Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Anti Spy Storm (hjt Log Included)


  • This topic is locked This topic is locked
42 replies to this topic

#1 jonospoon

jonospoon

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:46 PM

Posted 21 June 2008 - 12:47 PM

HELP.
ok its not that bad but i had a trojon, of Anti spy storm. anyway ran kerspersky and will post log, as well as super anti-spyware. please help to get pc completely free of all viruses and trojans.


KASPERSKY scan!!!!
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, June 20, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, June 20, 2008 13:11:29
Records in database: 879791
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
Z:\

Scan statistics:
Files scanned: 190141
Threat name: 16
Infected objects: 25
Suspicious objects: 0
Duration of the scan: 02:14:03


File name / Threat name / Threats count
C:\Documents and Settings\Jonathan\Incomplete\T-115969-TrackMania United Forever.zip Infected: Trojan-Downloader.Win32.VB.dck 1
C:\Documents and Settings\Jonathan\Shared\Rare Recording (blackmags).wma Infected: Trojan-Downloader.WMA.Wimad.l 1
C:\Documents and Settings\USER\Desktop\icons\vnc-4_1_2-x86_win32_viewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1
C:\Documents and Settings\USER\My Documents\My Music\iTunes\iTunes Music\Top of Charts - 2005.wma Infected: Trojan-Downloader.WMA.Wimad.l 1
C:\downloads\FlyakiteOSX v3.5.exe Infected: not-a-virus:RiskTool.Win32.WFPDisabler.a 1
C:\othread2.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.l 1
C:\QooBox\Quarantine\C\Documents and Settings\Jonathan\Application Data\Microsoft\dtsc\24101.exe.vir Infected: Trojan-Downloader.Win32.Agent.shg 1
C:\QooBox\Quarantine\C\Program Files\altcmd\altcmd32.dll.vir Infected: Trojan.Win32.Dialer.bps 1
C:\QooBox\Quarantine\C\Program Files\altcmd\altcmd32.dll1.vir Infected: Trojan.Win32.Dialer.bps 1
C:\QooBox\Quarantine\C\WINDOWS\444.0.vir Infected: Trojan.Win32.DNSChanger.ejb 1
C:\QooBox\Quarantine\C\WINDOWS\system32\bnhdrtov.dll.vir Infected: Trojan.Win32.Monderb.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\PDM.006.vir Infected: not-a-virus:Monitor.Win32.Ardamax.do 1
C:\QooBox\Quarantine\C\WINDOWS\system32\vtUlMCSi.dll.vir Infected: Trojan.Win32.Monderb.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\WinCtrl32.dll.vir Infected: Trojan-Downloader.Win32.Mutant.agh 1
C:\QooBox\Quarantine\C\WINDOWS\system32\WinCtrl32.dl_.vir Infected: Trojan-Downloader.Win32.Mutant.agh 1
C:\QooBox\Quarantine\C\WINDOWS\system32\xxyWNGYs.dll.vir Infected: Trojan.Win32.Monderb.gen 1
C:\QooBox\Quarantine\catchme2008-06-16_190607.39.zip Infected: Trojan.Win32.Agent.kcr 1
C:\QooBox\Quarantine\catchme2008-06-16_190607.39.zip Infected: Trojan.Win32.Pakes.coe 1
C:\WINDOWS\New Folder\CW-Lavasof_ Ad Aware_pro 2008v7.1.10.8-STEVE357.rar Infected: Trojan.Win32.Monder.gen 1

The selected area was scanned.




SUPER ANTI-SPYWARE

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/20/2008 at 07:59 PM

Application Version : 4.15.1000

Core Rules Database Version : 3486
Trace Rules Database Version: 1477

Scan type : Complete Scan
Total Scan Time : 01:40:15

Memory items scanned : 344
Memory threats detected : 0
Registry items scanned : 5102
Registry threats detected : 11
File items scanned : 227816
File threats detected : 40

Trojan.Unclassified/SmartEnhancer-J
HKLM\Software\Classes\CLSID\{5ABBD91B-0215-2FE1-7A7E-753F05B40CB8}
HKCR\CLSID\{5ABBD91B-0215-2FE1-7A7E-753F05B40CB8}
HKCR\CLSID\{5ABBD91B-0215-2FE1-7A7E-753F05B40CB8}
HKCR\CLSID\{5ABBD91B-0215-2FE1-7A7E-753F05B40CB8}#AppID
HKCR\CLSID\{5ABBD91B-0215-2FE1-7A7E-753F05B40CB8}\InprocServer32
HKCR\CLSID\{5ABBD91B-0215-2FE1-7A7E-753F05B40CB8}\InprocServer32#ThreadingModel
HKCR\CLSID\{5ABBD91B-0215-2FE1-7A7E-753F05B40CB8}\ProgID
HKCR\CLSID\{5ABBD91B-0215-2FE1-7A7E-753F05B40CB8}\Programmable
HKCR\CLSID\{5ABBD91B-0215-2FE1-7A7E-753F05B40CB8}\TypeLib
HKCR\CLSID\{5ABBD91B-0215-2FE1-7A7E-753F05B40CB8}\VersionIndependentProgID
C:\PROGRAM FILES\BROWSINGENHANCER\BROWSINGENHANCER-2.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9615266A-34C1-4BEB-B7FB-987F5E89DF2A}\RP97\A0055773.DLL

