Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Popups Are Back


  • This topic is locked This topic is locked
13 replies to this topic

#1 pippin254

pippin254

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:27 AM

Posted 14 July 2008 - 04:10 PM

Not sure how else to explain it. But the popups that you normally see with malware (those free security scans and otherthings) came back.

Heres the Hijackthis log...

Any help is appreciated.

___________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:09:02 PM, on 7/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CallerIP\cip-nt.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Opera\Copy of Opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wiki.guildwars.com/wiki/Main_Page
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wiki.guildwars.com/wiki/Main_Page
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8080;gopher=localhost:8080;http=localhost:8080;https=localhost:8080;socks=localhost:1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: {e7e76c0e-582b-c43a-c9a4-4b581b1b7810} - {0187b1b1-85b4-4a9c-a34c-b285e0c67e7e} - C:\WINDOWS\system32\brjnqk.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Anonymizer Proxy - {0DB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\NetConceal Anonymizer\ProxyNew.dll
O2 - BHO: VIPTToolbarManager Class - {1A2641AE-2C42-4C51-A05F-8ECEC3FDC94D} - C:\Program Files\Visual IP Trace 2008\VisualIPTraceIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A6F5090F-D9EC-4263-9D7D-2968C5179291} - C:\WINDOWS\system32\cbXQjjGV.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {CA38CF39-CB97-44C5-A39A-7A37D181AED7} - C:\WINDOWS\system32\qoMcayYo.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Visual IP Trace - {E70C26AE-DFF1-40A8-8D37-19180F56F0AA} - C:\Program Files\Visual IP Trace 2008\VisualIPTraceIE.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [c4e943a8] rundll32.exe "C:\WINDOWS\system32\hcdbonwd.dll",b
O4 - HKLM\..\Run: [BMc7da7034] Rundll32.exe "C:\WINDOWS\system32\awnxsikr.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [FreeSOCKS Cap] C:\Program Files\FreeCap\freecap.exe
O4 - HKUS\S-1-5-21-2000478354-57989841-725345543-1003\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-21-2000478354-57989841-725345543-1003\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User '?')
O4 - HKUS\S-1-5-21-2000478354-57989841-725345543-1003\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (User '?')
O4 - HKUS\S-1-5-21-2000478354-57989841-725345543-1003\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe" (User '?')
O4 - HKUS\S-1-5-21-2000478354-57989841-725345543-1003\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO (User '?')
O4 - HKUS\S-1-5-21-2000478354-57989841-725345543-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2000478354-57989841-725345543-1003\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-2000478354-57989841-725345543-1003\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork (User '?')
O4 - HKUS\S-1-5-21-2000478354-57989841-725345543-1003\..\Run: [FreeSOCKS Cap] C:\Program Files\FreeCap\freecap.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - S-1-5-21-2000478354-57989841-725345543-1003 Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe (User '?')
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Scott\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: cbXQjjGV - C:\WINDOWS\SYSTEM32\cbXQjjGV.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Visualware CallerIP (CallerIP) - Unknown owner - C:\Program Files\CallerIP\cip-nt.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: WEP key recovery service (WZCOOK) - Unknown owner - C:\Documents and Settings\Scott\Desktop\Scott\Windows Wifi Collection - aircrack airsnort airopeek\aircrack_2.1_win32\wzcook.exe (file missing)
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Scott/LOCALS~1/Temp/msohtml1/01/clip_image003.jpg
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/Scott/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 13349 bytes

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 17 July 2008 - 07:09 AM

Hello, my name is fenzodahl512 and welcome to BC.. Please do the following...


Please visit below webpage for instructions for downloading and running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.



Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 pippin254

pippin254
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:27 AM

Posted 20 July 2008 - 11:15 PM

Hello! I'm terribly sorry for the late reply, a death in the family caused me to be away for a while.

I'll get the combofix logs up ASAP.

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 20 July 2008 - 11:23 PM

Ok... Just take your time.. :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 pippin254

pippin254
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:27 AM

Posted 20 July 2008 - 11:40 PM

Alrighty, Combofix log comin' up.

ComboFix 08-07-20.5 - Scott 2008-07-20 22:20:28.3 - NTFSx86

Running from: C:\Documents and Settings\Scott\Desktop\ComboFix.exe
.


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMc7da7034.txt
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cbXQjjGV.dll
C:\WINDOWS\system32\ckqmlsol.dll
C:\WINDOWS\system32\cyurkvee.dll
C:\WINDOWS\system32\ffikudwt.ini
C:\WINDOWS\system32\hgGxXrsq.dll
C:\WINDOWS\system32\ighlmgev.dll
C:\WINDOWS\system32\jkdoksnw.ini
C:\WINDOWS\system32\kmwgws.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nliehg.dll
C:\WINDOWS\system32\oYyacMoq.ini
C:\WINDOWS\system32\oYyacMoq.ini2
C:\WINDOWS\system32\qbbeoynf.ini
C:\WINDOWS\system32\qoMcayYo.dll
C:\WINDOWS\system32\rsnlphcr.dll
C:\WINDOWS\system32\rxlgsgrb.ini
C:\WINDOWS\system32\secpxhkt.dll
C:\WINDOWS\system32\tkhxpces.ini
C:\WINDOWS\system32\twdukiff.dll
C:\WINDOWS\system32\uyxqkynu.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-21 to 2008-07-21 )))))))))))))))))))))))))))))))
.

2008-07-14 14:53 . 2008-07-14 14:53 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-14 14:01 . 2008-07-20 18:52 110,415 --a------ C:\WINDOWS\BMc7da7034.xml
2008-07-13 21:18 . 2008-07-13 21:18 <DIR> d-------- C:\Program Files\Visual IP Trace 2008
2008-07-13 21:18 . 2008-07-13 21:18 <DIR> d-------- C:\Documents and Settings\Scott\Visual IP Trace
2008-07-12 16:49 . 2003-03-19 11:03 544,768 --a------ C:\WINDOWS\system32\msvcr71d.dll
2008-07-12 16:48 . 2008-07-14 12:46 <DIR> d-------- C:\Program Files\Magic Video Converter
2008-07-12 16:48 . 2004-05-26 21:37 719,872 --a------ C:\WINDOWS\system32\devil.dll
2008-07-12 16:48 . 2006-09-16 19:44 314,368 --a------ C:\WINDOWS\system32\avisynth.dll
2008-07-12 16:35 . 2008-07-12 16:35 <DIR> d-------- C:\Program Files\Cucusoft
2008-07-12 16:35 . 2008-07-12 16:35 <DIR> d----c--- C:\ConverterOutput
2008-07-12 16:09 . 2008-07-12 16:11 144 --a------ C:\WINDOWS\system32\test.aok
2008-07-12 15:58 . 2008-07-14 13:57 <DIR> d-------- C:\Program Files\ImTOO
2008-07-12 15:54 . 2008-07-12 15:54 <DIR> d-------- C:\Program Files\FlashConv
2008-07-12 15:54 . 2005-06-07 16:11 60,416 --a------ C:\WINDOWS\system32\dsetup.dll
2008-07-12 15:49 . 2008-07-12 15:51 <DIR> d-------- C:\Program Files\XVideoConverter
2008-07-12 15:32 . 2008-07-12 15:35 <DIR> d----c--- C:\AllokVideoFolder
2008-07-11 06:39 . 2008-07-11 06:39 <DIR> d-------- C:\Program Files\ffdshow
2008-07-11 06:39 . 2008-07-11 06:39 <DIR> d-------- C:\Program Files\AliveMedia
2008-07-01 17:01 . 2008-07-16 09:04 <DIR> d-------- C:\Documents and Settings\Scott\Application Data\X-Chat 2
2008-07-01 17:00 . 2008-07-01 17:00 <DIR> d-------- C:\Program Files\X-Chat 2
2008-06-25 09:25 . 2008-06-25 09:25 7,168 --ahs---- C:\WINDOWS\Thumbs.db
2008-06-25 08:52 . 2008-06-25 08:52 <DIR> d----c--- C:\DriveKey
2008-06-25 08:12 . 2008-06-25 08:12 <DIR> d-------- C:\Program Files\Bonjour
2008-06-21 15:53 . 2008-05-06 00:01 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2008-06-21 15:53 . 2008-05-06 00:01 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2008-06-21 15:52 . 2008-06-21 15:52 <DIR> d-------- C:\Program Files\Xilisoft
2008-06-21 15:52 . 2008-06-21 15:52 <DIR> d-------- C:\Program Files\4U Computing
2008-06-21 09:33 . 2007-05-10 10:23 94,208 --a------ C:\WINDOWS\system32\stacsv.exe
2008-06-21 09:32 . 2007-08-21 09:58 146,944 --a------ C:\WINDOWS\system32\st325602.dll
2008-06-21 09:18 . 2008-06-21 09:18 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Citrix
2008-06-21 09:17 . 2008-06-21 09:17 <DIR> d-------- C:\Program Files\Citrix
2008-06-21 09:17 . 2008-06-21 09:17 61,224 --a------ C:\Documents and Settings\Scott\GoToAssistDownloadHelper.exe
2008-06-21 08:54 . 2008-06-21 08:54 <DIR> d-------- C:\WINDOWS\system32\Dell

