Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde Problem As Stated By Kaspersky (dss Reports Included)


  • This topic is locked This topic is locked
8 replies to this topic

#1 funkilla

funkilla

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 02 June 2008 - 06:48 PM

Hi,

Recently i downloaded a torrent file and installed kaspersky, i then donwloaded another torrent for a serial because the first torrents serials were not working.

After i installed the serials all seemed fine but after the reboot when i clicked on internet explorer my home page didnt appear but instead google did i also got another pop up window with a spam website.

I deleted everything i downloaded, did a spyware scan with spysweeper also a virus scan, i rebooted and same problem. The pop-up only appear when i click to go online i a gettn same probles wih firefox as well.

I tried downloading the latest windows update but th update seems to be disabled. Also Kaspersky keeps stating an attack by Virtumonde & fccDtRLB and at windows start up a pop-up appears sayin ypxnbiop.dll could'nt be loaded.

At the moment i am using wndows xp i have also included my DSS reports as i was told to do so from a moderator as i posted my previous thread in the wrong forum (http://www.bleepingcomputer.com/forums/topic150087.html), hope this helps:

MAIN.TXT

Deckard's System Scanner v20071014.68
Run by Rayhan on 2008-06-03 00:29:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
63: 2008-06-02 23:29:48 UTC - RP63 - Deckard's System Scanner Restore Point
62: 2008-06-01 21:46:51 UTC - RP62 - System Checkpoint
61: 2008-05-31 12:39:48 UTC - RP61 - Move file to quarantine: fccDtRLB.dll
60: 2008-05-31 03:13:56 UTC - RP60 - Software Distribution Service 3.0
59: 2008-05-31 03:03:31 UTC - RP59 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-05-29 22:53:05 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Rayhan.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:31:11, on 03/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Rayhan\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Rayhan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [BMa72ba7ba] "Rundll32.exe" "C:\WINDOWS\system32\ypxnbiop.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207610293015
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: fccDtRLB - C:\WINDOWS\
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 4326 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080323-165154-188 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
backup-20080323-165154-227 O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
backup-20080323-165154-233 O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
backup-20080323-165154-284 O1 - Hosts: 66.98.148.65 auto.search.msn.es
backup-20080323-165154-297 O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
backup-20080323-165154-367 O1 - Hosts: 66.98.148.65 auto.search.msn.com
backup-20080323-165154-397 O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
backup-20080323-165154-718 O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
backup-20080323-165154-775 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
backup-20080323-165154-805 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
backup-20080323-165154-909 O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
backup-20080323-165154-981 O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
backup-20080323-165154-989 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20080323-165155-491 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
backup-20080323-165155-664 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20080323-165155-708 O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
backup-20080323-165155-748 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20080323-165155-787 O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
backup-20080323-165155-817 O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab
backup-20080323-165155-859 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20080323-165155-953 O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
backup-20080323-165156-332 O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
backup-20080323-165156-353 O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
backup-20080323-165156-382 O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
backup-20080323-165156-523 O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
backup-20080323-165156-557 O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
backup-20080323-165156-618 O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
backup-20080323-165156-643 O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
backup-20080323-165156-854 O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
backup-20080323-165156-902 O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
backup-20080323-165156-961 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
backup-20080323-165156-968 O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
backup-20080323-165255-695 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
backup-20080323-165255-723 O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
backup-20080323-165255-804 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1191268636859
backup-20080323-165255-905 O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
backup-20080323-165255-923 O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
backup-20080323-165256-350 O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
backup-20080323-165256-439 O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
backup-20080323-165256-523 O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
backup-20080323-165256-534 O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
backup-20080323-165256-683 O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
backup-20080323-165256-741 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
backup-20080323-165256-933 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
backup-20080323-165256-944 O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
backup-20080323-165256-985 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
backup-20080323-165311-141 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
backup-20080323-165311-293 O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
backup-20080323-165311-718 O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
backup-20080323-165311-853 O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys
R2 BTSLBCSP (Bluetooth Port Client Driver) - c:\windows\system32\drivers\btslbcsp.sys <Not Verified; WIDCOMM, Inc.; Bluetooth Software 1.4.2 Build 10>

S3 AR5523 (NETGEAR WG111T USB2.0 Wireless Card Service) - c:\windows\system32\drivers\wg11tnd5.sys (file missing)
S3 C-Dilla - c:\windows\system32\drivers\cdant.sys (file missing)
S3 DNINDIS5 (DNINDIS5 NDIS Protocol Driver) - c:\windows\system32\dnindis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S4 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>
S4 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
S4 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-20 02:10:25 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-03 and 2008-06-03 -----------------------------

