Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Hijacked


  • This topic is locked This topic is locked
7 replies to this topic

#1 greatwall

greatwall

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 27 May 2008 - 08:05 PM

Hello, I have Dell Vostro 1500 Win Xp professional.
My system was infected by malware recently.

Symptoms:

1. I get a pop-up on my desktop about every 3 minutes stating its from "Windows Security Center" and that I have a virus. If I click on the link it provides to remove the virus, it opens a browser window with an ad for Spymaxx and Antispy Storm 2008.

2. My default wallpaper has been changed to a blue screen with a computer virus warning. Again, a link it provides opens a browser window and goes to htt[/]p://livesecuritycenter.com/?aid=373 which is an ad for Spymaxx and Antispy Storm. If I go into the control panel and reset the wallpaper, then within a minute or two, the virus will change it back to the new default with virus warning.

3. Task Manager has been disabled.

Here are my logs

Deckard's System Scanner v20071014.68
Run by S Huang on 2008-05-27 18:20:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; System Restore is disabled (service is not running).


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as S Huang.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:23:26 PM, on 5/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\S Huang\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\S Huang.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 204.126.210.222:80
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8053AF4F-F35D-4EC6-A411-039EFB515CD8} - C:\WINDOWS\system32\fccccAqo.dll (file missing)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {CDB5B805-0541-4959-A382-F60F5CA39DB6} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: fccccAqo - fccccAqo.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6727 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 SVKP - c:\windows\system32\svkp.sys <Not Verified; AntiCracking; SVKP driver for NT>
R2 XilinxPC4Driver - c:\windows\system32\drivers\xpc4drvr.sys <Not Verified; Xilinx, Inc.; Xilinx PC4 Driver>
R3 WinDriver6 - c:\windows\system32\drivers\windrvr6.sys <Not Verified; Jungo; WinDriver Device Driver>

S3 catchme - c:\docume~1\shuang~1\locals~1\temp\catchme.sys (file missing)
S3 pgfilter - c:\program files\peerguardian2\pgfilter.sys
S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 Autodesk Licensing Service - "c:\program files\common files\autodesk shared\service\adskscsrv.exe" <Not Verified; Autodesk; Autodesk Licensing Service>
S4 mi-raysat_3dsMax2008_32 (mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit) - "c:\program files\autodesk\3ds max 2008\mentalray\satellite\raysat_3dsmax2008_32server.exe"
S4 mi-raysat_3dsMax2009_32 (mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit) - "c:\program files\autodesk\3ds max 2009\mentalray\satellite\raysat_3dsmax2009_32server.exe"


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Dell Wireless 1390 WLAN Mini-Card
Device ID: PCI\VEN_14E4&DEV_4311&SUBSYS_00071028&REV_01\4&AB208E&0&00E1
Manufacturer: Broadcom
Name: Dell Wireless 1390 WLAN Mini-Card
PNP Device ID: PCI\VEN_14E4&DEV_4311&SUBSYS_00071028&REV_01\4&AB208E&0&00E1
Service: BCM43XX

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 440x 10/100 Integrated Controller
Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_02281028&REV_02\4&28D6DE3B&0&00F0
Manufacturer: Broadcom
Name: Broadcom 440x 10/100 Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_02281028&REV_02\4&28D6DE3B&0&00F0
Service: bcm4sbxp


-- Files created between 2008-04-27 and 2008-05-27 -----------------------------

2008-05-26 21:44:49 0 d-------- C:\Program Files\Karnaugh Map Minimizer
2008-05-26 18:06:37 8590 --a------ C:\WINDOWS\hh.dat
2008-05-25 18:03:10 0 d-------- C:\Program Files\Red Alert 2
2008-05-25 00:27:25 0 d-------- C:\Program Files\Total Annihilation
2008-05-23 23:24:41 0 d-------- C:\Documents and Settings\S Huang\Application Data\Malwarebytes
2008-05-23 23:24:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-23 23:24:31 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-23 22:54:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-23 22:54:08 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-23 22:33:32 0 d-------- C:\VundoFix Backups
2008-05-23 21:40:03 0 d-------- C:\WINDOWS\ERUNT
2008-05-22 23:03:00 0 d-------- C:\Program Files\Windows Live Safety Center
2008-05-22 22:56:40 20533 --ahs---- C:\WINDOWS\system32\AKnWxGgh.ini2
2008-05-22 21:53:18 23040 --a------ C:\WINDOWS\time.exe
2008-05-22 21:53:17 15616 --a------ C:\WINDOWS\cpan.dll
2008-05-22 21:49:01 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-22 21:49:01 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-22 21:49:01 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-22 21:49:01 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-05-22 21:49:01 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-05-22 21:49:01 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-05-22 21:49:01 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-05-22 21:49:01 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-22 21:49:01 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-05-22 21:49:01 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-22 21:49:01 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-05-22 21:49:01 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-22 21:49:01 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-22 21:49:00 1835008 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-22 21:43:41 1336 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-22 21:43:08 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-05-22 21:43:08 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-22 21:43:08 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-22 21:43:07 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-22 21:43:07 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-05-22 21:43:07 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-05-22 21:43:07 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-05-22 21:43:07 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-22 21:40:53 0 d-------- C:\smartkiller
2008-05-22 18:31:49 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-22 18:08:17 10878 --ahs---- C:\WINDOWS\system32\LRqtBJjl.ini2
2008-05-22 18:05:08 25344 --a------ C:\WINDOWS\svcinit.exe
2008-05-22 18:05:08 28160 --a------ C:\WINDOWS\sistem.exe
2008-05-22 18:05:07 24576 --a------ C:\WINDOWS\searchword.dll
2008-05-22 18:05:07 29184 --a------ C:\WINDOWS\rundll16.exe
2008-05-22 18:05:07 18688 --a------ C:\WINDOWS\quicken.exe
2008-05-22 18:05:07 24064 --a------ C:\WINDOWS\qttasks.exe
2008-05-22 18:05:06 17664 --a------ C:\WINDOWS\mswsc20.dll
2008-05-22 18:05:06 17664 --a------ C:\WINDOWS\mswsc10.dll
2008-05-22 18:05:05 14080 --a------ C:\WINDOWS\msspi.dll
2008-05-22 18:05:05 27648 --a------ C:\WINDOWS\msconfd.dll
2008-05-22 18:05:05 28928 --a------ C:\WINDOWS\inetinf.exe
2008-05-22 18:05:04 24576 --a------ C:\WINDOWS\helpcvs.exe
2008-05-22 18:05:04 9728 --a------ C:\WINDOWS\gfmnaaa.dll
2008-05-22 18:05:03 28672 --a------ C:\WINDOWS\funny.exe
2008-05-22 18:05:03 28672 --a------ C:\WINDOWS\funniest.exe
2008-05-22 18:05:03 9984 --a------ C:\WINDOWS\editpad.exe
2008-05-22 18:05:03 21248 --a------ C:\WINDOWS\dnsrelay.dll
2008-05-22 18:05:03 24064 --a------ C:\WINDOWS\directx32.exe
2008-05-22 18:05:02 27136 --a------ C:\WINDOWS\ctrlpan.dll
2008-05-22 18:05:02 10240 --a------ C:\WINDOWS\ctfmon32.exe
2008-05-22 17:58:11 4 --a------ C:\WINDOWS\system32\hljwugsf.bin
2008-05-22 12:03:43 0 d--h----- C:\WINDOWS\PIF
2008-05-22 11:48:05 2843 --a------ C:\Documents and Settings\S Huang\CB917844
2008-05-22 11:47:50 2843 --a------ C:\Documents and Settings\S Huang\CB852308
2008-05-20 23:50:10 0 d-------- C:\Wincupl
2008-05-13 09:37:35 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-05-07 20:38:41 0 d-------- C:\Program Files\Mount&Blade
2008-05-06 00:35:32 0 d-------- C:\Program Files\Spiderweb Software


