Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

May Be Infected With Kgb Keylogger


  • This topic is locked This topic is locked
11 replies to this topic

#1 iDukeHelp

iDukeHelp

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 07 June 2008 - 06:08 PM

I found out how to get my extra.txt - Look at the last post, it will have the new main.txt and extra.txt


Well, I was doing a scan with Spybot to see if there were any problems. I found an entry called KGB Keylogger.

I was shocked and went to the "Am I Infected", and asked what should be done.

I was too paranoied... so I just made a HiJack This Log [from the DSS[

Only a main.txt log came out.


Deckard's System Scanner v20071014.68
Run by Ali on 2008-06-07 19:03:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Ali.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:03:31 PM, on 6/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\Documents and Settings\Ali\Desktop\dss.exe
C:\PROGRA~1\Trend Micro\HijackThis\Ali.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.basilmarket.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\Star Downloader\SDIEInt.dll (file missing)
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [Verizon Custom Uninstall Tracking] C:\DOCUME~1\Ali\LOCALS~1\Temp\InstallHelper.exe /uninstalltrackingvendor=Verizon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Download with Star Downloader - C:\PROGRA~1\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Enqueue in Star Downloader - C:\PROGRA~1\Star Downloader\sdieenq.htm
O8 - Extra context menu item: Leech with Star Downloader - C:\PROGRA~1\Star Downloader\leechie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.basilmarket.com
O15 - Trusted Zone: http://fighterace.ketsujin.com
O15 - Trusted Zone: http://primary.ketsujin.com
O15 - Trusted Zone: http://update.ketsujin.com
O15 - Trusted Zone: http://www.ketsujin.com
O15 - Trusted Zone: www.ning.com
O15 - Trusted Zone: http://www.stormofaces.com
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1203297136531
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1203297129640
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 6624 bytes

-- Files created between 2008-05-07 and 2008-06-07 -----------------------------

2008-06-07 19:03:10 0 dr-h----- C:\Documents and Settings\Ali\Recent
2008-06-07 14:21:09 0 d-------- C:\Program Files\CCleaner
2008-06-07 13:28:16 0 d-------- C:\Program Files\Yahoo!
2008-06-05 09:50:32 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-02 13:55:25 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-06-02 13:55:00 0 d--h----- C:\Program Files\WindowsUpdate
2008-06-01 21:14:20 0 d-------- C:\Documents and Settings\Ali\Application Data\Malwarebytes
2008-06-01 21:14:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-01 21:14:18 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-01 21:10:14 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-01 21:10:12 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-01 21:10:12 0 d-------- C:\Documents and Settings\Ali\Application Data\SUPERAntiSpyware.com
2008-05-31 09:51:29 0 d-------- C:\WINDOWS\nvidia icons
2008-05-24 21:33:17 0 d-------- C:\Dial-a-fix-v0.60.0.24
2008-05-24 14:58:23 0 d-------- C:\Documents and Settings\Ali\Application Data\IGN_DLM
2008-05-24 14:31:35 720896 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-05-24 14:31:34 0 d-------- C:\Program Files\TuneXP
2008-05-23 18:30:23 0 d-------- C:\Program Files\Ventrilo
2008-05-23 18:30:15 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-17 16:00:48 0 d-------- C:\WINDOWS\system32\msmq
2008-05-14 15:46:09 0 d-------- C:\Documents and Settings\Ali\Application Data\Ventrilo
2008-05-12 21:19:40 0 d-------- C:\Program Files\Alwil Software
2008-05-12 21:18:39 0 d-------- C:\Documents and Settings\Ali\Application Data\Comodo
2008-05-12 18:23:32 557056 --a------ C:\Documents and Settings\Ali\GoToAssist_phone__317_en.exe <Not Verified; Citrix Online; GoToAssist>
2008-05-12 18:06:26 0 d-------- C:\WINDOWS\system32\NtmsData
2008-05-10 22:17:03 0 d-------- C:\KAV