2008-06-01 04:50:11 0 d-------- C:\Program Files\Enigma Software Group
2008-05-31 03:23:24 2560 --a------ C:\WINDOWS\system32\dmfsqbnb.exe
2008-05-31 03:20:40 1484618 --ahs---- C:\WINDOWS\system32\tnlmnvww.ini2
2008-05-31 03:17:24 567864 --ahs---- C:\WINDOWS\system32\FOUDffii.ini2
2008-05-31 03:03:05 0 d-------- C:\Program Files\Security Task Manager
2008-05-31 02:15:36 0 d-------- C:\Documents and Settings\Rayhan\Application Data\Help
2008-05-31 02:06:09 0 d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-05-31 01:52:47 2560 --a------ C:\WINDOWS\system32\jlfiygnh.exe
2008-05-29 23:22:49 2560 --a------ C:\WINDOWS\system32\eahidnsn.exe
2008-05-29 23:19:50 132608 --a------ C:\WINDOWS\system32\tvtwsuqw.dll
2008-05-29 23:07:49 577793 --ahs---- C:\WINDOWS\system32\LoVxayxx.ini2
2008-05-29 21:54:03 0 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-05-29 01:28:40 0 d-------- C:\Documents and Settings\Family\Application Data\Macromedia
2008-05-29 01:28:40 0 d-------- C:\Documents and Settings\Family\Application Data\Adobe
2008-05-28 15:57:04 68096 --a------ C:\WINDOWS\zip.exe
2008-05-28 15:57:04 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-28 15:57:04 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-28 15:57:04 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-28 15:57:04 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-28 15:57:04 98816 --a------ C:\WINDOWS\sed.exe
2008-05-28 15:57:04 80412 --a------ C:\WINDOWS\grep.exe
2008-05-28 15:57:04 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-27 23:10:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-20 23:17:37 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-12 18:53:56 0 d-------- C:\Program Files\Shareaza
2008-05-12 18:53:56 0 d-------- C:\Documents and Settings\Rayhan\Application Data\Shareaza
2008-05-10 11:21:16 0 d-------- C:\Documents and Settings\Family\Application Data\Identities
2008-05-10 11:21:06 0 d--h----- C:\Documents and Settings\Family\Templates
2008-05-10 11:21:06 0 dr------- C:\Documents and Settings\Family\Start Menu
2008-05-10 11:21:06 0 dr-h----- C:\Documents and Settings\Family\SendTo
2008-05-10 11:21:06 0 dr-h----- C:\Documents and Settings\Family\Recent
2008-05-10 11:21:06 0 d--h----- C:\Documents and Settings\Family\PrintHood
2008-05-10 11:21:06 1048576 --ah----- C:\Documents and Settings\Family\NTUSER.DAT
2008-05-10 11:21:06 0 d--h----- C:\Documents and Settings\Family\NetHood
2008-05-10 11:21:06 0 dr------- C:\Documents and Settings\Family\My Documents
2008-05-10 11:21:06 0 d--h----- C:\Documents and Settings\Family\Local Settings
2008-05-10 11:21:06 0 dr------- C:\Documents and Settings\Family\Favorites
2008-05-10 11:21:06 0 d-------- C:\Documents and Settings\Family\Desktop
2008-05-10 11:21:06 0 d--hs---- C:\Documents and Settings\Family\Cookies
2008-05-10 11:21:06 0 dr-h----- C:\Documents and Settings\Family\Application Data
2008-05-10 11:21:06 0 d---s---- C:\Documents and Settings\Family\Application Data\Microsoft


-- Find3M Report ---------------------------------------------------------------

2008-05-31 18:54:31 0 d-------- C:\Program Files\DC++
2008-05-21 01:05:42 0 d-------- C:\Documents and Settings\Rayhan\Application Data\Adobe
2008-05-21 01:05:00 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-20 23:17:37 0 d-------- C:\Program Files\Common Files
2008-05-19 22:49:21 0 d-------- C:\Documents and Settings\Rayhan\Application Data\dvdcss
2008-04-28 00:37:43 0 d-------- C:\Documents and Settings\Rayhan\Application Data\Vso
2008-04-28 00:37:42 668 --a------ C:\Documents and Settings\Rayhan\Application Data\vso_ts_preview.xml
2008-04-28 00:36:17 0 d-------- C:\Program Files\Dvd-cloner
2008-04-25 02:04:41 14 --a------ C:\WINDOWS\system32\systeminfo.dll
2008-04-21 21:41:02 0 d-------- C:\Program Files\DivX
2008-04-20 14:09:39 0 d-------- C:\Program Files\Apple Software Update
2008-04-20 02:19:04 0 d-------- C:\Program Files\iTunes
2008-04-20 02:18:47 0 d-------- C:\Program Files\iPod
2008-04-20 02:16:53 0 d-------- C:\Program Files\QuickTime
2008-04-16 16:27:51 0 d-------- C:\Documents and Settings\Rayhan\Application Data\Any Video Converter Professional
2008-04-15 16:38:44 0 d-------- C:\Documents and Settings\Rayhan\Application Data\Ahead
2008-04-12 03:55:14 0 d-------- C:\Program Files\Akkhor Font
2008-04-10 16:08:09 0 d-------- C:\Program Files\Panda Security
2008-04-09 15:52:30 0 d-------- C:\Program Files\EsetOnlineScanner
2008-03-31 22:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 22:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 22:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 22:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 22:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-26 05:49:25 3532 --a------ C:\drmHeader.bin
2008-03-21 21:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 21:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 21:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 21:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-19 10:47:00 1845248 --a------ C:\WINDOWS\system32\win32k.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-03 20:03:01 33 --a------ C:\Documents and Settings\Rayhan\Application Data\pcouffin.log
2008-03-03 20:03:00 47360 --a------ C:\Documents and Settings\Rayhan\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-03-03 20:03:00 1144 --a------ C:\Documents and Settings\Rayhan\Application Data\pcouffin.inf
2008-03-03 20:03:00 7887 --a------ C:\Documents and Settings\Rayhan\Application Data\pcouffin.cat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [28/03/2008 23:37]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [08/02/2008 18:36]
"BMa72ba7ba"="Rundll32.exe" [04/08/2004 13:00 C:\WINDOWS\system32\rundll32.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 13:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{166BCB27-FCFD-4588-9BDB-44FC6A02EF35}"= C:\WINDOWS\system32\fccDtRLB.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccDtRLB]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\iiffDUOF