-- Find3M Report ---------------------------------------------------------------

2008-05-27 18:11:54 0 d-------- C:\Documents and Settings\S Huang\Application Data\EndNote
2008-05-27 15:56:56 0 d-------- C:\Program Files\Symantec AntiVirus
2008-05-24 11:46:17 0 d-------- C:\Program Files\LogicWorks 5
2008-05-24 00:46:29 0 d-------- C:\Program Files\Advanced Registry Optimizer
2008-05-22 18:32:14 0 d-------- C:\Program Files\Lavasoft
2008-05-22 18:31:49 0 d-------- C:\Program Files\Common Files
2008-05-22 09:55:22 0 d-------- C:\Program Files\PeerGuardian2
2008-05-18 18:24:09 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-13 20:02:09 0 d-------- C:\Program Files\Activision
2008-05-13 09:42:42 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2008-05-13 09:40:53 0 d-------- C:\Program Files\Autodesk
2008-05-06 00:35:11 0 d-------- C:\Documents and Settings\S Huang\Application Data\Downloaded Installations
2008-05-06 00:30:48 0 d-------- C:\Program Files\FlashGet
2008-05-06 00:28:36 0 d-------- C:\Program Files\eMule
2008-04-16 12:03:45 0 d-------- C:\Program Files\AIM
2008-04-16 12:03:45 0 d-------- C:\Documents and Settings\S Huang\Application Data\Help
2008-04-02 19:52:16 0 d-------- C:\Documents and Settings\S Huang\Application Data\Design Science


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8053AF4F-F35D-4EC6-A411-039EFB515CD8}]
C:\WINDOWS\system32\fccccAqo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CDB5B805-0541-4959-A382-F60F5CA39DB6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [05/06/2007 06:10 PM C:\WINDOWS\stsystra.exe]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [03/16/2007 07:10 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [11/17/2007 04:03 AM]
"NVHotkey"="nvHotkey.dll" [11/17/2007 04:03 AM C:\WINDOWS\system32\nvhotkey.dll]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [11/17/2007 04:03 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [11/21/2006 06:38 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [03/14/2007 08:49 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [04/27/2007 05:10 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{8053AF4F-F35D-4EC6-A411-039EFB515CD8}"= C:\WINDOWS\system32\fccccAqo.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccccAqo]
fccccAqo.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^S Huang^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RAM Medic]
C:\Program Files\Iomatic\RAM Medic\RAMMedic.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NVSvc"=2 (0x2)
"aawservice"=2 (0x2)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"mi-raysat_3dsMax2008_32"=2 (0x2)
"Autodesk Licensing Service"=2 (0x2)
"mi-raysat_3dsMax2009_32"=2 (0x2)
"SQLWriter"=2 (0x2)
"Schedule"=2 (0x2)
"MSSQL$SQLEXPRESS"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36e4d993-c229-11dc-ab5a-001c238ed0b8}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1c0eac6-b5a3-11dc-ab06-897669f5b3f9}]




-- End of Deckard's System Scanner: finished at 2008-05-27 18:23:58 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel« Core™2 Duo CPU T5470 @ 1.60GHz
CPU 1: Intel« Core™2 Duo CPU T5470 @ 1.60GHz
Percentage of Memory in Use: 47%
Physical Memory (total/avail): 1022.11 MiB / 534.74 MiB
Pagefile Memory (total/avail): 2458.86 MiB / 2112.52 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1941.63 MiB