-- Find3M Report ---------------------------------------------------------------

2008-06-07 17:54:45 0 d-------- C:\Documents and Settings\Ali\Application Data\Mozilla
2008-05-24 15:14:40 0 d-------- C:\Program Files\SystemRequirementsLab
2008-05-24 15:14:39 0 d-------- C:\Documents and Settings\Ali\Application Data\SystemRequirementsLab
2008-05-23 18:30:15 0 d-------- C:\Program Files\Common Files
2008-05-17 13:01:46 0 d-------- C:\Program Files\Lexmark X74-X75
2008-05-14 17:26:36 0 d--h----- C:\Documents and Settings\Ali\Application Data\ijjigame
2008-05-14 15:41:46 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-07 19:15:09 0 d-------- C:\Program Files\Java
2008-05-06 18:51:24 0 d-------- C:\Program Files\Messenger
2008-05-06 18:51:05 0 d-------- C:\Program Files\Movie Maker
2008-05-06 18:48:57 0 d-------- C:\Program Files\Windows NT
2008-05-04 19:10:23 0 d-------- C:\Program Files\Common Files\SWF Studio
2008-05-04 16:38:05 0 d-------- C:\Program Files\Trend Micro
2008-05-04 16:31:37 0 d-------- C:\Program Files\LimeWire
2008-05-03 22:02:19 60416 --a------ C:\WINDOWS\ALCFDRTM.EXE <Not Verified; Realtek Semiconductor Corp.; Realtek ALCFDRTM>
2008-05-03 19:44:30 0 d-------- C:\Documents and Settings\Ali\Application Data\LimeWire
2008-05-02 22:46:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-02 22:46:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-02 22:46:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-02 22:46:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-02 22:46:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-02 22:46:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-02 22:46:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-02 22:46:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-05-01 21:28:39 0 d-------- C:\Program Files\Realtek AC97
2008-04-21 08:58:50 0 d-------- C:\Documents and Settings\Ali\Application Data\MySQL
2008-04-21 08:49:31 0 d-------- C:\Program Files\Microsoft Silverlight
2008-04-21 08:18:48 0 d-------- C:\Program Files\MySQL
2008-04-20 21:28:15 0 d-------- C:\Documents and Settings\Ali\Application Data\Hamachi
2008-04-16 18:50:24 0 d-------- C:\Program Files\EA GAMES
2008-04-13 19:34:27 0 d-------- C:\Program Files\Microsoft Bootvis
2008-04-09 16:19:33 0 d-------- C:\Documents and Settings\Ali\Application Data\Adobe
2008-04-09 16:19:30 0 d-------- C:\Program Files\Common Files\Adobe AIR


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [06/29/2004 10:06 AM C:\WINDOWS\AGRSMMSG.exe]
"Lexmark X74-X75"="C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" [10/14/2002 04:09 PM]
"Verizon Custom Uninstall Tracking"="C:\DOCUME~1\Ali\LOCALS~1\Temp\InstallHelper.exe" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/02/2008 10:46 PM]
"nwiz"="nwiz.exe" [05/02/2008 10:46 PM C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [04/16/2007 03:28 PM C:\WINDOWS\soundman.exe]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [03/13/2008 04:48 PM]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/02/2008 10:46 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 05:42 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/03/2008 04:00 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=01000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli scecli scecli scecli scecli scecli scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1bce6ad8-ddbc-11dc-98d0-806d6172696f}]
AutoRun\command- D:\Autorun.exe




-- End of Deckard's System Scanner: finished at 2008-06-07 19:05:30 ------------









Please scan the log for any traces of malware, keyloggers, etc.

Thanks for the help!

Edited by iDukeHelp, 07 June 2008 - 08:29 PM.


BC AdBot (Login to Remove)

 


m

#2 iDukeHelp

iDukeHelp
  • Topic Starter

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 07 June 2008 - 07:13 PM

Anyone?

#3 iDukeHelp

iDukeHelp
  • Topic Starter

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 07 June 2008 - 08:18 PM

Don't let my computer go to waste!

#4 iDukeHelp

iDukeHelp
  • Topic Starter

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 07 June 2008 - 08:30 PM

Main.TXT

Deckard's System Scanner v20071014.68
Run by Ali on 2008-06-07 21:26:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
131: 2008-06-08 01:26:44 UTC - RP323 - Deckard's System Scanner Restore Point
130: 2008-06-07 17:49:11 UTC - RP322 - System Checkpoint
129: 2008-06-06 00:03:03 UTC - RP321 - System Checkpoint
128: 2008-06-03 01:42:25 UTC - RP320 - System Checkpoint
127: 2008-06-02 01:10:11 UTC - RP319 - Installed SUPERAntiSpyware Free Edition


-- First Restore Point --
1: 2008-03-11 00:02:26 UTC - RP193 - System Checkpoint


Performed disk cleanup.