Adware.Tracking Cookie
C:\Documents and Settings\Jonathan\Cookies\jonathan@adrevolver[2].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@media.adrevolver[1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@atdmt[2].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@questionmarket[2].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@advertising[1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@82.98.235[1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@burstnet[1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@microsoftwga.112.2o7[1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@banner.ambercoastcasino[2].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@ad.zanox[1].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@clicktorrent[2].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@realmedia[1].txt
ad1.clickhype.com [ C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\e6dwn3jl.default\cookies.txt ]
.yadro.ru [ C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\e6dwn3jl.default\cookies.txt ]
.yadro.ru [ C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\e6dwn3jl.default\cookies.txt ]
affiliates.trafficsynergy.com [ C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\e6dwn3jl.default\cookies.txt ]
affiliates.trafficsynergy.com [ C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\e6dwn3jl.default\cookies.txt ]
ad.zanox.com [ C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\e6dwn3jl.default\cookies.txt ]
.iframe.mediaplazza.com [ C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\e6dwn3jl.default\cookies.txt ]
.iframe.mediaplazza.com [ C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\e6dwn3jl.default\cookies.txt ]
.iframe.mediaplazza.com [ C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\e6dwn3jl.default\cookies.txt ]
.mjm-media.com [ C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\e6dwn3jl.default\cookies.txt ]
.mjm-media.com [ C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\e6dwn3jl.default\cookies.txt ]
.mjm-media.com [ C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\e6dwn3jl.default\cookies.txt ]
m.rmbclick.com [ C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\e6dwn3jl.default\cookies.txt ]
.warez.com [ C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\e6dwn3jl.default\cookies.txt ]
C:\Documents and Settings\Jonathan\Cookies\jonathan@adbrite[2].txt
C:\Documents and Settings\Jonathan\Cookies\jonathan@rotator.adjuggler[2].txt
.softonic.112.2o7.net [ C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\tzv21cxq.default\cookies.txt ]
www.3dstats.com [ C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\tzv21cxq.default\cookies.txt ]
.paypal.112.2o7.net [ C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\tzv21cxq.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\tzv21cxq.default\cookies.txt ]
.mywebsearch.com [ C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\tzv21cxq.default\cookies.txt ]
.mywebsearch.com [ C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\tzv21cxq.default\cookies.txt ]
.mywebsearch.com [ C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\tzv21cxq.default\cookies.txt ]
.mywebsearch.com [ C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\tzv21cxq.default\cookies.txt ]
.accstandardbank.112.2o7.net [ C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\tzv21cxq.default\cookies.txt ]
.xiti.com [ C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\tzv21cxq.default\cookies.txt ]
.partypoker.com [ C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\tzv21cxq.default\cookies.txt ]
.partypoker.com [ C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\tzv21cxq.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\tzv21cxq.default\cookies.txt ]
.partygaming.122.2o7.net [ C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\tzv21cxq.default\cookies.txt ]
.ehg-jupitermedia.hitbox.com [ C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\tzv21cxq.default\cookies.txt ]
.hitbox.com [ C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\tzv21cxq.default\cookies.txt ]
C:\Documents and Settings\USER\Cookies\user@adtech[1].txt
C:\Documents and Settings\USER\Cookies\user@banner.africanpalacecasino[2].txt
C:\Documents and Settings\USER\Cookies\user@cassava[1].txt
C:\Documents and Settings\USER\Cookies\user@doubleclick[1].txt
C:\Documents and Settings\USER\Cookies\user@eas.apm.emediate[1].txt
C:\Documents and Settings\USER\Cookies\user@mediatraffic[1].txt
C:\Documents and Settings\USER\Cookies\user@mywebsearch[1].txt
C:\Documents and Settings\USER\Cookies\user@popularscreensavers[1].txt
C:\Documents and Settings\USER\Cookies\user@rotator.its.adjuggler[1].txt

Rogue.AntiSpyStorm
HKLM\Software\AntispyStorm
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9615266A-34C1-4BEB-B7FB-987F5E89DF2A}\RP102\A0057073.EXE

Trojan.Unclassified/BhoApp-B
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\ALTCMD\ALTCMD32.DLL.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\ALTCMD\ALTCMD32.DLL1.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9615266A-34C1-4BEB-B7FB-987F5E89DF2A}\RP115\A0065354.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9615266A-34C1-4BEB-B7FB-987F5E89DF2A}\RP116\A0065371.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9615266A-34C1-4BEB-B7FB-987F5E89DF2A}\RP116\A0065383.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9615266A-34C1-4BEB-B7FB-987F5E89DF2A}\RP116\SNAPSHOT\MFEX-1.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9615266A-34C1-4BEB-B7FB-987F5E89DF2A}\RP116\SNAPSHOT\MFEX-2.DAT
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9615266A-34C1-4BEB-B7FB-987F5E89DF2A}\RP116\SNAPSHOT\MFEX-3.DAT

Rogue.LiveSecurityCenter-Trace
C:\QOOBOX\QUARANTINE\C\WINDOWS\DEFAULT.HTM.VIR

Trojan.Unknown Origin
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\BNHDRTOV.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9615266A-34C1-4BEB-B7FB-987F5E89DF2A}\RP115\A0064550.DLL

Adware.SprtAds/AdRotator
C:\SYSTEM VOLUME INFORMATION\_RESTORE{57169E64-F026-475D-9B57-C44243C70BB1}\RP186\A0163851.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{57169E64-F026-475D-9B57-C44243C70BB1}\RP188\A0166688.DLL

Adware.Downloader Mirar/NetNucleus
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9615266A-34C1-4BEB-B7FB-987F5E89DF2A}\RP115\A0064611.EXE


And a HJT log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:46:49 PM, on 6/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\WinFlip\WinFlip.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iesearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [lanmanwrk.exe clean] C:\WINDOWS\System32\lanmanwrk.exe clean
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: WinFlip.lnk = C:\Program Files\WinFlip\WinFlip.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 7269 bytes



OKAY PLS HELP ME>>>

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:46 AM

Posted 23 June 2008 - 04:52 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 jonospoon

jonospoon
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:46 PM

Posted 26 June 2008 - 06:05 AM

Will do this as soon as i have Bandwidth.