C: is Fixed (NTFS) - 109.18 GiB total, 80.39 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HTS541612J9SA00 - 111.79 GiB - 3 partitions
\PARTITION0 - Unknown - 109.79 MiB
\PARTITION1 (bootable) - Installable File System - 109.18 GiB - C:
\PARTITION2 - Extended w/Extended Int 13 - 2.5 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Symantec AntiVirus Corporate Edition v10.1.6.6000 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"="C:\\Program Files\\Autodesk\\Backburner\\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"="C:\\Program Files\\Autodesk\\Backburner\\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"="C:\\Program Files\\Autodesk\\Backburner\\server.exe:*:Enabled:backburner 2.3 server"
"C:\\Program Files\\Autodesk\\3ds Max 2008\\3dsmax.exe"="C:\\Program Files\\Autodesk\\3ds Max 2008\\3dsmax.exe:*:Enabled:Autodesk 3ds Max 2008 32-bit"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\ABC\\abc.exe"="C:\\Program Files\\ABC\\abc.exe:*:Enabled:abc"
"C:\\OrCAD\\OrCAD_10.0_Demo\\tools\\bin\\cdsMsgServer.exe"="C:\\OrCAD\\OrCAD_10.0_Demo\\tools\\bin\\cdsMsgServer.exe:*:Enabled:cdsMsgServer"
"C:\\OrCAD\\OrCAD_10.0_Demo\\tools\\bin\\cdsNameServer.exe"="C:\\OrCAD\\OrCAD_10.0_Demo\\tools\\bin\\cdsNameServer.exe:*:Enabled:cdsNameServer"
"C:\\Program Files\\FlashGet\\FlashGet.exe"="C:\\Program Files\\FlashGet\\FlashGet.exe:*:Enabled:Flashget"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Maple 11\\jre\\bin\\java.exe"="C:\\Program Files\\Maple 11\\jre\\bin\\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\Program Files\\Wolfram Research\\Mathematica\\6.0\\Mathematica.exe"="C:\\Program Files\\Wolfram Research\\Mathematica\\6.0\\Mathematica.exe:*:Enabled:Wolfram Mathematica 6"
"C:\\Program Files\\Wolfram Research\\Mathematica\\6.0\\MathKernel.exe"="C:\\Program Files\\Wolfram Research\\Mathematica\\6.0\\MathKernel.exe:*:Enabled:Wolfram Mathematica 6 Kernel"
"C:\\Program Files\\Wolfram Research\\Mathematica\\6.0\\math.exe"="C:\\Program Files\\Wolfram Research\\Mathematica\\6.0\\math.exe:*:Enabled:math.exe"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Maple 11\\jre\\bin\\maple.exe"="C:\\Program Files\\Maple 11\\jre\\bin\\maple.exe:*:Enabled:Maple 11"
"C:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"="C:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe:*:Enabled:Autodesk 3ds Max Design 2009 32-bit"
"C:\\Program Files\\Red Alert 2\\gamemd.exe"="C:\\Program Files\\Red Alert 2\\gamemd.exe:*:Enabled:Main executable for Yuri's Revenge"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\S Huang\Application Data
CDS_LIC_FILE=5280@vt-ffb89379129a
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=VT-FFB89379129A
ComSpec=C:\WINDOWS\system32\cmd.exe
FITTERDIR=C:\Wincupl\Wincupl\Fitters
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\S Huang
KMP_DUPLICATE_LIB_OK=TRUE
LMC_HOME=C:\Xilinx91i\smartmodel\nt\installed_nt
LOGONSERVER=\\VT-FFB89379129A
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\EDK\bin\nt;C:\watcom-1.3\binnt;C:\watcom-1.3\binw;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Autodesk\Backburner\;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\Autodesk\DWG TrueView\;C:\Program Files\MATLAB\R2007b\bin;C:\Program Files\MATLAB\R2007b\bin\win32;C:\Program Files\QuickTime\QTSystem\;C:\OrCAD\OrCAD_10.0_Demo\tools\specctra\bin;C:\OrCAD\OrCAD_10.0_Demo\tools\PSpice\Library;C:\OrCAD\OrCAD_10.0_Demo\tools\bin;C:\OrCAD\OrCAD_10.0_Demo\tools\fet\bin;C:\OrCAD\OrCAD_10.0_Demo\tools\Capture;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Xilinx91i\bin\nt;C:\Program Files\Java\jdk1.6.0_05\bin;C:\Wincupl\WINCUPL\EXE;C:\Wincupl\WINCUPL\FITTERS
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\SHUANG~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\SHUANG~1\LOCALS~1\Temp
USERDOMAIN=VT-FFB89379129A
USERNAME=S Huang
USERPROFILE=C:\Documents and Settings\S Huang
VS90COMNTOOLS=c:\Program Files\Microsoft Visual Studio 9.0\Common7\Tools\
WATCOM=C:\watcom-1.3
windir=C:\WINDOWS
XILINX=C:\Xilinx91i
XILINX_EDK=C:\EDK


-- User Profiles ---------------------------------------------------------------

S Huang (admin)
Administrator [i](admin)



