Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Fakealert-t


  • This topic is locked This topic is locked
2 replies to this topic

#1 Art Vandelay

Art Vandelay

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 02 June 2008 - 06:11 PM

Help!

I get various pop-ups from the tool bar "Internet attach attempt detected" , "Your compter is working slowly", etc. Then every few minutes I get one of two pop ups; one from an alleged windows security center, another with an option to buy various virus clearing programs. Nothing I have tried to fix the problem has worked. I am getting very frustrated. Any help you can provide is appreciated.

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-06-02 19:10:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:10:41, on 6/2/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\vbpdtvdp.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\NewsBin\nbpro.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Administrator\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Administrator.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\SYSTEM32\Userinit.exe,C:\Windows\system32\vbpdtvdp.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2AE51C0A-B769-4EA0-BF54-8A56227CCB7A} - C:\Windows\system32\awtqpOIc.dll (file missing)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer Enterprise\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer Enterprise\Add_AllO.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...307/mcfscan.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 7594 bytes

-- Files created between 2008-05-02 and 2008-06-02 -----------------------------

2008-06-02 17:43:46 16384 --a------ C:\Windows\loader.exe
2008-06-02 17:41:40 0 d-------- C:\Program Files\RogueRemover FREE
2008-06-02 16:57:37 19712 --a------ C:\Windows\iexplorer.exe
2008-06-02 16:52:22 19712 --a------ C:\Windows\y.exe
2008-06-02 16:52:22 32000 --a------ C:\Windows\xplugin.dll
2008-06-02 16:52:22 21760 --a------ C:\Windows\x.exe
2008-06-02 16:52:22 20992 --a------ C:\Windows\winmgnt.exe
2008-06-02 16:52:22 26368 --a------ C:\Windows\window.exe
2008-06-02 16:52:21 19456 --a------ C:\Windows\winajbm.dll
2008-06-02 16:52:21 10752 --a------ C:\Windows\win64.exe
2008-06-02 16:52:21 23552 --a------ C:\Windows\win32e.exe
2008-06-02 16:52:21 30720 --a------ C:\Windows\waol.exe
2008-06-02 16:52:21 28416 --a------ C:\Windows\users32.exe
2008-06-02 16:52:21 30976 --a------ C:\Windows\time.exe
2008-06-02 16:52:21 21760 --a------ C:\Windows\systemcritical.exe
2008-06-02 16:52:20 23808 --a------ C:\Windows\systeem.exe
2008-06-02 16:52:20 28928 --a------ C:\Windows\olehelp.exe
2008-06-02 16:52:20 25088 --a------ C:\Windows\notepad32.exe
2008-06-02 16:52:20 18944 --a------ C:\Windows\mtwirl32.dll
2008-06-02 16:52:20 31744 --a------ C:\Windows\cpan.dll
2008-06-02 16:52:20 29184 --a------ C:\Windows\clrssn.exe
2008-06-02 16:52:19 10496 --a------ C:\Windows\avpcc.dll
2008-06-02 16:52:19 23552 --a------ C:\Windows\accesss.exe
2008-06-02 16:50:54 53248 --a------ C:\Windows\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-06-02 16:42:35 286504 --a------ C:\Pass2.cmd
