Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Bancos.ixq Trojan (ca Yahoo Antispy)


  • This topic is locked This topic is locked
2 replies to this topic

#1 Konata Izumi

Konata Izumi

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:19 PM

Posted 08 August 2008 - 09:59 AM

I scanned my pc with CA Yahoo Toolbar Antispy and I always get a bancos.ixq trojan ><
I also scanned my pc using AVAST antivirus and it found something it cannot repair,move to chest,or delete the infection.
forgot the name though.. after that I keep getting this bancos.ixq trojan when scanning my pc with CA yahoo toolbar

Here's the main.txt from DSS

Deckard's System Scanner v20071014.68
Run by Konata Izumi on 2008-08-08 22:52:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
29: 2008-08-08 20:46:29 UTC - RP29 - Deckard's System Scanner Restore Point
28: 2008-08-07 20:19:37 UTC - RP28 - Restore Point (After Cacheman Tweak)
27: 2008-08-06 18:28:43 UTC - RP27 - System Checkpoint
26: 2008-08-04 20:23:24 UTC - RP26 - System Checkpoint
25: 2008-08-03 02:29:41 UTC - RP25 - Removed SUPERAntiSpyware Professional


-- First Restore Point --
1: 2008-07-27 22:17:33 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Konata Izumi.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:42 PM, on 8/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WindowZones\WindowZones.sys
C:\Program Files\WindowZones\WindowZones.sys
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\WindowZones\WindowZones.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\WindowZones\WindowZones.exe
C:\Program Files\Comodo\Firewall\cfp.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\eBoostr\eBoostrCP.exe
C:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\Sun\SDK\jdk\bin\javaw.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\eBoostr\EBstrSvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\Integrator.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Auto Shutdown Genius\ShutdownSvr.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Konata Izumi\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\KONATA~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\PROGRA~1\SPEEDB~1\vaproxy.pac
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WindowZones] C:\Program Files\WindowZones\WindowZones.exe -startminimize
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [SpeedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Startup: Hare.lnk = C:\Program Files\Dachshund Software\Hare\Hare.exe
O4 - Startup: SDK Tray Menu.lnk = ?
O4 - Global Startup: eBoostr Control Panel.lnk = C:\Program Files\eBoostr\eBoostrCP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1217180677484
O17 - HKLM\System\CCS\Services\Tcpip\..\{3451F08E-1BD6-47AA-A709-A9BAC5520F7C}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{3451F08E-1BD6-47AA-A709-A9BAC5520F7C}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{3451F08E-1BD6-47AA-A709-A9BAC5520F7C}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS3\Services\Tcpip\..\{3451F08E-1BD6-47AA-A709-A9BAC5520F7C}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\cssdll32.dll,wbsys.dll C:\WINDOWS\system32\guard32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: eBoostr Service (EBOOSTRSVC) - Unknown owner - C:\Program Files\eBoostr\EBstrSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Auto Shutdown Service (ShutdownService) - Unknown owner - C:\Program Files\Auto Shutdown Genius\ShutdownSvr.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: WindowZones Service (WZSvc) - ByteCrusher - C:\Program Files\WindowZones\WindowZones.sys

--
End of file - 9812 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 WindowZones (WindowZones Process Monitor Driver) - c:\program files\windowzones\windowzones.drv <Not Verified; ByteCrusher; WindowZones>
R2 sbbotdi - c:\program files\speedbit video accelerator\sbbotdi.sys <Not Verified; SpeedBit Ltd.; Speedbit TDI Driver>

S0 BootScreen - c:\windows\\systemroot\system32\drivers\vidstub.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CachemanXPService (CachemanXP) - c:\progra~1\cachem~1\cachemanxp.exe <Not Verified; Outertech; >
R2 EBOOSTRSVC (eBoostr Service) - "c:\program files\eboostr\ebstrsvc.exe"
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 PLFlash DeviceIoControl Service - c:\windows\system32\ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application>
R2 ShutdownService (Auto Shutdown Service) - c:\program files\auto shutdown genius\shutdownsvr.exe
R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>
R2 WZSvc (WindowZones Service) - c:\program files\windowzones\windowzones.sys <Not Verified; ByteCrusher; WindowZones>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-07-08 and 2008-08-08 -----------------------------

