Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possibly Infected By Virtumonde, Antivirus 2008


  • This topic is locked This topic is locked
6 replies to this topic

#1 regret

regret

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 04 August 2008 - 10:19 AM

i used to get random popups for antivirus 2008 but those stopped after i scanned and found virtumonde and removed with spybot and windows defender but virtumonde keep coming back a few times but soon it stopped appearing in scans. but recently symantec antivirus's auto protect detected antivirus 2008 is still active in my computer. i need help on removing them.. thanks in advance.

Deckard's System Scanner v20071014.68
Run by Jason on 2008-08-04 22:56:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
81: 2008-08-04 14:56:54 UTC - RP320 - Deckard's System Scanner Restore Point
80: 2008-07-28 15:05:14 UTC - RP319 - Windows Defender Checkpoint
79: 2008-07-28 13:44:22 UTC - RP318 - Installed Windows Defender
78: 2008-07-28 11:02:47 UTC - RP317 - Deckard's System Scanner Restore Point
77: 2008-07-27 08:59:52 UTC - RP316 - Last known good configuration


-- First Restore Point --
1: 2008-07-27 08:59:17 UTC - RP240 - Restore Operation


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Jason.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:58:35, on 8/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Windows Defender\MsMpEng.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\brsvc01a.exe
H:\WINDOWS\system32\brss01a.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Common Files\Symantec Shared\ccApp.exe
H:\PROGRA~1\SYMANT~1\VPTray.exe
H:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
H:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
H:\Program Files\Common Files\Real\Update_OB\realsched.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\QuickTime\QTTask.exe
H:\Program Files\Windows Defender\MSASCui.exe
H:\Program Files\iTunes\iTunesHelper.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\DNA\btdna.exe
H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
H:\Program Files\Symantec AntiVirus\DefWatch.exe
H:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Symantec AntiVirus\Rtvscan.exe
H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
H:\Program Files\PC Connectivity Solution\ServiceLayer.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\Program Files\Windows Live\Messenger\msnmsgr.exe
H:\Program Files\Windows Live\Messenger\usnsvc.exe
H:\Documents and Settings\Jason\Desktop\dss.exe
H:\PROGRA~1\TRENDM~1\HIJACK~1\Jason.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = fol.singnet.com.sg:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - H:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - H:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - H:\Program Files\FlashGet\getflash.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - H:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - H:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - H:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "H:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] H:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "H:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] H:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] H:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] H:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] H:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [PCSuiteTrayApplication] H:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [IMJPMIG8.1] "H:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] H:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] H:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] H:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [StormCodec_Helper] "H:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NSLauncher] H:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "H:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Windows Defender] "H:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "H:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Download All with FlashGet - H:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - H:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: + &Mass Downloader: download this file - H:\Program Files\Mass Downloader\Add_Url.htm
O8 - Extra context menu item: + Mass Downloader: download &All files - H:\Program Files\Mass Downloader\Add_All.htm
O8 - Extra context menu item: Download using LeechGet - file://H:\Program Files\LeechGet 2007\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://H:\Program Files\LeechGet 2007\\Wizard.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://H:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://H:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://H:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://H:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Parse with LeechGet - file://H:\Program Files\LeechGet 2007\\Parser.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - H:\Program Files\Mass Downloader\massdown.exe
O9 - Extra 'Tools' menuitem: &Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - H:\Program Files\Mass Downloader\massdown.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - H:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - H:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe (file missing)
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: H:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0FC64BDC-D14D-4F04-802D-4B9104DF16FB} (SystemCheck Class) - http://www.singnet.com.sg/technical/helpto.../ALTControl.cab
O16 - DPF: {2B866353-E598-4403-8E4D-B871AB30DC55} (Speed Class) - http://www.singnet.com.sg/technical/helpto...a/SpeedCtrl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - H:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by131fd.bay131.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-SG/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1191156788559
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1213061124171
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} - http://app.ipop.co.kr/gom/GomWeb.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...ows-i586-jc.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O23 - Service: Apple Mobile Device - Apple Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - H:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - H:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - H:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MySQL - Unknown owner - H:\Program.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - H:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - H:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - H:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 14324 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 npkcrypt - h:\program files\wizet\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>

S3 EagleNT - h:\windows\system32\drivers\eaglent.sys <Not Verified; AhnLab, Inc.; AhnLab, Inc.>
S3 geebers12 - h:\docume~1\jason\locals~1\temp\rar$ex24.7375\msea v0.42 hacks pack\buffy engine 2\nvid888.sys (file missing)
S3 GMSIPCI - g:\install\gmsipci.sys (file missing)
S3 IlvMoneyDRIVER53 - h:\docume~1\jason\locals~1\temp\rar$ex00.688\moonlightengine lite 1055\ilvmoney1055.sys (file missing)
S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - h:\program files\common files\motive\mrempr5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - h:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - h:\windows\system32\drivers\rtl8139.sys (file missing)
S3 SunkFilt6 (Alcor Micro Corp - 6360) - h:\windows\system32\drivers\sunkfilt6.sys (file missing)
S3 SunkFilt62 (Alcor Micro Corp - 6362) - h:\windows\system32\drivers\sunkfilt62.sys (file missing)
S3 Sunkfiltp (HP && Alcor Micro Corp for Phison) - h:\windows\system32\drivers\sunkfiltp.sys (file missing)
S3 XDva004 - h:\windows\system32\xdva004.sys (file missing)
S3 XDva011 - h:\windows\system32\xdva011.sys (file missing)
S3 XDva020 - h:\windows\system32\xdva020.sys (file missing)
S3 XDva098 - h:\windows\system32\xdva098.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service - "h:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 MySQL - "h:\program files\mysql\mysql server 5.0\bin\mysqld-nt" --defaults-file="h:\program files\mysql\mysql server 5.0\my.ini" mysql (file missing)
R3 ServiceLayer - "h:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

S3 WLSetupSvc (Windows Live Setup Service) - "h:\program files\windows live\installer\wlsetupsvc.exe" <Not Verified; Microsoft Corporation; Windows Live installer>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia N81
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia N81
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd


-- Scheduled Tasks -------------------------------------------------------------

2008-08-04 22:45:16 330 --ah----- H:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-08-02 19:59:02 284 --a------ H:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-07-04 and 2008-08-04 -----------------------------