2008-06-02 16:41:59 2460 --a------ C:\Windows\system32\tmp.reg
2008-06-02 16:40:35 82944 --a------ C:\Windows\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-02 16:40:34 25600 --a------ C:\Windows\system32\WS2Fix.exe
2008-06-02 16:40:34 289144 --a------ C:\Windows\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-06-02 16:40:34 86528 --a------ C:\Windows\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-06-02 16:40:34 288417 --a------ C:\Windows\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-06-02 16:40:34 82944 --a------ C:\Windows\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-02 16:40:34 51200 --a------ C:\Windows\system32\dumphive.exe
2008-06-02 14:23:59 14080 --a------ C:\Windows\msupdate.exe
2008-06-02 14:23:59 19968 --a------ C:\Windows\mssys.exe
2008-06-02 14:23:58 10240 --a------ C:\Windows\iedll.exe
2008-06-02 14:01:51 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-06-02 13:06:52 0 d-------- C:\Program Files\Alwil Software
2008-06-02 10:38:40 143360 --a------ C:\Windows\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2008-06-02 10:34:46 0 d-------- C:\Program Files\McAfee.com
2008-06-02 10:34:07 0 d-------- C:\Program Files\Common Files\McAfee
2008-06-02 10:33:57 0 d-------- C:\Program Files\McAfee
2008-06-02 10:29:25 0 d-------- C:\Users\All Users\McAfee
2008-06-02 10:15:13 0 d-------- C:\Windows\McAfee.com
2008-06-02 10:02:13 18176 --a------ C:\Windows\svcinit.exe
2008-06-02 10:02:13 30208 --a------ C:\Windows\svchost32.exe
2008-06-02 10:02:13 16384 --a------ C:\Windows\sistem.exe
2008-06-02 10:02:12 23808 --a------ C:\Windows\searchword.dll
2008-06-02 10:02:12 22016 --a------ C:\Windows\rundll16.exe
2008-06-02 10:02:12 30208 --a------ C:\Windows\quicken.exe
2008-06-02 10:02:12 11264 --a------ C:\Windows\qttasks.exe
2008-06-02 10:02:11 22016 --a------ C:\Windows\mswsc20.dll
2008-06-02 10:02:11 8704 --a------ C:\Windows\mswsc10.dll
2008-06-02 10:02:11 24832 --a------ C:\Windows\msspi.dll
2008-06-02 10:02:10 30976 --a------ C:\Windows\msconfd.dll
2008-06-02 10:02:10 31232 --a------ C:\Windows\internet.exe
2008-06-02 10:02:10 30464 --a------ C:\Windows\inetinf.exe
2008-06-02 10:02:09 32512 --a------ C:\Windows\helpcvs.exe
2008-06-02 10:02:09 17152 --a------ C:\Windows\gfmnaaa.dll
2008-06-02 10:02:09 22528 --a------ C:\Windows\funny.exe
2008-06-02 10:02:09 19968 --a------ C:\Windows\funniest.exe
2008-06-02 10:02:09 19712 --a------ C:\Windows\explorer32.exe
2008-06-02 10:02:09 24064 --a------ C:\Windows\explore.exe
2008-06-02 10:02:08 16640 --a------ C:\Windows\editpad.exe
2008-06-02 10:02:08 20480 --a------ C:\Windows\dnsrelay.dll
2008-06-02 10:02:08 18432 --a------ C:\Windows\directx32.exe
2008-06-02 10:02:08 11008 --a------ C:\Windows\ctrlpan.dll
2008-06-02 10:02:08 31488 --a------ C:\Windows\ctfmon32.exe
2008-06-02 09:55:58 1447 --ahs---- C:\Windows\system32\cIOpqtwa.ini2
2008-06-02 09:53:58 0 d--hs---- C:\Windows\VVNFUg
2008-06-02 09:53:55 0 d-------- C:\Windows\system32\Vco1
2008-06-02 09:53:55 0 d-------- C:\Windows\system32\sTMP