-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABC (remove only) --> C:\Program Files\ABC\Uninstall.exe
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Advanced Registry Optimizer 5.1 --> "C:\Program Files\Advanced Registry Optimizer\unins000.exe"
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Autodesk 3ds Max 2008 32-bit --> MsiExec.exe /I{BF658A51-6D4F-4CB0-8D40-D183692B995D}
Autodesk 3ds Max 2008 32-bit Additional Maps and Material Libraries --> MsiExec.exe /I{EDC8D89C-DC3D-4a3d-ABE7-97D281C0A13A}
Autodesk 3ds Max 2008 32-bit Architectural Materials Library --> MsiExec.exe /I{3C106CBD-3E5A-4275-94F9-23FFE687D090}
Autodesk 3ds Max 2008 32-bit Help --> MsiExec.exe /I{38EC4486-44FF-49da-8FFF-87DA9DCBC06B}
Autodesk 3ds Max 2008 32-bit Vault 2008 Plug-In --> MsiExec.exe /I{679035C8-CEB8-4a5c-847A-5FB3FFADC0EB}
Autodesk 3ds Max 2008 32-bit Vault 5 Plug-In --> MsiExec.exe /I{D1B7094B-8CAC-492a-9EE6-D1576ED35208}
Autodesk 3ds Max 2008 32-bit Videos --> MsiExec.exe /I{AB2037C6-FE46-41fd-B1B2-4D62FBB1E57A}
Autodesk 3ds Max Design 2009 32-bit --> MsiExec.exe /I{FDD8070F-E3B9-0409-822C-CCFE5E82C14D}
Autodesk Design Review 2008 --> MsiExec.exe /I{FACF203E-0F4D-489A-B80C-D185253C8FCB}
Autodesk Vault 2008 --> C:\Program Files\Autodesk\Vault 2008\Setup\setup.exe /p {E55B00B0-9DBF-4EE1-AC1D-5DEBE12BD097} /M VAULT
Autodesk Vault 2008 --> MsiExec.exe /X{E55B00B0-9DBF-4EE1-AC1D-5DEBE12BD097}
Backburner --> MsiExec.exe /I{3D347E6D-5A03-4342-B5BA-6A771885F379}
Broadcom 440x 10/100 Integrated Controller --> MsiExec.exe /X{612B9183-67A9-4B44-9877-2F059E35B86A}
Call of Duty« 4 - Modern Warfare™ 1.4 Patch --> C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
ChipScope Pro 9.1i --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9EA0BCC8-6EE5-4D08-821F-0E89823E5186}\Setup.exe" -l0x9 AnyText
Conexant HDA D330 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000f5.inf
Crystal Reports Basic for Visual Studio 2008 --> MsiExec.exe /X{AA467959-A1D6-4F45-90CD-11DC57733F32}
Crystal XI --> MsiExec.exe /I{0B9E27C7-9ECD-4362-B311-030EA48F8E72}
Dell Resource CD --> MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}
Dell Touchpad --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DWG TrueView 2007 --> MsiExec.exe /I{2CD6BBA0-17C8-4789-9B9B-B36F7E815F6A}
eMule VeryCD░Š --> C:\Program Files\eMule\uninstall.exe
EndNote X1 --> MsiExec.exe /I{87F7773C-EC9C-461A-AA7B-4AF8EF54DF49}
FBX Plugin 2006.11.1 for Max 2008 --> C:\Program Files\Autodesk\FBX\FbxPlugins\2006.11.1\Max2008\Uninstall.exe
FBX Plugin 2009.0 for Max 2009 --> C:\Program Files\Autodesk\FBX\FbxPlugins\2009.0\Max2009\Uninstall.exe
FlashGet 1.9.6.1073 --> C:\Program Files\FlashGet\uninst.exe
FLV Player 2.0, build 24 --> C:\Program Files\FLV Player\uninst.exe
Foxit Reader --> C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Documents and Settings\S Huang\Desktop\HijackThis.exe" /uninstall
ISI ResearchSoft - Export Helper --> C:\PROGRA~1\COMMON~1\Risxtd\_UNINST.EXE
Java DB 10.3.1.4 --> MsiExec.exe /X{CD49361E-3FE6-457E-90A1-9C59E29B5D02}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Development Kit 6 Update 5 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160050}
Karnaugh Map Minimizer 0.4 --> C:\Program Files\Karnaugh Map Minimizer\uninst.exe
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Lizardtech DjVu Control --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{105CFC7C-6992-11D5-BD9D-000102C10FD8}\Setup.exe" -l0x9
LogicWorks 5 --> C:\WINDOWS\unvise32.exe C:\Program Files\LogicWorks 5\uninstal.log
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Maple 11 --> "C:\Program Files\Maple 11\Uninstall_Maple 11\Uninstall Maple 11.exe"
MathType 6 --> "C:\Program Files\MathType\Setup.exe" -R
MATLAB R2007b --> C:\Program Files\MATLAB\R2007b\uninstall\uninstall.exe C:\Program Files\MATLAB\R2007b\
Microsoft Device Emulator version 3.0 - ENU --> MsiExec.exe /X{B32E7732-B2FB-3FD0-81AC-6025B1104C66}
Microsoft Document Explorer 2008 --> C:\Program Files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.exe
Microsoft Document Explorer 2008 --> MsiExec.exe /X{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visio MUI (English) 2007 --> MsiExec.exe /X{90120000-0054-0409-0000-0000000FF1CE}
Microsoft Office Visio Professional 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISPRO /dll OSETUP.DLL
Microsoft Office Visio Professional 2007 --> MsiExec.exe /X{90120000-0051-0000-0000-0000000FF1CE}
Microsoft Office Visual Web Developer 2007 --> MsiExec.exe /X{90120000-0021-0000-0000-0000000FF1CE}
Microsoft Office Visual Web Developer MUI (English) 2007 --> MsiExec.exe /X{90120000-0021-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 --> "c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition --> MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server Compact 3.5 Design Tools ENU --> MsiExec.exe /X{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}
Microsoft SQL Server Compact 3.5 ENU --> MsiExec.exe /I{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}
Microsoft SQL Server Compact 3.5 for Devices ENU --> MsiExec.exe /I{241F2BF7-69EB-42A4-9156-96B2426C7504}
Microsoft SQL Server Database Publishing Wizard 1.2 --> MsiExec.exe /X{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}
Microsoft SQL Server Native Client --> MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual Studio 2005 Tools for Office Runtime --> MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7}
Microsoft Visual Studio 2008 Professional Edition - ENU --> c:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Studio 2008 Professional Edition - ENU\setup.exe
Microsoft Visual Studio Web Authoring Component --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISUALWEBDEVELOPER /dll OSETUP.DLL
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools --> MsiExec.exe /X{05EC21B8-4593-3037-A781-A6B5AFFCB19D}
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries --> MsiExec.exe /X{842FAF7C-50EF-4463-9B8F-6222E1384D7D}
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense --> MsiExec.exe /X{64c5b887-b5ee-42b8-8596-78905a6b5f1f}
Microsoft Windows SDK for Visual Studio 2008 Tools --> MsiExec.exe /X{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools --> MsiExec.exe /X{B268E9A1-04A9-40D0-9866-846BE2B74BA7}
Microsoft WSE 3.0 Runtime --> MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Mozilla Firefox (2.0.0.14) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MPLAB Tools v7.60 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{C7F724D5-E65E-4F08-9836-13D85961F1C7}
MSDN Library for Visual Studio 2008 - ENU --> c:\Program Files\MSDN\MSDN9.0\MSDN Library for Visual Studio 2008 - ENU\setup.exe
MSDN Library for Visual Studio 2008 - ENU --> MsiExec.exe /X{3A762A82-618D-3CAA-B847-D074ABFA0B2E}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Mudbox 1.0 --> MsiExec.exe /I{F2DC9BD1-8DB8-461C-80B2-7264AFA54EE2}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OrCAD 10.0 Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F61D39C7-AAFB-448D-91AC-C123FA6E6907}\setup.exe" -l0x9 Uninstall
PeerGuardian 2.0 --> "C:\Program Files\PeerGuardian2\unins000.exe"
PrimoPDF --> "C:\WINDOWS\PrimoPDF\uninstall.exe" "/U:C:\Program Files\activePDF\PrimoPDF\Uninstall\uninstall.xml"
PrimoPDF Redistribution Package --> MsiExec.exe /I{885744A4-1A01-44B0-858A-0AE6738CBCF7}
QuickTime --> MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
RAM Medic 1.0 (Build 124) --> "C:\Program Files\Iomatic\unins000.exe"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine --> MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Symantec AntiVirus --> MsiExec.exe /I{50E125D1-88E5-48CE-80AE-98EC9698E639}
TextPad 5 --> MsiExec.exe /X{B6EC7388-E277-4A5B-8C8F-71067A41BA64}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Visual Studio 2005 Tools for Office Second Edition Runtime --> c:\Program Files\Common Files\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime\install.exe
Visual Studio Tools for the Office system 3.0 Runtime --> C:\Program Files\Common Files\Microsoft Shared\VSTO\9.0\Visual Studio Tools for the Office system 3.0 Runtime\install.exe
Visual Studio Tools for the Office system 3.0 Runtime --> MsiExec.exe /X{8FB53850-246A-3507-8ADE-0060093FFEA6}
WinCupl --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8FF1ADCB-8D4B-11D6-961A-000102CD2B4A}
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\dpinst.exe /us C:\PROGRA~1\DIFX\UninstallScripts\4569969E1360D2854474C661EF9B4D54F143EB16
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Mobile 5.0 SDK R2 for Pocket PC --> MsiExec.exe /I{6C9F6D23-E9AD-43C9-B43A-011562AAF876}
Windows Mobile 5.0 SDK R2 for Smartphone --> MsiExec.exe /I{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Wolfram Mathematica 6 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{236BCBCA-C7C2-4C49-B57D-1963279B2BF8}
Wolfram Notebook Indexer 2.0 --> MsiExec.exe /I{A3030AB0-E3FE-442F-A719-459B35178D10}
Xilinx Embedded Development Kit 9.1i --> C:\EDK\bin\nt\setup.exe -uninstall
Xilinx ISE 9.1i --> C:\Xilinx91i\bin\nt\setup.exe -uninstall
XML Paper Specification Shared Components Pack 1.0 -->
XYZ RGB Texture Package --> MsiExec.exe /I{48E15095-B00A-4A02-947E-F646DD34D05A}


