Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I'm Infected With Spyware/ Trojan, Need Help


  • Please log in to reply
1 reply to this topic

#1 flimflambb

flimflambb

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 24 July 2008 - 09:50 AM

Hi,

My work computer has been infected. The company does not have virus protection. I usually use registry fix for small things and it's worked well until now. It does not find errors. I also use Windows Defender and it used to find (but cannot delete) C:\WINDOWS\system32\drivers\core.cache.dsk . Now, it doesn't find it anymore. I think the virus is evolving because when I run task manager, I see a lot of processes that is different every day that shouldn't be there.

I get random popups all the time. The worst is some rap song starts playing randomly, and I have to go to task manager to close iexplorer.exe to make it stop. There is no actual window that I can close. I've started using Firefox and get less popups since they are always iexplorer windows, but I still get pop ups.

Please help me get rid of this thing!
Thanks in advance.

I downloaded DSS and got 2 reports:

MAIN:
Deckard's System Scanner v20071014.68
Run by matayde on 2008-07-24 11:50:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
17: 2008-07-24 16:50:42 UTC - RP370 - Deckard's System Scanner Restore Point
16: 2008-07-24 16:05:29 UTC - RP369 - Configured GibbsCAM 2007, v8.5.10
15: 2008-07-24 16:04:53 UTC - RP368 - Configured GibbsCAM 2007, v8.5.10
14: 2008-07-24 14:52:37 UTC - RP367 - Avira AntiVir Personal - 7/24/2008 9:52
13: 2008-07-23 13:04:56 UTC - RP366 - Windows Defender Checkpoint


-- First Restore Point --
1: 2008-07-14 18:07:07 UTC - RP354 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 81% (more than 75%).
Total Physical Memory: 503 MiB (512 MiB recommended).
System Drive C: has 3.46 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-24 11:53:26
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
C:\WINDOWS\TEMP\NAD829.EXE
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\BitTorrent_DNA\dna.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Documents and Settings\matayde\Desktop\dss.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=us
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: giantads.biz browser optimizer - {1934b0ff-e468-4149-1a59-eb46ba5f4a6c} - C:\WINDOWS\system32\gvkczjetxlmiho.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: mysidesearch search enhancer - {92d5e0a9-3741-c058-1f8a-a3a6820483e9} - C:\WINDOWS\system32\mjmhzwtwhds.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: Autodesk DWF - {F03966D3-8EA0-47b4-BBE0-85BFE6CBC8AC} - C:\Program Files\Autodesk\Autodesk DWF Writer\DWF Addin\DWFIEAddin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [DNA] "C:\Program Files\BitTorrent_DNA\dna.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://aimexpress.aol.com (HKCU)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {0F7A9297-7268-11D1-B81A-00A076C01B0A} (CPC View ax Control) - http://www.cartesianinc.com/Products/CPCVi...k/CpcViewAX.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.xdrive.com/downloads/std_install/setup.exe
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\Software\..\Telephony: DomainName = ReadyCableinc.local
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: Domain = ReadyCableinc.local
O17 - HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: Domain = ReadyCableinc.local
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: Domain = ReadyCableinc.local
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O21 - SSODL: uimsgact - {149557CC-016F-0D3C-1F44-013FF8E2ED2C} - C:\Program Files\naxnojf\uimsgact.dll
O23 - Service: 4D6CCE3E - Unknown owner - C:\WINDOWS\system32\141875BE.EXE -k
O23 - Service: Avira AntiVir Personal Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: VistaUpdate - Unknown owner - C:\WINDOWS\system32\VistaUpdate.exe


--
End of file - 9983 bytes

-- File Associations -----------------------------------------------------------

.scr - AutoCADScriptFile - shell\open\command - C:\WINDOWS\NOTEPAD.EXE "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ialmnt55 - c:\windows\system32\drivers\ialmnt55.sys

S2 Sentinel - c:\windows\system32\drivers\sentinel.sys
S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (Avira AntiVir Personal Free Antivirus Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>

S2 4D6CCE3E - c:\windows\system32\141875be.exe -k (file missing)
S2 VistaUpdate - c:\windows\system32\vistaupdate.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-24 11:45:28 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job