2008-06-02 09:53:55 0 d-------- C:\Windows\system32\fetc6
2008-06-02 09:53:55 0 d-------- C:\Windows\system32\Dev3
2008-06-02 09:53:55 0 d-------- C:\Windows\system32\a053
2008-06-02 09:53:55 0 d-------- C:\Windows\system32\6026c
2008-06-02 09:53:54 0 d-------- C:\Windows\system32\vntiho06
2008-06-02 09:53:54 0 d-------- C:\Temp
2008-06-02 09:53:52 0 d-------- C:\Program Files\uTorrent
2008-06-02 09:53:49 89049 --a------ C:\Windows\system32\vbpdtvdp.exe <Not Verified; Microsoft; XML Media>
2008-06-02 09:53:49 4 --a------ C:\Windows\system32\hljwugsf.bin
2008-06-02 09:53:49 89049 --a------ C:\Windows\lfn.exe <Not Verified; Microsoft; XML Media>
2008-05-31 23:39:53 0 d-------- C:\Program Files\DNA
2008-05-30 11:21:06 3107 --a------ C:\Windows\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
2008-05-30 11:20:30 2894 --a------ C:\Windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
2008-05-30 11:17:40 12896 --a------ C:\Windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2008-05-30 11:17:38 0 d-------- C:\Program Files\Illustrate
2008-05-30 10:09:12 0 d-------- C:\Windows\JM
2008-05-29 21:10:47 0 d-------- C:\Users\All Users\ZoomBrowser
2008-05-29 20:57:28 0 d-------- C:\Program Files\Common Files\Canon
2008-05-29 20:51:25 306688 --a------ C:\Windows\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-05-29 20:47:03 0 d-------- C:\Program Files\Canon
2008-05-28 12:22:41 3636 --a------ C:\Windows\system32\drivers\nvphy.bin
2008-05-24 06:26:59 0 d-------- C:\Users\All Users\Participatory Culture Foundation
2008-05-24 06:26:34 0 d-------- C:\Program Files\Participatory Culture Foundation
2008-05-24 05:52:00 0 d-------- C:\Program Files\hjsplit
2008-05-24 04:27:03 0 d-------- C:\Program Files\ACE Mega CoDecS Pack
2008-05-24 04:24:59 0 d-------- C:\Program Files\VideoLAN
2008-05-24 04:14:14 60273 --a------ C:\Windows\system32\pthreadGC2.dll <Not Verified; Open Source Software community project; >
2008-05-24 04:14:14 7680 --a------ C:\Windows\system32\ff_vfw.dll
2008-05-24 04:14:13 0 d-------- C:\Program Files\ffdshow
2008-05-23 11:48:00 0 d-------- C:\Program Files\Winamp
2008-05-23 11:15:52 180224 --a------ C:\Windows\system32\xvidvfw.dll
2008-05-23 11:15:52 761856 --a------ C:\Windows\system32\xvidcore.dll
2008-05-23 11:15:52 0 d-------- C:\Program Files\Xvid
2008-05-23 11:13:04 0 d-------- C:\xvidcore-1.1.3
2008-05-23 09:33:59 368912 --a------ C:\Windows\system32\vbar332.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-05-23 09:33:59 0 d-------- C:\Program Files\3WPlayerConverter
2008-05-23 09:31:49 0 d-------- C:\Download
2008-05-22 22:40:56 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-05-22 22:40:50 0 d-------- C:\Program Files\DivX
2008-05-22 22:38:06 0 d-------- C:\Program Files\QuickPar
2008-05-18 15:50:34 0 d-------- C:\Users\Administrator\{6f9d3c5b-d7d3-4653-9506-3fcc6ee3db3b}
2008-05-18 15:49:34 0 d-------- C:\Garmin
2008-05-18 01:41:53 0 d-------- C:\Windows\nvidia icons
2008-05-17 14:48:33 98304 --a------ C:\Windows\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2008-05-17 14:35:29 0 d-------- C:\Program Files\Sierra