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:46 AM

Posted 28 June 2008 - 02:58 PM

Ok. How soon will that be?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 jonospoon

jonospoon
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:46 PM

Posted 29 June 2008 - 11:10 AM

Deckard's System Scanner v20071014.68
Run by Jonathan on 2008-06-29 18:04:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
123: 2008-06-29 16:04:23 UTC - RP129 - Deckard's System Scanner Restore Point
122: 2008-06-29 12:02:34 UTC - RP128 - System Checkpoint
121: 2008-06-26 16:09:01 UTC - RP127 - System Checkpoint
120: 2008-06-21 09:39:15 UTC - RP126 - Installed Opera 9.50
119: 2008-06-21 09:38:59 UTC - RP125 - Removed Opera 9.23


-- First Restore Point --
1: 2008-06-10 18:24:15 UTC - RP7 - Installed Java™ 6 Update 2


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Jonathan.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:05:35 PM, on 6/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\WinFlip\WinFlip.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jonathan\Desktop\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jonathan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iesearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [lanmanwrk.exe clean] C:\WINDOWS\System32\lanmanwrk.exe clean
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: WinFlip.lnk = C:\Program Files\WinFlip\WinFlip.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 7489 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\BWsys2\BWsys2.icl,56
.chm - chm.file - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\BWsys2\BWsys2.icl,48
.hlp - hlpfile - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\BWsys2\BWsys2.icl,48
.inf - inffile - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\BWsys2\BWsys2.icl,32
.ini - inifile - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\BWsys2\BWsys2.icl,32
.reg - regfile - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\BWsys2\BWsys2.icl,47
.txt - txtfile - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\BWsys2\BWsys2.icl,40
.vbs - VBSFile - DefaultIcon - C:\Program Files\Stardock\Object Desktop\IconPackager\Themes\BWsys2\BWsys2.icl,49


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\system32\giveio.sys
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R1 AsIO - c:\windows\system32\drivers\asio.sys
R1 asuskbnt (Enhanced Display Driver Helper Service) - c:\windows\system32\drivers\atkkbnt.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Help driver For Keyboard Service.>
R1 EIO - c:\windows\system32\drivers\eio.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT>
R3 Video3D (ASUS Video3D Service) - c:\windows\system32\drivers\video3d32.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Video3D driver>

S0 BootScreen - c:\windows\\systemroot\system32\drivers\vidstub.sys (file missing)
S3 catchme - c:\combofix\catchme.sys (file missing)
S3 cmpci (C-Media PCI Audio Driver (WDM)) - c:\windows\system32\drivers\cmaudio.sys (file missing)
S3 SYMIDSCO - c:\progra~1\common~1\symant~1\symcdata\idsdefs\20050901.036\symidsco.sys (file missing)
S3 ultradfg - c:\windows\system32\drivers\ultradfg.sys <Not Verified; DASoft Development Team; UltraDefrag>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 ATKKeyboardService (ATK Keyboard Service) - c:\windows\atkkbservice.exe <Not Verified; ASUSTeK COMPUTER INC.; ASUS Keyboard Service>
R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: System Interrupt Controller
Device ID: PCI\VEN_1106&DEV_5327&SUBSYS_00000000&REV_00\3&2411E6FE&0&05
Manufacturer:
Name: System Interrupt Controller
PNP Device ID: PCI\VEN_1106&DEV_5327&SUBSYS_00000000&REV_00\3&2411E6FE&0&05
Service:


-- Files created between 2008-05-29 and 2008-06-29 -----------------------------

2008-06-26 17:40:08 163712 --a------ C:\WINDOWS\system32\drivers\vidstub.sys
2008-06-26 13:23:16 0 d-------- C:\WINDOWS\UltraDefrag
2008-06-22 12:35:44 555 --a------ C:\WINDOWS\eReg.dat
2008-06-21 19:53:34 0 d-------- C:\Documents and Settings\Jonathan\dwhelper
2008-06-20 16:52:26 0 d-------- C:\Program Files\Common Files\Stardock
2008-06-20 14:32:01 0 d-------- C:\WINDOWS\Sun
2008-06-20 14:07:07 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-06-20 14:06:53 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-20 14:06:53 0 d-------- C:\Documents and Settings\Jonathan\Application Data\SUPERAntiSpyware.com
2008-06-17 15:03:50 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Office Genuine Advantage
2008-06-17 14:46:04 68096 --a------ C:\WINDOWS\zip.exe
2008-06-17 14:46:04 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-17 14:46:04 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-17 14:46:04 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-17 14:46:04 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-17 14:46:04 98816 --a------ C:\WINDOWS\sed.exe
2008-06-17 14:46:04 80412 --a------ C:\WINDOWS\grep.exe
2008-06-17 14:46:04 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-16 18:51:39 0 d-------- C:\cmdcons
2008-06-16 16:44:29 0 d-------- C:\Program Files\Rainmeter
2008-06-16 16:35:18 0 d-------- C:\Program Files\WinFlip
2008-06-15 14:55:57 64342 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-06-15 14:46:31 217 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-06-15 14:43:37 0 d-------- C:\Program Files\HyperSnap 6
2008-06-13 18:35:03 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avg7
2008-06-13 13:59:42 0 d-------- C:\Program Files\Trend Micro
2008-06-11 19:11:52 0 d-------- C:\Documents and Settings\Jonathan\Application Data\Comodo
2008-06-11 19:11:51 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\comodo
2008-06-11 19:11:50 0 d-------- C:\Program Files\COMODO
2008-06-11 18:16:23 0 d-------- C:\Program Files\SpeedFan
2008-06-11 17:35:52 0 d-------- C:\Documents and Settings\Jonathan\Application Data\TrojanHunter
2008-06-10 21:05:20 0 d-------- C:\Program Files\TrojanHunter 5.0
2008-06-10 19:32:02 0 d-------- C:\WINDOWS\New Folder
2008-06-10 18:02:10 0 d-------- C:\Program Files\Lavasoft
2008-06-10 18:02:10 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-06-10 18:01:21 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-10 17:47:31 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET
2008-06-10 16:22:18 0 d-------- C:\Program Files\uTorrent
2008-06-10 16:22:18 0 dr------- C:\Documents and Settings\LocalService.NT AUTHORITY\Favorites
2008-06-10 16:06:17 5 --a------ C:\WINDOWS\system32\test
2008-06-10 16:06:17 163840 --a------ C:\WINDOWS\system32\RapidshareHacking.exe <Not Verified; OMS; RapidshareHacking>
2008-06-09 18:09:53 0 d-------- C:\Program Files\Alcohol Soft
2008-06-07 11:43:26 0 d-------- C:\Program Files\BitDownload
2008-06-07 11:41:25 0 d-------- C:\Program Files\Wyzo
2008-06-01 14:52:50 0 d-------- C:\Documents and Settings\Jonathan\Application Data\Google
2008-06-01 14:28:33 203264 --a------ C:\WINDOWS\system32\Clarkson.scr <Not Verified; ScreenTime Media; ScreenTime For Flash>
2008-06-01 14:28:32 0 d-------- C:\WINDOWS\system32\Clarkson dir
2008-06-01 12:27:22 0 d-------- C:\Documents and Settings\Jonathan\Application Data\Flickr
2008-06-01 12:27:00 0 d-------- C:\Program Files\Flickr Uploadr
2008-05-31 15:32:10 664 --a------ C:\WINDOWS\system32\d3d9caps.dat