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
"rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nForce Tray Options]
sstray.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"C-DillaSrv"=3 (0x3)
"AresChatServer"=3 (0x3)
"wwSecSvc"=2 (0x2)
"WebrootSpySweeperService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ




-- End of Deckard's System Scanner: finished at 2008-06-03 00:32:23 ------------

EXTRA.TXT

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP 2800+
Percentage of Memory in Use: 37%
Physical Memory (total/avail): 991.48 MiB / 615.22 MiB
Pagefile Memory (total/avail): 2390.44 MiB / 2121.11 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1922.23 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 127.99 GiB total, 69.01 GiB free.
D: is CDROM (No Media)
E: is Removable (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is CDROM (No Media)
K: is CDROM (No Media)
L: is Fixed (FAT32) - 76.31 GiB total, 15.76 GiB free.

\\.\PHYSICALDRIVE0 - ST3160021A - 146.7 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 127.99 GiB - C:

\\.\PHYSICALDRIVE1 - IN-WIN CF Card USB Device

\\.\PHYSICALDRIVE2 - IN-WIN MS Card USB Device

\\.\PHYSICALDRIVE4 - IN-WIN SD Card USB Device

\\.\PHYSICALDRIVE3 - IN-WIN SM Card USB Device

\\.\PHYSICALDRIVE5 - Maxtor OneTouch USB Device - 76.33 GiB - 1 partition
\PARTITION0 - Unknown - 76.33 GiB - L:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: Kaspersky Internet Security v7.0.1.325 (Kaspersky Lab)
AV: Kaspersky Internet Security v7.0.1.325 (Kaspersky Lab) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe:*:Enabled:Football Manager 2008"
"C:\\Program Files\\Cyberlink\\PowerDirector\\PDR.exe"="C:\\Program Files\\Cyberlink\\PowerDirector\\PDR.exe:*:Enabled:CyberLink PowerDirector"
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 7.0\\avp.exe"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 7.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe:*:Enabled:Nero ControlCenter"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Rayhan\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MIAH
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Rayhan
LOGONSERVER=\\MIAH
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\3dsmax5\backburner2;C:\Program Files\Common Files\Autodesk Shared;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Rayhan\LOCALS~1\Temp
TMP=C:\DOCUME~1\Rayhan\LOCALS~1\Temp
USERDOMAIN=MIAH
USERNAME=Rayhan
USERPROFILE=C:\Documents and Settings\Rayhan
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Rayhan (admin)
Family
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3ds max 5 --> MsiExec.exe /I{7A001E33-CA55-4013-BFCE-5BDD056EF0BA}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash CS3 --> MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash CS3 Professional --> C:\Program Files\Common Files\Adobe\Installers\c3c7fe8b09d497ab2b3fd91c9353390\Setup.exe
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player 9 Plugin --> MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Video Encoder --> MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup --> MsiExec.exe /I{FFC1ADE3-944B-4231-894E-3903C37271D2}
Adobe Shockwave Player 11 --> C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Advanced Uninstaller PRO 2004 - version 6 --> "C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2004 version 6\unins000.exe"
Akkhor Font --> C:\Program Files\Akkhor Font\uninstall.exe
Any Video Converter Professional 2.5.6 --> "C:\Program Files\Any Video Converter Professional\unins000.exe"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Ares 2.0.9 --> "C:\Program Files\Ares\uninstall.exe"
backburner 2.1 --> C:\WINDOWS\unvise32.exe C:\3dsmax5\backburner2\uninstal.log
Belarc Advisor 7.2 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
BitTornado 0.3.10 --> C:\Program Files\BitTornado\uninst.exe
BlazeDTV 2.5 --> "C:\Program Files\BlazeVideo\BlazeDTV 2.5\unins000.exe"
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Broadband Help --> MsiExec.exe /I{01B6480D-3937-4E82-AB2C-8E4C591BEFE5}
ConvertXtoDVD 3.0.0.1 --> "C:\Program Files\VSO\ConvertX\3\unins000.exe"
DC++ 0.705 --> "C:\Program Files\DC++\uninstall.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD-CLONER V5.20 Build 968 --> "C:\Program Files\Dvd-cloner\unins000.exe"
ESET Online Scanner --> C:\WINDOWS\system32\OnlineScannerUninstaller.exe
Football Manager 2008 --> "C:\Program Files\Sports Interactive\Football Manager 2008\Uninstall_Football Manager 2008\Uninstall Football Manager 2008.exe"
getPlus®_ocx --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Lexmark Z600 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBCUN5C.EXE -dLexmark Z600 Series
