C\3&267A616A&0&90
Manufacturer: VIA Technologies, Inc.
Name: VIA Rhine II Fast Ethernet Adapter
PNP Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_30651849&REV_7C\3&267A616A&0&90
Service: FETND5BV


-- Scheduled Tasks -------------------------------------------------------------

2008-04-14 14:31:22 244 --a------ C:\WINDOWS\Tasks\WebReg psc 1500 series.job
2008-03-14 17:17:54 376 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job


-- Files created between 2008-03-30 and 2008-04-30 -----------------------------

2008-04-30 23:34:35 5120 --a------ C:\WINDOWS\system32\ftp33.dll
2008-04-28 00:21:51 0 d-------- C:\Program Files\coverXP
2008-04-14 14:25:10 0 d-------- C:\Program Files\Common Files\HP
2008-04-14 14:18:50 0 d-------- C:\Program Files\Hewlett-Packard
2008-04-14 14:14:52 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-04-14 14:14:22 16496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys <Not Verified; HP; HP Dot4Print>
2008-04-14 14:14:20 51120 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys <Not Verified; HP; HP Dot4 Windows 2000>
2008-04-14 14:13:41 21744 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys <Not Verified; HP; HP Dot4Usb Windows 2000>
2008-04-14 13:37:46 57344 --a------ C:\WINDOWS\system32\HPZisn12.dll <Not Verified; HP; HP SNMP Windows>
2008-04-14 13:37:46 69632 --a------ C:\WINDOWS\system32\HPZipm12.exe <Not Verified; HP; HP PML>
2008-04-14 13:37:46 61440 --a------ C:\WINDOWS\system32\HPZinw12.exe <Not Verified; HP; HP Dot4Net Windows>
2008-04-14 13:37:45 94208 --a------ C:\WINDOWS\system32\HPZipt12.dll <Not Verified; HP; HP SNMP Windows>
2008-04-14 13:37:45 204800 --a------ C:\WINDOWS\system32\HPZipr12.dll <Not Verified; HP; HP PmlRtl>
2008-04-14 13:37:45 278584 --a------ C:\WINDOWS\system32\HPZidr12.dll <Not Verified; HP; HP Dot4Rtl>
2008-04-14 13:35:32 0 d-------- C:\Program Files\HP
2008-04-14 13:35:27 25856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 13:32:32 112858 --a------ C:\WINDOWS\hpoins07.dat
2008-04-14 13:32:31 21124 -----n--- C:\WINDOWS\hpomdl07.dat
2008-04-13 21:56:59 0 d-------- C:\Program Files\Error Expert
2008-04-11 01:00:51 2 -rahs---- C:\WINDOWS\winstart.bat
2008-04-06 18:02:27 0 d-------- C:\Program Files\Greatis
2008-04-06 16:42:06 53312 --a------ C:\WINDOWS\system32\JHODRRYW.DLL
2008-04-06 16:41:10 60928 --a------ C:\WINDOWS\system32\IUMHGIV.DLL
2008-04-06 16:40:55 87104 --a------ C:\WINDOWS\system32\csfmgkxk.dll
2008-04-06 16:35:07 160256 --a------ C:\WINDOWS\system32\blackster.scr <Not Verified; Peter's Productions; Bugs!>
2008-04-06 16:35:03 76288 --a------ C:\WINDOWS\system32\ctfmona.exe
2008-04-06 16:33:40 28160 --a------ C:\WINDOWS\system32\icf.exe
2008-04-06 16:33:38 10 --a------ C:\WINDOWS\system32\kr_done1