-- Application Event Log -------------------------------------------------------

Event Record #/Type14828 / Error
Event Submitted/Written: 05/27/2008 00:33:58 PM
Event ID/Source: 56 / LiveUpdate
Event Description:


Event Record #/Type14827 / Error
Event Submitted/Written: 05/27/2008 00:33:58 PM
Event ID/Source: 56 / LiveUpdate
Event Description:


Event Record #/Type14826 / Error
Event Submitted/Written: 05/27/2008 00:33:58 PM
Event ID/Source: 56 / LiveUpdate
Event Description:


Event Record #/Type14825 / Error
Event Submitted/Written: 05/27/2008 00:33:57 PM
Event ID/Source: 56 / LiveUpdate
Event Description:


Event Record #/Type14824 / Error
Event Submitted/Written: 05/27/2008 00:33:57 PM
Event ID/Source: 56 / LiveUpdate
Event Description:




-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type14374 / Error
Event Submitted/Written: 05/27/2008 03:57:12 PM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Event Record #/Type14373 / Error
Event Submitted/Written: 05/27/2008 03:57:12 PM
Event ID/Source: 17 / W32Time
Event Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Event Record #/Type14372 / Warning
Event Submitted/Written: 05/27/2008 03:57:12 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 001C263AAA22. The IP address being used is 169.254.82.108.

Event Record #/Type14350 / Error
Event Submitted/Written: 05/27/2008 03:56:35 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The System Restore Service service terminated with the following error:
%%2

Event Record #/Type14349 / Error
Event Submitted/Written: 05/27/2008 03:56:23 PM
Event ID/Source: 104 / SRService
Event Description:
The System Restore initialization process failed.



-- End of Deckard's System Scanner: finished at 2008-05-27 18:23:58 ------------

Move to appropriate forum. Proper posting instructions had been supplied here: http://www.bleepingcomputer.com/forums/ind...st&p=835583 ~ OB

Edited by Orange Blossom, 27 May 2008 - 09:04 PM.


BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:04:02 AM

Posted 28 May 2008 - 10:14 AM

Hello Greatwall and welcome to BleepingComputer,

1. * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click Delete.
  • Click Delete Files, Delete cookies and Delete history
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
2. Please download Malwarebytes' Anti-Malware from Here or Here

Doubleclick mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

3. Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you .

In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.
It must be saved directly to your desktop.


Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 greatwall

greatwall
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 04 June 2008 - 08:09 PM

Hi

thank you so much for your response.
Sorry I waited so long b/c i got a project that is due, so i don't want to run anything that will potentially wiped out my computer.

here are the logs

Malware bytes

Malwarebytes' Anti-Malware 1.12
Database version: 783

Scan type: Full Scan (C:\|)
Objects scanned: 275936
Time elapsed: 1 hour(s), 20 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Advanced Registry Optimizer\CheckForV4.dll (Advanced.Registry.Optimizer) -> No action taken.
C:\Documents and Settings\S Huang\Local Settings\Temp\ie.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\S Huang\Local Settings\Temp\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
Combofix

ComboFix 08-06-04.1 - S Huang 2008-06-04 20:58:35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.512 [GMT -4:00]
Running from: C:\Documents and Settings\S Huang\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\S Huang\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\AKnWxGgh.ini
C:\WINDOWS\system32\AKnWxGgh.ini2
C:\WINDOWS\system32\dkkyligr.ini
C:\WINDOWS\system32\LRqtBJjl.ini
C:\WINDOWS\system32\LRqtBJjl.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\xmmgbyrq.ini

.
((((((((((((((((((((((((( Files Created from 2008-05-05 to 2008-06-05 )))))))))))))))))))))))))))))))
.