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Magic ISO Maker v5.3 (build 0216) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Expression Web --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall WEBDESIGNER /dll ESETUP.DLL
Microsoft Expression Web --> MsiExec.exe /X{90120000-0026-0000-0000-0000000FF1CE}
Microsoft Expression Web MUI (English) --> MsiExec.exe /X{90120000-0026-0409-0000-0000000FF1CE}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Project MUI (English) 2007 --> MsiExec.exe /X{90120000-00B4-0409-0000-0000000FF1CE}
Microsoft Office Project Professional 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PRJPRO /dll OSETUP.DLL
Microsoft Office Project Professional 2007 --> MsiExec.exe /X{90120000-003B-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visio MUI (English) 2007 --> MsiExec.exe /X{90120000-0054-0409-0000-0000000FF1CE}
Microsoft Office Visio Professional 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISPRO /dll OSETUP.DLL
Microsoft Office Visio Professional 2007 --> MsiExec.exe /X{90120000-0051-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 To Wave Converter PLUS --> C:\PROGRA~1\ACOUST~1\UNWISE.EXE C:\PROGRA~1\ACOUST~1\INSTALL.LOG
Nero 8 --> MsiExec.exe /X{0B11A2CE-4FA6-487C-B0B0-A5103479D021}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers --> C:\WINDOWS\system32\NVUninst.exe UninstallGUI
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PhotoNow! 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe" -uninstall
PowerDirector --> "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" -l0x000409 /z-uninstall
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Task Manager 1.7 --> C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
Shareaza 2.3.1.0 --> "C:\Program Files\Shareaza\Uninstall\unins000.exe"
SmartSound Quicktracks Plugin --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Super DVD Creator 9.5 --> "C:\Program Files\Super_DVD_Creator_9.5\unins000.exe"
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
WIDCOMM Bluetooth Software --> MsiExec.exe /X{FE90E9E7-A158-4687-8853-DF677A939A61}
Window Washer --> C:\WINDOWS\Unwash6.exe
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type3685 / Error
Event Submitted/Written: 05/31/2008 03:51:58 AM
Event ID/Source: 439 / ESENT
Event Description:
wuauclt (3104) Unable to write a shadowed header for file C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.chk. Error -1032.

Event Record #/Type3684 / Error
Event Submitted/Written: 05/31/2008 03:51:58 AM
Event ID/Source: 490 / ESENT
Event Description:
wuauclt (3104) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Event Record #/Type3674 / Error
Event Submitted/Written: 05/31/2008 03:08:17 AM
Event ID/Source: 0 / wwSecure.exe
Event Description:
The service process could not connect to the service controller

Event Record #/Type3667 / Success
Event Submitted/Written: 05/31/2008 01:51:34 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type3637 / Error
Event Submitted/Written: 05/30/2008 02:31:54 PM
Event ID/Source: 0 / wwSecure.exe
Event Description:
The service process could not connect to the service controller



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type18015 / Warning
Event Submitted/Written: 05/31/2008 06:09:30 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type18014 / Error
Event Submitted/Written: 05/31/2008 01:34:22 PM
Event ID/Source: 1003 / System Error
Event Description:
Error code 000000c2, parameter1 00000007, parameter2 00000cd4, parameter3 000001a8, parameter4 804de7ec.

Event Record #/Type18013 / Error
Event Submitted/Written: 05/31/2008 01:34:12 PM
Event ID/Source: 1003 / System Error
Event Description:
Error code 000000c2, parameter1 00000007, parameter2 00000cd4, parameter3 000001a8, parameter4 804de7ec.

Event Record #/Type18012 / Error
Event Submitted/Written: 05/31/2008 01:33:52 PM
Event ID/Source: 1003 / System Error
Event Description:
Error code 000000c2, parameter1 00000007, parameter2 00000cd4, parameter3 000001a8, parameter4 804de7ec.

Event Record #/Type17923 / Error
Event Submitted/Written: 05/31/2008 03:51:34 AM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.100.10 for the Network Card with network address 00044B808003 has been
denied by the DHCP server 62.31.176.115 (The DHCP Server sent a DHCPNACK message).



-- End of Deckard's System Scanner: finished at 2008-06-03 00:32:23 ------------

Would be greatful if someone can help me out thank you.
Ray

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:10 PM

Posted 03 June 2008 - 02:09 PM

Hi,

Recently i downloaded a torrent file and installed kaspersky, i then donwloaded another torrent for a serial because the first torrents serials were not working.