2008-08-08 22:32:15 0 d-------- C:\Program Files\Trend Micro
2008-08-08 19:05:38 0 dr-h----- C:\Documents and Settings\Konata Izumi\Recent
2008-08-07 22:06:11 0 d-------- C:\Program Files\CachemanXP
2008-08-06 03:09:20 515 --ah----- C:\WINDOWS\wininf.dat
2008-08-06 03:09:16 0 d-------- C:\Program Files\Dachshund Software
2008-08-06 02:33:28 0 d-------- C:\Program Files\SpeedBit Video Accelerator
2008-08-05 19:16:58 65536 --a------ C:\WINDOWS\IFinst27.exe
2008-08-04 22:01:07 0 d-------- C:\Program Files\AskSBar
2008-08-03 22:45:07 0 d-------- C:\Program Files\Auto Shutdown Genius
2008-08-03 22:29:21 0 d-------- C:\WINDOWS\pss
2008-08-03 20:27:54 187392 --a------ C:\WINDOWS\system32\JPGUtils.dll
2008-08-03 20:27:53 0 d-------- C:\Program Files\WinCustomize
2008-08-03 13:06:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-03 04:29:46 0 d-------- C:\WINDOWS\system32\appmgmt
2008-08-03 04:21:01 0 d-------- C:\Program Files\Common Files\Stardock
2008-08-03 04:21:00 163712 --a------ C:\WINDOWS\system32\drivers\vidstub.sys
2008-08-03 04:05:49 0 d-------- C:\Program Files\Stardock
2008-08-03 04:03:59 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-08-03 00:59:00 0 d-------- C:\Program Files\StepMania
2008-08-02 12:08:12 0 d-------- C:\Documents and Settings\Konata Izumi\Application Data\Sun
2008-08-01 21:43:55 0 d-------- C:\Program Files\WindowZones
2008-08-01 18:29:55 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-08-01 15:18:33 0 d-------- C:\Program Files\e-Games
2008-08-01 12:57:38 0 d-------- C:\Documents and Settings\Konata Izumi\Application Data\fretsonfire
2008-08-01 12:57:30 0 d-------- C:\Program Files\Frets on Fire
2008-08-01 05:56:11 0 d-------- C:\Documents and Settings\Konata Izumi\.netbeans-derby
2008-08-01 05:55:05 0 d-------- C:\Documents and Settings\Konata Izumi\.netbeans
2008-08-01 05:51:59 0 d-------- C:\Documents and Settings\Konata Izumi\.netbeans-registration
2008-08-01 05:48:39 0 d-------- C:\Program Files\glassfish-v2ur2
2008-08-01 05:37:07 0 d-------- C:\Program Files\NetBeans 6.1
2008-08-01 05:29:43 23434 --a------ C:\WINDOWS\system32\productregistry
2008-08-01 05:27:37 0 d-------- C:\Sun
2008-08-01 05:22:37 0 d-------- C:\Program Files\Veoh Networks
2008-08-01 05:22:03 0 d-------- C:\WINDOWS\Downloaded Installations
2008-08-01 03:05:29 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-08-01 02:47:00 0 d-------- C:\Documents and Settings\Konata Izumi\.nbi
2008-08-01 02:45:13 0 d-------- C:\Program Files\Java
2008-08-01 02:42:44 0 d-------- C:\Program Files\Common Files\Java
2008-08-01 02:31:43 0 d-------- C:\Documents and Settings\Konata Izumi\Application Data\BitTorrent
2008-08-01 02:31:33 0 d-------- C:\Program Files\DNA
2008-08-01 02:31:33 0 d-------- C:\Documents and Settings\Konata Izumi\Application Data\DNA
2008-08-01 02:31:32 0 d-------- C:\Program Files\BitTorrent
2008-07-30 13:03:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-07-30 13:00:24 0 d-------- C:\Program Files\Microsoft Works
2008-07-30 13:00:15 0 d-------- C:\Program Files\MSBuild
2008-07-30 12:57:20 0 d-------- C:\WINDOWS\SHELLNEW
2008-07-30 12:56:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-30 12:56:10 0 dr-h----- C:\MSOCache
2008-07-29 16:25:02 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-29 16:24:56 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-29 16:24:56 0 d-------- C:\Documents and Settings\Konata Izumi\Application Data\SUPERAntiSpyware.com
2008-07-29 03:07:44 0 d-------- C:\Documents and Settings\Konata Izumi\Application Data\Comodo
2008-07-28 05:15:53 0 d-------- C:\Program Files\Windows Media Connect 2
2008-07-28 05:14:43 0 d-------- C:\WINDOWS\system32\LogFiles
2008-07-28 05:14:43 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-07-28 05:02:48 0 d-------- C:\Program Files\MSXML 4.0
2008-07-28 02:06:17 0 d--hs---- C:\WINDOWS\Installer
2008-07-28 02:06:16 0 d-------- C:\Program Files\Common Files\ODBC
2008-07-28 02:06:13 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-07-28 02:06:12 0 dr------- C:\Program Files
2008-07-28 02:06:12 0 d-------- C:\Program Files\Common Files
2008-07-28 02:05:41 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-07-28 02:05:41 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-07-28 02:05:41 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-07-28 02:05:41 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-07-28 02:05:41 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-07-28 02:05:41 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-07-28 02:05:41 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-07-28 02:05:41 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-07-28 02:05:41 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-07-28 02:05:41 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-07-28 02:05:41 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-07-28 02:05:41 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-07-28 02:05:41 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-07-28 02:05:41 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-07-28 02:05:41 0 dr------- C:\Documents and Settings\All Users\Documents
2008-07-28 02:05:41 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-07-28 02:04:15 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-07-28 02:04:15 0 d-------- C:\WINDOWS\system32\CatRoot
2008-07-28 02:04:09 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-07-28 02:04:09 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-07-28 02:04:09 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-07-28 02:04:09 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-07-28 02:03:47 0 d-------- C:\Documents and Settings