-- HijackThis (run as Ali.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:26:50 PM, on 6/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Documents and Settings\Ali\Desktop\DSS.exe
C:\PROGRA~1\Trend Micro\HijackThis\Ali.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.basilmarket.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\Star Downloader\SDIEInt.dll (file missing)
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [Verizon Custom Uninstall Tracking] C:\DOCUME~1\Ali\LOCALS~1\Temp\InstallHelper.exe /uninstalltrackingvendor=Verizon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Download with Star Downloader - C:\PROGRA~1\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Enqueue in Star Downloader - C:\PROGRA~1\Star Downloader\sdieenq.htm
O8 - Extra context menu item: Leech with Star Downloader - C:\PROGRA~1\Star Downloader\leechie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.basilmarket.com
O15 - Trusted Zone: http://fighterace.ketsujin.com
O15 - Trusted Zone: http://primary.ketsujin.com
O15 - Trusted Zone: http://update.ketsujin.com
O15 - Trusted Zone: http://www.ketsujin.com
O15 - Trusted Zone: www.ning.com
O15 - Trusted Zone: http://www.stormofaces.com
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1203297136531
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1203297129640
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 6591 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.scr - scrfile - shell\open\command - "%1" /S "%3"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys (file missing)
S3 IlvMoneyDRIVER53 - c:\documents and settings\ali\desktop\hackorpack\hackorpack\v53\mle 1152.1\ilvmoney1152.sys (file missing)
S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\progra~1\common~1\motive\mrempr5.sys (file missing)
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\progra~1\common~1\motive\mrendis5.sys (file missing)
S3 npkcusb - c:\nexon\maplestory\npkcusb.sys (file missing)
S3 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ForcewareWebInterface (Forceware Web Interface) - "c:\nvidia\networkaccessmanager\apache group\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
R2 nSvcIp (ForceWare IP service) - c:\nvidia\networkaccessmanager\bin\nsvcip.exe
R2 nSvcLog (ForceWare user log service) - c:\nvidia\networkaccessmanager\bin\nsvclog.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0000
Manufacturer: LogMeIn, Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0000
Service: hamachi


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\winlogon.exe (pid 944)
2007-04-19 13:41:36 294912 --a------ C:\Program Files\SUPERAntiSpyware\SASWINLO.dll <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware WinLogon Processor>


-- Files created between 2008-05-07 and 2008-06-07 -----------------------------

2008-06-07 19:03:10 0 dr-h----- C:\Documents and Settings\Ali\Recent
2008-06-07 14:21:09 0 d-------- C:\Program Files\CCleaner
2008-06-07 13:28:16 0 d-------- C:\Program Files\Yahoo!
2008-06-05 09:50:32 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-02 13:55:25 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-06-02 13:55:00 0 d--h----- C:\Program Files\WindowsUpdate
2008-06-01 21:14:20 0 d-------- C:\Documents and Settings\Ali\Application Data\Malwarebytes
2008-06-01 21:14:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-01 21:14:18 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-01 21:10:14 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-01 21:10:12 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-01 21:10:12 0 d-------- C:\Documents and Settings\Ali\Application Data\SUPERAntiSpyware.com
2008-05-31 09:51:29 0 d-------- C:\WINDOWS\nvidia icons
2008-05-24 21:33:17 0 d-------- C:\Dial-a-fix-v0.60.0.24
2008-05-24 14:58:23 0 d-------- C:\Documents and Settings\Ali\Application Data\IGN_DLM
2008-05-24 14:31:35 720896 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-05-24 14:31:34 0 d-------- C:\Program Files\TuneXP
2008-05-23 18:30:23 0 d-------- C:\Program Files\Ventrilo
2008-05-23 18:30:15 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-17 16:00:48 0 d-------- C:\WINDOWS\system32\msmq
2008-05-14 15:46:09 0 d-------- C:\Documents and Settings\Ali\Application Data\Ventrilo
2008-05-12 21:19:40 0 d-------- C:\Program Files\Alwil Software
2008-05-12 21:18:39 0 d-------- C:\Documents and Settings\Ali\Application Data\Comodo
2008-05-12 18:23:32 557056 --a------ C:\Documents and Settings\Ali\GoToAssist_phone__317_en.exe <Not Verified; Citrix Online; GoToAssist>
2008-05-12 18:06:26 0 d-------- C:\WINDOWS\system32\NtmsData
2008-05-10 22:17:03 0 d-------- C:\KAV