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-21 04:34 13,717,536 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-21 04:32 --------- d-----w C:\Documents and Settings\Scott\Application Data\uTorrent
2008-07-21 04:30 47,104 ----a-w C:\WINDOWS\system32\rpcnet.dll
2008-07-21 04:30 17,408 ----a-w C:\WINDOWS\system32\rpcnetp.exe
2008-07-21 04:29 161,732 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-21 00:00 --------- dc----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-07-21 00:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-07-20 00:48 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft
2008-07-19 23:43 --------- d-----w C:\Program Files\Google
2008-07-18 21:03 --------- d-----w C:\Program Files\FreeCap
2008-07-17 03:48 --------- d-----w C:\Documents and Settings\Scott\Application Data\SiteAdvisor
2008-07-14 22:31 47,104 ----a-w C:\WINDOWS\system32\rpcnet.exe
2008-07-14 22:28 17,408 -c--a-w C:\WINDOWS\system32\rpcnetp.dll
2008-07-12 21:50 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-12 14:55 --------- d-----w C:\Program Files\PeerGuardian2
2008-07-01 12:53 39,898 ----a-w C:\Documents and Settings\Scott\Application Data\wklnhst.dat
2008-06-25 14:55 --------- d-----w C:\Program Files\Apple Software Update
2008-06-25 14:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-25 14:17 --------- d-----w C:\Program Files\iTunes
2008-06-25 14:17 --------- d-----w C:\Program Files\iPod
2008-06-25 14:12 --------- d-----w C:\Program Files\QuickTime
2008-06-22 03:01 6,727,775 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-06-22 00:29 --------- d-----w C:\Documents and Settings\Scott\Application Data\U3
2008-06-21 22:51 34,308 ----a-w C:\WINDOWS\system32\Chip.dll
2008-06-21 22:51 22,004 ----a-w C:\WINDOWS\system32\Pvt.tmp
2008-06-21 21:54 --------- d-----w C:\Documents and Settings\Scott\Application Data\dvdcss
2008-06-21 15:27 --------- d-----w C:\Program Files\Acoustica Mixcraft 4
2008-06-21 14:54 --------- d-----w C:\Program Files\Dell
2008-06-20 14:23 --------- d-----w C:\Program Files\Opera
2008-06-20 03:54 --------- d-----w C:\Program Files\Acoustica Shared Effects
2008-06-15 20:00 --------- d-----w C:\Program Files\honestech Video Editor 7.0
2008-06-08 01:56 --------- dc-h--w C:\Documents and Settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}
2008-06-08 01:56 --------- d-----w C:\Program Files\Eraser
2008-05-26 04:07 --------- d-----w C:\Program Files\dvdXsoft
2008-05-25 21:27 --------- dc----w C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-05-25 21:27 --------- d-----w C:\Documents and Settings\Scott\Application Data\AVS4YOU
2008-05-25 21:26 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-05-25 21:26 --------- d-----w C:\Program Files\AVS4YOU
2008-05-25 21:05 --------- d-----w C:\Program Files\honestech Easy Video Editor Trial
2008-05-25 19:21 --------- d-----w C:\Program Files\Acoustica Mixcraft 3
2008-05-25 19:20 --------- d-----w C:\Program Files\VST
2008-05-24 23:43 --------- d-----w C:\Program Files\SiteAdvisor
2008-05-21 17:25 --------- dc----w C:\Documents and Settings\Guest\Application Data\SiteAdvisor
2008-05-21 14:32 --------- d-----w C:\Program Files\UnrealTournament
2008-05-21 14:23 --------- d-----w C:\Program Files\CallerIP
2008-05-21 13:59 --------- d-----w C:\Program Files\AltoMP3 Gold
2008-05-21 13:36 --------- d-----w C:\Program Files\Finale PrintMusic 2007
2008-05-17 00:32 356,352 ----a-w C:\WINDOWS\eSellerateEngine.dll
2008-05-09 23:01 414,720 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-04-29 17:14 402 ----a-w C:\Documents and Settings\Banana\Application Data\wklnhst.dat
2008-04-29 15:34 4,372,480 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-04-29 15:34 2,201,088 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-01-09 15:44 55,800 -c--a-w C:\Documents and Settings\Scott\Application Data\GDIPFONTCACHEV1.DAT
.

------- Sigcheck -------

2006-04-20 06:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 11:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\SoftwareDistribution\Download\146ae5e7b51a37f45e0e5cf03d0d5e3c\sp2gdr\tcpip.sys
2007-10-30 10:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\SoftwareDistribution\Download\146ae5e7b51a37f45e0e5cf03d0d5e3c\sp2qfe\tcpip.sys
2006-04-20 05:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\system32\dllcache\tcpip.sys
2006-04-20 05:51 359808 b4e29943b4b04bd5e7381546848e6669 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 18:04 5562368]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 16:29 165784]
"uTorrent"="C:\Program Files\uTorrent\utorrent.exe" [2007-09-21 21:38 219952]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-07-13 03:10 598656]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-09 09:21 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 14:48 761947]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-11-01 14:48 1392640]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 18:19 53248]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 15:22 3739648]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-20 06:53 1838592]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-13 12:05 36640]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 18:04 5562368]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 02:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 01:01:50 734872]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 03:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-06-21 09:17 10536 C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ZDSV"= scrvid.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85250eda-00f2-11dc-88d1-0016cf8f5a1e}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{975ad106-58cc-11dc-890a-0016cf8f5a1e}]
\Shell\AutoRun\command - F:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-07-16 02:19:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-21 00:04:48 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-BMc7da7034 - C:\WINDOWS\system32\ckqmlsol.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R0 -: HKCU-Main,Start Page = hxxp://wiki.guildwars.com/wiki/Main_Page
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
R0 -: HKLM-Main,Start Page = hxxp://www.wiki.guildwars.com/wiki/Main_Page
R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
O9 -: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Scott\Start Menu\Programs\IMVU\Run IMVU.lnk


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-20 22:31:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\SiteAdvisor\6261\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CallerIP\cip-nt.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2008-07-20 22:37:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-21 04:37:39
ComboFix2.txt 2007-12-10 20:54:55

Pre-Run: 36,207,075,328 bytes free
Post-Run: 36,143,280,128 bytes free

252 --- E O F --- 2008-01-07 23:14:03








And now a fresh HJT Log......


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:47 PM, on 7/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CallerIP\cip-nt.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Opera\Copy of Opera.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wiki.guildwars.com/wiki/Main_Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wiki.guildwars.com/wiki/Main_Page
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Anonymizer Proxy - {0DB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\NetConceal Anonymizer\ProxyNew.dll
O2 - BHO: VIPTToolbarManager Class - {1A2641AE-2C42-4C51-A05F-8ECEC3FDC94D} - C:\Program Files\Visual IP Trace 2008\VisualIPTraceIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-2000478354-57989841-725345543-1003\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-21-2000478354-57989841-725345543-1003\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User '?')
O4 - HKUS\S-1-5-21-2000478354-57989841-725345543-1003\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (User '?')
O4 - HKUS\S-1-5-21-2000478354-57989841-725345543-1003\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe" (User '?')
O4 - HKUS\S-1-5-21-2000478354-57989841-725345543-1003\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO (User '?')
O4 - HKUS\S-1-5-21-2000478354-57989841-725345543-1003\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Scott\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Visualware CallerIP (CallerIP) - Unknown owner - C:\Program Files\CallerIP\cip-nt.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: WEP key recovery service (WZCOOK) - Unknown owner - C:\Documents and Settings\Scott\Desktop\Scott\Windows Wifi Collection - aircrack airsnort airopeek\aircrack_2.1_win32\wzcook.exe (file missing)

--
End of file - 10519 bytes

Edited by pippin254, 20 July 2008 - 11:41 PM.