-- Files created between 2008-06-24 and 2008-07-24 -----------------------------

2008-07-24 09:53:12 0 d-------- C:\Program Files\Avira
2008-07-24 09:53:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-16 07:42:31 0 d-------- C:\Program Files\Common Files\Scanner
2008-07-16 07:42:21 0 d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-07-16 07:33:17 0 d-------- C:\Documents and Settings\matayde\Application Data\Yahoo!
2008-07-16 07:33:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-07-15 09:36:26 0 d--h----- C:\WINDOWS\PIF
2008-07-15 08:54:30 0 d-------- C:\Program Files\Windows Defender
2008-07-15 07:49:02 0 d-------- C:\Documents and Settings\matayde\dwhelper
2008-07-15 07:32:04 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-15 07:32:01 0 d-------- C:\Documents and Settings\matayde\Application Data\Mozilla
2008-07-15 07:02:47 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-07-14 14:04:22 0 d-------- C:\WINDOWS\system32\3554
2008-07-14 13:06:37 18944 --a------ C:\WINDOWS\svchost32.exe
2008-07-14 13:06:34 27392 --a------ C:\WINDOWS\msupdate.exe
2008-07-14 13:05:38 859 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-07-14 13:04:55 88961 --a------ C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
2008-07-14 13:04:42 298311 --a------ C:\WINDOWS\system32\gside.exe
2008-07-14 13:01:04 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-07-14 13:01:02 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-07-14 13:00:46 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-07-14 13:00:39 0 dr------- C:\Documents and Settings\LocalService\Favorites <FAVORI~1>
2008-07-14 13:00:31 4 --a------ C:\WINDOWS\system32\hljwugsf.bin
2008-07-14 12:59:57 0 d--hs---- C:\WINDOWS\T3duZXI
2008-07-14 12:59:54 152157 --a------ C:\WINDOWS\system32\g90.exe
2008-07-14 12:59:39 0 d-------- C:\Documents and Settings\matayde\Application Data\rhca8pj0ep5j
2008-07-14 12:59:36 86144 --a------ C:\WINDOWS\system32\drivers\ialmnt55.sys
2008-07-14 12:59:30 0 d-------- C:\WINDOWS\system32\sfig
2008-07-14 12:59:30 0 d-------- C:\WINDOWS\system32\provdll
2008-07-14 12:59:30 0 d-------- C:\WINDOWS\system32\imp32
2008-07-14 12:59:29 0 d-------- C:\WINDOWS\system32\OBDE
2008-07-14 12:59:27 0 d-------- C:\Program Files\naxnojf
2008-07-14 12:59:16 0 d-------- C:\WINDOWS\system32\olixds06
2008-07-14 12:59:15 0 d-------- C:\Temp
2008-07-14 12:59:07 4096 --a------ C:\WINDOWS\userconfig9x.dll
2008-07-14 12:59:07 4096 --a------ C:\WINDOWS\FVProtect.exe
2008-07-14 12:59:03 4096 --a------ C:\WINDOWS\system32\thun32.dll
2008-07-14 12:59:03 4096 --a------ C:\WINDOWS\system32\thun.dll
2008-07-14 12:59:02 4096 --a------ C:\WINDOWS\winsystem.exe
2008-07-14 12:59:02 4096 --a------ C:\WINDOWS\system32\bdn.com
2008-07-14 12:59:02 4096 --a------ C:\WINDOWS\mssecu.exe
2008-07-14 12:59:02 4096 --a------ C:\WINDOWS\bdn.com
2008-07-14 12:58:58 0 d-------- C:\Documents and Settings\All Users\Application Data\yvwzavwz
2008-07-14 12:58:52 114688 --a------ C:\WINDOWS\system32\evihspov.exe
2008-07-14 12:58:25 64836 --a------ C:\WINDOWS\system32\hmgkdjffliskvabuw.exe
2008-07-14 12:57:06 60928 --a------ C:\WINDOWS\system32\blphce8pj0ep5j.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
2008-06-30 11:55:33 0 d-------- C:\Documents and Settings\matayde\Application Data\Gibbs
2008-06-30 11:39:33 0 d-------- C:\Program Files\Gibbs
2008-06-30 11:39:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Gibbs


-- Find3M Report ---------------------------------------------------------------

2008-07-24 11:53:24 0 d-------- C:\Documents and Settings\matayde\Application Data\DNA
2008-07-24 11:15:38 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-24 11:11:35 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2008-07-16 09:23:49 0 d-------- C:\Program Files\Trend Micro
2008-07-16 07:42:31 0 d-------- C:\Program Files\Common Files
2008-07-16 07:33:16 0 d-------- C:\Program Files\Yahoo!
2008-07-14 14:00:57 0 d-------- C:\Program Files\AutoCAD 2002
2008-07-10 11:40:42 75 --a------ C:\WINDOWS\Verbal
2008-07-10 11:40:20 73 --a------ C:\WINDOWS\Times New Roman
2008-07-10 11:40:20 454 --a------ C:\WINDOWS\0
2008-07-03 12:08:45 0 d-------- C:\Documents and Settings\matayde\Application Data\BitTorrent
2008-06-25 09:34:04 74 --a------ C:\WINDOWS\Logic
2008-06-25 09:33:31 75 --a------ C:\WINDOWS\Memory
2008-06-25 09:31:39 76 --a------ C:\WINDOWS\Spatial
2008-06-25 09:28:00 78 --a------ C:\WINDOWS\Numerical
2008-06-03 10:22:28 0 d-------- C:\Program Files\iSqft
2008-05-27 10:10:18 0 d-------- C:\Program Files\Common Files\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1934b0ff-e468-4149-1a59-eb46ba5f4a6c}]
C:\WINDOWS\system32\gvkczjetxlmiho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{92d5e0a9-3741-c058-1f8a-a3a6820483e9}]
C:\WINDOWS\system32\mjmhzwtwhds.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/10/2008 08:48 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [05/08/2007 12:43 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [05/01/2008 11:15 PM]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [02/12/2008 10:06 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DNA"="C:\Program Files\BitTorrent_DNA\dna.exe" [05/31/2007 11:16 AM]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [09/07/2007 06:01 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [10/24/2007 09:57 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"=1 (0x1)
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"uimsgact"= {149557CC-016F-0D3C-1F44-013FF8E2ED2C} - C:\Program Files\naxnojf\uimsgact.dll [07/14/2008 12:59 PM 98304]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
Auto\command- auto.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b6e150c-1841-11dd-a5f8-001320deced1}]
Auto\command- F:\auto.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