-- Find3M Report ---------------------------------------------------------------

2008-06-29 17:10:49 3783 --a------ C:\Documents and Settings\Jonathan\Application Data\.googlewebacchosts
2008-06-26 17:40:08 0 d-------- C:\Program Files\Stardock
2008-06-21 19:41:17 0 d-------- C:\Documents and Settings\Jonathan\Application Data\Mozilla
2008-06-21 11:39:26 0 d-------- C:\Program Files\Opera
2008-06-20 16:52:26 0 d-------- C:\Program Files\Common Files
2008-06-20 14:31:30 0 d-------- C:\Program Files\Java
2008-06-16 15:17:22 0 d-------- C:\Program Files\Movie Maker
2008-06-15 14:55:56 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-11 17:46:10 0 d-------- C:\Program Files\Total Video Converter
2008-06-10 17:07:19 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-09 19:13:25 0 d-------- C:\Program Files\Call of Duty
2008-06-09 17:59:55 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-06-09 17:16:34 0 d-------- C:\Documents and Settings\Jonathan\Application Data\LimeWire
2008-05-24 18:31:54 0 d-------- C:\Program Files\EA GAMES
2008-05-24 17:43:18 0 dr-h----- C:\Documents and Settings\Jonathan\Application Data\SecuROM
2008-05-05 22:19:18 0 d-------- C:\Documents and Settings\Jonathan\Application Data\STOIK
2008-04-11 17:17:23 4608 --a------ C:\WINDOWS\system32\w95inf32.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2008-04-11 17:17:23 2272 --a------ C:\WINDOWS\system32\w95inf16.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [05/20/2005 09:11 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [08/11/2006 03:43 PM]
"nwiz"="nwiz.exe" [08/11/2006 03:43 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [08/11/2006 03:43 PM]
"CmPCIaudio"="CMICNFG3.cpl" []
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [03/11/2003 12:08 PM]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [03/13/2008 04:48 PM]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [03/25/2008 07:08 PM]
"COMODO SafeSurf"="C:\Program Files\COMODO\SafeSurf\cssurf.exe" [06/11/2008 07:13 PM]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [06/11/2008 07:11 PM]
"lanmanwrk.exe"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"SoundMax"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [09/07/2005 03:35 PM]
"BootSkin Startup Jobs"="C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [04/26/2004 04:21 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [10/11/2005 06:25 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [04/01/2008 11:39 AM]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [06/09/2008 07:29 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/28/2008 10:33 AM]

C:\Documents and Settings\Jonathan\Start Menu\Programs\Startup\
WinFlip.lnk - C:\Program Files\WinFlip\WinFlip.exe [5/30/2008 2:53:44 PM]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [8/6/2003 1:23:32 PM]
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [7/9/2007 10:24:38 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
Mixer.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
"C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameFace Messenger]
C:\Program Files\GameFace Messenger\GameFace.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
HDAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
"C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]
"C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\winampa.exe"




-- Hosts -----------------------------------------------------------------------

127.0.0.1 mpa.one.microsoft.com


-- End of Deckard's System Scanner: finished at 2008-06-29 18:06:58 ------------




Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU 6300 @ 1.86GHz
CPU 1: Intel® Core™2 CPU 6300 @ 1.86GHz
Percentage of Memory in Use: 41%
Physical Memory (total/avail): 1022.42 MiB / 601.56 MiB
Pagefile Memory (total/avail): 4923.04 MiB / 4524.32 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1908.86 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 149.94 GiB total, 42.12 GiB free.
D: is CDROM (CDFS)
E: is CDROM (No Media)
F: is CDROM (No Media)
Z: is Fixed (NTFS) - 82.94 GiB total, 43.13 GiB free.

\\.\PHYSICALDRIVE0 - ST3250620AS - 232.88 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 149.94 GiB - C:
\PARTITION1 - Installable File System - 82.94 GiB - Z:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
UpdatesDisableNotify is set.