#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 21 July 2008 - 12:27 AM

Please show hidden files and folders. Please visit HERE if you don't know how.



Please manually delete this file: C:\WINDOWS\BMc7da7034.xml



Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.





NEXT


Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • Please let your firewall allow the scanning/downloading process.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


Please post the following logs in your next reply...

1. Malwarebytes'
2. Deckard System Scanner (both main.txt and extra.txt)


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 pippin254

pippin254
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:27 AM

Posted 21 July 2008 - 12:26 PM

Okay, lots of logs here. Starting with the malwarebytes log....
Malwarebytes' Anti-Malware 1.22
Database version: 974
Windows 5.1.2600 Service Pack 2

11:16:59 AM 7/21/2008
mbam-log-7-21-2008 (11-16-59).txt

Scan type: Full Scan (C:\|)
Objects scanned: 141279
Time elapsed: 51 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 52

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\QooBox\Quarantine\C\WINDOWS\system32\cbXQjjGV.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ckqmlsol.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\hgGxXrsq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ighlmgev.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\qoMcayYo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\rsnlphcr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\secpxhkt.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\twdukiff.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP126\A0055142.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP126\A0055143.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP135\A0056943.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP135\A0056944.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP135\A0056962.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP135\A0056967.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP135\A0056968.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP135\A0056971.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP135\A0056975.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP137\A0057247.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP137\A0057248.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP137\A0057249.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP137\A0057250.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP137\A0057251.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP137\A0057252.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP137\A0057253.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP137\A0057255.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP137\A0057257.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP137\A0057262.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP137\A0057263.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP137\A0057311.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP137\A0057312.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP137\A0057314.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP137\A0057315.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP137\A0057318.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP137\A0057319.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP137\A0057320.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP137\A0057321.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP137\A0057254.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Scott\Desktop\Fruity Lo\Crack\FRUITY~1.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\HijackThis\backups\backup-20080719-193520-310.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\HijackThis\backups\backup-20080720-194749-497.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\HijackThis\backups\backup-20080720-200015-414.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\HijackThis\backups\backup-20080720-200015-559.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\HijackThis\backups\backup-20080720-200216-452.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\HijackThis\backups\backup-20080719-193520-486.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\HijackThis\backups\backup-20080720-200216-703.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\HijackThis\backups\backup-20080720-200226-105.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\HijackThis\backups\backup-20080720-200226-901.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\HijackThis\backups\backup-20080720-200232-586.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\HijackThis\backups\backup-20080720-200232-724.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\HijackThis\backups\backup-20080720-200331-238.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url (Rogue.Link) -> Quarantined and deleted successfully.





main log for Deckard....

Deckard's System Scanner v20071014.68
Run by Scott on 2008-07-21 11:18:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Unable to create WMI object; The operation completed successfully.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Scott.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:10 AM, on 7/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CallerIP\cip-nt.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\Copy of Opera.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Documents and Settings\Scott\Application Data\Opera\Opera\profile\cache4\temporary_download\dss.exe
C:\HIJACK~1\Scott.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wiki.guildwars.com/wiki/Main_Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wiki.guildwars.com/wiki/Main_Page
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Anonymizer Proxy - {0DB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\NetConceal Anonymizer\ProxyNew.dll
O2 - BHO: VIPTToolbarManager Class - {1A2641AE-2C42-4C51-A05F-8ECEC3FDC94D} - C:\Program Files\Visual IP Trace 2008\VisualIPTraceIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-2000478354-57989841-725345543-1003\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-21-2000478354-57989841-725345543-1003\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User '?')
O4 - HKUS\S-1-5-21-2000478354-57989841-725345543-1003\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (User '?')
O4 - HKUS\S-1-5-21-2000478354-57989841-725345543-1003\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe" (User '?')
O4 - HKUS\S-1-5-21-2000478354-57989841-725345543-1003\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO (User '?')
O4 - HKUS\S-1-5-21-2000478354-57989841-725345543-1003\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Scott\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Visualware CallerIP (CallerIP) - Unknown owner - C:\Program Files\CallerIP\cip-nt.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: WEP key recovery service (WZCOOK) - Unknown owner - C:\Documents and Settings\Scott\Desktop\Scott\Windows Wifi Collection - aircrack airsnort airopeek\aircrack_2.1_win32\wzcook.exe (file missing)

--
End of file - 10590 bytes

-- HijackThis Fixed Entries (C:\HIJACK~1\backups\) -----------------------------

backup-20071210-075216-309 O2 - BHO: {ede90a3d-4d60-38ab-54d4-38fd9aac440c} - {c044caa9-df83-4d45-ba83-06d4d3a09ede} - C:\WINDOWS\system32\qfauqoii.dll
backup-20071210-075216-468 O2 - BHO: (no name) - {D8AAD286-7200-4543-AE8A-FE730EB69B52} - C:\WINDOWS\system32\jkhhh.dll (file missing)
backup-20071210-075216-516 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080717-132812-250 O4 - HKLM\..\Run: [c4e943a8] rundll32.exe "C:\WINDOWS\system32\cfcfihae.dll",b
backup-20080717-132812-300 O20 - Winlogon Notify: cbXQjjGV - C:\WINDOWS\SYSTEM32\cbXQjjGV.dll
backup-20080717-132812-713 O2 - BHO: (no name) - {A6F5090F-D9EC-4263-9D7D-2968C5179291} - C:\WINDOWS\system32\cbXQjjGV.dll
backup-20080717-132812-905 O4 - HKLM\..\Run: [BMc7da7034] Rundll32.exe "C:\WINDOWS\system32\lmqxuyef.dll",s
backup-20080717-132815-112 O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/Scott/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
backup-20080717-132815-539 O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Scott/LOCALS~1/Temp/msohtml1/01/clip_image003.jpg
backup-20080717-132815-904 O23 - Service: WEP key recovery service (WZCOOK) - Unknown owner - C:\Documents and Settings\Scott\Desktop\Scott\Windows Wifi Collection - aircrack airsnort airopeek\aircrack_2.1_win32\wzcook.exe (file missing)
backup-20080718-143556-370 O2 - BHO: (no name) - {A6F5090F-D9EC-4263-9D7D-2968C5179291} - C:\WINDOWS\system32\cbXQjjGV.dll
backup-20080718-143556-493 O4 - HKLM\..\Run: [BMc7da7034] Rundll32.exe "C:\WINDOWS\system32\oafqifer.dll",s
backup-20080718-143556-524 O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
backup-20080718-143556-649 O2 - BHO: (no name) - {07349F83-C906-4A0C-8E27-168BC60A2DF7} - C:\WINDOWS\system32\qoMcayYo.dll
backup-20080718-143556-671 O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
backup-20080718-143556-760 O4 - HKLM\..\Run: [c4e943a8] rundll32.exe "C:\WINDOWS\system32\akccxsdw.dll",b
backup-20080718-143556-919 O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
backup-20080719-193520-108 O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
backup-20080719-193520-255 O4 - HKLM\..\Run: [BMc7da7034] Rundll32.exe "C:\WINDOWS\system32\ighlmgev.dll",s
backup-20080719-193520-307 O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
backup-20080719-193520-310 O2 - BHO: (no name) - {2989455E-5392-49EF-9054-5E14C17A31FE} - C:\WINDOWS\system32\qoMcayYo.dll
backup-20080719-193520-353 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20080719-193520-417 O4 - HKUS\S-1-5-21-2000478354-57989841-725345543-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
backup-20080719-193520-476 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20080719-193520-486 O2 - BHO: (no name) - {A6F5090F-D9EC-4263-9D7D-2968C5179291} - C:\WINDOWS\system32\cbXQjjGV.dll
backup-20080719-193520-500 O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
backup-20080719-193520-507 O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
backup-20080719-193520-531 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
backup-20080719-193520-718 O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
backup-20080719-193520-752 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20080719-193520-801 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8080;gopher=localhost:8080;http=localhost:8080;https=localhost:8080;socks=localhost:1080
backup-20080719-193520-841 O3 - Toolbar: Visual IP Trace - {E70C26AE-DFF1-40A8-8D37-19180F56F0AA} - C:\Program Files\Visual IP Trace 2008\VisualIPTraceIE.dll
backup-20080719-193520-992 O4 - HKLM\..\Run: [c4e943a8] rundll32.exe "C:\WINDOWS\system32\twdukiff.dll",b
backup-20080719-193520-993 O4 - HKCU\..\Run: [FreeSOCKS Cap] C:\Program Files\FreeCap\freecap.exe
backup-20080719-193739-974 O20 - Winlogon Notify: cbXQjjGV - C:\WINDOWS\SYSTEM32\cbXQjjGV.dll
backup-20080720-194749-319 O20 - Winlogon Notify: cbXQjjGV - C:\WINDOWS\SYSTEM32\cbXQjjGV.dll
backup-20080720-194749-485 O4 - HKLM\..\Run: [c4e943a8] rundll32.exe "C:\WINDOWS\system32\secpxhkt.dll",b
backup-20080720-194749-497 O2 - BHO: (no name) - {A6F5090F-D9EC-4263-9D7D-2968C5179291} - C:\WINDOWS\system32\cbXQjjGV.dll
backup-20080720-194749-621 O4 - HKLM\..\Run: [BMc7da7034] Rundll32.exe "C:\WINDOWS\system32\ckqmlsol.dll",s
backup-20080720-194749-749 O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
backup-20080720-194749-893 O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
backup-20080720-194749-995 O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
backup-20080720-194750-113 O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/Scott/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
backup-20080720-194750-403 O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Scott/LOCALS~1/Temp/msohtml1/01/clip_image003.jpg
backup-20080720-200015-414 O2 - BHO: (no name) - {A6F5090F-D9EC-4263-9D7D-2968C5179291} - C:\WINDOWS\system32\cbXQjjGV.dll
backup-20080720-200015-559 O2 - BHO: (no name) - {2989455E-5392-49EF-9054-5E14C17A31FE} - C:\WINDOWS\system32\qoMcayYo.dll
backup-20080720-200015-600 O4 - HKLM\..\Run: [BMc7da7034] Rundll32.exe "C:\WINDOWS\system32\ckqmlsol.dll",s
backup-20080720-200216-452 O2 - BHO: (no name) - {2989455E-5392-49EF-9054-5E14C17A31FE} - C:\WINDOWS\system32\qoMcayYo.dll
backup-20080720-200216-703 O2 - BHO: (no name) - {A6F5090F-D9EC-4263-9D7D-2968C5179291} - C:\WINDOWS\system32\cbXQjjGV.dll
backup-20080720-200226-105 O2 - BHO: (no name) - {A6F5090F-D9EC-4263-9D7D-2968C5179291} - C:\WINDOWS\system32\cbXQjjGV.dll
backup-20080720-200226-901 O2 - BHO: (no name) - {2989455E-5392-49EF-9054-5E14C17A31FE} - C:\WINDOWS\system32\qoMcayYo.dll
backup-20080720-200232-586 O2 - BHO: (no name) - {2989455E-5392-49EF-9054-5E14C17A31FE} - C:\WINDOWS\system32\qoMcayYo.dll
backup-20080720-200232-724 O2 - BHO: (no name) - {A6F5090F-D9EC-4263-9D7D-2968C5179291} - C:\WINDOWS\system32\cbXQjjGV.dll
backup-20080720-200331-238 O2 - BHO: (no name) - {2989455E-5392-49EF-9054-5E14C17A31FE} - C:\WINDOWS\system32\qoMcayYo.dll