*Newly Created Service* - SSMDRV



-- End of Deckard's System Scanner: finished at 2008-07-24 11:54:06 ------------



EXTRA::
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
CPU 1: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 77%
Physical Memory (total/avail): 502.07 MiB / 111.04 MiB
Pagefile Memory (total/avail): 1225.73 MiB / 837.16 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1923 MiB

C: is Fixed (NTFS) - 52.71 GiB total, 3.46 GiB free.
D: is Fixed (NTFS) - 18.61 GiB total, 18.53 GiB free.
E: is CDROM (No Media)
S: is Network (NTFS)

\\.\PHYSICALDRIVE0 - HDS728080PLA380 - 74.5 GiB - 4 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 52.71 GiB - C:
\PARTITION2 - Installable File System - 18.61 GiB - D:
\PARTITION3 - Unknown - 3.15 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.
AntivirusOverride is set.

AV: Trend Micro OfficeScan Antivirus v8.0 (TrendAntiVirus)
AV: Trend Micro OfficeScan Antivirus v8.0 (TrendAntiVirus)
AV: Trend Micro OfficeScan Antivirus v8.0 (TrendAntiVirus)
AV: Avira AntiVir PersonalEdition v8.0.1.15 (Avira GmbH)
AV: Trend Micro OfficeScan Antivirus v8.0 (TrendAntiVirus)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"="C:\\Program Files\\BitTorrent_DNA\\dna.exe:*:Enabled:DNA"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\matayde\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ACAD3234
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\matayde
LOGONSERVER=\\RCISERVER
MOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Documents and Settings\matayde\Application Data\Mozilla\Firefox\Crash Reports
MOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exe
MOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\crashreporter-override.ini
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0409
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\matayde\LOCALS~1\Temp
TMP=C:\DOCUME~1\matayde\LOCALS~1\Temp
USERDNSDOMAIN=READYCABLEINC.LOCAL
USERDOMAIN=READYCABLEINC
USERNAME=matayde
USERPROFILE=C:\Documents and Settings\matayde
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