FW: Norton Internet Worm Protection v2006 (Symantec) Disabled
FW: COMODO Firewall Pro v3.0 (COMODO) Disabled
AV: ESET NOD32 Antivirus 3.0 v3.0 (ESET, spol. s r. o.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"="C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\\downloads\\Nero-ShowTime-English.exe"="C:\\downloads\\Nero-ShowTime-English.exe:*:Enabled:Nero-ShowTime-English"
"C:\\Program Files\\Opera\\Opera.exe"="C:\\Program Files\\Opera\\Opera.exe:*:Enabled:Opera Internet Browser"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"Z:\\games\\games\\Soldat 2\\Soldat.exe"="Z:\\games\\games\\Soldat 2\\Soldat.exe:*:Enabled:Soldat"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\Jonathan\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=COMPU2ME
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jonathan
LOGONSERVER=\\COMPU2ME
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Jonathan\LOCALS~1\Temp
TMP=C:\DOCUME~1\Jonathan\LOCALS~1\Temp
USERDOMAIN=COMPU2ME
USERNAME=Jonathan
USERPROFILE=C:\Documents and Settings\Jonathan
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Jonathan (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Photoshop 7.0.1 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
altcompare --> C:\Program Files\altcmd\uninstall.bat
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ASUS Enhanced Display Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}\setup.exe" -l0x9 -removeonly
ASUS GameFace Library --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{92B07938-0550-4937-9447-E0ECC04AB99D}
ASUS GameLiveShow --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{04726714-8286-43B8-AFD6-2DF92EC49995}
ASUS Utilities --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{43C67D92-F56E-4729-8673-9A2D5A6036F8} /l1033
ASUS VideoSecurity Online --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7A529246-912F-4C40-A82A-E608DB702FD7}
BootSkin --> C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\UNWISE.EXE C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\INSTALL.LOG
C-Media PCI Audio --> C:\WINDOWS\CmiPCIUninstall.exe C:\Program Files\C-Media PCI Audio#C-Media PCI Audio#C-Media PCI Audio#
Call of Duty --> C:\PROGRA~1\CALLOF~1\Uninstall\Unwise.exe /u C:\PROGRA~1\CALLOF~1\Uninstall\Install.log
Call of Duty - United Offensive --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{A662E280-64A8-4CF5-8407-13D0808602B3}
CamStudio --> C:\Program Files\CamStudio\uninstall.exe
Celtx (0.9.9.7) --> C:\Program Files\Celtx\uninstall\helper.exe
Clarkson Screen Saver --> C:\WINDOWS\system32\Clarkson.scr /u
COMODO Firewall Pro --> C:\Program Files\COMODO\Firewall\cfpconfg.exe -u
COMODO SafeSurf --> C:\Program Files\COMODO\SafeSurf\cssconfg.exe -u
DVD Solution --> "C:\Program Files\Uninstall_CDS.exe"
ESET NOD32 Antivirus --> MsiExec.exe /I{86A6E235-C08F-4A14-B14C-793C7D8844A0}
FlatOut2 --> MsiExec.exe /I{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}
Flickr Uploadr 3.0.5 --> "C:\Program Files\Flickr Uploadr\uninstall.exe"
GameFace Messenger --> C:\WINDOWS\iun6002.exe "C:\Program Files\GameFace Messenger\irunin.ini"
Google Earth --> MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
Google Web Accelerator --> MsiExec.exe /X{6A1975EB-27E6-491D-94BC-6355FA25F40F}
High Definition Audio Driver Package - KB888111 --> C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
hp deskjet 3500 --> msiexec /x{8FD62EBB-3175-4907-A326-989B14E5C757}
HP Photo and Imaging 2.0 - Deskjet Series --> MsiExec.exe /I{E0828692-FD9D-459F-9312-C645C3CA6650}
HyperSnap 6 --> C:\Program Files\HyperSnap 6\HprUnInst.exe
IconPackager --> C:\PROGRA~1\Stardock\OBJECT~1\ICONPA~1\iconpackager.exe /uninstallwise
InCD --> C:\WINDOWS\NuNInst.exe /UNINSTALL
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
LimeWire PRO 4.17.1 --> "C:\Program Files\LimeWire\uninstall.exe"
Microsoft DirectX Transform optional components --> RUNDLL32.EXE ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\DXTXTRA.INF,UNINSTALL.NT,12
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office OneNote 2003 --> MsiExec.exe /I{90A10409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Project Professional 2003 --> MsiExec.exe /I{903B0409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Multimedia Launcher --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Need for Speed™ Most Wanted --> C:\Program Files\EA GAMES\Need for Speed Most Wanted\EAUninstall.exe
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Opera 9.50 --> MsiExec.exe /X{2F3B0D3D-E1D3-42CC-BDC4-A5BF799FD375}
Opera 9.50 --> MsiExec.exe /X{70B96CD0-FDF2-489E-8FA0-0F92ED599368}
PC Probe II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\setup.exe" -l0x9
PCI Audio Applications --> C:\Program Files\PCI Audio Applications\Bin\Uninstall.exe
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Rainmeter (remove only) --> "C:\Program Files\Rainmeter\uninst.exe"
Safari --> MsiExec.exe /I{F0E8F94D-6E68-4B35-92DF-3AA6DC6A6768}
SimCity 4 --> C:\Program Files\Maxis\SimCity 4\EAUninstall.exe
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
SpeedFan (remove only) --> "C:\Program Files\SpeedFan\uninstall.exe"
STOIK Video Converter 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A8DF8593-F619-47DE-AD27-BCABF233433A}\setup.exe" -l0x9 -removeonly
Super Screen Capture 4.0 --> "C:\Program Files\Zeallsoft\Super Screen Capture\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Total Video Converter 3.12 080330 --> "C:\Program Files\Total Video Converter\unins001.exe"
TrojanHunter 5.0 --> "C:\Program Files\TrojanHunter 5.0\unins000.exe"
Ultra Defragmenter --> "C:\WINDOWS\UltraDefrag\uninstall.exe"
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
WinFlip 0.50 --> C:\Program Files\WinFlip\Uninstall.exe
XviD MPEG-4 Video Codec --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_XviD 132 C:\WINDOWS\INF\xvid.inf


-- Application Event Log -------------------------------------------------------

Event Record #/Type1178 / Error
Event Submitted/Written: 06/27/2008 10:52:08 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application winflip.exe, version 0.0.0.0, faulting module winflip.exe, version 0.0.0.0, fault address 0x00004795.
Processing media-specific event for [winflip.exe!ws!]

Event Record #/Type1172 / Error
Event Submitted/Written: 06/27/2008 10:42:00 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application powerdvd.exe, version 6.0.0.1424, faulting module dvd_x.imp, version 6.0.0.2421, fault address 0x00001a3c.
Processing media-specific event for [powerdvd.exe!ws!]