I see you're not afraid of visiting cracksites and other illegal sites.
If you visit cracksites, torrent, use cracks, you'll ALWAYS get infected. This not only because of the crack itself, but because one single click entering that site may already download and install a huge malware bundle.
You really have to change your surfing habits though, because these malware bundles may contain a keylogger, collecting all your passwords and installing other random malware, compromising your system including infecting other computers. And this all, because you visited some illegal sites.
Also, keep in mind, malware DAMAGES A LOT! And the damage can't always be repaired, so a format and reinstall is the only solution in such cases.
So is it really worth it? Get illegal software for "free", but compromise/break your computer instead.... :thumbsup:
Better to avoid this instead and change your surfing habits. Then this wouldn't have happened.

Don't forget to change your passwords afterwards, once we are done with this thread, because they are known. Don't change them now, because as long as the malware is still present, it will gather the changed passwords as well.


* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 funkilla

funkilla
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 03 June 2008 - 04:23 PM

Hi Miekiemoes,

Thank you for the reply and i will be sure in being careful in the future in what i download and how i download stuff, thank you for the advice.

I have now included my CF log and HJT log hope this helps.

Combofix

ComboFix 08-06-01.6 - Rayhan 2008-06-03 21:50:17.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.617 [GMT 1:00]
Running from: C:\Documents and Settings\Rayhan\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMa72ba7ba.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\dmfsqbnb.exe
C:\WINDOWS\system32\eahidnsn.exe
C:\WINDOWS\system32\FOUDffii.ini
C:\WINDOWS\system32\FOUDffii.ini2
C:\WINDOWS\system32\jjvcdoer.ini
C:\WINDOWS\system32\jlfiygnh.exe
C:\WINDOWS\system32\LoVxayxx.ini
C:\WINDOWS\system32\LoVxayxx.ini2
C:\WINDOWS\system32\tnlmnvww.ini
C:\WINDOWS\system32\tnlmnvww.ini2
C:\WINDOWS\system32\tnlmnvww.tmp
C:\WINDOWS\system32\tvtwsuqw.dll
C:\WINDOWS\system32\yieiusxm.ini

.
((((((((((((((((((((((((( Files Created from 2008-05-03 to 2008-06-03 )))))))))))))))))))))))))))))))
.