2008-05-17 09:24:50 0 d-------- C:\Program Files\GoldWave
2008-05-17 08:50:32 0 d--h----- C:\Users\All Users\CanonBJ
2008-05-16 22:56:21 0 d-------- C:\Users\All Users\Adobe
2008-05-16 22:56:18 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-16 21:43:49 0 d--hs---- C:\Users\Mcx1\Templates
2008-05-16 21:43:49 0 d--hs---- C:\Users\Mcx1\Start Menu
2008-05-16 21:43:49 0 d--hs---- C:\Users\Mcx1\SendTo
2008-05-16 21:43:49 0 d--hs---- C:\Users\Mcx1\Recent
2008-05-16 21:43:49 0 d--hs---- C:\Users\Mcx1\PrintHood
2008-05-16 21:43:49 0 d--hs---- C:\Users\Mcx1\NetHood
2008-05-16 21:43:49 0 d--hs---- C:\Users\Mcx1\Local Settings
2008-05-16 21:43:49 0 d--hs---- C:\Users\Mcx1\Cookies
2008-05-16 21:43:49 0 d--hs---- C:\Users\Mcx1\Application Data
2008-05-16 21:43:48 0 d--hs---- C:\Users\Mcx1\My Documents
2008-05-16 21:43:47 0 dr------- C:\Users\Mcx1\Videos
2008-05-16 21:43:47 0 d-------- C:\Users\Mcx1\Saved Games
2008-05-16 21:43:47 0 dr------- C:\Users\Mcx1\Pictures
2008-05-16 21:43:47 524288 --ahs---- C:\Users\Mcx1\NTUSER.DAT
2008-05-16 21:43:47 0 dr------- C:\Users\Mcx1\Music
2008-05-16 21:43:47 0 dr------- C:\Users\Mcx1\Links
2008-05-16 21:43:47 0 dr------- C:\Users\Mcx1\Favorites
2008-05-16 21:43:47 0 dr------- C:\Users\Mcx1\Downloads
2008-05-16 21:43:47 0 dr------- C:\Users\Mcx1\Documents
2008-05-16 21:43:47 0 dr------- C:\Users\Mcx1\Desktop
2008-05-16 21:43:47 0 d--h----- C:\Users\Mcx1\AppData
2008-05-16 21:27:42 0 d-------- C:\Program Files\piPOol
2008-05-16 21:26:18 0 d-------- C:\Program Files\illiminable
2008-05-16 21:20:59 0 d-------- C:\Program Files\TVersity Codec Pack
2008-05-16 21:20:17 0 d-------- C:\Program Files\TVersity
2008-05-16 21:13:35 0 d-------- C:\Program Files\mIRC
2008-05-16 20:54:16 0 d-------- C:\Program Files\Offline Explorer Enterprise
2008-05-16 20:24:18 0 d-------- C:\Users\All Users\NewsBin
2008-05-16 20:24:18 0 d-------- C:\Program Files\NewsBin
2008-05-16 19:56:16 0 d-------- C:\Windows\system32\Macromed
2008-05-12 21:53:16 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-05-12 21:50:16 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-12 21:50:16 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-12 21:50:08 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-12 21:50:08 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-12 21:50:08 831488 --a------ C:\Windows\system32\divx_xx0a.dll
2008-05-12 21:50:08 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-12 21:50:06 682496 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-12 21:49:02 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll
2008-05-03 06:51:22 0 d-------- C:\Windows\Panther
2008-05-03 06:51:08 0 d--hs---- C:\Boot
2008-05-03 06:50:45 0 d-------- C:\Windows\OEMLOGO
2008-05-03 06:50:45 24 -rah----- C:\Windows\CLEANUP.CMD
2008-05-03 06:33:08 262144 --a------ C:\Windows\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-05-03 06:33:08 86016 --a------ C:\Windows\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>
2008-05-03 06:30:09 0 d-------- C:\Windows\system32\Futuremark