Event Record #/Type1160 / Error
Event Submitted/Written: 06/23/2008 08:39:29 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application winflip.exe, version 0.0.0.0, faulting module winflip.exe, version 0.0.0.0, fault address 0x00004795.
Processing media-specific event for [winflip.exe!ws!]

Event Record #/Type1156 / Error
Event Submitted/Written: 06/22/2008 08:13:10 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.9.0.3071, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1154 / Error
Event Submitted/Written: 06/22/2008 07:51:12 PM
Event ID/Source: 1 / nview_info
Event Description:
NVIEW : Explorer: Entered Mutex Recovery Code. NView (and Mutexes) are not enabled.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type7428 / Warning
Event Submitted/Written: 06/29/2008 06:04:55 PM
Event ID/Source: 2504 / Server
Event Description:
The server could not bind to the transport \Device\NetBT_Tcpip_{F1B6FD93-3C4E-4ADC-9D6F-78C8C2BB244F}.

Event Record #/Type7427 / Warning
Event Submitted/Written: 06/29/2008 06:04:50 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 0018F3EF5596. The IP address being used is 169.254.175.86.

Event Record #/Type7424 / Warning
Event Submitted/Written: 06/29/2008 06:04:24 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0018F3EF5596. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type7423 / Warning
Event Submitted/Written: 06/29/2008 06:03:50 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0018F3EF5596. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type7382 / Error
Event Submitted/Written: 06/29/2008 01:35:30 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).



-- End of Deckard's System Scanner: finished at 2008-06-29 18:06:58 ------------




Thanks in advance

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:46 AM

Posted 29 June 2008 - 02:10 PM

Aaahh...there we are. :thumbsup:

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iesearch.com/
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll



Reboot your computer.



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Please post a new log from DSS also.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 jonospoon

jonospoon
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:46 PM

Posted 03 July 2008 - 10:28 AM

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, July 3, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, July 03, 2008 12:28:32
Records in database: 910352
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
Z:\

Scan statistics:
Files scanned: 209011
Threat name: 11
Infected objects: 13
Suspicious objects: 0
Duration of the scan: 02:31:34


File name / Threat name / Threats count
C:\Documents and Settings\Jonathan\Incomplete\T-115969-TrackMania United Forever.zip Infected: Trojan-Downloader.Win32.VB.dck 1
C:\Documents and Settings\Jonathan\Shared\Rare Recording (blackmags).wma Infected: Trojan-Downloader.WMA.Wimad.l 1
C:\Documents and Settings\USER\Desktop\icons\vnc-4_1_2-x86_win32_viewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1
C:\Documents and Settings\USER\My Documents\My Music\iTunes\iTunes Music\Top of Charts - 2005.wma Infected: Trojan-Downloader.WMA.Wimad.l 1
C:\downloads\FlyakiteOSX v3.5.exe Infected: not-a-virus:RiskTool.Win32.WFPDisabler.a 1
C:\othread2.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.l 1
C:\QooBox\Quarantine\C\Documents and Settings\Jonathan\Application Data\Microsoft\dtsc\24101.exe.vir Infected: Trojan-Downloader.Win32.Agent.shg 1
C:\QooBox\Quarantine\C\WINDOWS\444.0.vir Infected: Trojan.Win32.DNSChanger.ejb 1
C:\QooBox\Quarantine\C\WINDOWS\system32\vtUlMCSi.dll.vir Infected: Trojan.Win32.Monderb.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\xxyWNGYs.dll.vir Infected: Trojan.Win32.Monderb.gen 1
C:\QooBox\Quarantine\catchme2008-06-16_190607.39.zip Infected: Trojan.Win32.Agent.kcr 1
C:\QooBox\Quarantine\catchme2008-06-16_190607.39.zip Infected: Trojan.Win32.Pakes.coe 1
C:\WINDOWS\New Folder\CW-Lavasof_ Ad Aware_pro 2008v7.1.10.8-STEVE357.rar Infected: Trojan.Win32.Monder.gen 1

The selected area was scanned.

#8 jonospoon

jonospoon
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:46 PM

Posted 03 July 2008 - 10:29 AM

Deckard's System Scanner v20071014.68
Run by Jonathan on 2008-07-03 17:26:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Jonathan.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:27:00 PM, on 7/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\WinFlip\WinFlip.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
Z:\games\cod 4\iw3sp.exe
C:\Documents and Settings\Jonathan\Local Settings\temp\jkos-Jonathan\binaries\ScanningProcess.exe
C:\Documents and Settings\Jonathan\Local Settings\temp\jkos-Jonathan\binaries\ScanningProcess.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe
C:\Documents and Settings\Jonathan\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jonathan.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [lanmanwrk.exe clean] C:\WINDOWS\System32\lanmanwrk.exe clean
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: WinFlip.lnk = C:\Program Files\WinFlip\WinFlip.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 7549 bytes