2008-08-03 20:25:32 0 d-------- H:\Documents and Settings\Jason\Application Data\GetRightToGo
2008-08-03 20:20:08 0 d-------- H:\Documents and Settings\Jason\Application Data\GetRight
2008-08-03 14:32:32 0 d-------- H:\Program Files\Granado Espada
2008-08-02 20:19:17 0 d-------- H:\Program Files\iTunes
2008-08-02 19:33:30 0 d-------- H:\Program Files\Mass Downloader
2008-08-02 19:33:13 0 d-------- H:\Documents and Settings\Jason\Application Data\MetaProducts
2008-08-02 19:27:06 0 d-------- H:\Documents and Settings\Jason\Application Data\Lightning Download
2008-08-02 19:23:21 0 d-------- H:\Documents and Settings\Jason\Application Data\IDM
2008-08-02 19:18:16 0 d-------- H:\Program Files\Star Downloader
2008-08-02 16:17:47 0 d-------- H:\Documents and Settings\Jason\Application Data\WinRAR
2008-08-01 21:43:42 0 d-------- H:\Program Files\LeechGet 2007
2008-08-01 00:16:39 0 d-------- H:\Documents and Settings\All Users\Application Data\EmailNotifier
2008-07-31 20:43:43 0 d-------- H:\Program Files\DAP
2008-07-28 21:44:26 0 d-------- H:\Program Files\Windows Defender
2008-07-28 20:22:33 0 d-------- H:\Program Files\Enigma Software Group
2008-07-27 20:56:47 0 d-------- H:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-27 20:29:08 0 d-------- H:\Program Files\Trend Micro
2008-07-27 19:32:20 0 d-------- H:\VundoFix Backups
2008-07-27 19:27:18 0 d-------- H:\WINDOWS\BDOSCAN8
2008-07-27 16:59:06 371780 --ahs---- H:\WINDOWS\system32\IiQWxyxx.ini2
2008-07-27 16:48:33 356352 --a------ H:\WINDOWS\nfavxwdbsxb.dll
2008-07-27 16:47:31 0 d-------- H:\Program Files\VAV
2008-07-27 16:47:04 0 d-------- H:\Program Files\Common Files\Wise Installation Wizard
2008-07-20 22:20:01 0 d-------- H:\halo2files
2008-07-19 20:06:01 0 d-------- H:\Program Files\Bonjour
2008-07-16 23:44:47 0 d-a------ H:\Documents and Settings\All Users\Application Data\TEMP
2008-07-16 23:29:57 0 d-------- H:\Program Files\AruaROSE
2008-07-13 17:46:41 11796480 --a------ H:\Documents and Settings\Jason\ntuser.dat
2008-07-13 17:25:17 0 d-------- H:\WINDOWS\Prefetch
2008-07-13 17:12:28 0 d-------- H:\WINDOWS\system32\scripting
2008-07-13 17:12:26 0 d-------- H:\WINDOWS\system32\en
2008-07-13 17:12:26 0 d-------- H:\WINDOWS\l2schemas
2008-07-13 17:12:25 0 d-------- H:\WINDOWS\system32\bits
2008-07-10 20:23:05 0 d-------- H:\Documents and Settings\Jason\Application Data\AVSMedia
2008-07-10 20:22:58 0 d-------- H:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-07-10 19:57:32 0 d-------- H:\Program Files\Common Files\AVSMedia
2008-07-10 19:57:23 413760 --a------ H:\WINDOWS\system32\mpg4c32.dll <Not Verified; Microsoft Corporation; Microsoft MPEG-4 Video Codec>
2008-07-10 19:57:23 261632 --a------ H:\WINDOWS\system32\mcdvd_32.dll <Not Verified; MainConcept; MainConcept DV Codec "2.0.4>
2008-07-10 19:53:59 0 d-------- H:\Program Files\Common Files\Download Manager
2008-07-08 22:33:53 0 d-------- H:\Program Files\CA Yahoo! Anti-Spy


-- Find3M Report ---------------------------------------------------------------

2008-08-04 22:52:35 0 d-------- H:\Documents and Settings\Jason\Application Data\DNA
2008-08-04 22:43:11 0 d-------- H:\Program Files\Symantec AntiVirus
2008-08-04 20:02:22 0 d-------- H:\Documents and Settings\Jason\Application Data\Mozilla
2008-08-03 12:01:43 0 d-------- H:\Program Files\Warcraft III
2008-08-03 01:57:04 0 d-------- H:\Documents and Settings\Jason\Application Data\Hamachi
2008-08-02 20:19:40 0 d-------- H:\Program Files\iPod
2008-08-02 19:24:25 0 d-------- H:\Documents and Settings\Jason\Application Data\DMCache
2008-07-27 16:47:04 0 d-------- H:\Program Files\Common Files
2008-07-27 16:46:24 0 d-------- H:\Documents and Settings\Jason\Application Data\uTorrent
2008-07-26 19:01:53 0 d-------- H:\Program Files\Garena
2008-07-20 22:23:26 0 d-------- H:\Program Files\Microsoft Games
2008-07-19 17:56:04 0 d-------- H:\Program Files\Microsoft Silverlight
2008-07-19 17:24:52 0 d-------- H:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-07-13 17:24:46 0 d-------- H:\Program Files\Messenger
2008-07-13 17:12:25 0 d-------- H:\Program Files\Movie Maker
2008-07-13 17:09:49 0 d-------- H:\Program Files\Windows NT
2008-07-08 22:33:53 0 d-------- H:\Program Files\Common Files\Scanner
2008-07-08 22:33:51 0 d-------- H:\Program Files\Yahoo!
2008-07-07 13:17:01 0 d-------- H:\Program Files\Messenger Plus! Live
2008-07-05 22:06:37 77744 --a------ H:\WINDOWS\War3Unin.dat
2008-07-03 00:23:19 0 d-------- H:\Program Files\Apple Software Update
2008-07-03 00:19:17 0 d-------- H:\Program Files\QuickTime
2008-07-02 21:01:55 2829 --a------ H:\WINDOWS\War3Unin.pif
2008-07-02 21:01:55 139264 --a------ H:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-07-02 18:33:07 0 d-------- H:\Program Files\Common Files\Symantec Shared
2008-07-02 18:30:42 0 d-------- H:\Program Files\Azureus
2008-07-02 18:30:39 0 d-------- H:\Documents and Settings\Jason\Application Data\GRETECH
2008-07-01 20:02:33 0 d-------- H:\Program Files\GRETECH
2008-07-01 19:50:18 20 --a------ H:\WINDOWS\system32\pub_store.dat
2008-07-01 19:50:18 0 --a------ H:\WINDOWS\system32\cid_store.dat
2008-06-29 13:18:25 0 d--h----- H:\Program Files\InstallShield Installation Information
2008-06-19 13:04:30 0 d-------- H:\Documents and Settings\Jason\Application Data\IGN_DLM
2008-06-18 21:53:04 0 d-------- H:\Program Files\StepMania
2008-06-16 23:47:26 729088 --a------ H:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-06-16 23:29:17 0 d-------- H:\Program Files\Hamachi
2008-06-10 01:12:43 0 d-------- H:\Program Files\Electronic Arts
2008-06-06 19:17:32 0 d-------- H:\Documents and Settings\Jason\Application Data\MySQL