matayde (admin)
akochis (new local, admin, net ready)
chobbs (new local, admin, net ready)
Admin (admin)
Owner (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ADAPT Applications --> C:\Program Files\ADAPT\ADAPT-PT\unstall.exe
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AutoCAD 2002 --> MsiExec.exe /I{5783F2D7-0101-0409-0000-0060B0CE6BBA}
AutoCAD Express Tools - AutoCAD 2002 --> "C:\WINDOWS\etUnInst.exe" "-fC:\Program Files\AutoCAD 2002\DeIsL1.isu" "C:\Program Files\AutoCAD 2002\Express\acetmain.ini"
Autodesk CAD Manager Tools --> MsiExec.exe /I{5783F2D7-0111-0409-0010-0060B0CE6BBA}
Autodesk DWF Viewer --> C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove /q0
Autodesk DWF Writer 4.0 --> MsiExec.exe /I{8F5C2A7E-DE9E-4642-AD0F-E29FE903422A}
Avira AntiVir Personal Free Antivirus --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
BitTorrent 5.0.9 --> "C:\Program Files\BitTorrent\uninstall.exe"
Brain Trainer --> "C:\Program Files\Mindscape\Brain Trainer\Uninstall.exe" "C:\Program Files\Mindscape\Brain Trainer\Install.log" -u
CA Yahoo! Anti-Spy (remove only) --> "C:\Program Files\CA Yahoo! Anti-Spy\uninstall.exe"
CPC View ax 6.4.2 --> rundll32 C:\WINDOWS\DOWNLO~1\CPCVIE~1.OCX,UninstallOCX C:\WINDOWS\DOWNLO~1\CPCVIE~1.OCX
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Content Portal --> MsiExec.exe /I{B702CCCE-3176-4DBF-B932-D1B8F402F330}
DNA --> "C:\Program Files\BitTorrent_DNA\dna.exe" /UNINSTALL
doPDF 5.3 printer --> "C:\Program Files\Softland\doPDF 5\unins000.exe"
DWG TrueView 2008 --> C:\Program Files\DWG TrueView 2008\Setup\Setup.exe /P {B1A9CD45-A702-4E3B-91ED-8CD562869901} /M AOEM
Enhancement Browser Tools Ggiantads --> C:\WINDOWS\system32\hmgkdjffliskvabuw.exe
FastStone Image Viewer 3.5 --> C:\Program Files\FastStone Image Viewer\uninst.exe
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
Intel® PRO Network Connections Drivers --> Prounstl.exe
Intel® PROSet for Wired Connections --> MsiExec.exe /I{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Magic ISO Maker v5.4 (build 0256) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MCU --> MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft Office Basic Edition 2003 --> MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Small Business Accounting 2006 --> MsiExec.exe /X{F413D795-B077-4A96-AE75-810BBA673A0E}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 Update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA1C5F22-D1AF-484F-B28A-85FA4E3CAC5A}\setup.exe" -l0x9
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MySidesearch Search Assistant Adzgalore --> C:\WINDOWS\system32\mjmhzwtwhds.dll-uninst.exe
PDF reDirect (remove only) --> C:\Program Files\PDF reDirect\Uninstall.exe
PrintConductor --> "C:\Program Files\PrintConductor\unins000.exe"
Qualxserve Service Agreement --> MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
QuickTime --> MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
RegistryFix v5.5 --> "C:\Program Files\RegistryFix\unins000.exe"
Roxio DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
SBA --> MsiExec.exe /I{20F51690-133A-453C-B616-1C15AB2C0EF0}
Search Assist --> MsiExec.exe /X{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sentinel System Driver --> C:\WINDOWS\SYSTEM32\RNBOSENT\SETUPX86.EXE /U /q
Text To PDF Converter v1.4 --> "C:\Program Files\Text2PDF v1.4\unins000.exe"
Trend Micro OfficeScan Client --> "C:\Program Files\Trend Micro\OfficeScan Client\ntrmv.exe"
Unlocker 1.8.7 --> C:\Program Files\Unlocker\uninst.exe
URL Assistant --> regsvr32 /u /s "c:\Program Files\BAE\BAE.dll"
Volo View Express --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Volo View Express\DeIsL1.isu"
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type747 / Error
Event Submitted/Written: 07/24/2008 11:53:49 AM
Event ID/Source: 4118 / Avira AntiVir
Event Description:
C:\WINDOWS\svchost32.exeACCESS_VIOLATION

Event Record #/Type746 / Error
Event Submitted/Written: 07/24/2008 11:44:40 AM
Event ID/Source: 4118 / Avira AntiVir
Event Description:
C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xmlUNKNOWN20795392

Event Record #/Type744 / Warning
Event Submitted/Written: 07/24/2008 11:42:27 AM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Event Record #/Type743 / Warning
Event Submitted/Written: 07/24/2008 11:42:27 AM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Event Record #/Type740 / Warning
Event Submitted/Written: 07/24/2008 11:41:16 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type31152 / Warning
Event Submitted/Written: 07/24/2008 11:53:49 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%READYCABLEINC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %READYCABLEINC27 can't undo changes that you allow.

For more information please see the following:
%READYCABLEINC275

Scan ID: {DDDA153E-E9E7-4DC9-8591-57185BC7D2F1}

User: READYCABLEINC\MAtayde

Name: %READYCABLEINC271

ID: %READYCABLEINC272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %READYCABLEINC276

Alert Type: %READYCABLEINC278

Detection Type: 1.1.1593.02

Event Record #/Type31151 / Warning
Event Submitted/Written: 07/24/2008 11:53:46 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%READYCABLEINC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %READYCABLEINC27 can't undo changes that you allow.

For more information please see the following:
%READYCABLEINC275

Scan ID: {292343F0-F9AC-4B90-B75D-E52DF30C1B2C}

User: READYCABLEINC\MAtayde

Name: %READYCABLEINC271

ID: %READYCABLEINC272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %READYCABLEINC276

Alert Type: %READYCABLEINC278

Detection Type: 1.1.1593.02

Event Record #/Type31150 / Warning
Event Submitted/Written: 07/24/2008 11:53:46 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%READYCABLEINC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %READYCABLEINC27 can't undo changes that you allow.

For more information please see the following:
%READYCABLEINC275

Scan ID: {7B829BB3-62C0-4BE7-AB50-81DD47FB2943}

User: READYCABLEINC\MAtayde

Name: %READYCABLEINC271

ID: %READYCABLEINC272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %READYCABLEINC276

Alert Type: %READYCABLEINC278

Detection Type: 1.1.1593.02

Event Record #/Type31149 / Warning
Event Submitted/Written: 07/24/2008 11:53:46 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%READYCABLEINC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %READYCABLEINC27 can't undo changes that you allow.