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

4 catchme - c:\combofix\catchme.sys (file missing)
3 NSNDIS5 (NSNDIS5 NDIS Protocol Driver) - c:\windows\system32\nsndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); NetStumbler>
3 scrcap - system32\drivers\scrcap.sys (file missing)
3 SDDMI2 - c:\windows\system32\ddmi2.sys (file missing)
3 UIUSys (Conexant Setup API) - system32\drivers\uiusys.sys (file missing)
3 vidcap - system32\drivers\vidcap.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

2 aawservice (Ad-Aware 2007 Service) - c:\program files\lavasoft\ad-aware 2007\aawservice.exe
2 Apple Mobile Device - c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe
2 Bonjour Service - c:\program files\bonjour\mdnsresponder.exe
2 CallerIP (Visualware CallerIP) - c:\program files\callerip\cip-nt.exe
3 GoToAssist - c:\program files\citrix\gotoassist\514\g2aservice.exe
3 MHN - c:\windows\system32\svchost.exe
3 OpenVPNService (OpenVPN Service) - c:\program files\openvpn\bin\openvpnserv.exe
2 rpcnet (Remote Procedure Call (RPC) Net) - c:\windows\system32\rpcnet.exe <Not Verified; Absolute Software Corp.; Installation/Management Application>
3 WZCOOK (WEP key recovery service) - c:\documents and settings\scott\desktop\scott\windows wifi collection - aircrack airsnort airopeek\aircrack_2.1_win32\wzcook.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Unable to create WMI object.

-- Scheduled Tasks -------------------------------------------------------------

2008-07-20 18:04:48 408 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job
2008-07-15 20:19:06 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-21 and 2008-07-21 -----------------------------

2008-07-21 10:21:16 0 d-------- C:\Documents and Settings\Scott\Application Data\Malwarebytes
2008-07-21 10:21:10 0 d------c- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-21 10:21:08 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-20 22:33:32 0 dr-h----- C:\Documents and Settings\Scott\Recent
2008-07-20 22:27:43 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-07-20 22:18:02 68096 --a------ C:\WINDOWS\zip.exe
2008-07-20 22:18:02 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-20 22:18:02 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-20 22:18:02 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-20 22:18:02 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-20 22:18:02 98816 --a------ C:\WINDOWS\sed.exe
2008-07-20 22:18:02 80412 --a------ C:\WINDOWS\grep.exe
2008-07-20 22:18:02 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-14 16:04:45 6553600 --a------ C:\Documents and Settings\Scott\ntuser.dat
2008-07-14 14:53:03 0 d-------- C:\Program Files\Trend Micro
2008-07-13 21:18:31 0 d-------- C:\Documents and Settings\Scott\Visual IP Trace <VISUAL~2>
2008-07-13 21:18:21 37 --a------ C:\Documents and Settings\Scott\Visual IP Trace-Path <VISUAL~1>
2008-07-13 21:18:18 0 d-------- C:\Program Files\Visual IP Trace 2008
2008-07-12 16:48:58 719872 --a------ C:\WINDOWS\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)>
2008-07-12 16:48:58 314368 --a------ C:\WINDOWS\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>
2008-07-12 16:48:55 0 d-------- C:\Program Files\Magic Video Converter
2008-07-12 16:35:57 0 d------c- C:\ConverterOutput
2008-07-12 16:35:37 0 d-------- C:\Program Files\Cucusoft
2008-07-12 15:58:06 0 d-------- C:\Program Files\ImTOO
2008-07-12 15:54:50 60416 --a------ C:\WINDOWS\system32\dsetup.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>
2008-07-12 15:54:47 0 d-------- C:\Program Files\FlashConv
2008-07-12 15:49:13 0 d-------- C:\Program Files\XVideoConverter
2008-07-12 15:32:19 0 d------c- C:\AllokVideoFolder
2008-07-11 06:39:33 0 d-------- C:\Program Files\ffdshow
2008-07-11 06:39:23 0 d-------- C:\Program Files\AliveMedia
2008-07-01 17:01:14 0 d-------- C:\Documents and Settings\Scott\Application Data\X-Chat 2
2008-07-01 17:00:14 0 d-------- C:\Program Files\X-Chat 2
2008-06-25 08:52:12 0 d------c- C:\DriveKey
2008-06-25 08:12:38 0 d-------- C:\Program Files\Bonjour
2008-06-21 15:53:06 45056 --a------ C:\WINDOWS\system32\WNASPI32.DLL <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-06-21 15:53:06 16512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-06-21 15:52:31 0 d-------- C:\Program Files\Xilisoft
2008-06-21 15:52:19 0 d-------- C:\Program Files\4U Computing
2008-06-21 09:18:50 0 d------c- C:\Documents and Settings\All Users\Application Data\Citrix
2008-06-21 09:17:55 0 d-------- C:\Program Files\Citrix
2008-06-21 08:54:21 0 d-------- C:\WINDOWS\system32\Dell