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="H:\WINDOWS\system32\NvCpl.dll" [05/02/2008 22:46]
"ccApp"="H:\Program Files\Common Files\Symantec Shared\ccApp.exe" [03/24/2006 17:14]
"vptray"="H:\PROGRA~1\SYMANT~1\VPTray.exe" [06/15/2006 01:40]
"SSBkgdUpdate"="H:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [10/14/2003 10:22]
"PaperPort PTD"="H:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [03/17/2005 14:25]
"IndexSearch"="H:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [03/17/2005 14:45]
"SetDefPrt"="H:\Program Files\Brother\Brmfl05a\BrStDvPt.exe" [01/26/2005 18:02]
"ControlCenter2.0"="H:\Program Files\Brother\ControlCenter2\brctrcen.exe" [05/17/2005 17:42]
"PCSuiteTrayApplication"="H:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [06/15/2006 12:36]
"IMJPMIG8.1"="H:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/03/2004 22:32]
"MSPY2002"="H:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/03/2004 22:31]
"PHIME2002ASync"="H:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/03/2004 22:32]
"PHIME2002A"="H:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/03/2004 22:32]
"StormCodec_Helper"="H:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [09/30/2006 15:25]
"nwiz"="nwiz.exe" [05/02/2008 22:46 H:\WINDOWS\system32\nwiz.exe]
"NSLauncher"="H:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [05/09/2007 14:57]
"Adobe Reader Speed Launcher"="H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 22:16]
"TkBellExe"="H:\Program Files\Common Files\Real\Update_OB\realsched.exe" [06/02/2008 11:39]
"NvMediaCenter"="H:\WINDOWS\system32\NvMcTray.dll" [05/02/2008 22:46]
"QuickTime Task"="H:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50]
"AppleSyncNotifier"="H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [07/10/2008 09:47]
"Windows Defender"="H:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 19:20]
"iTunesHelper"="H:\Program Files\iTunes\iTunesHelper.exe" [07/30/2008 10:47]
"KernelFaultCheck"="H:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="H:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [07/07/2008 13:41]
"ctfmon.exe"="H:\WINDOWS\system32\ctfmon.exe" [04/14/2008 08:12]
"MSMSGS"="H:\Program Files\Messenger\msmsgs.exe" [04/14/2008 08:12]
"BitTorrent DNA"="H:\Program Files\DNA\btdna.exe" [07/02/2008 21:17]
"SpybotSD TeaTimer"="H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [07/07/2008 09:42]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{267212FE-B77A-4C83-BB75-3F84B52A3BEE}"= __BHODemonDisabled [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
H:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 H:\WINDOWS\system32\xxyxWQiI
"Notification Packages"= :\WINDOWS\system32\srrstr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--"H:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
H:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--H:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--H:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\Startup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{528470c9-6105-11dd-b962-001b5bbdd752}]
Auto\command- infrom.exe
AutoRun\command- H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8910 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-08-04 22:59:29 ------------




Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® D CPU 3.40GHz
Percentage of Memory in Use: 62%
Physical Memory (total/avail): 1023.36 MiB / 386.89 MiB
Pagefile Memory (total/avail): 1949.9 MiB / 1378.83 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1881.02 MiB

C: is Removable (No Media)
D: is Removable (No Media)
E: is Removable (No Media)
F: is Removable (No Media)
G: is CDROM (UDF)
H: is Fixed (NTFS) - 149.04 GiB total, 24.76 GiB free.
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG HD160JJ - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 149.04 GiB - H:

\\.\PHYSICALDRIVE5 - Brother MFC-215C USB Device

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=H:\Documents and Settings\All Users
APPDATA=H:\Documents and Settings\Jason\Application Data
CLASSPATH=.;H:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=H:\Program Files\Common Files
COMPUTERNAME=MICROSOFT
ComSpec=H:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=H:
HOMEPATH=\Documents and Settings\Jason
LOGONSERVER=\\MICROSOFT
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=H:\Program Files\PC Connectivity Solution\;H:\WINDOWS\system32;H:\WINDOWS;H:\WINDOWS\system32\WBEM;H:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0605
ProgramFiles=H:\Program Files
PROMPT=$P$G
QTJAVA=H:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=H:
SystemRoot=H:\WINDOWS
TEMP=H:\DOCUME~1\Jason\LOCALS~1\Temp
TMP=H:\DOCUME~1\Jason\LOCALS~1\Temp
USERDOMAIN=MICROSOFT
USERNAME=Jason
USERPROFILE=H:\Documents and Settings\Jason
VS90COMNTOOLS=H:\Program Files\Microsoft Visual Studio 9.0\Common7\Tools\
windir=H:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Jason (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
--> H:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
--> H:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> H:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> H:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> H:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> H:\WINDOWS\UNNMP.exe /UNINSTALL
--> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
--> MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 H:\WINDOWS\INF\PCHealth.inf
µTorrent --> "H:\Program Files\uTorrent\uninstall.exe"
µTorrent --> "H:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Acrobat 5.0 --> H:\WINDOWS\ISUNINST.EXE -f"H:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"H:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX --> H:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
Apple Mobile Device Support --> MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AruaROSE --> H:\Program Files\AruaROSE\Uninstall.exe
AuditionSEA --> RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{EC48376E-5D6C-40AE-A226-1D3AC8BDA60F}\setup.exe" -l0x9 -removeonly
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Brother MFL-Pro Suite --> RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}\Setup.exe" -l0x9 Brunin03.dllBrunin03.dll
CA Yahoo! Anti-Spy (remove only) --> "H:\Program Files\CA Yahoo! Anti-Spy\uninstall.exe"
Canon PIXMA iP1000 --> H:\WINDOWS\system32\CNMCP6e.exe "-PRINTERNAMECanon PIXMA iP1000" "-HELPERDLLH:\BJPrinter\CNMWINDOWS\Canon PIXMA iP1000 Installer\Inst2\cnmis.dll" "-RCDLLH:\BJPrinter\CNMWINDOWS\Canon PIXMA iP1000 Installer\Inst2\cnmi0409.dll"
Command & Conquer Tiberian Sun --> H:\Westwood\SUN\Uninstll.EXE
DivX Codec --> H:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> H:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> H:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> H:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> H:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DNA --> "H:\Program Files\DNA\btdna.exe" /UNINSTALL
Easy-WebPrint --> H:\WINDOWS\IsUninst.exe -f"H:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Final Fantasy VII --> H:\WINDOWS\IsUninst.exe -f"H:\Program Files\Square Soft, Inc.\Final Fantasy VII\Uninst.isu"
GameSpy Arcade --> H:\PROGRA~1\GAMESP~1\UNWISE.EXE H:\PROGRA~1\GAMESP~1\INSTALL.LOG
Garena --> H:\Program Files\InstallShield Installation Information\{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}\setup.exe -runfromtemp -l0x0009 -removeonly
Granado Espada --> "H:\Program Files\Granado Espada\unins000.exe"
Haali Media Splitter --> "H:\Program Files\Matroska Pack\haali\uninstall.exe"
Hamachi 1.0.2.5 --> H:\Program Files\Hamachi\uninstall.exe
HijackThis 2.0.2 --> "H:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "H:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
iPod Reset Utility --> MsiExec.exe /X{91A2689C-D4B1-43BB-A521-0E29B963FC56}
iTunes --> MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
LeechGet 2007 Version 2.1 --> "H:\Program Files\LeechGet 2007\unins000.exe"
LEGO Racers --> H:\WINDOWS\IsUninst.exe -f"H:\Program Files\LEGO Media\Games\LEGO Racers\Uninst.isu"
Little Fighter 2 1.9c --> H:\Program Files\LittleFighter2\LF2_v1.9c\uninst.exe
LIVE gaming on Windows Runtime Version 1.0.6027 --> MsiExec.exe /X{839916F4-D8B5-4407-BE6D-6D4EB9D96AF4}
LiveUpdate 3.0 (Symantec Corporation) --> "H:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
MapleStory --> MsiExec.exe /I{7A512A34-F4E8-43C4-BD80-43A022B31BF6}
MapleStory --> RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{80EAC1F5-3067-4E57-A09F-3AF728C59FE5}\setup.exe" -l0x9 -removeonly
Matroska Pack --> H:\Program Files\Matroska Pack\uninstall.exe
Megaupload Toolbar --> H:\Program Files\MegauploadToolbar\uninstall.exe
Messenger Plus! Live --> "H:\Program Files\Messenger Plus! Live\Uninstall.exe"
MetaProducts Mass Downloader --> H:\Program Files\Mass Downloader\massdown.exe /UnInstall
Microsoft Base Smart Card Cryptographic Service Provider Package --> "H:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "H:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Halo --> "H:\Program Files\Microsoft Games\Halo\UNINSTAL.EXE" /runtemp /addremove
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "H:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Express Edition - ENU --> H:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual C++ 2008 Express Edition - ENU\setup.exe
Microsoft Visual C++ 2008 Express Edition - ENU --> MsiExec.exe /X{D1846BA1-6118-3EDF-8C57-6E1A04646738}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework --> MsiExec.exe /X{B4C0A315-07FB-39F9-85CD-8CE20C019350}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 --> MsiExec.exe /X{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries --> MsiExec.exe /X{842FAF7C-50EF-4463-9B8F-6222E1384D7D}
Mozilla Firefox (3.0.1) --> H:\Program Files\Mozilla Firefox\uninstall\helper.exe
MySQL Server 5.0 --> MsiExec.exe /I{608FFCC7-7237-47BB-ABD5-8341754A3BBA}
MySQL Tools for 5.0 --> MsiExec.exe /I{EC561602-C0B9-4FAA-A175-1B3273639AC3}
Need for Speed™ Carbon --> H:\Program Files\Electronic Arts\Need for Speed Carbon\EAUninstall.exe
Nero Suite --> H:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
Nokia Connectivity Cable Driver --> MsiExec.exe /X{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}
Nokia Lifeblog 2.5 --> MsiExec.exe /I{E94603CA-2996-4154-8EE2-A5FCD4BFB500}
Nokia NSeries Application Installer --> MsiExec.exe /I{FD349381-D79C-4E5C-8980-015DFFB962D5}
Nokia NSeries Content Copier --> MsiExec.exe /X{F779EC8D-6703-4C4A-817C-37B07898E647}
Nokia NSeries Multimedia Player --> MsiExec.exe /I{FA25FAF6-3097-43C9-BBB2-A77CE8AF1881}
Nokia NSeries Music Manager --> MsiExec.exe /I{F89E5AD8-AE47-49B5-B9F9-C498791E6255}
Nokia NSeries One Touch Access --> MsiExec.exe /I{F4EE8763-EAA8-4BC1-8594-8501F5F00414}
Nokia NSeries System Utilities --> MsiExec.exe /X{F1932E56-8A95-40E0-A15B-E06B45969845}
Nokia PC Suite --> MsiExec.exe /I{E1B34BF3-6333-47DC-AD85-D89A95829478}
Nokia Software Launcher --> MsiExec.exe /I{37A9BF0C-775D-4431-9E53-946F35C3E041}
Nokia Software Updater --> MsiExec.exe /X{95F2AFB0-8BC9-4E40-A4E1-B9066D2469C0}
Norton Spyware Scan -->
Norton Spyware Scan provided by Yahoo! --> H:\PROGRA~1\Yahoo!\Common\unynss.exe
NVIDIA Drivers --> H:\WINDOWS\system32\nvuninst.exe UninstallGUI
O2Jam (e-Games) v.3.50 --> RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{D5CD3E08-6B73-471A-93D1-63C7F32118C1}\Setup.exe" -l0x9
PaperPort --> MsiExec.exe /I{A17EABB6-D0C6-44E5-820C-72DC7F495064}
PC Connectivity Solution --> MsiExec.exe /I{6094AB91-4CC8-498E-9DFF-134CC0B159DE}
Quest3D Viewers 3.0e --> "H:\Program Files\Act-3D\Quest3D Viewers 3.0e\unins000.exe"
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer --> H:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\Setup.exe" -l0x9 -removeonly
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Spybot - Search & Destroy --> "H:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam Platform 1.1.2.5 i6 --> deltree "c:\Valve"
StepMania (remove only) --> "H:\Program Files\StepMania\uninstall.exe"
Storm Codec --> H:\Program Files\Ringz Studio\Storm Codec\uninst6.10.00.exe
Symantec AntiVirus --> MsiExec.exe /I{78D891EF-9E2D-4FC8-A71F-E6F897BA1B21}
VeohTV BETA --> H:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
VideoLAN VLC media player 0.8.6b --> H:\Program Files\VideoLAN\VLC\uninstall.exe
Warcraft III: All Products --> H:\WINDOWS\War3Unin.exe H:\WINDOWS\War3Unin.dat
WebFldrs XP -->
Westwood Shared Internet Components --> H:\Westwood\Internet\UnstllAP.EXE
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1) --> H:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u H:\WINDOWS\system32\DRVSTORE\pccswpddri_039E7E24575DBAE6A389611AF28F4EB97729D33E\pccswpddriver.inf
Windows Driver Package - Nokia Modem (07/24/2006 6.81.0.23) --> H:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u H:\WINDOWS\system32\DRVSTORE\nokbtmdm_8BEAEC6636531F9CD10CFDA4ECE6AA29199B8974\nokbtmdm.inf
Windows Imaging Component --> "H:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "H:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3 --> "H:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver --> H:\Program Files\WinRAR\uninstall.exe
WinZip --> "H:\Program Files\WinZip\WINZIP32.EXE" /uninstall
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Install Manager --> H:\WINDOWS\system32\regsvr32 /u H:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Search Protection --> H:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Toolbar --> H:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
YAMAHA SoftSynthesizer S-YXG70 --> H:\WINDOWS\uninst.exe -fH:\WINDOWS\DeIsL1.isu -c"H:\WINDOWS\system32\sxgunins.dll
YAWLE 0.5b --> H:\WINDOWS\iun6002.exe "H:\Program Files\Warcraft III\irunin.ini"