For more information please see the following:
%READYCABLEINC275

Scan ID: {F456B112-010F-4388-8757-BEB7631104C7}

User: READYCABLEINC\MAtayde

Name: %READYCABLEINC271

ID: %READYCABLEINC272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %READYCABLEINC276

Alert Type: %READYCABLEINC278

Detection Type: 1.1.1593.02

Event Record #/Type31148 / Warning
Event Submitted/Written: 07/24/2008 11:53:46 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%READYCABLEINC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %READYCABLEINC27 can't undo changes that you allow.

For more information please see the following:
%READYCABLEINC275

Scan ID: {8657CC72-588D-4BE4-90DA-83FC686B9E27}

User: READYCABLEINC\MAtayde

Name: %READYCABLEINC271

ID: %READYCABLEINC272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %READYCABLEINC276

Alert Type: %READYCABLEINC278

Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2008-07-24 11:54:06 ------------



I also scanned with Avira and got a report::


Avira AntiVir Personal
Report file date: Thursday, July 24, 2008 10:22

Scanning for 1502134 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: ACAD3234

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 4/9/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 3/18/2008 16:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2/7/2008 15:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 2/28/2008 15:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 2/21/2008 15:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 17:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 6/24/2008 14:58:55
ANTIVIR2.VDF : 7.0.5.144 1690624 Bytes 7/21/2008 14:59:45
ANTIVIR3.VDF : 7.0.5.164 243200 Bytes 7/24/2008 14:59:54
Engineversion : 8.1.1.12
AEVDF.DLL : 8.1.0.5 102772 Bytes 2/25/2008 16:58:21
AESCRIPT.DLL : 8.1.0.59 307579 Bytes 7/24/2008 15:00:49
AESCN.DLL : 8.1.0.23 119156 Bytes 7/24/2008 15:00:44
AERDL.DLL : 8.1.0.20 418165 Bytes 7/24/2008 15:00:40
AEPACK.DLL : 8.1.2.1 364917 Bytes 7/24/2008 15:00:34
AEOFFICE.DLL : 8.1.0.21 192891 Bytes 7/24/2008 15:00:29
AEHEUR.DLL : 8.1.0.44 1343863 Bytes 7/24/2008 15:00:25
AEHELP.DLL : 8.1.0.15 115063 Bytes 7/24/2008 15:00:10
AEGEN.DLL : 8.1.0.31 311669 Bytes 7/24/2008 15:00:08
AEEMU.DLL : 8.1.0.6 430451 Bytes 7/24/2008 15:00:04
AECORE.DLL : 8.1.1.7 172406 Bytes 7/24/2008 14:59:59
AEBB.DLL : 8.1.0.1 53617 Bytes 7/24/2008 14:59:56
AVWINLL.DLL : 1.0.0.7 14593 Bytes 1/24/2008 00:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 2/18/2008 17:37:50
AVREP.DLL : 8.0.0.1 98561 Bytes 7/24/2008 14:59:55
AVREG.DLL : 8.0.0.0 30977 Bytes 1/24/2008 00:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 15:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2/28/2008 15:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/23/2008 00:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 1/24/2008 00:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 19:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 3/10/2008 21:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 3/6/2008 19:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Thursday, July 24, 2008 10:22

The scan of running processes will be started
Scan process 'ipconfig.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned
Scan process 'OUTLOOK.EXE' - '1' Module(s) have been scanned
Scan process 'jucheck.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'bittorrent.exe' - '1' Module(s) have been scanned
Scan process 'dna.exe' - '1' Module(s) have been scanned
Scan process 'UnlockerAssistant.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'PccNTMon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'CNTAoSMgr.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'CX27E6.EXE' - '1' Module(s) have been scanned
Scan process 'TmListen.exe' - '1' Module(s) have been scanned
Scan process 'VistaUpdate.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\system32\VistaUpdate.exe'
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'NTRtScan.exe' - '1' Module(s) have been scanned
Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Process 'VistaUpdate.exe' has been terminated
C:\WINDOWS\system32\VistaUpdate.exe
[DETECTION] Is the Trojan horse TR/Downloader.Gen
[NOTE] The file was deleted!

44 processes with 43 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
C:\WINDOWS\system32\gvkczjetxlmiho.dll
[DETECTION] Is the Trojan horse TR/BHO.czn
[NOTE] TR/BHO.czn:[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN]:<{22264505-9205-32be-b4b8-3334dceba8cf}>=sz:gvkczjetxlmiho.dll
[WARNING] The file could not be deleted!