2008-07-28 02:03:46 0 d--hs---- C:\System Volume Information
2008-07-28 01:59:20 0 d-------- C:\WINDOWS
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\WinSxS
2008-07-28 01:59:20 0 dr------- C:\WINDOWS\Web
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\twain_32
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\wins
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\wbem
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\usmt
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\spool
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\ShellExt
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\Setup
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\scripting
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\ras
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\oobe
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\npp
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\mui
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\inetsrv
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\IME
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\icsxml
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\ias
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\export
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\en
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\drivers
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-07-28 01:59:20 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\dhcp
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\config
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\3076
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\2052
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\1054
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\1042
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\1041
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\1037
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\1033
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\1031
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\1028
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system32\1025
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\system
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\security
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\Resources
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\repair
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\Provisioning
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\PeerNet
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\pchealth
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\Network Diagnostic
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\mui
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\msapps
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\msagent
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\Media
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\L2Schemas
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\java
2008-07-28 01:59:20 0 d--h----- C:\WINDOWS\inf
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\ime
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\Help
2008-07-28 01:59:20 0 dr--s---- C:\WINDOWS\Fonts
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\ehome
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\Driver Cache
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\Debug
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\Cursors
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\Connection Wizard
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\Config
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\AppPatch
2008-07-28 01:59:20 0 d-------- C:\WINDOWS\addins
2008-07-28 00:22:31 0 d-------- C:\WINDOWS\system32\Lang
2008-07-28 00:20:32 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-07-28 00:20:30 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-07-28 00:20:30 0 d-------- C:\Program Files\Intel
2008-07-28 00:20:28 0 d-------- C:\Intel
2008-07-28 00:19:29 0 d-------- C:\WINDOWS\system32\Tools
2008-07-28 00:19:19 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-28 00:18:26 4864 -ra------ C:\WINDOWS\system32\drivers\PortIo.sys <Not Verified; Windows ® Codename Longhorn DDK provider; Windows ® Codename Longhorn DDK driver>
2008-07-28 00:17:23 0 d-------- C:\Documents and Settings\Konata Izumi\Application Data\Identities
2008-07-28 00:17:11 0 d--h----- C:\Documents and Settings\Konata Izumi\Templates
2008-07-28 00:17:11 0 dr------- C:\Documents and Settings\Konata Izumi\Start Menu
2008-07-28 00:17:11 0 dr-h----- C:\Documents and Settings\Konata Izumi\SendTo
2008-07-28 00:17:11 0 d--h----- C:\Documents and Settings\Konata Izumi\PrintHood
2008-07-28 00:17:11 6291456 --ah----- C:\Documents and Settings\Konata Izumi\NTUSER.DAT
2008-07-28 00:17:11 0 d--h----- C:\Documents and Settings\Konata Izumi\NetHood
2008-07-28 00:17:11 0 dr------- C:\Documents and Settings\Konata Izumi\My Documents
2008-07-28 00:17:11 0 d--h----- C:\Documents and Settings\Konata Izumi\Local Settings
2008-07-28 00:17:11 0 dr------- C:\Documents and Settings\Konata Izumi\Favorites
2008-07-28 00:17:11 0 d-------- C:\Documents and Settings\Konata Izumi\Desktop
2008-07-28 00:17:11 0 d--hs---- C:\Documents and Settings\Konata Izumi\Cookies
2008-07-28 00:17:11 0 dr-h----- C:\Documents and Settings\Konata Izumi\Application Data