-- Application Event Log -------------------------------------------------------

Event Record #/Type42902 / Success
Event Submitted/Written: 08/04/2008 10:44:16 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type42900 / Warning
Event Submitted/Written: 08/04/2008 10:43:11 PM
Event ID/Source: 42 / Symantec AntiVirus
Event Description:
Auto-Protect Error: Auto-Protect is unable to block security risks.

Event Record #/Type42899 / Warning
Event Submitted/Written: 08/04/2008 10:43:11 PM
Event ID/Source: 42 / Symantec AntiVirus
Event Description:
Auto-Protect Error: Auto-Protect is unable to block security risks.

Event Record #/Type42898 / Warning
Event Submitted/Written: 08/04/2008 10:43:10 PM
Event ID/Source: 42 / Symantec AntiVirus
Event Description:
Auto-Protect Error: Auto-Protect is unable to block security risks.

Event Record #/Type42886 / Warning
Event Submitted/Written: 08/04/2008 08:04:41 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type56621 / Warning
Event Submitted/Written: 08/04/2008 10:58:50 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%MICROSOFT27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %MICROSOFT27 can't undo changes that you allow.

For more information please see the following:
%MICROSOFT275

Scan ID: {E0F67800-6F8F-4611-A28E-3A8D7E64BE26}

User: MICROSOFT\Jason

Name: %MICROSOFT271

ID: %MICROSOFT272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %MICROSOFT276

Alert Type: %MICROSOFT278

Detection Type: 1.1.1593.02

Event Record #/Type56620 / Warning
Event Submitted/Written: 08/04/2008 10:58:50 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%MICROSOFT27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %MICROSOFT27 can't undo changes that you allow.

For more information please see the following:
%MICROSOFT275

Scan ID: {A15C7642-24F8-4B0D-A0B6-73AA5B910DD7}

User: MICROSOFT\Jason

Name: %MICROSOFT271

ID: %MICROSOFT272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %MICROSOFT276

Alert Type: %MICROSOFT278

Detection Type: 1.1.1593.02

Event Record #/Type56619 / Warning
Event Submitted/Written: 08/04/2008 10:58:50 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%MICROSOFT27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %MICROSOFT27 can't undo changes that you allow.

For more information please see the following:
%MICROSOFT275

Scan ID: {14DCD081-2CE1-4B3F-AD5D-1260D9E70CBE}

User: MICROSOFT\Jason

Name: %MICROSOFT271

ID: %MICROSOFT272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %MICROSOFT276

Alert Type: %MICROSOFT278

Detection Type: 1.1.1593.02

Event Record #/Type56618 / Warning
Event Submitted/Written: 08/04/2008 10:58:50 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%MICROSOFT27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %MICROSOFT27 can't undo changes that you allow.

For more information please see the following:
%MICROSOFT275

Scan ID: {A7E267EA-C63E-4120-8CFF-F042C2C6BCFA}

User: MICROSOFT\Jason

Name: %MICROSOFT271

ID: %MICROSOFT272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %MICROSOFT276

Alert Type: %MICROSOFT278

Detection Type: 1.1.1593.02

Event Record #/Type56617 / Warning
Event Submitted/Written: 08/04/2008 10:58:48 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%MICROSOFT27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %MICROSOFT27 can't undo changes that you allow.

For more information please see the following:
%MICROSOFT275

Scan ID: {60635899-0399-48C8-92ED-06F83E1A092A}

User: MICROSOFT\Jason

Name: %MICROSOFT271

ID: %MICROSOFT272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %MICROSOFT276

Alert Type: %MICROSOFT278

Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2008-08-04 22:59:29 ------------

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:38 AM

Posted 05 August 2008 - 06:44 AM

Hi,

I see you are running Teatimer.
I suggest you to disable it because it can interfere with the changes you'll make on your system.
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
How to disable TeaTimer <== click me for instructions.
After you disabled Teatimer, download ResetTeaTimer.bat to your desktop. (In case you use Firefox, rightclick the link and choose "save as").
Doubleclick ResetTeaTimer.bat and let it run.
This will only take a few seconds.

Then, * Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 regret

regret
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 05 August 2008 - 07:46 AM

thanks for your help. here are the logs that u requested for.

ComboFix 08-08-04.01 - Jason 2008-08-05 20:22:20.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.466 [GMT 8:00]
Running from: H:\Documents and Settings\Jason\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

H:\Documents and Settings\Jason\Application Data\macromedia\Flash Player\#SharedObjects\YEALPTTF\interclick.com
H:\Documents and Settings\Jason\Application Data\macromedia\Flash Player\#SharedObjects\YEALPTTF\interclick.com\ud.sol
H:\Documents and Settings\Jason\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
H:\Documents and Settings\Jason\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
H:\Program Files\VAV
H:\WINDOWS\cookies.ini
H:\WINDOWS\nfavxwdbsxb.dll
H:\WINDOWS\system32\IiQWxyxx.ini
H:\WINDOWS\system32\IiQWxyxx.ini2
H:\WINDOWS\system32\kccyiiqm.ini
H:\WINDOWS\system32\ykcmomyy.ini

.
((((((((((((((((((((((((( Files Created from 2008-07-05 to 2008-08-05 )))))))))))))))))))))))))))))))
.