-- Find3M Report ---------------------------------------------------------------

2008-07-21 09:08:34 0 d-------- C:\Documents and Settings\Scott\Application Data\uTorrent
2008-07-20 22:30:09 17408 --a------ C:\WINDOWS\system32\rpcnetp.exe
2008-07-20 22:30:06 47104 --a------ C:\WINDOWS\system32\rpcnet.dll <Not Verified; Absolute Software Corp.; Installation/Management Application>
2008-07-20 18:00:04 0 d-------- C:\Program Files\Norton Security Scan
2008-07-19 18:48:57 0 d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-07-19 17:43:39 0 d-------- C:\Program Files\Google
2008-07-18 15:03:03 0 d-------- C:\Program Files\FreeCap
2008-07-16 21:48:41 0 d-------- C:\Documents and Settings\Scott\Application Data\SiteAdvisor
2008-07-14 16:31:54 47104 --a------ C:\WINDOWS\system32\rpcnet.exe <Not Verified; Absolute Software Corp.; Installation/Management Application>
2008-07-14 16:28:53 17408 --a----c- C:\WINDOWS\system32\rpcnetp.dll
2008-07-12 08:55:52 0 d-------- C:\Program Files\PeerGuardian2
2008-07-01 06:53:43 39898 --a------ C:\Documents and Settings\Scott\Application Data\wklnhst.dat
2008-06-25 08:55:45 0 d-------- C:\Program Files\Apple Software Update
2008-06-25 08:52:11 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-25 08:17:30 0 d-------- C:\Program Files\iTunes
2008-06-25 08:17:14 0 d-------- C:\Program Files\iPod
2008-06-25 08:12:03 0 d-------- C:\Program Files\QuickTime
2008-06-21 18:29:24 0 d-------- C:\Documents and Settings\Scott\Application Data\U3
2008-06-21 16:51:18 34308 --a------ C:\WINDOWS\system32\Chip.dll
2008-06-21 15:54:51 0 d-------- C:\Documents and Settings\Scott\Application Data\dvdcss
2008-06-21 15:51:29 4456 --a------ C:\Documents and Settings\Scott\Application Data\Cabos.plist
2008-06-21 09:27:22 0 d-------- C:\Program Files\Acoustica Mixcraft 4
2008-06-21 08:54:22 0 d-------- C:\Program Files\Dell
2008-06-20 08:23:37 0 d-------- C:\Program Files\Opera
2008-06-19 21:54:57 0 d-------- C:\Program Files\Acoustica Shared Effects
2008-06-15 14:00:00 0 d-------- C:\Program Files\honestech Video Editor 7.0
2008-06-07 19:56:47 0 d-------- C:\Program Files\Eraser
2008-05-25 22:07:27 0 d-------- C:\Program Files\dvdXsoft
2008-05-25 15:27:28 0 d-------- C:\Documents and Settings\Scott\Application Data\AVS4YOU
2008-05-25 15:26:52 0 d-------- C:\Program Files\AVS4YOU
2008-05-25 15:26:47 0 d-------- C:\Program Files\Common Files\AVSMedia
2008-05-25 15:25:16 0 d-------- C:\Program Files\Common Files
2008-05-25 15:05:17 0 d-------- C:\Program Files\honestech Easy Video Editor Trial
2008-05-25 13:21:03 0 d-------- C:\Program Files\Acoustica Mixcraft 3
2008-05-25 13:20:34 0 d-------- C:\Program Files\VST
2008-05-24 17:43:19 0 d-------- C:\Program Files\SiteAdvisor
2008-05-21 08:46:44 179 --a------ C:\Documents and Settings\Scott\Application Data\Current.prx
2008-05-21 08:32:18 0 d-------- C:\Program Files\UnrealTournament
2008-05-21 08:23:12 0 d-------- C:\Program Files\CallerIP
2008-05-21 07:59:29 0 d-------- C:\Program Files\AltoMP3 Gold
2008-05-21 07:36:27 0 d-------- C:\Program Files\Finale PrintMusic 2007
2008-05-17 14:00:03 50 --a----c- C:\AUTOEXEC.BAT
2008-05-16 18:32:13 356352 --a------ C:\WINDOWS\eSellerateEngine.dll <Not Verified; eSellerate Inc.; eSellerateEngine>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [03/21/2008 04:40 PM 262144]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/08/2006 02:48 PM]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [11/01/2006 02:48 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 06:19 PM]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [01/01/2007 03:22 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/07/2005 12:46 AM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [08/20/2007 06:53 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [08/13/2007 12:05 PM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [11/14/2007 04:05 PM]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [05/10/2007 10:22 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/27/2008 10:50 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/02/2008 11:13 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [08/13/2007 06:04 PM]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [04/03/2007 04:29 PM]
"uTorrent"="C:\Program Files\uTorrent\utorrent.exe" [09/21/2007 09:38 PM]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [07/13/2007 03:10 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [03/09/2008 09:21 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [10/23/2006 2:48:20 AM]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [10/23/2006 1:01:50 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 3:01:04 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=01000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll 06/21/2008 09:17 AM 10536 C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85250eda-00f2-11dc-88d1-0016cf8f5a1e}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{975ad106-58cc-11dc-890a-0016cf8f5a1e}]
AutoRun\command- F:\LaunchU3.exe




-- End of Deckard's System Scanner: finished at 2008-07-21 11:20:29 ------------





the extra log.....


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Unable to create WMI object.

Architecture: X86; Language: English

Percentage of Memory in Use: 48%
Physical Memory (total/avail): 1014.37 MiB / 523.29 MiB
Pagefile Memory (total/avail): 2441.73 MiB / 1925.06 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1929.43 MiB

C: is Fixed (NTFS) - 74.52 GiB total, 33.99 GiB free.
D: is CDROM (UDF)
E: is CDROM (No Media)
F: is Removable (FAT)


-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntivirusOverride is set.
FirewallOverride is set.