2008-07-28 00:16:32 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-07-28 00:16:30 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-07-28 00:16:30 0 d-------- C:\WINDOWS\Prefetch
2008-07-28 00:16:29 241664 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-07-28 00:16:29 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-07-28 00:16:29 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-07-28 00:16:29 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-07-28 00:16:29 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-07-28 00:16:10 241664 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-07-28 00:16:10 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-07-28 00:16:10 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-07-28 00:16:10 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-07-28 00:16:10 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-07-28 00:13:59 0 d-------- C:\WINDOWS\system32\xircom
2008-07-28 00:13:59 0 d-------- C:\Program Files\microsoft frontpage
2008-07-28 00:13:52 241664 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-07-28 00:13:41 0 -rahs---- C:\MSDOS.SYS
2008-07-28 00:13:41 0 -rahs---- C:\IO.SYS
2008-07-28 00:13:41 0 --a------ C:\CONFIG.SYS
2008-07-28 00:13:41 0 --a------ C:\AUTOEXEC.BAT
2008-07-28 00:12:58 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-07-28 00:12:50 0 dr------- C:\WINDOWS\Offline Web Pages
2008-07-28 00:12:50 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-07-28 00:12:43 0 d--h----- C:\Program Files\WindowsUpdate
2008-07-28 00:12:23 0 d-------- C:\WINDOWS\system32\DirectX
2008-07-28 00:12:01 0 d---s---- C:\WINDOWS\Tasks
2008-07-28 00:12:00 0 d-------- C:\Program Files\Common Files\MSSoap
2008-07-28 00:11:55 0 d-------- C:\WINDOWS\srchasst
2008-07-28 00:11:54 0 d-------- C:\WINDOWS\system32\Macromed
2008-07-28 00:11:45 0 d-------- C:\Program Files\Movie Maker
2008-07-28 00:11:19 0 d-------- C:\WINDOWS\system32\Restore
2008-07-28 00:10:44 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-07-28 00:10:29 0 d-------- C:\WINDOWS\Registration
2008-07-28 00:10:23 0 d-------- C:\Program Files\Online Services
2008-07-28 00:10:17 0 d-------- C:\Program Files\Messenger
2008-07-28 00:10:12 0 d-------- C:\Program Files\MSN Gaming Zone
2008-07-28 00:09:32 0 d-------- C:\Program Files\Windows NT
2008-07-28 00:09:27 0 d-------- C:\WINDOWS\system32\MsDtc
2008-07-28 00:09:24 0 d-------- C:\WINDOWS\system32\Com
2008-07-27 23:52:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2008-07-27 23:52:03 216576 --a------ C:\WINDOWS\system32\monln.dll <Not Verified; Comodo Inc.; Comodo Anti-Viruspyware>
2008-07-27 23:52:01 0 d-------- C:\Program Files\Comodo
2008-07-27 21:13:34 0 d-------- C:\Documents and Settings\Konata Izumi\Application Data\Nero
2008-07-27 21:12:01 0 d-------- C:\Program Files\Nero
2008-07-27 21:12:01 0 d-------- C:\Program Files\Common Files\Nero
2008-07-27 21:12:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-07-27 21:11:21 0 d-------- C:\WINDOWS\RegisteredPackages
2008-07-27 21:01:46 0 d-------- C:\Documents and Settings\All Users\Application Data\eboostr
2008-07-27 21:01:38 0 d-------- C:\Program Files\eBoostr
2008-07-27 19:47:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-07-27 19:47:21 0 d-------- C:\WINDOWS\system32\PreInstall
2008-07-27 19:47:20 0 d--h----- C:\WINDOWS\$hf_mig$
2008-07-27 19:45:15 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-07-27 19:44:27 0 d--hs---- C:\Documents and Settings\Konata Izumi\UserData
2008-07-27 19:32:48 0 d-------- C:\Program Files\Defraggler
2008-07-27 19:29:55 0 d-------- C:\Documents and Settings\Konata Izumi\Application Data\Yahoo!
2008-07-27 19:29:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-07-27 19:29:51 0 d-------- C:\Program Files\Garena
2008-07-27 19:29:42 0 d-------- C:\Documents and Settings\Konata Izumi\Application Data\InstallShield
2008-07-27 19:25:40 0 d-------- C:\Program Files\CCleaner
2008-07-27 19:24:00 0 d-------- C:\Program Files\Common Files\Scanner
2008-07-27 19:23:58 0 d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-07-27 19:16:04 35378 --a------ C:\WINDOWS\DIIUnin.dat
2008-07-27 19:16:02 2829 --a------ C:\WINDOWS\DIIUnin.pif
2008-07-27 19:16:02 94208 --a------ C:\WINDOWS\DIIUnin.exe <Not Verified; Blizzard Entertainment; Diablo II Uninstaller>
2008-07-27 19:09:57 0 d-------- C:\Program Files\Diablo II
2008-07-27 19:07:13 0 d-------- C:\Documents and Settings\Konata Izumi\Application Data\Macromedia
2008-07-27 19:06:58 0 d-------- C:\Documents and Settings\Konata Izumi\Application Data\Adobe
2008-07-27 19:06:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-07-27 19:05:27 0 d-------- C:\Program Files\Yahoo!
2008-07-27 18:55:50 0 d-------- C:\Program Files\Alwil Software
2008-07-27 18:54:25 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-27 18:54:23 0 d-------- C:\Documents and Settings\Konata Izumi\Application Data\Mozilla
2008-07-27 18:37:51 0 d-------- C:\Program Files\Alcohol Soft
2008-07-27 18:36:13 716272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-07-27 18:34:27 0 d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-07-27 18:21:22 49152 -r------- C:\WINDOWS\system32\ChCfg.exe
2008-07-27 18:21:07 0 d-------- C:\WINDOWS\system32\RTCOM
2008-07-27 18:20:48 0 d-------- C:\Program Files\Realtek
2008-07-27 18:20:47 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-27 18:20:41 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-07-27 18:20:40 520192 -r------- C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>