2008-08-03 20:25 . 2008-08-03 20:27 <DIR> d-------- H:\Documents and Settings\Jason\Application Data\GetRightToGo
2008-08-03 20:20 . 2008-08-03 20:25 <DIR> d-------- H:\Documents and Settings\Jason\Application Data\GetRight
2008-08-03 14:32 . 2008-08-03 14:42 <DIR> d-------- H:\Program Files\Granado Espada
2008-08-02 20:19 . 2008-08-02 20:19 <DIR> d-------- H:\Program Files\iTunes
2008-08-02 19:33 . 2008-08-04 00:57 <DIR> d-------- H:\Program Files\Mass Downloader
2008-08-02 19:33 . 2008-08-02 19:33 <DIR> d-------- H:\Documents and Settings\Jason\Application Data\MetaProducts
2008-08-02 19:27 . 2008-08-02 19:31 <DIR> d-------- H:\Documents and Settings\Jason\Application Data\Lightning Download
2008-08-02 19:23 . 2008-08-02 19:23 <DIR> d-------- H:\Documents and Settings\Jason\Application Data\IDM
2008-08-02 19:18 . 2008-08-02 19:38 <DIR> d-------- H:\Program Files\Star Downloader
2008-08-01 21:43 . 2008-08-01 21:43 <DIR> d-------- H:\Program Files\LeechGet 2007
2008-08-01 00:16 . 2008-08-01 00:16 <DIR> d-------- H:\Documents and Settings\All Users\Application Data\EmailNotifier
2008-07-31 20:43 . 2008-08-03 20:37 <DIR> d-------- H:\Program Files\DAP
2008-07-28 21:44 . 2008-07-28 21:44 <DIR> d-------- H:\Program Files\Windows Defender
2008-07-28 20:22 . 2008-07-28 21:01 <DIR> d-------- H:\Program Files\Enigma Software Group
2008-07-28 19:02 . 2008-07-28 19:02 <DIR> d-------- H:\Deckard
2008-07-27 21:26 . 2008-07-29 00:24 189 --a------ H:\WINDOWS\wininit.ini
2008-07-27 20:56 . 2008-07-27 20:56 <DIR> d-------- H:\Program Files\Spybot - Search & Destroy
2008-07-27 20:56 . 2008-07-27 21:01 <DIR> d-------- H:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-27 20:29 . 2008-07-27 20:29 <DIR> d-------- H:\Program Files\Trend Micro
2008-07-27 19:32 . 2008-07-27 19:32 <DIR> d-------- H:\VundoFix Backups
2008-07-27 19:27 . 2008-07-27 20:08 <DIR> d-------- H:\WINDOWS\BDOSCAN8
2008-07-27 16:47 . 2008-07-27 16:47 <DIR> d-------- H:\Program Files\Common Files\Wise Installation Wizard
2008-07-20 22:20 . 2008-07-20 22:20 <DIR> d-------- H:\halo2files
2008-07-19 20:06 . 2008-07-20 22:19 <DIR> d-------- H:\Program Files\Bonjour
2008-07-16 23:44 . 2008-08-03 20:32 <DIR> d-a------ H:\Documents and Settings\All Users\Application Data\TEMP
2008-07-16 23:29 . 2008-07-25 20:14 <DIR> d-------- H:\Program Files\AruaROSE
2008-07-13 17:44 . 2008-06-13 19:05 272,128 -----c--- H:\WINDOWS\system32\dllcache\bthport.sys
2008-07-13 17:43 . 2008-05-08 22:02 203,136 -----c--- H:\WINDOWS\system32\dllcache\rmcast.sys
2008-07-13 17:12 . 2008-07-13 17:12 <DIR> d-------- H:\WINDOWS\system32\scripting
2008-07-13 17:12 . 2008-07-13 17:12 <DIR> d-------- H:\WINDOWS\system32\en
2008-07-13 17:12 . 2008-07-13 17:12 <DIR> d-------- H:\WINDOWS\system32\bits
2008-07-13 17:12 . 2008-07-13 17:12 <DIR> d-------- H:\WINDOWS\l2schemas
2008-07-13 16:59 . 2008-04-14 08:12 69,120 --a------ H:\WINDOWS\system32\wlanapi.dll
2008-07-13 16:59 . 2008-04-14 08:12 50,688 --a------ H:\WINDOWS\system32\tspkg.dll
2008-07-13 16:57 . 2008-04-14 08:11 650,752 --a------ H:\WINDOWS\system32\dot3ui.dll
2008-07-10 20:23 . 2008-07-10 20:23 <DIR> d-------- H:\Documents and Settings\Jason\Application Data\AVSMedia
2008-07-10 20:22 . 2008-07-10 20:22 <DIR> d-------- H:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-07-10 19:57 . 2008-07-10 20:45 <DIR> d-------- H:\Program Files\Common Files\AVSMedia
2008-07-10 19:57 . 2007-02-27 19:36 1,700,352 --a------ H:\WINDOWS\system32\GdiPlus.dll
2008-07-10 19:57 . 2007-02-27 19:36 974,848 --a------ H:\WINDOWS\system32\mfc70.dll
2008-07-10 19:57 . 2007-02-27 19:36 487,424 --a------ H:\WINDOWS\system32\msvcp70.dll
2008-07-10 19:57 . 2007-02-27 19:36 413,760 --a------ H:\WINDOWS\system32\mpg4c32.dll
2008-07-10 19:57 . 2007-02-27 19:36 344,064 --a------ H:\WINDOWS\system32\msvcr70.dll
2008-07-10 19:57 . 2007-02-27 19:36 261,632 --a------ H:\WINDOWS\system32\mcdvd_32.dll
2008-07-10 19:57 . 2007-02-27 19:36 156,910 --a------ H:\WINDOWS\WMSysPr8.prx
2008-07-10 19:57 . 2007-02-27 19:36 81,920 --a------ H:\WINDOWS\system32\AC3ACM.acm
2008-07-10 19:57 . 2007-02-27 19:36 38,912 --a------ H:\WINDOWS\system32\alf2cd.acm
2008-07-10 19:57 . 2007-02-27 19:36 13,239 --a------ H:\WINDOWS\system32\Scg726.acm
2008-07-10 19:53 . 2008-07-10 19:53 <DIR> d-------- H:\Program Files\Common Files\Download Manager
2008-07-08 22:33 . 2008-07-27 19:07 <DIR> d-------- H:\Program Files\CA Yahoo! Anti-Spy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-05 12:27 --------- d-----w H:\Program Files\Symantec AntiVirus
2008-08-05 12:27 --------- d-----w H:\Documents and Settings\Jason\Application Data\DNA
2008-08-03 04:01 --------- d-----w H:\Program Files\Warcraft III
2008-08-02 17:57 --------- d-----w H:\Documents and Settings\Jason\Application Data\Hamachi
2008-08-02 12:19 --------- d-----w H:\Program Files\iPod
2008-08-02 11:24 --------- d-----w H:\Documents and Settings\Jason\Application Data\DMCache
2008-07-27 08:46 --------- d-----w H:\Documents and Settings\Jason\Application Data\uTorrent
2008-07-26 11:01 --------- d-----w H:\Program Files\Garena
2008-07-20 14:23 --------- d-----w H:\Program Files\Microsoft Games
2008-07-19 09:56 --------- d-----w H:\Program Files\Microsoft Silverlight
2008-07-19 09:24 --------- d-----w H:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-07-08 14:33 --------- d-----w H:\Program Files\Yahoo!
2008-07-08 14:33 --------- d-----w H:\Program Files\Common Files\Scanner
2008-07-08 14:32 --------- d-----w H:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-07-07 05:17 --------- d-----w H:\Program Files\Messenger Plus! Live
2008-07-02 16:23 --------- d-----w H:\Program Files\Apple Software Update
2008-07-02 16:19 --------- d-----w H:\Program Files\QuickTime
2008-07-02 13:01 2,829 ----a-w H:\WINDOWS\War3Unin.pif
2008-07-02 13:01 139,264 ----a-w H:\WINDOWS\War3Unin.exe
2008-07-02 10:33 --------- d-----w H:\Program Files\Common Files\Symantec Shared
2008-07-02 10:30 --------- d-----w H:\Program Files\Azureus
2008-07-02 10:30 --------- d-----w H:\Documents and Settings\Jason\Application Data\GRETECH
2008-07-01 12:02 --------- d-----w H:\Program Files\GRETECH
2008-07-01 11:50 --------- d-----w H:\Documents and Settings\All Users\Application Data\Thunder Network
2008-06-29 05:18 --------- d--h--w H:\Program Files\InstallShield Installation Information
2008-06-20 11:51 361,600 ----a-w H:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w H:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w H:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 05:04 --------- d-----w H:\Documents and Settings\Jason\Application Data\IGN_DLM
2008-06-18 13:53 --------- d-----w H:\Program Files\StepMania
2008-06-16 15:47 729,088 ----a-w H:\WINDOWS\iun6002.exe
2008-06-16 15:31 25,280 ----a-w H:\WINDOWS\system32\drivers\hamachi.sys
2008-06-16 15:29 --------- d-----w H:\Program Files\Hamachi
2008-06-13 11:05 272,128 ----a-w H:\WINDOWS\system32\drivers\bthport.sys
2008-06-09 17:12 --------- d-----w H:\Program Files\Electronic Arts
2008-06-06 11:17 --------- d-----w H:\Documents and Settings\Jason\Application Data\MySQL
2008-06-06 05:15 448,384 ----a-w H:\WINDOWS\system32\drivers\EagleNt.sys
2008-01-10 05:07 1,782 ----a-w H:\Program Files\illusion.reg
2007-07-21 03:11 20,480 ----a-w H:\Documents and Settings\Jason\WowMon.dll
2007-07-17 14:14 57,344 ----a-w H:\Documents and Settings\Jason\loaderplus.exe
2007-07-15 12:03 3,597 ----a-w H:\Program Files\Read_Me.txt
2007-06-20 17:53 81,920 ----a-w H:\Documents and Settings\Jason\Wow.dll
2007-06-20 17:53 53,248 ----a-w H:\Documents and Settings\Jason\Loader.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-07-07 13:41 5724184]
"ctfmon.exe"="H:\WINDOWS\system32\ctfmon.exe" [2008-04-14 08:12 15360]
"MSMSGS"="H:\Program Files\Messenger\msmsgs.exe" [2008-04-14 08:12 1695232]
"BitTorrent DNA"="H:\Program Files\DNA\btdna.exe" [2008-07-02 21:17 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="H:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"ccApp"="H:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 17:14 53408]
"vptray"="H:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-06-15 01:40 124656]
"SSBkgdUpdate"="H:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648]
"PaperPort PTD"="H:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 14:25 57393]
"IndexSearch"="H:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 14:45 40960]
"SetDefPrt"="H:\Program Files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 18:02 49152]
"ControlCenter2.0"="H:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 17:42 933888]
"PCSuiteTrayApplication"="H:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-06-15 12:36 229376]
"IMJPMIG8.1"="H:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 22:32 208952]
"MSPY2002"="H:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 22:31 59392]
"PHIME2002ASync"="H:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 22:32 455168]
"PHIME2002A"="H:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 22:32 455168]
"StormCodec_Helper"="H:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [2006-09-30 15:25 96984]
"NSLauncher"="H:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-05-09 14:57 3084288]
"Adobe Reader Speed Launcher"="H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"TkBellExe"="H:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-02 11:39 185896]
"NvMediaCenter"="H:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]
"QuickTime Task"="H:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"AppleSyncNotifier"="H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"iTunesHelper"="H:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 H:\WINDOWS\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= H:\Program Files\WIZET\MapleStory\l3codeca.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 H:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-02 22:46 1630208 H:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"H:\\Program Files\\WIZET\\MapleStory\\MapleStory.exe"=
"H:\\Program Files\\uTorrent\\utorrent.exe"=
"H:\\Program Files\\DNA\\btdna.exe"=
"H:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"H:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"H:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"H:\\Program Files\\Hamachi\\hamachi.exe"=
"H:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"H:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"H:\\Program Files\\iTunes\\iTunes.exe"=