Unable to create WMI object.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Scott\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=COMPUTER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Scott
LOGONSERVER=\\COMPUTER
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\OpenVPN\bin;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Scott\LOCALS~1\Temp
TMP=C:\DOCUME~1\Scott\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=COMPUTER
USERNAME=Scott
USERPROFILE=C:\Documents and Settings\Scott
windir=C:\WINDOWS
XCHAT_WARNING_IGNORE=true
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Scott (admin)
Banana (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7875FD9-6ADB-4D4B-A756-3A2306A3D5E1}\setup.exe" -l0x9 anything
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uninstall.exe"
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
4U DVD Ripper (version 2.2.3.8) --> "C:\Program Files\4U Computing\4U DVD Ripper\unins000.exe"
7-Zip 4.42 --> "C:\Program Files\7-Zip\Uninstall.exe"
Acoustica Effects Pack --> C:\PROGRA~1\ACOUST~2\UNWISE.EXE C:\PROGRA~1\ACOUST~2\INSTALL.LOG
Acoustica Mixcraft 3.1 --> C:\PROGRA~1\ACOUST~3\Mixcraft3.exe uninstall
Acoustica Mixcraft 4.1 --> C:\PROGRA~1\ACOUST~1\Unwise.exe
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe Shockwave Player 11 --> C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
AltoMP3 Gold 5.20 --> C:\Program Files\AltoMP3 Gold\uninst.exe
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AVS DVDMenu Editor 1.2.1.19 --> "C:\Program Files\Common Files\AVSMedia\AVS DVDMenu Editor\unins000.exe"
AVS Video Editor 3.5 --> "C:\Program Files\AVS4YOU\AVSVideoEditor\unins000.exe"
AVS4YOU Software Navigator 1.2 --> "C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Broadcom 440x 10/100 Integrated Controller --> MsiExec.exe /X{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}
BZFlag 2.0.10 (remove only) --> "C:\Program Files\BZFlag2.0.10\uninstall.exe"
Cabos --> MsiExec.exe /I{13194684-8D6C-497A-8A05-568F809392F0}
CallerIP --> "C:\Program Files\CallerIP\Uninstall.exe" "C:\Program Files\CallerIP"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028k.inf
Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Download Manager 2.3.6 --> C:\Program Files\Download Manager\uninst.exe
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Ripper 4 --> C:\Program Files\ImTOO\DVD Ripper 4\Uninstall.exe
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
dvdXsoft DVD Ripper 1.02 --> "C:\Program Files\dvdXsoft\dvdXsoft DVD Ripper\unins000.exe"
Eraser --> "C:\Documents and Settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.exe" REMOVE=TRUE MODIFY=FALSE
Eraser --> C:\Documents and Settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.exe
ESPNMotion --> C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
ffdshow --> "C:\Program Files\ffdshow\uninstall.exe"
Finale PrintMusic 2007 --> C:\Program Files\Finale PrintMusic 2007\uninstallPM.exe
FlashConv --> "C:\Program Files\FlashConv\FlashConv\unins000.exe"
Free YouTube to iPod Converter version 2.8 --> "C:\Program Files\DVDVideoSoft\Free YouTube to iPod Converter\unins000.exe"
GameSpy Arcade --> C:\PROGRA~1\GAMESP~2\UNWISE.EXE C:\PROGRA~1\GAMESP~2\INSTALL.LOG
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Desktop MSN Plugin --> MsiExec.exe /I{DC33D3D7-E641-4F17-A562-D572A1FD579B}
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /X{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
GoToAssist 8.0.0.514 --> C:\Program Files\Citrix\GoToAssist\514\G2AUninstaller.exe /uninstall
Guild Wars --> "C:\Program Files\Guild Wars\Gw.exe" -uninstall
GuildWarsPanorama High Quality --> "C:\WINDOWS\uninstall GuildWarsPanorama High Quality.exe"
HijackThis 2.0.2 --> "C:\HijackThis\HijackThis.exe" /uninstall
Hitman 2: Silent Assassin --> C:\DELL\HITMAN~1\uninstall.exe
honestech Video Editor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5F56D88-56A2-4157-BED4-D650634974E3}\Setup.exe" -l0x9
HP USB Disk Storage Format Tool --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}\Setup.exe" -l0x9
HyperCam 2 --> "C:\Program Files\HyCam2\UnHyCam2.exe"
ImTOO DVD Creator --> C:\Program Files\ImTOO\DVD Creator3\Uninstall.exe
ImTOO DVD Ripper Platinum 5 --> C:\Program Files\ImTOO\DVD Ripper Platinum 5\Uninstall.exe
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
iTunes --> MsiExec.exe /I{9F70BF98-003C-491D-81FC-FF9792206AF0}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
LIVE gaming on Windows Runtime Version 1.0.6027 --> MsiExec.exe /X{839916F4-D8B5-4407-BE6D-6D4EB9D96AF4}
Magic Video Converter Trial Version (English) 8.0.2.18 --> "C:\Program Files\Magic Video Converter\unins000.exe"
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SiteAdvisor --> C:\Program Files\SiteAdvisor\6261\uninstall.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Flight Simulator 2004 A Century of Flight --> "C:\Program Files\Microsoft Games\Flight Simulator 9\UNINSTAL.EXE" /runtemp /addremove
Microsoft Halo --> "C:\Program Files\Microsoft Games\Halo\UNINSTAL.EXE" /runtemp /addremove
Microsoft Halo Custom Edition --> "C:\Program Files\Microsoft Games\Halo Custom Edition\Uninstal.exe" /runtemp /addremove
Microsoft Halo Trial --> "C:\Program Files\Microsoft Games\Halo Trial\UNINSTAL.EXE" /runtemp /addremove
Microsoft MPEG-4 VKI Video Codec V1/V2/V3 --> rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\mpg4c32.inf
Microsoft Office XP Standard for Students and Teachers --> MsiExec.exe /I{913D0409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Microsoft Works Suite 2006 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2006\Setup\Launcher.exe /ARP D:\
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}
Movie Converter V3 (remove only) --> C:\Program Files\Movie Converter V3\uninst.exe -c
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mpeg2Decoder 1.3 --> "C:\Program Files\Mpeg2Decoder\unins000.exe"
Musicnotes Player V1.23.1 --> "C:\Program Files\Musicnotes\Player\unins000.exe"
muvee autoProducer 6.1 --> C:\Program Files\InstallShield Installation Information\{7B312BFD-6C04-4409-AB6F-DD41CCD67463}\setup.exe -runfromtemp -l0x0009 -removeonly
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
NetConceal Anonymizer --> "C:\Program Files\NetConceal Anonymizer\uninstall.exe"
Network Stumbler 0.4.0 (remove only) --> "C:\Documents and Settings\Scott\Desktop\wireless\Network Stumbler\uninst.exe"
Norton Security Scan --> MsiExec.exe /I{48B82226-75E3-4E90-92CC-D30F79EA6380}
OpenVPN 2.0.9 --> C:\Program Files\OpenVPN\Uninstall.exe
Opera 9.02 --> MsiExec.exe /X{F4EE98D3-507A-4160-8F65-710C37A8FBB8}
Opera 9.27 --> MsiExec.exe /X{04DB4871-BC1D-44BF-AADB-47326365EB8C}
Opera 9.50 --> MsiExec.exe /X{70B96CD0-FDF2-489E-8FA0-0F92ED599368}
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
PeerGuardian 2.0 --> "C:\Program Files\PeerGuardian2\unins000.exe"
Pivot Stickfigure Animator --> MsiExec.exe /I{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}
Pocket Tanks 1.00b --> "C:\Program Files\Pocket Tanks\unins000.exe"
PowerDVD 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Proxifier version 2.7 --> "C:\Program Files\Proxifier\unins000.exe"
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Rhapsody Player Engine --> MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}
Sibelius Scorch (ActiveX Only) --> MsiExec.exe /I{C8E4455F-0F70-4DA2-A9F9-2D56C80E10AD}
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
StarCraft X-tra Editor --> C:\WINDOWS\SCXEunin.exe C:\WINDOWS\SCXEunin.dat
SuperDVD Video Editor 1.8 --> "C:\Program Files\SuperDVD Video Editor\unins000.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Tomb Raider II --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Core Design\Tomb Raider II\Uninst.isu"
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Uninstall 1.0.0.0 --> "C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Unreal Services // UMOD Tool (rc) --> C:\PROGRA~1\UNREAL~1\UMODTO~1\UNWISE.EXE C:\PROGRA~1\UNREAL~1\UMODTO~1\INSTALL_UMODT.LOG
Unreal Tournament 2003 --> C:\UT2003\System\Setup.exe uninstall "UT2003"
Video Edit Magic 4.4 --> "C:\Program Files\Deskshare\Video Edit Magic 4.4\unins000.exe"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Visual IP Trace --> "C:\Program Files\Visual IP Trace 2008\Uninstall.exe" "C:\Program Files\Visual IP Trace 2008"
VOB2MPG 2.5 --> MsiExec.exe /I{78EFA95D-3310-4035-815B-A46BA4D0C6FA}
Windows Driver Package - Ricoh Company Memorystick Host Controller (07/09/2005 1.00.01.12) --> C:\PROGRA~1\DIFX\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\rimsptsk_469677EEC4F8D39ABD61046D242B2A1651DE8AEF\rimsptsk.inf
Windows Driver Package - Ricoh Company MMC Host Controller (07/14/2005 1.00.00.06) --> C:\PROGRA~1\DIFX\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\rimmptsk_EA24AF82DAB6BA6CF6FB1A3004EE91F51D3FDCF9\rimmptsk.inf
Windows Driver Package - Ricoh Company xD-Picture Card/SmartMedia Host Controller (07/14/2005 1.00.02.04) --> C:\PROGRA~1\DIFX\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\rixdptsk_30B42BE4DA4D11DB80E5D3DD10180621BA0A53DD\rixdptsk.inf
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
X-Chat 2.8.4-1 --> "C:\Program Files\X-Chat 2\unins000.exe"
Xilisoft DVD Ripper Ultimate --> C:\Program Files\Xilisoft\DVD Ripper Ultimate 5\Uninstall.exe
XviD MPEG-4 Video Codec --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_XviD 132 C:\WINDOWS\INF\xvid.inf
Your Freedom --> "C:\Program Files\Your Freedom\uninstall.exe"
ZD Soft Screen Video Decoder --> rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\scrvid.inf
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
ZoneAlarm Spy Blocker --> rundll32 C:\PROGRA~1\ZONEAL~1\bar\1.bin\SpyBlock.dll,O


-- Application Event Log -------------------------------------------------------

Event Record #/Type5501 / Error
Event Submitted/Written: 07/21/2008 11:20:11 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type5500 / Error
Event Submitted/Written: 07/21/2008 11:19:35 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type5498 / Success
Event Submitted/Written: 07/20/2008 10:34:14 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type5494 / Error
Event Submitted/Written: 07/20/2008 10:30:11 PM
Event ID/Source: 1802 / SecurityCenter
Event Description:
The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Event Record #/Type5493 / Error
Event Submitted/Written: 07/20/2008 10:30:10 PM
Event ID/Source: 28 / WinMgmt
Event Description:
WinMgmt could not initialize the core parts. This could be due to a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient disk space or insufficient memory.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type20547 / Warning
Event Submitted/Written: 07/21/2008 09:02:42 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0016CF8F5A1E. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type20546 / Error
Event Submitted/Written: 07/21/2008 09:02:42 AM
Event ID/Source: 32003 / ipnathlp
Event Description:
The Network Address Translator (NAT) was unable to request an operation
of the kernel-mode translation module.
This may indicate misconfiguration, insufficient resources, or
an internal error.
The data is the error code.