-- Find3M Report ---------------------------------------------------------------

2008-06-07 17:54:45 0 d-------- C:\Documents and Settings\Ali\Application Data\Mozilla
2008-05-24 15:14:40 0 d-------- C:\Program Files\SystemRequirementsLab
2008-05-24 15:14:39 0 d-------- C:\Documents and Settings\Ali\Application Data\SystemRequirementsLab
2008-05-23 18:30:15 0 d-------- C:\Program Files\Common Files
2008-05-17 13:01:46 0 d-------- C:\Program Files\Lexmark X74-X75
2008-05-14 17:26:36 0 d--h----- C:\Documents and Settings\Ali\Application Data\ijjigame
2008-05-14 15:41:46 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-07 19:15:09 0 d-------- C:\Program Files\Java
2008-05-06 18:51:24 0 d-------- C:\Program Files\Messenger
2008-05-06 18:51:05 0 d-------- C:\Program Files\Movie Maker
2008-05-06 18:48:57 0 d-------- C:\Program Files\Windows NT
2008-05-04 19:10:23 0 d-------- C:\Program Files\Common Files\SWF Studio
2008-05-04 16:38:05 0 d-------- C:\Program Files\Trend Micro
2008-05-04 16:31:37 0 d-------- C:\Program Files\LimeWire
2008-05-03 22:02:19 60416 --a------ C:\WINDOWS\ALCFDRTM.EXE <Not Verified; Realtek Semiconductor Corp.; Realtek ALCFDRTM>
2008-05-03 19:44:30 0 d-------- C:\Documents and Settings\Ali\Application Data\LimeWire
2008-05-02 22:46:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-02 22:46:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-02 22:46:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-02 22:46:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-02 22:46:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-02 22:46:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-02 22:46:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-02 22:46:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-05-01 21:28:39 0 d-------- C:\Program Files\Realtek AC97
2008-04-21 08:58:50 0 d-------- C:\Documents and Settings\Ali\Application Data\MySQL
2008-04-21 08:49:31 0 d-------- C:\Program Files\Microsoft Silverlight
2008-04-21 08:18:48 0 d-------- C:\Program Files\MySQL
2008-04-20 21:28:15 0 d-------- C:\Documents and Settings\Ali\Application Data\Hamachi
2008-04-16 18:50:24 0 d-------- C:\Program Files\EA GAMES
2008-04-13 19:34:27 0 d-------- C:\Program Files\Microsoft Bootvis
2008-04-09 16:19:33 0 d-------- C:\Documents and Settings\Ali\Application Data\Adobe
2008-04-09 16:19:30 0 d-------- C:\Program Files\Common Files\Adobe AIR


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [06/29/2004 10:06 AM C:\WINDOWS\AGRSMMSG.exe]
"Lexmark X74-X75"="C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" [10/14/2002 04:09 PM]
"Verizon Custom Uninstall Tracking"="C:\DOCUME~1\Ali\LOCALS~1\Temp\InstallHelper.exe" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/02/2008 10:46 PM]
"nwiz"="nwiz.exe" [05/02/2008 10:46 PM C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [04/16/2007 03:28 PM C:\WINDOWS\soundman.exe]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [03/13/2008 04:48 PM]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/02/2008 10:46 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 05:42 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/03/2008 04:00 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=01000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli scecli scecli scecli scecli scecli scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-06-07 21:28:48 ------------








Extra.txt


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3400+
Percentage of Memory in Use: 24%
Physical Memory (total/avail): 1791.3 MiB / 1352.87 MiB
Pagefile Memory (total/avail): 3688.79 MiB / 3345.93 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1882.96 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 149.04 GiB total, 120.17 GiB free.
D: is CDROM (CDFS)
E: is CDROM (No Media)
F: is Removable (FAT)

\\.\PHYSICALDRIVE0 - WDC WD1600JD-00HBB0 - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 149.04 GiB - C:

\\.\PHYSICALDRIVE1 - Memorex TRAVELDRIVE 005B USB Device - 1961.06 MiB - 1 partition
\PARTITION0 - Win95 w/Extended Int 13 - 1966.98 MiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Ali\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ALISCOMPUTER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Ali
LOGONSERVER=\\ALISCOMPUTER
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Perl\site\bin;C:\Perl\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 12 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0c00
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Ali\LOCALS~1\Temp
TMP=C:\DOCUME~1\Ali\LOCALS~1\Temp
USERDOMAIN=ALISCOMPUTER
USERNAME=Ali
USERPROFILE=C:\Documents and Settings\Ali
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Ali (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
ABBYY FineReader 5.0 Sprint --> MsiExec.exe /X{4468EF97-A253-4699-9E1C-88CAE2C6832D}
ActivePerl 5.10.0 Build 1002 --> MsiExec.exe /I{49C69876-0196-4620-B237-EA334C2E40B5}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe AIR --> MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Agere Systems PCI Soft Modem --> agrsmdel
AI - Series --> "C:\Program Files\AI - Series\AI - Series.scr" /S /Uninstall
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Battlefield 2: Deluxe Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Cool & Quiet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}\Setup.exe" -l0x9
ESET Smart Security --> MsiExec.exe /I{9DE8D465-A169-4CC7-BAF7-CDD1C9E2EE56}
Fraps (remove only) --> "C:\Fraps\uninstall.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Lexmark X74-X75 --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBBUN5C.EXE -dLexmark X74-X75
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Bootvis --> MsiExec.exe /I{0F9196C6-58B4-445B-B56E-B1200FECC151}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 --> MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Word 2000 SR-1 --> MsiExec.exe /I{00170409-78E1-11D2-B60F-006097C998E7}
Microsoft Works 2001 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2001\Setup\Launcher.exe D:\
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA ForceWare Network Access Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
Paint.NET v3.22 --> MsiExec.exe /X{96C267DA-0926-4C11-B4E7-4D3EF85130D0}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
TuneXP 1.5 --> C:\WINDOWS\iun6002.exe "C:\Program Files\TuneXP\irunin.ini"
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Update for Office 2007 (KB946691) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type2685 / Warning
Event Submitted/Written: 06/07/2008 09:00:34 PM
Event ID/Source: 1015 / EvntAgnt
Event Description:
TraceLevel parameter not located in registry;
Default trace level used is 32.