R3 2WIREPCP;2Wire USB;H:\WINDOWS\system32\DRIVERS\2WirePCP.sys [2007-06-29 03:18]
S3 geebers12;geebers12;H:\DOCUME~1\Jason\LOCALS~1\Temp\Rar$EX24.7375\Msea V0.42 hacks pack\Buffy Engine 2\nvid888.sys []
S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;H:\DOCUME~1\Jason\LOCALS~1\Temp\Rar$EX00.688\MoonLightEngine lite 1055\IlvMoney1055.sys []
S3 SunkFilt6;Alcor Micro Corp - 6360;H:\WINDOWS\System32\Drivers\sunkfilt6.sys []
S3 SunkFilt62;Alcor Micro Corp - 6362;H:\WINDOWS\System32\Drivers\sunkfilt62.sys []
S3 XDva011;XDva011;H:\WINDOWS\system32\XDva011.sys []
S3 XDva020;XDva020;H:\WINDOWS\system32\XDva020.sys []
S3 XDva098;XDva098;H:\WINDOWS\system32\XDva098.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\Startup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-02 H:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- H:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-08-05 H:\WINDOWS\Tasks\MP Scheduled Scan.job
- H:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{267212FE-B77A-4C83-BB75-3F84B52A3BEE} - __BHODemonDisabled
MSConfigStartUp-IMJPMIG8 - --H:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
MSConfigStartUp-PHIME2002A - --H:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE
MSConfigStartUp-PHIME2002ASync - --H:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE
MSConfigStartUp-SoundMan - -SOUNDMAN.EXE