Event Record #/Type20537 / Warning
Event Submitted/Written: 07/20/2008 10:23:55 PM
Event ID/Source: 11050 / dnscache
Event Description:
The DNS Client service could not contact any DNS servers for
a repeated number of attempts. For the next 30 seconds the
DNS Client service will not use the network to avoid further
network performance problems. It will resume its normal behavior
after that. If this problem persists, verify your TCP/IP
configuration, specifically check that you have a preferred
(and possibly an alternate) DNS server configured. If the problem
continues, verify network conditions to these DNS servers or contact
your network administrator.

Event Record #/Type20530 / Error
Event Submitted/Written: 07/20/2008 00:09:11 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register with DCOM within the required timeout.

Event Record #/Type20529 / Error
Event Submitted/Written: 07/20/2008 00:03:04 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register with DCOM within the required timeout.



-- End of Deckard's System Scanner: finished at 2008-07-21 11:20:29 ------------



thats all of it.

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 21 July 2008 - 02:08 PM

Hello, please uninstall Viewpoint Media Player from your computer..


Log looks good.. Lets run another scan just to make sure..


Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Then please tell me about your computer behaviour..

Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 pippin254

pippin254
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:27 AM

Posted 21 July 2008 - 06:48 PM

Overall, the computer is doing a lot better. No more settings are being myseteriously changed, and I'm not recieving anymore popups.

Here is the scan log.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, July 21, 2008 5:47:11 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 21/07/2008
Kaspersky Anti-Virus database records: 981617
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 107003
Number of viruses found: 7
Number of infected objects: 59
Number of suspicious objects: 0
Duration of the scan process: 01:27:56

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\webHancer14.zip/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\webHancer14.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\webHancer15.zip/Programs/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\webHancer15.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\webHancer16.zip/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\webHancer16.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\webHancer3.zip/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.320 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\webHancer3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\webHancer8.zip/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\webHancer8.zip/whagent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\webHancer8.zip ZIP: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\webHancer9.zip/Programs/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\webHancer9.zip/whAgent_update.exe/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\webHancer9.zip/whAgent_update.exe/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\webHancer9.zip/whAgent_update.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\webHancer9.zip/whAgent_update.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\webHancer9.zip/whAgent_update.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\webHancer9.zip/whAgent_update.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\webHancer9.zip ZIP: infected - 7 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Scott\Application Data\MySpace\IM\Logs\MySpaceIM-20080720-223248.log Object is locked skipped
C:\Documents and Settings\Scott\Application Data\Opera\Opera\mail\indexer\indexer.dat Object is locked skipped
C:\Documents and Settings\Scott\Application Data\Opera\Opera\mail\lexicon\lexicon.dat Object is locked skipped
C:\Documents and Settings\Scott\Application Data\Opera\Opera\mail\mailbase.dat Object is locked skipped
C:\Documents and Settings\Scott\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Temp\Perflib_Perfdata_e40.dat Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Temp\~DF4332.tmp Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Temp\~DFC2EE.tmp Object is locked skipped
C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Scott\ntuser.dat Object is locked skipped
C:\Documents and Settings\Scott\ntuser.dat.LOG Object is locked skipped
C:\HijackThis\backups\backup-20071210-075216-309.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\selfdef.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\HTTP-Tunnel\uninstall.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.qe skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\cyurkvee.dll.vir Infected: Trojan.Win32.Monderc.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\kmwgws.dll.vir Infected: Trojan.Win32.Monderc.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nliehg.dll.vir Infected: Trojan.Win32.Monderc.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\uyxqkynu.dll.vir Infected: Trojan.Win32.Monderc.gen skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP108\A0050436.exe/is155132.exe Infected: Trojan-Downloader.Win32.Injecter.tz skipped
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP108\A0050436.exe CAB: infected - 1 skipped
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP125\A0055033.exe Infected: not-a-virus:FraudTool.Win32.SpyNoMore.g skipped
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP126\A0055140.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP126\A0055141.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP128\A0056471.exe Infected: not-a-virus:FraudTool.Win32.SpyNoMore.g skipped
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP131\A0056644.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP131\A0056647.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP131\A0056649.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP131\A0056650.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP131\A0056652.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP133\A0056783.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP133\A0056784.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP133\A0056785.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP133\A0056786.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP133\A0056787.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP133\A0056788.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP133\A0056790.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP135\A0056948.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP135\A0056949.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP135\A0056950.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP135\A0056951.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP135\A0056965.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP135\A0056966.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP135\A0056972.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP135\A0056973.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP137\A0057259.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP137\A0057260.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP137\A0057313.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP137\A0057316.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP137\A0057317.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP137\A0057322.dll Infected: Trojan.Win32.Monderc.gen skipped
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP137\change.log Object is locked skipped
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP88\A0047341.exe Infected: not-a-virus:FraudTool.Win32.SpyNoMore.g skipped
C:\System Volume Information\_restore{21ADB26D-6A88-4D8F-BDDC-AFC50795B6EE}\RP88\A0047349.exe Infected: not-a-virus:FraudTool.Win32.SpyNoMore.g skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\COMPUTER.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{AE1A4454-2D40-4550-8140-BC8492970FBB}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\hsperfdata_SYSTEM\260 Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_6a4.dat Object is locked skipped
C:\WINDOWS\Temp\ZLT06d57.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT06d5a.TMP Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 21 July 2008 - 09:20 PM

Great..

We need to empty your Spybot Recovery folder.. Please do the following..


Please show hidden files and folders. Please visit HERE if you don't know how.


Please go to C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery folder and delete everything inside.. Don't delete the folder.. Just leave it empty..


Then please post a fresh DSS log for my final review...


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 pippin254

pippin254
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:27 AM

Posted 21 July 2008 - 09:34 PM

here ya go.

Deckard's System Scanner v20071014.68
Run by Scott on 2008-07-21 20:26:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Scott.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:26:33 PM, on 7/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CallerIP\cip-nt.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Opera\Copy of Opera.exe
C:\Program Files\X-Chat 2\xchat.exe
C:\Documents and Settings\Scott\Application Data\Opera\Opera\profile\cache4\temporary_download\dss (1).exe
C:\HIJACK~1\Scott.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wiki.guildwars.com/wiki/Main_Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wiki.guildwars.com/wiki/Main_Page
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Anonymizer Proxy - {0DB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\NetConceal Anonymizer\ProxyNew.dll
O2 - BHO: VIPTToolbarManager Class - {1A2641AE-2C42-4C51-A05F-8ECEC3FDC94D} - C:\Program Files\Visual IP Trace 2008\VisualIPTraceIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-2000478354-57989841-725345543-1003\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-21-2000478354-57989841-725345543-1003\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User '?')
O4 - HKUS\S-1-5-21-2000478354-57989841-725345543-1003\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (User '?')
O4 - HKUS\S-1-5-21-2000478354-57989841-725345543-1003\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe" (User '?')
O4 - HKUS\S-1-5-21-2000478354-57989841-725345543-1003\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO (User '?')
O4 - HKUS\S-1-5-21-2000478354-57989841-725345543-1003\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Scott\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/ka...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Visualware CallerIP (CallerIP) - Unknown owner - C:\Program Files\CallerIP\cip-nt.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: WEP key recovery service (WZCOOK) - Unknown owner - C:\Documents and Settings\Scott\Desktop\Scott\Windows Wifi Collection - aircrack airsnort airopeek\aircrack_2.1_win32\wzcook.exe (file missing)