The registry was scanned ( '22' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\auto.exe
[DETECTION] Is the Trojan horse TR/Drop.Agent.gxb
[NOTE] The file was deleted!
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IVQ34BCD\vistaupdate[1].exe
[DETECTION] Is the Trojan horse TR/Downloader.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U7WXA5I7\full[1].exe
[DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\matayde\Application Data\Microsoft\dtsc\3604.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.vzo
[NOTE] The file was deleted!
C:\Documents and Settings\matayde\Desktop\programs\GibbsCAM.2007.v8.5.10-Lz0.zip
[0] Archive type: ZIP
--> Linezer0/Data1.cab
[1] Archive type: CAB (Microsoft)
--> realdwg.dll.2E7806F5_8672_4745_B272_2B20AB7D3669
[DETECTION] Contains detection pattern of the dial-up program DIAL/Generic
--> realdwg.dll.EC9AE4D9_3D03_4FB7_8EAC_F22902274191
[DETECTION] Contains detection pattern of the dial-up program DIAL/Generic
--> realdwg.dll.49E96882_B07D_42B1_A4EF_94EBFADD3429
[DETECTION] Contains detection pattern of the dial-up program DIAL/Generic
--> realdwg.dll.DFC01C2F_6435_4823_BC53_6CEA90758BF0
[DETECTION] Contains detection pattern of the dial-up program DIAL/Generic
--> realdwg.dll.467FD648_3EFC_48D4_8B8E_A5C92B0BC132
[DETECTION] Contains detection pattern of the dial-up program DIAL/Generic
--> realdwg.dll.5888EE9C_3AAB_478B_9492_16019ABBA533
[DETECTION] Contains detection pattern of the dial-up program DIAL/Generic
--> realdwg.dll.7D873E23_73E7_43B6_9573_245F9AC61C71
[DETECTION] Contains detection pattern of the dial-up program DIAL/Generic
--> realdwg.dll.78BB69A0_D612_419E_9682_F6AA939A2006
[DETECTION] Contains detection pattern of the dial-up program DIAL/Generic
--> realdwg.dll.E757AA34_96B6_4E93_B601_CE59F6192238
[DETECTION] Contains detection pattern of the dial-up program DIAL/Generic
--> realdwg.dll.9A52B3BE_01C6_4BB7_86CC_C0E584691E6C
[DETECTION] Contains detection pattern of the dial-up program DIAL/Generic
--> realdwg.dll.27DE271F_EA1A_49CB_8927_0D8AD64D284A
[DETECTION] Contains detection pattern of the dial-up program DIAL/Generic
--> realdwg.dll.FE5A3930_F05D_42B0_9337_576BBBD263F9
[DETECTION] Contains detection pattern of the dial-up program DIAL/Generic
--> realdwg.dll.5F302496_584C_4C8D_BEBA_CCEE68B15A55
[DETECTION] Contains detection pattern of the dial-up program DIAL/Generic
--> realdwg.dll.03C8B8D7_A049_4B1F_AD07_CDF7B78725DE
[DETECTION] Contains detection pattern of the dial-up program DIAL/Generic
--> realdwg.dll.27CB56D2_8913_4849_9E10_37FCE93028DE
[DETECTION] Contains detection pattern of the dial-up program DIAL/Generic
[NOTE] The file was deleted!
C:\Documents and Settings\matayde\Desktop\programs\magic ISO\Magic Iso 5.8221 + Crack.zip
[0] Archive type: ZIP
--> Magic Iso 5.8221 + Crack/Crack/MagicISO.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Beastdoor.205.D Backdoor server programs
[NOTE] The file was moved to '48efa104.qua'!
C:\Documents and Settings\matayde\Local Settings\Application Data\Mozilla\Firefox\Profiles\87dh8w2s.default\Cache\F7D35FC8d01
[DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\matayde\Local Settings\Temp\.ttD.tmp.vbs
[DETECTION] Contains detection pattern of the VBS script virus VBS/Agent.1002
[NOTE] The file was deleted!
C:\Documents and Settings\matayde\Local Settings\Temp\Downloader.exe
[DETECTION] Is the Trojan horse TR/Agent.8192.291
[NOTE] The file was deleted!
C:\Documents and Settings\matayde\Local Settings\Temp\keygen.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOH
[NOTE] The file was deleted!
C:\Documents and Settings\matayde\Local Settings\Temp\snpkjkfs.exe
[DETECTION] Contains detection pattern of the dropper DR/Dldr.VB.eyc.6
[NOTE] The file was deleted!
C:\Documents and Settings\matayde\Local Settings\Temp\temp.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.pmd.2
[NOTE] The file was deleted!
C:\Program Files\Gibbs\GibbsCAM\8.5.10_NLO(w)\plugins\-non-menu\RealDWG.dll
[DETECTION] Contains detection pattern of the dial-up program DIAL/Generic
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
[WARNING]
C:\RECYCLER\S-1-5-21-1977564690-2145564544-2648746340-1949\Dc116.zip
[0] Archive type: ZIP
--> portsv.exe
[DETECTION] Is the Trojan horse TR/Downloader.Gen
[NOTE] The file was moved to '48b9abb7.qua'!
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP354\A0065491.dll
[DETECTION] Is the Trojan horse TR/AdClicker.BH
[NOTE] The file was moved to '48b8abb5.qua'!
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP354\A0065494.DLL
[DETECTION] Is the Trojan horse TR/Autorun.CA
[NOTE] The file was moved to '48b8abb9.qua'!
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP354\A0065504.exe