2030-08-29 09:22 . 2030-08-29 09:22 143,872 --------- C:\WINDOWS\system32\iacenc.dll
2030-08-29 09:22 . 2030-08-29 09:22 56,832 --------- C:\WINDOWS\system32\iyvu9_32.dll
2008-06-02 19:51 . 2008-06-02 19:51 <DIR> d-------- C:\Program Files\Microsoft Games
2008-05-27 18:19 . 2008-05-27 18:19 <DIR> d-------- C:\Deckard
2008-05-26 21:44 . 2008-05-26 21:44 <DIR> d-------- C:\Program Files\Karnaugh Map Minimizer
2008-05-26 18:06 . 2008-05-26 18:11 8,590 --a------ C:\WINDOWS\hh.dat
2008-05-25 18:03 . 2008-06-04 17:59 <DIR> d-------- C:\Program Files\Red Alert 2
2008-05-25 00:27 . 2008-05-25 00:34 <DIR> d-------- C:\Program Files\Total Annihilation
2008-05-24 23:00 . 2008-05-26 21:17 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-24 23:00 . 2008-05-24 23:00 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-23 23:24 . 2008-06-03 09:29 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-23 23:24 . 2008-05-23 23:24 <DIR> d-------- C:\Documents and Settings\S Huang\Application Data\Malwarebytes
2008-05-23 23:24 . 2008-05-23 23:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-23 23:24 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-23 23:24 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-23 22:54 . 2008-05-23 22:54 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-23 22:54 . 2008-05-23 22:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-23 22:33 . 2008-05-23 22:33 <DIR> d-------- C:\VundoFix Backups
2008-05-23 21:40 . 2008-05-23 21:40 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-23 13:15 . 2008-05-23 13:15 <DIR> d-------- C:\SDFix
2008-05-22 23:03 . 2008-05-22 23:05 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-05-22 21:53 . 2008-05-22 21:53 23,040 --a------ C:\WINDOWS\time.exe
2008-05-22 21:53 . 2008-05-22 21:53 15,616 --a------ C:\WINDOWS\cpan.dll
2008-05-22 21:53 . 2008-05-22 21:53 14,592 --a------ C:\WINDOWS\astctl32.ocx
2008-05-22 21:49 . 2008-05-22 21:49 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-22 21:43 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-22 21:43 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-22 21:43 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-22 21:43 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-22 21:43 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-22 21:43 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-22 21:43 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-22 21:43 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-22 21:43 . 2008-05-22 21:51 1,336 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-22 21:40 . 2008-05-22 21:41 <DIR> d-------- C:\smartkiller
2008-05-22 18:31 . 2008-05-22 18:31 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-22 18:31 . 2008-05-22 21:20 211 --a------ C:\WINDOWS\wininit.ini
2008-05-22 17:58 . 2008-05-22 17:58 4 --a------ C:\WINDOWS\system32\hljwugsf.bin
2008-05-22 12:03 . 2008-05-22 12:03 <DIR> d--h----- C:\WINDOWS\PIF
2008-05-20 23:50 . 2008-05-20 23:50 <DIR> d-------- C:\Wincupl
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-13 09:37 . 2008-05-13 09:37 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-05-07 20:38 . 2008-05-12 00:17 <DIR> d-------- C:\Program Files\Mount&Blade
2008-05-06 00:35 . 2008-05-18 18:37 <DIR> d-------- C:\Program Files\Spiderweb Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-05 00:54 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-06-04 19:55 --------- d-----w C:\Program Files\LogicWorks 5
2008-06-04 19:46 --------- d-----w C:\Documents and Settings\S Huang\Application Data\EndNote
2008-05-26 22:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-24 04:46 --------- d-----w C:\Program Files\Advanced Registry Optimizer
2008-05-22 22:32 --------- d-----w C:\Program Files\Lavasoft
2008-05-22 22:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-22 13:55 --------- d-----w C:\Program Files\PeerGuardian2
2008-05-18 22:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-14 00:02 --------- d-----w C:\Program Files\Activision
2008-05-13 13:42 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-05-13 13:40 --------- d-----w C:\Program Files\Autodesk
2008-05-08 03:11 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-05-06 04:35 --------- d-----w C:\Documents and Settings\S Huang\Application Data\Downloaded Installations
2008-05-06 04:30 --------- d-----w C:\Program Files\FlashGet
2008-05-06 04:28 --------- d-----w C:\Program Files\eMule
2008-04-29 15:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 15:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 15:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-16 16:03 --------- d-----w C:\Program Files\AIM
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2007-12-29 20:05 22,328 ----a-w C:\Documents and Settings\S Huang\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8053AF4F-F35D-4EC6-A411-039EFB515CD8}]
C:\WINDOWS\system32\fccccAqo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CDB5B805-0541-4959-A382-F60F5CA39DB6}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2007-05-06 18:10 405504 C:\WINDOWS\stsystra.exe]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-03-16 19:10 1392640]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-17 04:03 8495104]
"NVHotkey"="nvHotkey.dll" [2007-11-17 04:03 86016 C:\WINDOWS\system32\nvhotkey.dll]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-17 04:03 81920]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 18:38 52840]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-03-14 20:49 125632]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 17:10 851968]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-18 00:06 185896]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{8053AF4F-F35D-4EC6-A411-039EFB515CD8}"= C:\WINDOWS\system32\fccccAqo.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccccAqo]
fccccAqo.dll