-- Find3M Report ---------------------------------------------------------------

2008-04-30 23:49:12 5820 --ahs---- C:\WINDOWS\system32\qtvwa.ini2
2008-04-30 23:29:54 1073008640 --ahs---- \hiberfil.sys
2008-04-30 23:29:50 1609404416 --ahs---- \pagefile.sys
2008-04-28 03:24:58 6 --a------ C:\WINDOWS\dkmv.dll
2008-04-14 13:32:50 0 d--h----- \Config.Msi
2008-04-06 17:21:36 0 d-------- \Deckard
2008-04-06 16:43:22 36864 --a------ C:\WINDOWS\system32\explorer.exe <Not Verified; re tefhery rgfh fg fbfg dsfg; fd wert hg ert bvn twe ds>
2008-04-06 16:33:24 18432 --a------ C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe
2008-03-29 15:11:20 36864 --a------ C:\WINDOWS\system32\ghf.exe <Not Verified; sdfg erty745 hj r56 35ry fghdf; fdg erty etghj ry56 fgh dfh>
2008-03-29 15:11:20 36864 --a------ C:\WINDOWS\nmtyyrgbg.exe <Not Verified; sdfg erty745 hj r56 35ry fghdf; fdg erty etghj ry56 fgh dfh>
2008-03-29 15:10:48 20480 --a------ C:\WINDOWS\quit.exe <Not Verified; ert fdgbh egef bf ds; dsf rty43 fgb dfgdsr>
2008-03-29 13:41:08 0 d-------- C:\Program Files\AntiVirusPro
2008-03-29 13:39:54 18944 --a------ C:\WxI.exe
2008-03-29 13:39:54 18944 --a------ \WxI.exe
2008-03-29 13:05:56 26800 --a------ C:\WINDOWS\system32\cbXQiICT.dll
2008-03-28 21:07:12 90688 --a------ C:\WINDOWS\system32\uedfexte.dll
2008-03-28 18:38:56 135168 --a------ C:\WINDOWS\tk58.exe
2008-03-27 22:39:58 37376 --a------ C:\WINDOWS\17PHolmes572.exe
2008-03-27 22:39:42 41723 ---hs---- C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
2008-03-27 22:38:30 38400 --a------ C:\WINDOWS\system32\ljjhhhf.dll
2008-03-27 22:37:42 0 d-------- C:\Program Files\A?pPatch
2008-03-27 22:37:08 38400 --a------ C:\WINDOWS\system32\khfedbb.dll
2008-03-27 21:10:00 92224 --a------ C:\WINDOWS\system32\okkpxxed.dll
2008-03-27 21:06:58 93248 --a------ C:\WINDOWS\system32\rdssksoe.dll
2008-03-26 22:36:50 37376 -ra------ C:\WINDOWS\mrofinu572.exe
2008-03-24 12:15:36 0 d-------- C:\Program Files\VSO
2008-03-24 12:08:26 38400 --a------ C:\WINDOWS\system32\jkkljii.dll
2008-03-24 12:07:18 38400 --a------ C:\WINDOWS\system32\ljjhedb.dll
2008-03-23 20:13:50 0 d-------- C:\Program Files\NoDNS
2008-03-23 20:13:48 0 d-------- C:\Program Files\JavaCore
2008-03-23 20:13:48 0 d-------- C:\Program Files\InetGet2
2008-03-23 20:13:46 0 d-------- C:\Program Files\Temporary
2008-03-23 20:08:10 0 d--hs---- \TrustedAntivirus
2008-03-23 20:07:30 0 d-------- C:\Program Files\TrustedAntivirus
2008-03-23 20:00:14 44032 --a------ C:\WINDOWS\system32\fcccaxy.dll
2008-03-23 19:57:46 44032 --a------ C:\WINDOWS\system32\rqooonn.dll
2008-03-23 19:56:58 44032 --a------ C:\WINDOWS\system32\gebcdeb.dll
2008-03-23 18:45:58 92736 --a------ C:\WINDOWS\system32\vnhrooea.dll
2008-03-23 18:45:48 90176 --a------ C:\WINDOWS\system32\tlbaxtou.dll
2008-03-23 18:43:28 90176 --a------ C:\WINDOWS\system32\sdunpvxf.dll
2008-03-14 11:57:32 86080 -----n--- C:\WINDOWS\system32\oaluwuoc.dll
2008-03-14 11:54:32 94784 --a------ C:\WINDOWS\system32\jqttgrup.dll
2008-03-14 11:52:06 90688 --a------ C:\WINDOWS\system32\vcybjrwo.dll
2008-03-13 19:20:46 204800 --a------ C:\WINDOWS\TinyBHO.dll
2008-03-13 11:53:30 93760 --a------ C:\WINDOWS\system32\wacnbspi.dll
2008-03-13 11:52:00 90176 --a------ C:\WINDOWS\system32\kgqhjsel.dll
2008-03-12 14:00:00 93760 --a------ C:\WINDOWS\system32\jwedsgna.dll
2008-03-12 13:57:14 89152 --a------ C:\WINDOWS\system32\ytbpxsae.dll
2008-03-11 15:45:00 1 --a------ C:\WINDOWS\system32\rc.dat
2008-03-11 15:45:00 1 --a------ C:\WINDOWS\system32\ps1.dat
2008-03-11 15:42:40 37376 --a------ C:\WINDOWS\system32\bnsock.dll <Not Verified; Microsoft; Loop>
2008-03-11 15:42:10 4096 --a------ C:\WINDOWS\x3u.exe
2008-03-11 15:42:00 4096 --a------ C:\WINDOWS\ycl.exe
2008-03-11 15:41:52 4096 --a------ C:\WINDOWS\dgc.exe
2008-03-11 15:41:40 4096 --a------ C:\WINDOWS\kpx.exe
2008-03-11 14:48:16 0 d-------- C:\Program Files\uTorrent
2008-03-11 14:00:18 93248 --a------ C:\WINDOWS\system32\yhnbpbsl.dll
2008-03-11 13:54:18 90688 --a------ C:\WINDOWS\system32\lrutnlfm.dll
2008-03-11 09:36:46 306432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe <Not Verified; TuneUp Software GmbH; TuneUp Utilities>
2008-03-11 09:36:30 0 d-------- C:\Program Files\TuneUp Utilities 2008
2008-03-10 17:25:22 0 d-------- C:\Program Files\Grisoft(3)
2008-03-10 14:33:54 0 d-------- C:\Program Files\Grisoft(2)
2008-03-10 13:53:58 89152 --a------ C:\WINDOWS\system32\cvabpyvh.dll
2008-03-10 13:53:36 0 d-------- C:\Program Files\Yahoo!
2008-03-10 13:53:28 0 d-------- C:\Program Files\IObit
2008-03-07 10:22:20 120896 --a------ C:\WINDOWS\system32\adqsrepa.dll
2008-03-06 22:13:10 0 dr-h----- \$VAULT$.AVG
2008-03-06 21:59:20 0 d-------- C:\Program Files\Shareaza
2008-03-06 21:57:14 292352 -----n--- C:\WINDOWS\system32\AWVTQ.DLL
2008-03-06 21:57:14 292352 --a------ C:\WINDOWS\system32\AWVTQ(2).DLL
2008-03-06 21:55:14 36352 --a------ C:\WINDOWS\system32\xxyxurr.dll
2008-03-06 21:54:12 687592 --a------ C:\WINDOWS\system32\atmtd.dll
2008-03-06 21:53:34 0 d-------- C:\Program Files\Network Monitor
2008-03-06 21:51:50 36352 --a------ C:\WINDOWS\system32\HGGGGFD.DLL
2008-03-06 21:37:44 0 d-------- C:\Program Files\Shareaza Applications
2008-03-06 14:40:46 1167 --a------ C:\WINDOWS\mozver.dat
2008-03-06 14:38:42 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-06 13:48:40 0 d-------- C:\Program Files\Google
2008-03-06 10:37:00 0 d-------- C:\Program Files\Tiscali
2008-03-04 19:32:28 105984 --a------ C:\WINDOWS\b152.exe
2008-03-02 14:26:44 73728 --a------ C:\WINDOWS\b153.exe
2008-02-25 13:00:46 81920 --a------ C:\WINDOWS\b154.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20362A5A-9E88-4EDD-A94A-8BD9123731EF}]
03/06/2008 09:57 PM 292352 --------- C:\WINDOWS\system32\awvtq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22342B44-5B98-4B30-9D53-C182AD8DF217}]
03/06/2008 09:51 PM 36352 --a------ C:\WINDOWS\system32\hggggfd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [10/22/2006 05:22 AM]
"nwiz"="nwiz.exe" [10/22/2006 05:22 AM C:\WINDOWS\system32\nwiz.exe]
"AtiPTA"="atiptaxx.exe" [02/14/2002 04:42 AM C:\WINDOWS\system32\atiptaxx.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/2007 09:41 AM]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [08/22/2004 05:05 PM]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [10/22/2006 05:22 AM]
"SkyTel"="SkyTel.EXE" [05/16/2006 11:04 AM C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [09/12/2006 09:58 AM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 11:43 AM C:\WINDOWS\Alcmtr.exe]
"MDDiskProtect.exe"="C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe" [04/15/2005 09:54 PM]
"Mediafour Mac Volume Notifications"="C:\Program Files\Common Files\Mediafour\MACVNTFY.exe" [12/17/2002 09:43 PM]
"DigidesignMMERefresh"="C:\Program Files\Digidesign\Drivers\MMERefresh.exe" [11/14/2006 12:05 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/09/2007 06:53 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/11/2005 11:12 PM]
"ntuser"="C:\WINDOWS\system32\drivers\spools.exe" [03/29/2008 01:39 PM]
"autoload"="C:\Documents and Settings\Gamer\cftmon.exe" [04/30/2008 11:34 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"*Restore"=C:\WINDOWS\system32\restore\rstrui.exe -i