[DETECTION] Is the Trojan horse TR/Fakealert.AG
[NOTE] The file was moved to '48b8abbd.qua'!
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP354\A0065507.EXE
[DETECTION] Is the Trojan horse TR/Drop.Agent.gxb
[NOTE] The file was moved to '48b8abc1.qua'!
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP354\A0065543.DLL
[DETECTION] Is the Trojan horse TR/Autorun.CA
[NOTE] The file was moved to '48b8abc5.qua'!
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP354\A0065551.EXE
[DETECTION] Contains detection pattern of the worm WORM/Autorun.bpc
[NOTE] The file was moved to '48b8abcd.qua'!
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP354\A0065558.exe
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/FraudTool.XPAntivirus.LQ
[NOTE] The file was moved to '48b8abd1.qua'!
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP354\A0065571.DLL
[DETECTION] Is the Trojan horse TR/Autorun.CA
[NOTE] The file was moved to '48b8abd6.qua'!
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP354\A0065578.EXE
[DETECTION] Contains detection pattern of the worm WORM/Autorun.bpc
[NOTE] The file was moved to '48b8abdb.qua'!
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP355\A0065602.DLL
[DETECTION] Is the Trojan horse TR/Autorun.CA
[NOTE] The file was moved to '48b8abe0.qua'!
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP355\A0065609.EXE
[DETECTION] Contains detection pattern of the worm WORM/Autorun.bpc
[NOTE] The file was moved to '48b8abe3.qua'!
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP355\A0065802.DLL
[DETECTION] Is the Trojan horse TR/Autorun.CA
[NOTE] The file was moved to '48b8abec.qua'!
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP355\A0065826.EXE
[DETECTION] Is the Trojan horse TR/Drop.Agent.gxb
[NOTE] The file was moved to '48b8abf0.qua'!
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP359\A0065906.DLL
[DETECTION] Is the Trojan horse TR/Autorun.CA
[NOTE] The file was moved to '48b8ac05.qua'!
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP359\A0065916.EXE
[DETECTION] Contains detection pattern of the worm WORM/Autorun.bpc
[NOTE] The file was moved to '48b8ac08.qua'!
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP360\A0066048.DLL
[DETECTION] Is the Trojan horse TR/Autorun.CA
[NOTE] The file was moved to '48b8ac20.qua'!
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP361\A0066061.EXE
[DETECTION] Is the Trojan horse TR/Drop.Agent.gxb
[NOTE] The file was moved to '48b8ac25.qua'!
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP363\A0066280.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '48b8ac31.qua'!
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP363\A0066301.exe
[DETECTION] Is the Trojan horse TR/Downloader.Gen
[NOTE] The file was moved to '48b8ac33.qua'!
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP363\A0069489.EXE
[DETECTION] Is the Trojan horse TR/Drop.Agent.gxb
[NOTE] The file was moved to '48b8ac3d.qua'!
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP363\A0069490.DLL
[DETECTION] Is the Trojan horse TR/Autorun.CA
[NOTE] The file was moved to '48b8ac40.qua'!
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP364\A0069605.DLL
[DETECTION] Is the Trojan horse TR/Autorun.CA
[NOTE] The file was moved to '48b8ac49.qua'!
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP364\A0069654.EXE
[DETECTION] Is the Trojan horse TR/Drop.Agent.gxb
[NOTE] The file was moved to '48b8ac50.qua'!
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP364\A0069659.DLL
[DETECTION] Is the Trojan horse TR/Autorun.CA
[NOTE] The file was moved to '48b8ac52.qua'!
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP364\A0069719.DLL
[DETECTION] Is the Trojan horse TR/Autorun.CA
[NOTE] The file was moved to '48b8ac56.qua'!
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP366\A0069804.DLL
[DETECTION] Is the Trojan horse TR/Autorun.CA
[NOTE] The file was moved to '48b8ac5e.qua'!
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP366\A0070804.DLL
[DETECTION] Is the Trojan horse TR/Autorun.CA
[NOTE] The file was moved to '48b8ac61.qua'!
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP366\A0070846.EXE
[DETECTION] Is the Trojan horse TR/Drop.Agent.gxb
[NOTE] The file was moved to '48b8ac6c.qua'!
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP367\A0070852.exe
[DETECTION] Is the Trojan horse TR/Downloader.Gen
[NOTE] The file was moved to '48b8ac70.qua'!
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP367\A0070853.exe
[DETECTION] Is the Trojan horse TR/Drop.Agent.gxb
[NOTE] The file was moved to '48b8ac73.qua'!
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP367\A0070854.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.vzo