[HKLM\~\startupfolder\C:^Documents and Settings^S Huang^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 08:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-04-01 05:39 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a--c--- 2006-10-27 01:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a--c--- 2004-08-04 08:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a--c--- 2004-08-04 08:00 59392 C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-11-17 04:03 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a--c--- 2004-08-04 08:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a--c--- 2004-08-04 08:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2007-12-11 11:56 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RAM Medic]
--a--c--- 2004-01-24 11:37 1235968 C:\Program Files\Iomatic\RAM Medic\RAMMedic.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-02-18 00:06 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NVSvc"=2 (0x2)
"aawservice"=2 (0x2)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"mi-raysat_3dsMax2008_32"=2 (0x2)
"Autodesk Licensing Service"=2 (0x2)
"mi-raysat_3dsMax2009_32"=2 (0x2)
"SQLWriter"=2 (0x2)
"Schedule"=2 (0x2)
"MSSQL$SQLEXPRESS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 2008\\3dsmax.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\ABC\\abc.exe"=
"C:\\OrCAD\\OrCAD_10.0_Demo\\tools\\bin\\cdsMsgServer.exe"=
"C:\\OrCAD\\OrCAD_10.0_Demo\\tools\\bin\\cdsNameServer.exe"=
"C:\\Program Files\\FlashGet\\FlashGet.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Maple 11\\jre\\bin\\java.exe"=
"C:\\Program Files\\Wolfram Research\\Mathematica\\6.0\\Mathematica.exe"=
"C:\\Program Files\\Wolfram Research\\Mathematica\\6.0\\MathKernel.exe"=
"C:\\Program Files\\Wolfram Research\\Mathematica\\6.0\\math.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Maple 11\\jre\\bin\\maple.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"C:\\Program Files\\Red Alert 2\\gamemd.exe"=

R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-12-30 23:11]
S4 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;"C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe" [2008-03-10 00:04]
S4 msvsmon90;Visual Studio 2008 Remote Debugger;"c:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon90 []

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-04 21:00:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-04 21:02:44
ComboFix-quarantined-files.txt 2008-06-05 01:02:41

Pre-Run: 85,503,672,320 bytes free
Post-Run: 85,486,739,456 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

210 --- E O F --- 2008-05-28 01:08:50

#4 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:04:02 AM

Posted 06 June 2008 - 04:36 AM

Hello Greatwall,

Let's clean up some more :

Open Notepad - don't use any other texteditor than Notepad or the script will fail !
Copy/paste the bold, blue text below into an empty notepad window:http://www.bleepingcomputer.com/forums/t/149183/system-hijacked/
Collect::[9]
C:\WINDOWS\time.exe
C:\WINDOWS\cpan.dll
C:\WINDOWS\astctl32.ocx
Folder::
C:\VundoFix Backups
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8053AF4F-F35D-4EC6-A411-039EFB515CD8}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CDB5B805-0541-4959-A382-F60F5CA39DB6}]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{8053AF4F-F35D-4EC6-A411-039EFB515CD8}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccccAqo]

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. Upon reboot, (in case it asks to reboot), post the contents of the Combofix log in your next reply, as well as a fresh HijackThislog.

When CF finishes running, the ComboFix log will open along with a message box, --do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

Ensure you are connected to the internet and click OK on the message box. A browser will open.
Simply follow the instructions to copy/paste/send the requested file [9]-Submit_Date_Time.zip.

Are you still having problems ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#5 greatwall

greatwall
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 08 June 2008 - 08:32 PM

Hey, thank you, I haven't seen any symptoms.

I have submitted the file

here is my combofix log

ComboFix 08-06-04.1 - S Huang 2008-06-08 21:20:29.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503 [GMT -4:00]
Running from: C:\Documents and Settings\S Huang\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\S Huang\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\VundoFix Backups
C:\WINDOWS\astctl32.ocx
C:\WINDOWS\cpan.dll
C:\WINDOWS\time.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-09 to 2008-06-09 )))))))))))))))))))))))))))))))
.

2030-08-29 09:22 . 2030-08-29 09:22 143,872 --------- C:\WINDOWS\system32\iacenc.dll
2030-08-29 09:22 . 2030-08-29 09:22 56,832 --------- C:\WINDOWS\system32\iyvu9_32.dll
2008-06-06 18:19 . 2008-06-06 18:19 1,784 --a------ C:\bar.emf
2008-06-02 19:51 . 2008-06-02 19:51 <DIR> d-------- C:\Program Files\Microsoft Games
2008-05-27 18:19 . 2008-05-27 18:19 <DIR> d-------- C:\Deckard
2008-05-26 21:44 . 2008-05-26 21:44 <DIR> d-------- C:\Program Files\Karnaugh Map Minimizer
2008-05-26 18:06 . 2008-05-26 18:11 8,590 --a------ C:\WINDOWS\hh.dat
2008-05-25 18:03 . 2008-06-07 12:13 <DIR> d-------- C:\Program Files\Red Alert 2
2008-05-25 00:27 . 2008-05-25 00:34 <DIR> d-------- C:\Program Files\Total Annihilation
2008-05-24 23:00 . 2008-05-26 21:17 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-24 23:00 . 2008-05-24 23:00 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-23 23:24 . 2008-06-03 09:29 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-23 23:24 . 2008-05-23 23:24 <DIR> d-------- C:\Documents and Settings\S Huang\Application Data\Malwarebytes
2008-05-23 23:24 . 2008-05-23 23:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-23 23:24 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-23 23:24 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-23 22:54 . 2008-05-23 22:54 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-23 22:54 . 2008-05-23 22:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-23 21:40 . 2008-05-23 21:40 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-23 13:15 . 2008-05-23 13:15 <DIR> d-------- C:\SDFix
2008-05-22 23:03 . 2008-05-22 23:05 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-05-22 21:49 . 2008-05-22 21:49 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-22 21:43 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-22 21:43 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-22 21:43 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-22 21:43 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-22 21:43 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-22 21:43 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-22 21:43 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-22 21:43 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-22 21:43 . 2008-05-22 21:51 1,336 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-22 21:40 . 2008-05-22 21:41 <DIR> d-------- C:\smartkiller
2008-05-22 18:31 . 2008-05-22 18:31 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-22 18:31 . 2008-05-22 21:20 211 --a------ C:\WINDOWS\wininit.ini
2008-05-22 17:58 . 2008-05-22 17:58 4 --a------ C:\WINDOWS\system32\hljwugsf.bin
2008-05-22 12:03 . 2008-05-22 12:03 <DIR> d--h----- C:\WINDOWS\PIF
2008-05-20 23:50 . 2008-05-20 23:50 <DIR> d-------- C:\Wincupl
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-13 09:37 . 2008-05-13 09:37 <DIR> d-------- C:\Program Files\DAEMON Tools Lite