.
------- Supplementary Scan -------
.
FireFox -: Profile - H:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\6p3d4ewq.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-upgrd&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com.sg
FF -: plugin - H:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - H:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - H:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - H:\Program Files\Java\jre1.5.0_11\bin\NPJava11.dll
FF -: plugin - H:\Program Files\Java\jre1.5.0_11\bin\NPJava12.dll
FF -: plugin - H:\Program Files\Java\jre1.5.0_11\bin\NPJava13.dll
FF -: plugin - H:\Program Files\Java\jre1.5.0_11\bin\NPJava14.dll
FF -: plugin - H:\Program Files\Java\jre1.5.0_11\bin\NPJava32.dll
FF -: plugin - H:\Program Files\Java\jre1.5.0_11\bin\NPJPI150_11.dll
FF -: plugin - H:\Program Files\Java\jre1.5.0_11\bin\NPOJI610.dll
FF -: plugin - H:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF -: plugin - H:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-05 20:30:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"H:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"H:\Program Files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
------------------------ Other Running Processes ------------------------
.
H:\Program Files\Windows Defender\MsMpEng.exe
H:\WINDOWS\system32\brss01a.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
H:\Program Files\Symantec AntiVirus\DefWatch.exe
H:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
H:\WINDOWS\system32\rundll32.exe
H:\Program Files\PC Connectivity Solution\ServiceLayer.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-08-05 20:35:54 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-05 12:35:51

Pre-Run: 30,140,588,032 bytes free
Post-Run: 30,546,341,888 bytes free

255


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:44:49, on 8/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Windows Defender\MsMpEng.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\brss01a.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
H:\Program Files\Symantec AntiVirus\DefWatch.exe
H:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
H:\Program Files\Common Files\Symantec Shared\ccApp.exe
H:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
H:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
H:\Program Files\Common Files\Real\Update_OB\realsched.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\QuickTime\QTTask.exe
H:\Program Files\iTunes\iTunesHelper.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\DNA\btdna.exe
H:\Program Files\PC Connectivity Solution\ServiceLayer.exe
H:\Program Files\iPod\bin\iPodService.exe
H:\WINDOWS\system32\wscntfy.exe
H:\WINDOWS\explorer.exe
H:\WINDOWS\system32\notepad.exe
H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
H:\WINDOWS\system32\notepad.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\WINDOWS\system32\notepad.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = fol.singnet.com.sg:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - H:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - H:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - H:\Program Files\FlashGet\getflash.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - H:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - H:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - H:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "H:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] H:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "H:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] H:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] H:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] H:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] H:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [PCSuiteTrayApplication] H:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [IMJPMIG8.1] "H:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] H:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] H:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] H:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [StormCodec_Helper] "H:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NSLauncher] H:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "H:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "H:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Download All with FlashGet - H:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - H:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: + &Mass Downloader: download this file - H:\Program Files\Mass Downloader\Add_Url.htm
O8 - Extra context menu item: + Mass Downloader: download &All files - H:\Program Files\Mass Downloader\Add_All.htm
O8 - Extra context menu item: Download using LeechGet - file://H:\Program Files\LeechGet 2007\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://H:\Program Files\LeechGet 2007\\Wizard.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://H:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://H:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://H:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://H:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Parse with LeechGet - file://H:\Program Files\LeechGet 2007\\Parser.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - H:\Program Files\Mass Downloader\massdown.exe
O9 - Extra 'Tools' menuitem: &Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - H:\Program Files\Mass Downloader\massdown.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - H:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - H:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe (file missing)
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: H:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0FC64BDC-D14D-4F04-802D-4B9104DF16FB} (SystemCheck Class) - http://www.singnet.com.sg/technical/helpto.../ALTControl.cab
O16 - DPF: {2B866353-E598-4403-8E4D-B871AB30DC55} (Speed Class) - http://www.singnet.com.sg/technical/helpto...a/SpeedCtrl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - H:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by131fd.bay131.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-SG/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1191156788559
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1213061124171
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} - http://app.ipop.co.kr/gom/GomWeb.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...ows-i586-jc.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O23 - Service: Apple Mobile Device - Apple Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - H:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - H:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - H:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MySQL - Unknown owner - H:\Program.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - H:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - H:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - H:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - H:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 13964 bytes

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:38 AM

Posted 05 August 2008 - 08:06 AM

Hi,

This looks OK again. Just some leftovers to deal with...

Go to start > run and copy and paste next commands one by one in the field and hit enter:

sc delete geebers12

sc delete IlvMoneyDRIVER53

sc delete SunkFilt6

sc delete SunkFilt62

sc delete XDva011

sc delete XDva020

sc delete XDva098


After you have entered every command, a dosbox should popup and close quickly again. This is all what it is supposed to do.

Then, Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 7.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 7".
  • Click the "Download" button to the right.
  • For Platform, select "Windows"
  • For language, select your language
  • Read the License agreement and then Check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement".
  • Click Continue
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • Java™ 6 Update 5
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u7-windows-i586-p.exe to install the newest version.
Then * Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 regret

regret
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 05 August 2008 - 08:30 AM

thanks for your help =) everything is working fine now. if there are any problems i will ask for help again. thanks once again for your fast replies and help. :thumbsup:

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:38 AM

Posted 05 August 2008 - 08:49 AM

Glad I could help. :thumbsup:

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:38 AM

Posted 10 August 2008 - 01:13 PM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users