2008-05-03 06:30:09 3972 --a------ C:\Windows\system32\drivers\PciBus.sys
2008-05-03 06:30:09 5632 --a------ C:\Windows\system32\drivers\Entech64.sys <Not Verified; EnTech Taiwan; EnTech.sys>
2008-05-03 06:30:09 21664 --a------ C:\Windows\system32\drivers\Entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
2008-05-03 06:28:35 0 d-------- C:\Program Files\Futuremark
2008-05-03 06:23:36 0 d-------- C:\Users\All Users\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
2008-05-03 06:23:34 0 d-------- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2008-05-03 06:20:33 0 d-------- C:\Program Files\Microsoft Works
2008-05-03 06:20:04 0 d-------- C:\Windows\PCHEALTH
2008-05-03 06:20:04 0 d-------- C:\Program Files\Microsoft.NET
2008-05-03 06:18:45 0 d-------- C:\Users\All Users\Microsoft Help
2008-05-03 06:18:38 0 d--hs---- C:\Windows\Installer
2008-05-03 06:18:13 0 dr-h----- C:\MSOCache
2008-05-03 06:12:29 0 d-------- C:\Users\All Users\NVIDIA
2008-05-03 06:07:11 0 d-------- C:\NVIDIA
2008-05-03 06:05:35 0 d-------- C:\Windows\system32\RTCOM
2008-05-03 06:05:13 0 d-------- C:\Program Files\Realtek
2008-05-03 06:05:12 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-03 06:04:54 499712 -r------- C:\Windows\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-05-03 06:04:49 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-03 06:03:48 0 dr------- C:\Users\Administrator\Searches
2008-05-03 06:03:40 0 dr------- C:\Users\Administrator\Contacts
2008-05-03 06:03:37 0 dr------- C:\Users\Administrator\Videos
2008-05-03 06:03:37 0 d--hs---- C:\Users\Administrator\Templates
2008-05-03 06:03:37 0 d--hs---- C:\Users\Administrator\Start Menu
2008-05-03 06:03:37 0 d--hs---- C:\Users\Administrator\SendTo
2008-05-03 06:03:37 0 dr------- C:\Users\Administrator\Saved Games
2008-05-03 06:03:37 0 d--hs---- C:\Users\Administrator\Recent
2008-05-03 06:03:37 0 d--hs---- C:\Users\Administrator\PrintHood
2008-05-03 06:03:37 0 dr------- C:\Users\Administrator\Pictures
2008-05-03 06:03:37 2359296 --ahs---- C:\Users\Administrator\NTUSER.DAT
2008-05-03 06:03:37 0 d--hs---- C:\Users\Administrator\NetHood
2008-05-03 06:03:37 0 d--hs---- C:\Users\Administrator\My Documents
2008-05-03 06:03:37 0 dr------- C:\Users\Administrator\Music
2008-05-03 06:03:37 0 d--hs---- C:\Users\Administrator\Local Settings
2008-05-03 06:03:37 0 dr------- C:\Users\Administrator\Links
2008-05-03 06:03:37 0 dr------- C:\Users\Administrator\Favorites
2008-05-03 06:03:37 0 dr------- C:\Users\Administrator\Downloads
2008-05-03 06:03:37 0 dr------- C:\Users\Administrator\Documents
2008-05-03 06:03:37 0 dr------- C:\Users\Administrator\Desktop
2008-05-03 06:03:37 0 d--hs---- C:\Users\Administrator\Cookies
2008-05-03 06:03:37 0 d--hs---- C:\Users\Administrator\Application Data
2008-05-03 06:03:34 0 d--h----- C:\Users\Administrator\AppData
2008-05-03 06:01:31 0 d-------- C:\Windows\Debug
2008-05-03 05:54:28 0 d-------- C:\Windows\SoftwareDistribution
2008-05-03 05:52:27 0 d-------- C:\Windows\Prefetch
2008-05-03 05:52:21 0 d--hs---- C:\System Volume Information