--
End of file - 10767 bytes

-- Files created between 2008-06-21 and 2008-07-21 -----------------------------

2008-07-21 14:48:18 0 d------c- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-21 14:48:15 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-07-21 14:48:08 0 d-------- C:\WINDOWS\LastGood
2008-07-21 10:21:16 0 d-------- C:\Documents and Settings\Scott\Application Data\Malwarebytes
2008-07-21 10:21:10 0 d------c- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-21 10:21:08 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-20 22:33:32 0 dr-h----- C:\Documents and Settings\Scott\Recent
2008-07-20 22:27:43 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-07-20 22:18:02 68096 --a------ C:\WINDOWS\zip.exe
2008-07-20 22:18:02 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-20 22:18:02 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-20 22:18:02 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-20 22:18:02 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-20 22:18:02 98816 --a------ C:\WINDOWS\sed.exe
2008-07-20 22:18:02 80412 --a------ C:\WINDOWS\grep.exe
2008-07-20 22:18:02 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-14 16:04:45 6553600 --a------ C:\Documents and Settings\Scott\ntuser.dat
2008-07-14 14:53:03 0 d-------- C:\Program Files\Trend Micro
2008-07-13 21:18:31 0 d-------- C:\Documents and Settings\Scott\Visual IP Trace <VISUAL~2>
2008-07-13 21:18:21 37 --a------ C:\Documents and Settings\Scott\Visual IP Trace-Path <VISUAL~1>
2008-07-13 21:18:18 0 d-------- C:\Program Files\Visual IP Trace 2008
2008-07-12 16:48:58 719872 --a------ C:\WINDOWS\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)>
2008-07-12 16:48:58 314368 --a------ C:\WINDOWS\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>
2008-07-12 16:48:55 0 d-------- C:\Program Files\Magic Video Converter
2008-07-12 16:35:57 0 d------c- C:\ConverterOutput
2008-07-12 16:35:37 0 d-------- C:\Program Files\Cucusoft
2008-07-12 15:58:06 0 d-------- C:\Program Files\ImTOO
2008-07-12 15:54:50 60416 --a------ C:\WINDOWS\system32\dsetup.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>
2008-07-12 15:54:47 0 d-------- C:\Program Files\FlashConv
2008-07-12 15:49:13 0 d-------- C:\Program Files\XVideoConverter
2008-07-12 15:32:19 0 d------c- C:\AllokVideoFolder
2008-07-11 06:39:33 0 d-------- C:\Program Files\ffdshow
2008-07-11 06:39:23 0 d-------- C:\Program Files\AliveMedia
2008-07-01 17:01:14 0 d-------- C:\Documents and Settings\Scott\Application Data\X-Chat 2
2008-07-01 17:00:14 0 d-------- C:\Program Files\X-Chat 2
2008-06-25 08:52:12 0 d------c- C:\DriveKey
2008-06-25 08:12:38 0 d-------- C:\Program Files\Bonjour
2008-06-21 15:53:06 45056 --a------ C:\WINDOWS\system32\WNASPI32.DLL <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-06-21 15:53:06 16512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-06-21 15:52:31 0 d-------- C:\Program Files\Xilisoft
2008-06-21 15:52:19 0 d-------- C:\Program Files\4U Computing
2008-06-21 09:18:50 0 d------c- C:\Documents and Settings\All Users\Application Data\Citrix
2008-06-21 09:17:55 0 d-------- C:\Program Files\Citrix
2008-06-21 08:54:21 0 d-------- C:\WINDOWS\system32\Dell


-- Find3M Report ---------------------------------------------------------------

2008-07-21 09:08:34 0 d-------- C:\Documents and Settings\Scott\Application Data\uTorrent
2008-07-20 22:30:09 17408 --a------ C:\WINDOWS\system32\rpcnetp.exe
2008-07-20 22:30:06 47104 --a------ C:\WINDOWS\system32\rpcnet.dll <Not Verified; Absolute Software Corp.; Installation/Management Application>
2008-07-20 18:00:04 0 d-------- C:\Program Files\Norton Security Scan
2008-07-19 18:48:57 0 d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-07-19 17:43:39 0 d-------- C:\Program Files\Google
2008-07-18 15:03:03 0 d-------- C:\Program Files\FreeCap
2008-07-16 21:48:41 0 d-------- C:\Documents and Settings\Scott\Application Data\SiteAdvisor
2008-07-14 16:31:54 47104 --a------ C:\WINDOWS\system32\rpcnet.exe <Not Verified; Absolute Software Corp.; Installation/Management Application>
2008-07-14 16:28:53 17408 --a----c- C:\WINDOWS\system32\rpcnetp.dll
2008-07-12 08:55:52 0 d-------- C:\Program Files\PeerGuardian2
2008-07-01 06:53:43 39898 --a------ C:\Documents and Settings\Scott\Application Data\wklnhst.dat
2008-06-25 08:55:45 0 d-------- C:\Program Files\Apple Software Update
2008-06-25 08:52:11 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-25 08:17:30 0 d-------- C:\Program Files\iTunes
2008-06-25 08:17:14 0 d-------- C:\Program Files\iPod
2008-06-25 08:12:03 0 d-------- C:\Program Files\QuickTime
2008-06-21 18:29:24 0 d-------- C:\Documents and Settings\Scott\Application Data\U3
2008-06-21 16:51:18 34308 --a------ C:\WINDOWS\system32\Chip.dll
2008-06-21 15:54:51 0 d-------- C:\Documents and Settings\Scott\Application Data\dvdcss
2008-06-21 15:51:29 4456 --a------ C:\Documents and Settings\Scott\Application Data\Cabos.plist
2008-06-21 09:27:22 0 d-------- C:\Program Files\Acoustica Mixcraft 4
2008-06-21 08:54:22 0 d-------- C:\Program Files\Dell
2008-06-20 08:23:37 0 d-------- C:\Program Files\Opera
2008-06-19 21:54:57 0 d-------- C:\Program Files\Acoustica Shared Effects
2008-06-15 14:00:00 0 d-------- C:\Program Files\honestech Video Editor 7.0
2008-06-07 19:56:47 0 d-------- C:\Program Files\Eraser
2008-05-25 22:07:27 0 d-------- C:\Program Files\dvdXsoft
2008-05-25 15:27:28 0 d-------- C:\Documents and Settings\Scott\Application Data\AVS4YOU
2008-05-25 15:26:52 0 d-------- C:\Program Files\AVS4YOU
2008-05-25 15:26:47 0 d-------- C:\Program Files\Common Files\AVSMedia
2008-05-25 15:25:16 0 d-------- C:\Program Files\Common Files
2008-05-25 15:05:17 0 d-------- C:\Program Files\honestech Easy Video Editor Trial
2008-05-25 13:21:03 0 d-------- C:\Program Files\Acoustica Mixcraft 3
2008-05-25 13:20:34 0 d-------- C:\Program Files\VST
2008-05-24 17:43:19 0 d-------- C:\Program Files\SiteAdvisor
2008-05-21 08:46:44 179 --a------ C:\Documents and Settings\Scott\Application Data\Current.prx
2008-05-21 08:32:18 0 d-------- C:\Program Files\UnrealTournament
2008-05-21 08:23:12 0 d-------- C:\Program Files\CallerIP
2008-05-21 07:59:29 0 d-------- C:\Program Files\AltoMP3 Gold
2008-05-21 07:36:27 0 d-------- C:\Program Files\Finale PrintMusic 2007
2008-05-17 14:00:03 50 --a----c- C:\AUTOEXEC.BAT
2008-05-16 18:32:13 356352 --a------ C:\WINDOWS\eSellerateEngine.dll <Not Verified; eSellerate Inc.; eSellerateEngine>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [03/21/2008 04:40 PM 262144]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/08/2006 02:48 PM]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [11/01/2006 02:48 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 06:19 PM]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [01/01/2007 03:22 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/07/2005 12:46 AM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [08/20/2007 06:53 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [08/13/2007 12:05 PM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [11/14/2007 04:05 PM]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [05/10/2007 10:22 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/27/2008 10:50 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/02/2008 11:13 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [08/13/2007 06:04 PM]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [04/03/2007 04:29 PM]
"uTorrent"="C:\Program Files\uTorrent\utorrent.exe" [09/21/2007 09:38 PM]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [07/13/2007 03:10 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [03/09/2008 09:21 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [10/23/2006 2:48:20 AM]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [10/23/2006 1:01:50 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 3:01:04 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=01000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll 06/21/2008 09:17 AM 10536 C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85250eda-00f2-11dc-88d1-0016cf8f5a1e}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{975ad106-58cc-11dc-890a-0016cf8f5a1e}]
AutoRun\command- F:\LaunchU3.exe




-- End of Deckard's System Scanner: finished at 2008-07-21 20:27:34 ------------

#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 21 July 2008 - 09:49 PM

Great.. Your log looks clean to my eyes :thumbsup:


Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
    Please note that the space between x and / is needed

    Posted Image


Lastly, to keep your operating system up to date please visit the link below monthlyTo learn more about how to protect yourself while on the internet read this excellent article by Grinler: How did I get infected?, With steps so it does not happen again!

Please also read an excellent article by miekiemoes :Help! My computer is slow!

And another excellent article by CastleCops Malware Prevention: Prevent Re-infection

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :)



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 pippin254

pippin254
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:27 AM

Posted 21 July 2008 - 11:29 PM

Hoo-rah! the comps working great again ^.^

Thank you for your help. I appreciate it :D

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 22 July 2008 - 06:36 AM

You are very welcome pippin254, I'm glad that we could help.

I will now close this topic. If you have any new malware related questions or issues in the future please start a new topic.

Cheers and Happy Computing !

fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users