2008-06-03 00:29 . 2008-06-03 00:29 <DIR> d-------- C:\Deckard
2008-06-01 04:50 . 2008-06-01 22:20 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-05-31 03:03 . 2008-05-31 13:39 <DIR> d-------- C:\Program Files\Security Task Manager
2008-05-31 02:06 . 2008-05-31 13:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-05-29 23:52 . 2008-05-29 23:52 1,467,654 --ahs---- C:\WINDOWS\system32\yieiusxm.tmp
2008-05-29 22:14 . 2008-04-14 01:12 7,680 --a------ C:\WINDOWS\system32\spdwnwxp.exe
2008-05-29 21:54 . 2008-05-31 04:14 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-05-29 00:55 . 2008-06-03 22:04 0 --a------ C:\WINDOWS\system.ini
2008-05-28 23:02 . 2008-05-28 23:05 354 --ahs---- C:\WINDOWS\system32\wqacqjle.ini
2008-05-27 23:17 . 2008-05-27 23:17 153 --ahs---- C:\WINDOWS\system32\vanljern.tmp
2008-05-27 23:10 . 2008-05-27 23:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-20 23:17 . 2008-05-20 23:17 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-12 18:53 . 2008-05-12 18:54 <DIR> d-------- C:\Program Files\Shareaza
2008-05-12 18:53 . 2008-05-12 18:53 <DIR> d-------- C:\Documents and Settings\Rayhan\Application Data\Shareaza
2008-05-10 11:21 . 2008-05-10 11:56 <DIR> d-------- C:\Documents and Settings\Family
2008-05-09 15:25 . 2008-05-27 20:03 244 --ah----- C:\sqmnoopt19.sqm
2008-05-09 15:25 . 2008-05-27 20:03 232 --ah----- C:\sqmdata19.sqm
2008-05-08 01:36 . 2008-05-27 19:56 244 --ah----- C:\sqmnoopt18.sqm
2008-05-08 01:36 . 2008-05-27 19:56 232 --ah----- C:\sqmdata18.sqm
2008-05-08 00:19 . 2008-05-27 01:20 244 --ah----- C:\sqmnoopt17.sqm
2008-05-08 00:19 . 2008-05-27 01:17 244 --ah----- C:\sqmnoopt16.sqm
2008-05-08 00:19 . 2008-05-27 00:44 244 --ah----- C:\sqmnoopt15.sqm
2008-05-08 00:19 . 2008-05-27 01:20 232 --ah----- C:\sqmdata17.sqm
2008-05-08 00:19 . 2008-05-27 01:17 232 --ah----- C:\sqmdata16.sqm
2008-05-08 00:19 . 2008-05-27 00:44 232 --ah----- C:\sqmdata15.sqm
2008-05-08 00:18 . 2008-05-27 00:43 244 --ah----- C:\sqmnoopt14.sqm
2008-05-08 00:18 . 2008-05-27 00:43 232 --ah----- C:\sqmdata14.sqm
2008-05-06 04:52 . 2008-05-27 00:41 244 --ah----- C:\sqmnoopt13.sqm
2008-05-06 04:52 . 2008-05-27 00:41 232 --ah----- C:\sqmdata13.sqm
2008-05-05 22:12 . 2008-05-26 15:25 244 --ah----- C:\sqmnoopt12.sqm
2008-05-05 22:12 . 2008-05-26 15:25 232 --ah----- C:\sqmdata12.sqm
2008-05-05 22:05 . 2008-05-26 15:24 244 --ah----- C:\sqmnoopt11.sqm
2008-05-05 22:05 . 2008-05-11 16:00 244 --ah----- C:\sqmnoopt10.sqm
2008-05-05 22:05 . 2008-05-11 15:06 244 --ah----- C:\sqmnoopt09.sqm
2008-05-05 22:05 . 2008-05-26 15:24 232 --ah----- C:\sqmdata11.sqm
2008-05-05 22:05 . 2008-05-11 16:00 232 --ah----- C:\sqmdata10.sqm
2008-05-05 22:05 . 2008-05-11 15:06 232 --ah----- C:\sqmdata09.sqm
2008-05-03 14:20 . 2008-05-11 15:04 244 --ah----- C:\sqmnoopt08.sqm
2008-05-03 14:20 . 2008-05-11 15:04 232 --ah----- C:\sqmdata08.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-03 21:07 81,650,720 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-03 21:03 2,115,872 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-03 21:03 199,220 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-03 21:03 1,094,348 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-03 20:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-31 17:54 --------- d-----w C:\Program Files\DC++
2008-05-29 18:20 88,774 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-05-28 14:26 96,966 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-05-28 14:26 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-05-21 00:05 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-19 21:49 --------- d-----w C:\Documents and Settings\Rayhan\Application Data\dvdcss
2008-04-27 23:37 --------- d-----w C:\Documents and Settings\Rayhan\Application Data\Vso
2008-04-27 23:36 --------- d-----w C:\Program Files\Dvd-cloner
2008-04-21 20:41 --------- d-----w C:\Program Files\DivX
2008-04-20 13:09 --------- d-----w C:\Program Files\Apple Software Update
2008-04-20 01:19 --------- d-----w C:\Program Files\iTunes
2008-04-20 01:18 --------- d-----w C:\Program Files\iPod
2008-04-20 01:16 --------- d-----w C:\Program Files\QuickTime
2008-04-16 15:27 --------- d-----w C:\Documents and Settings\Rayhan\Application Data\Any Video Converter Professional
2008-04-15 15:38 --------- d-----w C:\Documents and Settings\Rayhan\Application Data\Ahead
2008-04-12 02:55 --------- d-----w C:\Program Files\Akkhor Font
2008-04-10 15:08 --------- d-----w C:\Program Files\Panda Security
2008-04-10 13:26 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Webroot
2008-04-09 14:52 --------- d-----w C:\Program Files\EsetOnlineScanner
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-26 04:49 3,532 ----a-w C:\drmHeader.bin
2008-03-23 20:42 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-03-23 20:42 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-03 19:03 47,360 ----a-w C:\Documents and Settings\Rayhan\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((( snapshot_2008-05-28_23.03.28.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-28 21:19:11 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-06-01 21:05:46 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-05-28 21:19:11 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-06-01 21:05:46 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-05-28 21:19:11 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-01 21:05:46 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-20 01:05:08 40,952 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-29 20:22:24 40,952 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-20 01:05:08 314,816 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-29 20:22:24 314,816 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"BMa72ba7ba"="Rundll32.exe" [2004-08-04 13:00 33280 C:\WINDOWS\system32\rundll32.exe]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccDtRLB]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
--a------ 2008-02-08 18:36 227856 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-04 13:00 33280 C:\WINDOWS\system32\rundll32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 13:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nForce Tray Options]
--a------ 2003-12-17 18:53 73728 C:\WINDOWS\system32\sstray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"C-DillaSrv"=3 (0x3)
"AresChatServer"=3 (0x3)
"wwSecSvc"=2 (0x2)
"WebrootSpySweeperService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\Cyberlink\\PowerDirector\\PDR.exe"=
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 7.0\\avp.exe"=
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS [2007-07-19 23:42]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
S3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service;C:\WINDOWS\system32\DRIVERS\WG11TND5.sys []
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 12:10]
S3 n558;N558 Bluetooth USB Filter Driver;C:\WINDOWS\system32\Drivers\n558.sys [2007-08-15 08:27]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-20 01:10:25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-03 22:04:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-06-03 22:15:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-03 21:15:39
ComboFix2.txt 2008-05-29 22:24:05
ComboFix3.txt 2008-05-28 22:06:32
ComboFix4.txt 2008-04-14 03:17:01
ComboFix5.txt 2008-04-13 02:16:18

Pre-Run: 73,986,609,152 bytes free
Post-Run: 74,048,262,144 bytes free

238 --- E O F --- 2008-05-28 15:42:03

HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:17:04, on 03/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BMa72ba7ba] "Rundll32.exe" "C:\WINDOWS\system32\ypxnbiop.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207610293015
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: fccDtRLB - C:\WINDOWS\
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 4367 bytes

Thank you once again.