-- Files created between 2008-06-03 and 2008-07-03 -----------------------------

2008-07-02 16:37:14 0 d-------- C:\Documents and Settings\Jonathan\Application Data\Ubisoft
2008-07-02 16:34:14 0 d-------- C:\Documents and Settings\Jonathan\Application Data\WinRAR
2008-07-02 16:04:41 0 d-------- C:\Program Files\uTorrent
2008-07-01 23:11:19 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Ubisoft
2008-07-01 22:50:56 0 d-------- C:\Program Files\Ubisoft
2008-07-01 22:50:35 0 d-------- C:\Documents and Settings\Jonathan\Application Data\InstallShield
2008-07-01 18:33:20 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Age of Empires 3
2008-06-29 19:42:03 0 d-------- C:\WINDOWS\NV3888389229.TMP
2008-06-29 18:59:49 0 d-------- C:\Documents and Settings\Jonathan\Application Data\uTorrent
2008-06-26 17:40:08 163712 --a------ C:\WINDOWS\system32\drivers\vidstub.sys
2008-06-26 13:23:16 0 d-------- C:\WINDOWS\UltraDefrag
2008-06-22 12:35:44 555 --a------ C:\WINDOWS\eReg.dat
2008-06-21 19:53:34 0 d-------- C:\Documents and Settings\Jonathan\dwhelper
2008-06-20 16:52:26 0 d-------- C:\Program Files\Common Files\Stardock
2008-06-20 14:32:01 0 d-------- C:\WINDOWS\Sun
2008-06-20 14:07:07 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-06-20 14:06:53 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-20 14:06:53 0 d-------- C:\Documents and Settings\Jonathan\Application Data\SUPERAntiSpyware.com
2008-06-17 15:03:50 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Office Genuine Advantage
2008-06-17 14:46:04 68096 --a------ C:\WINDOWS\zip.exe
2008-06-17 14:46:04 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-17 14:46:04 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-17 14:46:04 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-17 14:46:04 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-17 14:46:04 98816 --a------ C:\WINDOWS\sed.exe
2008-06-17 14:46:04 80412 --a------ C:\WINDOWS\grep.exe
2008-06-17 14:46:04 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-16 18:51:39 0 d-------- C:\cmdcons
2008-06-16 16:44:29 0 d-------- C:\Program Files\Rainmeter
2008-06-16 16:35:18 0 d-------- C:\Program Files\WinFlip
2008-06-15 14:55:57 64342 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-06-15 14:46:31 217 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-06-15 14:43:37 0 d-------- C:\Program Files\HyperSnap 6
2008-06-13 18:35:03 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avg7
2008-06-13 13:59:42 0 d-------- C:\Program Files\Trend Micro
2008-06-11 19:11:52 0 d-------- C:\Documents and Settings\Jonathan\Application Data\Comodo
2008-06-11 19:11:51 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\comodo
2008-06-11 19:11:50 0 d-------- C:\Program Files\COMODO
2008-06-11 18:16:23 0 d-------- C:\Program Files\SpeedFan
2008-06-11 17:35:52 0 d-------- C:\Documents and Settings\Jonathan\Application Data\TrojanHunter
2008-06-10 21:05:20 0 d-------- C:\Program Files\TrojanHunter 5.0
2008-06-10 19:32:02 0 d-------- C:\WINDOWS\New Folder
2008-06-10 18:02:10 0 d-------- C:\Program Files\Lavasoft
2008-06-10 18:02:10 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-06-10 18:01:21 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-10 17:47:31 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ESET
2008-06-10 16:22:18 0 dr------- C:\Documents and Settings\LocalService.NT AUTHORITY\Favorites
2008-06-10 16:06:17 5 --a------ C:\WINDOWS\system32\test
2008-06-10 16:06:17 163840 --a------ C:\WINDOWS\system32\RapidshareHacking.exe <Not Verified; OMS; RapidshareHacking>
2008-06-09 18:09:53 0 d-------- C:\Program Files\Alcohol Soft
2008-06-07 11:43:26 0 d-------- C:\Program Files\BitDownload
2008-06-07 11:41:25 0 d-------- C:\Program Files\Wyzo


-- Find3M Report ---------------------------------------------------------------

2008-07-03 13:18:00 0 d-------- C:\Program Files\Java
2008-07-03 12:35:07 3783 --a------ C:\Documents and Settings\Jonathan\Application Data\.googlewebacchosts
2008-07-01 22:50:53 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-01 19:29:55 0 d-------- C:\Program Files\Microsoft Games
2008-06-30 17:19:34 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-30 17:10:32 0 d-------- C:\Documents and Settings\Jonathan\Application Data\LimeWire
2008-06-30 14:36:52 0 d-------- C:\Program Files\Audacity
2008-06-29 22:05:15 0 d-------- C:\Program Files\GameFace Messenger
2008-06-29 22:03:55 0 d-------- C:\Program Files\ASUS
2008-06-29 22:00:26 0 d-------- C:\Program Files\Online Services
2008-06-29 20:19:08 0 d-------- C:\Program Files\Winamp
2008-06-26 17:40:08 0 d-------- C:\Program Files\Stardock
2008-06-21 19:41:17 0 d-------- C:\Documents and Settings\Jonathan\Application Data\Mozilla
2008-06-21 19:36:26 0 d-------- C:\Program Files\Flickr Uploadr
2008-06-21 11:39:26 0 d-------- C:\Program Files\Opera
2008-06-20 16:52:26 0 d-------- C:\Program Files\Common Files
2008-06-16 15:17:22 0 d-------- C:\Program Files\Movie Maker
2008-06-15 14:55:56 218624 --a------ C:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-11 17:46:10 0 d-------- C:\Program Files\Total Video Converter
2008-06-09 19:13:25 0 d-------- C:\Program Files\Call of Duty
2008-06-09 17:59:55 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-06-01 14:53:29 0 d-------- C:\Documents and Settings\Jonathan\Application Data\Google
2008-06-01 14:28:33 203264 --a------ C:\WINDOWS\system32\Clarkson.scr <Not Verified; ScreenTime Media; ScreenTime For Flash>
2008-06-01 12:27:22 0 d-------- C:\Documents and Settings\Jonathan\Application Data\Flickr
2008-05-24 18:31:54 0 d-------- C:\Program Files\EA GAMES
2008-05-24 17:43:18 0 dr-h----- C:\Documents and Settings\Jonathan\Application Data\SecuROM
2008-05-05 22:19:18 0 d-------- C:\Documents and Settings\Jonathan\Application Data\STOIK
2008-04-11 17:17:23 4608 --a------ C:\WINDOWS\system32\w95inf32.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2008-04-11 17:17:23 2272 --a------ C:\WINDOWS\system32\w95inf16.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [05/20/2005 09:11 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [08/11/2006 03:43 PM]
"nwiz"="nwiz.exe" [08/11/2006 03:43 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [08/11/2006 03:43 PM]
"CmPCIaudio"="CMICNFG3.cpl" []
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [03/11/2003 12:08 PM]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [03/13/2008 04:48 PM]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [03/25/2008 07:08 PM]
"COMODO SafeSurf"="C:\Program Files\COMODO\SafeSurf\cssurf.exe" [06/11/2008 07:13 PM]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [06/11/2008 07:11 PM]
"lanmanwrk.exe"="" []
"SoundMax"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [09/07/2005 03:35 PM]
"BootSkin Startup Jobs"="C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [04/26/2004 04:21 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [10/11/2005 06:25 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [04/01/2008 11:39 AM]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [06/09/2008 07:29 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/28/2008 10:33 AM]