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-09 01:19 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-06-09 01:07 --------- d-----w C:\Documents and Settings\S Huang\Application Data\EndNote
2008-06-06 00:26 --------- d-----w C:\Program Files\LogicWorks 5
2008-05-26 22:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-24 04:46 --------- d-----w C:\Program Files\Advanced Registry Optimizer
2008-05-22 22:32 --------- d-----w C:\Program Files\Lavasoft
2008-05-22 22:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-22 13:55 --------- d-----w C:\Program Files\PeerGuardian2
2008-05-18 22:37 --------- d-----w C:\Program Files\Spiderweb Software
2008-05-18 22:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-14 00:02 --------- d-----w C:\Program Files\Activision
2008-05-13 13:42 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-05-13 13:40 --------- d-----w C:\Program Files\Autodesk
2008-05-12 04:17 --------- d-----w C:\Program Files\Mount&Blade
2008-05-08 03:11 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-05-06 04:35 --------- d-----w C:\Documents and Settings\S Huang\Application Data\Downloaded Installations
2008-05-06 04:30 --------- d-----w C:\Program Files\FlashGet
2008-05-06 04:28 --------- d-----w C:\Program Files\eMule
2008-04-29 15:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 15:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 15:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-16 16:03 --------- d-----w C:\Program Files\AIM
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2007-12-29 20:05 22,328 ----a-w C:\Documents and Settings\S Huang\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-04_21.02.35.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-05 00:36:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-06 20:55:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-05 00:40:27 86,448 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-06-06 21:00:02 86,448 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-06-05 00:40:27 483,036 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-06 21:00:02 483,036 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2007-05-06 18:10 405504 C:\WINDOWS\stsystra.exe]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-03-16 19:10 1392640]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-17 04:03 8495104]
"NVHotkey"="nvHotkey.dll" [2007-11-17 04:03 86016 C:\WINDOWS\system32\nvhotkey.dll]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-17 04:03 81920]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 18:38 52840]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-03-14 20:49 125632]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 17:10 851968]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-18 00:06 185896]

[HKLM\~\startupfolder\C:^Documents and Settings^S Huang^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 08:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-04-01 05:39 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a--c--- 2006-10-27 01:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a--c--- 2004-08-04 08:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a--c--- 2004-08-04 08:00 59392 C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-11-17 04:03 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a--c--- 2004-08-04 08:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a--c--- 2004-08-04 08:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2007-12-11 11:56 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RAM Medic]
--a--c--- 2004-01-24 11:37 1235968 C:\Program Files\Iomatic\RAM Medic\RAMMedic.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-02-18 00:06 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NVSvc"=2 (0x2)
"aawservice"=2 (0x2)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"mi-raysat_3dsMax2008_32"=2 (0x2)
"Autodesk Licensing Service"=2 (0x2)
"mi-raysat_3dsMax2009_32"=2 (0x2)
"SQLWriter"=2 (0x2)
"Schedule"=2 (0x2)
"MSSQL$SQLEXPRESS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 2008\\3dsmax.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\ABC\\abc.exe"=
"C:\\OrCAD\\OrCAD_10.0_Demo\\tools\\bin\\cdsMsgServer.exe"=
"C:\\OrCAD\\OrCAD_10.0_Demo\\tools\\bin\\cdsNameServer.exe"=
"C:\\Program Files\\FlashGet\\FlashGet.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Maple 11\\jre\\bin\\java.exe"=
"C:\\Program Files\\Wolfram Research\\Mathematica\\6.0\\Mathematica.exe"=
"C:\\Program Files\\Wolfram Research\\Mathematica\\6.0\\MathKernel.exe"=
"C:\\Program Files\\Wolfram Research\\Mathematica\\6.0\\math.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Maple 11\\jre\\bin\\maple.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"C:\\Program Files\\Red Alert 2\\gamemd.exe"=

R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-12-30 23:11]
S4 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;"C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe" [2008-03-10 00:04]
S4 msvsmon90;Visual Studio 2008 Remote Debugger;"c:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon90 []

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 21:23:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-08 21:26:20
ComboFix-quarantined-files.txt 2008-06-09 01:26:17
ComboFix2.txt 2008-06-05 01:02:45

Pre-Run: 85,042,122,752 bytes free
Post-Run: 85,031,559,168 bytes free

198 --- E O F --- 2008-05-28 01:08:50


Hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:31:44 PM, on 6/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\S Huang\My Documents\anti-spyware\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 204.126.210.222:80
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6828 bytes

#6 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:04:02 AM

Posted 09 June 2008 - 08:35 AM

Hello Greatwall,

Your log looks fine now. :thumbsup:

Go to Start > Run, and copy and paste next command in the field:ComboFix /u
Make sure there's a space between Combofix and /u
Then press Enter.
This will uninstall Combofix, delete its related folders and files, restore your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Your JavaVM is also out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u6.
  • Scroll down to where it says The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
  • Click the Download button to the right.
  • Check the box that says: Accept License Agreement
  • The page will refresh.
  • Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u6-windowsi586-p.exe to install the newest version.
No more problems ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#7 greatwall

greatwall
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 09 June 2008 - 05:12 PM

thank you sooo much!!


greatwall

#8 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:04:02 AM

Posted 10 June 2008 - 02:53 AM

Glad we could help, Greatwall :thumbsup:

Please read this Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks.
To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Please also read Tony Klein's excellent article: How I got Infected in the First Place
and/or Grinlers tutorial on how malware is hidden and installed

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users