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"IESet"=IExplorer.dll .dbt

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ntuser"=C:\WINDOWS\system32\drivers\spools.exe
"autoload"=C:\Documents and Settings\LocalService\cftmon.exe
"IESet"=IExplorer.dll .dbt

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{22342B44-5B98-4B30-9D53-C182AD8DF217}"= C:\WINDOWS\system32\hggggfd.dll [03/06/2008 09:51 PM 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="kdbcu.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggggfd]
hggggfd.dll 03/06/2008 09:51 PM 36352 C:\WINDOWS\system32\HGGGGFD.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awvtq.dll
"Notification Packages"= :\WINDOWS\syste

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Reserved]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTRegRun]
C:\WINDOWS\CTRegRun.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp




-- End of Deckard's System Scanner: finished at 2008-04-30 23:52:25 ------------

BC AdBot (Login to Remove)

 


#2 RenatoMejias

RenatoMejias

  • Malware Response Team
  • 913 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:33 PM

Posted 22 May 2008 - 02:31 PM

Hello


Apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.

Thanks and again sorry for the delay.

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.



Next
Please do an online scan with Kaspersky WebScanner

Click on Accept Button

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Renato Victor Mejias
Malware help in portuguese
jetian6yw.jpg

#3 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:03:33 PM

Posted 30 May 2008 - 12:28 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users