Event Record #/Type2684 / Warning
Event Submitted/Written: 06/07/2008 09:00:34 PM
Event ID/Source: 1003 / EvntAgnt
Event Description:
TraceFileName parameter not located in registry;
Default trace file used is .

Event Record #/Type2682 / Error
Event Submitted/Written: 06/07/2008 09:00:28 PM
Event ID/Source: 3299 / Apache Service
Event Description:
The Apache service named reported the following error:
>>> [Sat Jun 07 21:00:28 2008] [notice] Disabled use of AcceptEx() WinSock2 API .

Event Record #/Type2679 / Warning
Event Submitted/Written: 06/07/2008 07:29:40 PM
Event ID/Source: 1015 / EvntAgnt
Event Description:
TraceLevel parameter not located in registry;
Default trace level used is 32.

Event Record #/Type2678 / Warning
Event Submitted/Written: 06/07/2008 07:29:40 PM
Event ID/Source: 1003 / EvntAgnt
Event Description:
TraceFileName parameter not located in registry;
Default trace file used is .



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type13879 / Error
Event Submitted/Written: 06/07/2008 09:00:36 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The npkcrypt service failed to start due to the following error:
%%3

Event Record #/Type13851 / Error
Event Submitted/Written: 06/07/2008 07:29:39 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The npkcrypt service failed to start due to the following error:
%%3

Event Record #/Type13828 / Error
Event Submitted/Written: 06/07/2008 07:20:31 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The npkcrypt service failed to start due to the following error:
%%3

Event Record #/Type13807 / Error
Event Submitted/Written: 06/07/2008 02:23:00 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The npkcrypt service failed to start due to the following error:
%%3

Event Record #/Type13780 / Error
Event Submitted/Written: 06/07/2008 01:31:36 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The npkcrypt service failed to start due to the following error:
%%3



-- End of Deckard's System Scanner: finished at 2008-06-07 21:28:48 ------------









Any help would be grateful.

#5 iDukeHelp

iDukeHelp
  • Topic Starter

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 08 June 2008 - 05:58 AM

Help Please.

#6 iDukeHelp

iDukeHelp
  • Topic Starter

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 08 June 2008 - 09:09 AM

Dont push me back to the second page =[

#7 iDukeHelp

iDukeHelp
  • Topic Starter

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 09 June 2008 - 03:00 PM

Help...

#8 iDukeHelp

iDukeHelp
  • Topic Starter

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 10 June 2008 - 04:40 PM

Hello...?

#9 iDukeHelp

iDukeHelp
  • Topic Starter

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 12 June 2008 - 07:04 PM

Hello? Ill just put this in the five day thing.

#10 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:03:39 AM

Posted 03 July 2008 - 07:55 AM

Welcome to the BleepingComputer Forums. Since it has been a few days, please post a new HijackThis log. Thank you for your patience.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#11 iDukeHelp

iDukeHelp
  • Topic Starter

  • Members
  • 170 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 03 July 2008 - 12:31 PM

Oh, thanks for thelp.

(It hasn't been a few days, almost a month :D)


Well, I bought a new computer, so you can close this topic.

But, can you look at that hijack this log, if there were problems when I had the PC?

Edited by iDukeHelp, 03 July 2008 - 12:32 PM.


#12 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:03:39 AM

Posted 03 July 2008 - 09:19 PM

Quick glance showed you probably had Agent.awf infection.
For more information, see Downloader.Win32.Agent.awf.

You had a lot of unnecessary start up programs.

It sounds like you got rid of the computer and bought a new one.

I am sorry it took so long to get to your log but BleepingComputer has been and is swamped.

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users