-- Find3M Report ---------------------------------------------------------------

2008-06-02 16:52:19 35 --a------ C:\Users\Administrator\AppData\Roaming\SetValue.bat
2008-06-02 16:52:19 691 --a------ C:\Users\Administrator\AppData\Roaming\GetValue.vbs
2008-06-02 13:08:35 0 d-------- C:\Users\Administrator\AppData\Roaming\DNA
2008-06-02 13:08:34 0 d-------- C:\Users\Administrator\AppData\Roaming\uTorrent
2008-06-02 10:34:07 0 d-------- C:\Program Files\Common Files
2008-06-02 09:53:58 0 d-------- C:\Program Files\Windows Mail
2008-06-01 04:38:09 0 d-------- C:\Users\Administrator\AppData\Roaming\mIRC
2008-06-01 02:59:52 0 d-------- C:\Users\Administrator\AppData\Roaming\PCF-VLC
2008-05-30 11:17:40 0 d-------- C:\Users\Administrator\AppData\Roaming\AccurateRip
2008-05-24 21:04:45 0 d-------- C:\Users\Administrator\AppData\Roaming\Winamp
2008-05-24 06:27:34 0 d-------- C:\Users\Administrator\AppData\Roaming\Mozilla
2008-05-24 06:27:33 0 d-------- C:\Users\Administrator\AppData\Roaming\Participatory Culture Foundation
2008-05-24 04:33:36 0 d-------- C:\Users\Administrator\AppData\Roaming\vlc
2008-05-23 11:07:57 0 d-------- C:\Users\Administrator\AppData\Roaming\DivX
2008-05-22 22:12:27 0 d-------- C:\Users\Administrator\AppData\Roaming\WinRAR
2008-05-17 14:48:59 0 d-------- C:\Users\Administrator\AppData\Roaming\Sierra
2008-05-17 09:31:25 462848 --a------ C:\Windows\system32\lame_enc.dll
2008-05-16 23:06:58 0 d-------- C:\Users\Administrator\AppData\Roaming\Adobe
2008-05-16 21:11:02 0 d-------- C:\Users\Administrator\AppData\Roaming\Offline Explorer
2008-05-16 19:56:17 0 d-------- C:\Users\Administrator\AppData\Roaming\Macromedia
2008-05-03 06:03:41 0 d-------- C:\Users\Administrator\AppData\Roaming\Identities


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2AE51C0A-B769-4EA0-BF54-8A56227CCB7A}]
C:\Windows\system32\awtqpOIc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [01/20/2008 22:23]
"RtHDVCpl"="RtHDVCpl.exe" [12/01/2006 01:37 C:\Windows\RtHDVCpl.exe]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [05/03/2008 05:46]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [05/03/2008 05:46]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 19:12]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 19:19]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/20/2008 22:23]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [01/20/2008 22:25]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [01/20/2008 22:25]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{487C9905-26A8-42C8-8033-C58AD3D2AEC3}"= C:\Windows\system32\pmnoppPG.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\Windows\SYSTEM32\Userinit.exe,C:\Windows\system32\vbpdtvdp.exe,"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\Windows\system32\awtqpOIc

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
"C:\Program Files\DNA\btdna.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
rundll32.exe C:\Windows\system32\pmnoppPG.dll,#1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\Windows\mrofinu1868.exe 61A847B5BBF728133A9D30466188719AB689201522886B092CBD44BD8689220221DD3257

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-06-02 19:11:12 ------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:12:17, on 6/2/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\vbpdtvdp.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\NewsBin\nbpro.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\SYSTEM32\Userinit.exe,C:\Windows\system32\vbpdtvdp.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2AE51C0A-B769-4EA0-BF54-8A56227CCB7A} - C:\Windows\system32\awtqpOIc.dll (file missing)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer Enterprise\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer Enterprise\Add_AllO.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...307/mcfscan.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 7558 bytes

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:41 PM

Posted 04 June 2008 - 02:36 PM

Hello Art Vandelay,

Welcome to Bleeping Computer :thumbsup:

First you should know that you're actually doing more harm than good by running 2 Anti Virus programs. (McAfee and Avast!) When you do this both programs compete for resources, and the end result is neither does it's best and can cause system instability. I recommend that you choose the one you want to keep, update it, disable or uninstall the other one, and use it as an on demand only scan occasionally.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2AE51C0A-B769-4EA0-BF54-8A56227CCB7A} - C:\Windows\system32\awtqpOIc.dll (file missing)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
  • Open Windows Defender.
  • Click on Tools, General Settings.
  • Scroll down and uncheck Turn on real-time protection (recommended).
  • After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.

I notice that you also have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with the fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts

You can reenable TeaTimer once your system is clean.

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:41 PM

Posted 15 June 2008 - 03:03 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users