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:10 PM

Posted 03 June 2008 - 04:30 PM

Hi,

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
C:\WINDOWS\system32\yieiusxm.tmp
C:\WINDOWS\system32\wqacqjle.ini
C:\WINDOWS\system32\vanljern.tmp
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BMa72ba7ba"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccDtRLB]


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

By the way.. I see Spysweeper installed here as well. The combination Spysweeper+Kaspersky Internet security isn't a good idea since I've seen many issues with it if both are installed.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 funkilla

funkilla
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 03 June 2008 - 05:45 PM

Hi

I have done as told and this is my new CF Log & HJT Log.

CF Log

ComboFix 08-06-01.6 - Rayhan 2008-06-03 23:27:29.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.587 [GMT 1:00]
Running from: C:\Documents and Settings\Rayhan\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Rayhan\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\vanljern.tmp
C:\WINDOWS\system32\wqacqjle.ini
C:\WINDOWS\system32\yieiusxm.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\systeminfo.dll
C:\WINDOWS\system32\vanljern.tmp
C:\WINDOWS\system32\wqacqjle.ini
C:\WINDOWS\system32\yieiusxm.tmp

.
((((((((((((((((((((((((( Files Created from 2008-05-03 to 2008-06-03 )))))))))))))))))))))))))))))))
.