C:\Documents and Settings\Jonathan\Start Menu\Programs\Startup\
WinFlip.lnk - C:\Program Files\WinFlip\WinFlip.exe [5/30/2008 2:53:44 PM]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [8/6/2003 1:23:32 PM]
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [7/9/2007 10:24:38 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
Mixer.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
"C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameFace Messenger]
C:\Program Files\GameFace Messenger\GameFace.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
HDAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
"C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]
"C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\winampa.exe"




-- End of Deckard's System Scanner: finished at 2008-07-03 17:27:58 ------------

Thanks in advance!!!!

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:46 AM

Posted 03 July 2008 - 11:12 AM

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Documents and Settings\Jonathan\Incomplete\T-115969-TrackMania United Forever.zip 
    C:\Documents and Settings\Jonathan\Shared\Rare Recording (blackmags).wma 
    C:\Documents and Settings\USER\Desktop\icons\vnc-4_1_2-x86_win32_viewer.exe 
    C:\Documents and Settings\USER\My Documents\My Music\iTunes\iTunes Music\Top of Charts - 2005.wma 
    C:\downloads\FlyakiteOSX v3.5.exe 
    C:\othread2.dll 
    C:\WINDOWS\New Folder\CW-Lavasof_ Ad Aware_pro 2008v7.1.10.8-STEVE357.rar
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 jonospoon

jonospoon
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:46 PM

Posted 09 July 2008 - 11:25 AM

C:\Documents and Settings\Jonathan\Incomplete\T-115969-TrackMania United Forever.zip moved successfully.
C:\Documents and Settings\Jonathan\Shared\Rare Recording (blackmags).wma moved successfully.
C:\Documents and Settings\USER\Desktop\icons\vnc-4_1_2-x86_win32_viewer.exe moved successfully.
C:\Documents and Settings\USER\My Documents\My Music\iTunes\iTunes Music\Top of Charts - 2005.wma moved successfully.
C:\downloads\FlyakiteOSX v3.5.exe moved successfully.
DllUnregisterServer procedure not found in C:\othread2.dll
C:\othread2.dll NOT unregistered.
C:\othread2.dll moved successfully.
C:\WINDOWS\New Folder\CW-Lavasof_ Ad Aware_pro 2008v7.1.10.8-STEVE357.rar moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07092008_181824


Thank you so much, my computer is extremely fast with no bugs, or anything.
IT IS AMAZING!!!!
Thank you so much for all of your help, i really appreciate it.
You Guys are the best.
Thanks jonospoon

#11 jonospoon

jonospoon
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:46 PM

Posted 09 July 2008 - 01:01 PM

Just wait a bit, everytime i close a game, my pc freezes. i have to press ctrl+alt+del, then press alt+tab, to get it back to life.
not sure what is causing it but is quite irratating.
Thanks

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:46 AM

Posted 09 July 2008 - 04:08 PM

That's not a malware issue. My first thought would be that your computer specs aren't strong enough for the game to play flawlessly. My second thought would be that the game is not shutting down very well when you close it and that causes the freeze. I don't know that I'll be able to tell one way or another, but we can take a look to see.

Click Start -> Run -> eventvwr.msc

Look in SYSTEM and APPLICATIONS for anything in the last day.
Double click on anything you see with a red X, press the Copy button, and then paste it here in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 jonospoon

jonospoon
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:46 PM

Posted 10 July 2008 - 02:23 AM

Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1000
Date: 7/9/2008
Time: 7:49:03 PM
User: N/A
Computer: COMPU2ME
Description:
Faulting application nfsc.exe, version 0.0.0.0, faulting module nfsc.exe, version 0.0.0.0, fault address 0x0029d26d.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 6e 66 73 ure nfs
0018: 63 2e 65 78 65 20 30 2e c.exe 0.
0020: 30 2e 30 2e 30 20 69 6e 0.0.0 in
0028: 20 6e 66 73 63 2e 65 78 nfsc.ex
0030: 65 20 30 2e 30 2e 30 2e e 0.0.0.
0038: 30 20 61 74 20 6f 66 66 0 at off
0040: 73 65 74 20 30 30 32 39 set 0029
0048: 64 32 36 64 0d 0a d26d..



That was in the applications.
There was nothing else.


I am going to buy another 2gig ram. my hard drive is partitioned for games and work folder. i am not sure if that is slowing it down.
Thanks

#14 jonospoon

jonospoon
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:46 PM

Posted 10 July 2008 - 02:50 AM

this new pop up keeps coming up
it says: Attention user! and then a whole lot of other crap about it stopping this, just download load this
Screenshot provided.
it gives a yes or no box, and whichever you chose it goes to a website called http://free-viruscan.com/id/4912933/4/1/
Nod32 is stopping it but it is crap irratating.
dont know where it came from!!!!!!!!

will provide a a HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:49:23 AM, on 7/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\WinFlip\WinFlip.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [lanmanwrk.exe clean] C:\WINDOWS\System32\lanmanwrk.exe clean
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [50a8f560] rundll32.exe "C:\WINDOWS\system32\llvulhkr.dll",b
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: WinFlip.lnk = C:\Program Files\WinFlip\WinFlip.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 7021 bytes

Thanks.

Attached Files



#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:46 AM

Posted 10 July 2008 - 09:06 AM

To your first post, that error refers to your game. So the game itself is causing the issue. You may need to reinstall it, or as you say upgrade your ram.

Onto the second issue, you have a new malware infection.
Please post a new log from DSS.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users