[NOTE] The file was moved to '48b8ac90.qua'!
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP367\A0070856.dll
[DETECTION] Is the Trojan horse TR/BHO.czn
[NOTE] The file was moved to '48b8ac92.qua'!
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP367\A0070857.dll
[DETECTION] Is the Trojan horse TR/BHO.czp
[NOTE] The file was moved to '48b8ac94.qua'!
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP368\A0070874.dll
[DETECTION] Contains detection pattern of the dial-up program DIAL/Generic
[NOTE] The file was moved to '48b8ac98.qua'!
C:\WINDOWS\lfn.exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[NOTE] The file was moved to '48f6ace6.qua'!
C:\WINDOWS\svchost.exe
[DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
[NOTE] The file was moved to '48ebad01.qua'!
C:\WINDOWS\windowsupdates.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOH
[NOTE] The file was moved to '48f6acfa.qua'!
C:\WINDOWS\yoursearchnet_com.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was moved to '48fdad03.qua'!
C:\WINDOWS\system32\45C35F9E.DLL
[DETECTION] Is the Trojan horse TR/Autorun.CA
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
C:\WINDOWS\system32\cnitsfsp.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48f1af7a.qua'!
C:\WINDOWS\system32\lphce8pj0ep5j.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48f0af9c.qua'!
C:\WINDOWS\system32\n1216131601k.exe
[DETECTION] Is the Trojan horse TR/Drop.Agent.gxb
[NOTE] The file was moved to '48baaf7e.qua'!
C:\WINDOWS\system32\n1216916890k.exe
[DETECTION] Is the Trojan horse TR/Drop.Agent.gxb
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
C:\WINDOWS\system32\n1216916915k.exe
[DETECTION] Is the Trojan horse TR/Drop.Agent.gxb
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
C:\WINDOWS\system32\n1216916940k.exe
[DETECTION] Is the Trojan horse TR/Drop.Agent.gxb
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
C:\WINDOWS\system32\n1216916965k.exe
[DETECTION] Is the Trojan horse TR/Drop.Agent.gxb
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
C:\WINDOWS\system32\n1216916987k.exe
[DETECTION] Is the Trojan horse TR/Drop.Agent.gxb
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
C:\WINDOWS\system32\n1216917010k.exe
[DETECTION] Is the Trojan horse TR/Drop.Agent.gxb
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
C:\WINDOWS\system32\n1216917033k.exe
[DETECTION] Is the Trojan horse TR/Drop.Agent.gxb
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
C:\WINDOWS\system32\n1216917055k.exe
[DETECTION] Is the Trojan horse TR/Drop.Agent.gxb
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
C:\WINDOWS\system32\n1216917079k.exe
[DETECTION] Is the Trojan horse TR/Drop.Agent.gxb
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
C:\WINDOWS\system32\n1216917103k.exe
[DETECTION] Is the Trojan horse TR/Drop.Agent.gxb
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
C:\WINDOWS\system32\pphce8pj0ep5j.exe
[DETECTION] Is the Trojan horse TR/Fakealert.AG
[NOTE] The file was moved to '48f0b002.qua'!
C:\WINDOWS\system32\drivers\ialmnt55.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\imp32\keysrve.exe
[DETECTION] Is the Trojan horse TR/Downloader.Gen
[NOTE] The file was moved to '4901b054.qua'!
C:\WINDOWS\system32\OBDE\idexpnd.exe
[DETECTION] Is the Trojan horse TR/Dldr.CWS.gen.2
[NOTE] The file was moved to '48edb05a.qua'!
C:\WINDOWS\system32\provdll\globsetup.exe
[0] Archive type: OVL
--> Object
[DETECTION] Is the Trojan horse TR/Spy.Agent.dcp.1
[NOTE] The file was moved to '48f7b066.qua'!
C:\WINDOWS\system32\sfig\mcirev2.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48f1b060.qua'!
C:\WINDOWS\Temp\eraseme_61826.exe
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was moved to '48e9b084.qua'!
Begin scan in 'D:\' <Backup>


End of the scan: Thursday, July 24, 2008 11:39
Used time: 1:16:42 min

The scan has been done completely.

6755 Scanning directories
382125 Files were scanned
89 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
12 files were deleted
0 files were repaired
49 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
382036 Files not concerned
3794 Archives were scanned
16 Warnings
62 Notes

Edited by flimflambb, 24 July 2008 - 12:01 PM.


BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:05:36 AM

Posted 07 August 2008 - 06:16 PM

Hi flimflambb

Sorry for the delay in answering your post.
If you have since resolved the original problem you were having, I would appreciate you letting us know..
If you still need help could you please post back a new Hjt log.... things change so quickly and we need to see what's happening now.
Thanks

Starbuck

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users