2008-06-03 00:29 . 2008-06-03 00:29 <DIR> d-------- C:\Deckard
2008-06-01 04:50 . 2008-06-01 22:20 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-05-31 03:03 . 2008-05-31 13:39 <DIR> d-------- C:\Program Files\Security Task Manager
2008-05-31 02:06 . 2008-05-31 13:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-05-29 22:14 . 2008-04-14 01:12 7,680 --a------ C:\WINDOWS\system32\spdwnwxp.exe
2008-05-29 21:54 . 2008-05-31 04:14 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-05-29 00:55 . 2008-06-03 23:36 0 --a------ C:\WINDOWS\system.ini
2008-05-27 23:10 . 2008-05-27 23:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-20 23:17 . 2008-05-20 23:17 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-12 18:53 . 2008-05-12 18:54 <DIR> d-------- C:\Program Files\Shareaza
2008-05-12 18:53 . 2008-05-12 18:53 <DIR> d-------- C:\Documents and Settings\Rayhan\Application Data\Shareaza
2008-05-10 11:21 . 2008-05-10 11:56 <DIR> d-------- C:\Documents and Settings\Family
2008-05-09 15:25 . 2008-05-27 20:03 244 --ah----- C:\sqmnoopt19.sqm
2008-05-09 15:25 . 2008-05-27 20:03 232 --ah----- C:\sqmdata19.sqm
2008-05-08 01:36 . 2008-05-27 19:56 244 --ah----- C:\sqmnoopt18.sqm
2008-05-08 01:36 . 2008-05-27 19:56 232 --ah----- C:\sqmdata18.sqm
2008-05-08 00:19 . 2008-05-27 01:20 244 --ah----- C:\sqmnoopt17.sqm
2008-05-08 00:19 . 2008-05-27 01:17 244 --ah----- C:\sqmnoopt16.sqm
2008-05-08 00:19 . 2008-05-27 00:44 244 --ah----- C:\sqmnoopt15.sqm
2008-05-08 00:19 . 2008-05-27 01:20 232 --ah----- C:\sqmdata17.sqm
2008-05-08 00:19 . 2008-05-27 01:17 232 --ah----- C:\sqmdata16.sqm
2008-05-08 00:19 . 2008-05-27 00:44 232 --ah----- C:\sqmdata15.sqm
2008-05-08 00:18 . 2008-05-27 00:43 244 --ah----- C:\sqmnoopt14.sqm
2008-05-08 00:18 . 2008-05-27 00:43 232 --ah----- C:\sqmdata14.sqm
2008-05-06 04:52 . 2008-05-27 00:41 244 --ah----- C:\sqmnoopt13.sqm
2008-05-06 04:52 . 2008-05-27 00:41 232 --ah----- C:\sqmdata13.sqm
2008-05-05 22:12 . 2008-05-26 15:25 244 --ah----- C:\sqmnoopt12.sqm
2008-05-05 22:12 . 2008-05-26 15:25 232 --ah----- C:\sqmdata12.sqm
2008-05-05 22:05 . 2008-05-26 15:24 244 --ah----- C:\sqmnoopt11.sqm
2008-05-05 22:05 . 2008-05-11 16:00 244 --ah----- C:\sqmnoopt10.sqm
2008-05-05 22:05 . 2008-05-11 15:06 244 --ah----- C:\sqmnoopt09.sqm
2008-05-05 22:05 . 2008-05-26 15:24 232 --ah----- C:\sqmdata11.sqm
2008-05-05 22:05 . 2008-05-11 16:00 232 --ah----- C:\sqmdata10.sqm
2008-05-05 22:05 . 2008-05-11 15:06 232 --ah----- C:\sqmdata09.sqm
2008-05-03 14:20 . 2008-05-11 15:04 244 --ah----- C:\sqmnoopt08.sqm
2008-05-03 14:20 . 2008-05-11 15:04 232 --ah----- C:\sqmdata08.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-03 22:39 81,786,912 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-03 22:36 2,117,920 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-03 21:03 199,220 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-03 21:03 1,094,348 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-03 20:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-31 17:54 --------- d-----w C:\Program Files\DC++
2008-05-29 18:20 88,774 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-05-28 14:26 96,966 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-05-28 14:26 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-05-21 00:05 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-19 21:49 --------- d-----w C:\Documents and Settings\Rayhan\Application Data\dvdcss
2008-04-27 23:37 --------- d-----w C:\Documents and Settings\Rayhan\Application Data\Vso
2008-04-27 23:36 --------- d-----w C:\Program Files\Dvd-cloner
2008-04-21 20:41 --------- d-----w C:\Program Files\DivX
2008-04-20 13:09 --------- d-----w C:\Program Files\Apple Software Update
2008-04-20 01:19 --------- d-----w C:\Program Files\iTunes
2008-04-20 01:18 --------- d-----w C:\Program Files\iPod
2008-04-20 01:16 --------- d-----w C:\Program Files\QuickTime
2008-04-16 15:27 --------- d-----w C:\Documents and Settings\Rayhan\Application Data\Any Video Converter Professional
2008-04-15 15:38 --------- d-----w C:\Documents and Settings\Rayhan\Application Data\Ahead
2008-04-12 02:55 --------- d-----w C:\Program Files\Akkhor Font
2008-04-10 15:08 --------- d-----w C:\Program Files\Panda Security
2008-04-10 13:26 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Webroot
2008-04-09 14:52 --------- d-----w C:\Program Files\EsetOnlineScanner
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-26 04:49 3,532 ----a-w C:\drmHeader.bin
2008-03-23 20:42 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-03-23 20:42 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-03 19:03 47,360 ----a-w C:\Documents and Settings\Rayhan\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((( snapshot_2008-05-28_23.03.28.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-28 21:19:11 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-06-01 21:05:46 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-05-28 21:19:11 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-06-01 21:05:46 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-05-28 21:19:11 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-01 21:05:46 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-20 01:05:08 40,952 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-29 20:22:24 40,952 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-05-20 01:05:08 314,816 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-29 20:22:24 314,816 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
--a------ 2008-02-08 18:36 227856 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-04 13:00 33280 C:\WINDOWS\system32\rundll32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 13:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nForce Tray Options]
--a------ 2003-12-17 18:53 73728 C:\WINDOWS\system32\sstray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"C-DillaSrv"=3 (0x3)
"AresChatServer"=3 (0x3)
"wwSecSvc"=2 (0x2)
"WebrootSpySweeperService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\Cyberlink\\PowerDirector\\PDR.exe"=
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 7.0\\avp.exe"=
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS [2007-07-19 23:42]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
S3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service;C:\WINDOWS\system32\DRIVERS\WG11TND5.sys []
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 12:10]
S3 n558;N558 Bluetooth USB Filter Driver;C:\WINDOWS\system32\Drivers\n558.sys [2007-08-15 08:27]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-20 01:10:25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-03 23:36:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-03 23:42:28
ComboFix-quarantined-files.txt 2008-06-03 22:42:22
ComboFix2.txt 2008-06-03 21:15:58
ComboFix3.txt 2008-05-29 22:24:05
ComboFix4.txt 2008-05-28 22:06:32
ComboFix5.txt 2008-04-14 03:17:01

Pre-Run: 74,023,817,216 bytes free
Post-Run: 73,999,294,464 bytes free

212 --- E O F --- 2008-05-28 15:42:03

HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:43:28, on 03/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207610293015
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 4236 bytes

Thanks, also would u say to uninstall spysweeper?

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:10 PM

Posted 03 June 2008 - 05:51 PM

Hi,

This looks OK again.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 6.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 6".
  • Click the "Download" button to the right.
  • For Platform, select "Windows"
  • For language, select your language
  • Read the License agreement and then Check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement".
  • Click Continue
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 6
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.
* Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

also would u say to uninstall spysweeper?

As I said, it may cause problems since you have Kaspersky Internet Security installed. This because I've seen many issues with this combination.

Let me know in your next reply how things are now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 funkilla

funkilla
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 03 June 2008 - 06:18 PM

Hi Miekiemoes,

Well i have done everything now and hopefully everything is ok.

Thank you! :thumbsup:

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:10 PM

Posted 03 June 2008 - 06:20 PM

Glad I could help. :thumbsup:

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:10 PM

Posted 09 June 2008 - 07:29 AM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users