-- Find3M Report ---------------------------------------------------------------

2008-08-08 22:50:46 61 --a------ C:\WINDOWS\hare.dat
2008-08-08 18:26:43 4527616 --a------ C:\WINDOWS\system32\logonuiX.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-28 02:05:41 62 --ahs---- C:\Documents and Settings\Konata Izumi\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
08/04/2008 10:01 PM 262144 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [08/04/2008 10:01 PM 262144]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [04/20/2007 07:57 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [04/20/2007 07:57 AM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [04/20/2007 07:57 AM]
"RTHDCPL"="RTHDCPL.EXE" [04/12/2007 11:33 AM C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [04/13/2007 09:36 AM C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/2005 12:43 PM C:\WINDOWS\Alcmtr.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [04/28/2008 05:14 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [02/18/2008 05:29 PM]
"COMODO SafeSurf"="C:\Program Files\COMODO\SafeSurf\cssurf.exe" [07/29/2008 03:08 AM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/26/2006 06:47 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/09/2008 10:27 PM]
"WindowZones"="C:\Program Files\WindowZones\WindowZones.exe" [02/21/2007 09:33 AM]
"BootSkin Startup Jobs"="C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [04/26/2004 10:21 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [07/19/2008 04:38 PM]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [09/03/2002 12:38 PM]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\cfp.exe" [08/06/2008 02:28 AM]
"SpeedBitVideoAccelerator"="C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe" [08/06/2008 02:33 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [07/27/2008 07:28 PM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 05:43 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 04:00 PM]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [02/28/2008 06:07 PM]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [08/01/2008 02:31 AM]
"@"="" []

C:\Documents and Settings\Konata Izumi\Start Menu\Programs\Startup\
Hare.lnk - C:\Program Files\Dachshund Software\Hare\Hare.exe [9/21/2002 12:26:40 PM]
SDK Tray Menu.lnk - C:\Sun\SDK\jdk\bin\javaw.exe [8/1/2008 5:29:22 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
eBoostr Control Panel.lnk - C:\Program Files\eBoostr\eBoostrCP.exe [5/19/2008 7:55:22 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"=0 (0x0)
"NoDesktopCleanupWizard"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBSrv.dll 08/03/2008 04:06 AM 210168 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= C:\WINDOWS\system32\cssdll32.dll,wbsys.dll C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Auto Shutdown Genius]
C:\Program Files\Auto Shutdown Genius\Shutdown.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b68d436-5bfa-11dd-8c29-001bb9adbd67}]
AutoRun\command- E:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3e0ba22-5e25-11dd-8c40-001bb9adbd67}]
AutoRun\command- I:\rqb0v2ot.bat
explore\Command- I:\rqb0v2ot.bat
open\Command- I:\rqb0v2ot.bat




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8940 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-08-08 22:53:35 ------------





and this is the extra.txt from DSS

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU E4500 @ 2.20GHz
Percentage of Memory in Use: 50%
Physical Memory (total/avail): 1014.17 MiB / 500.89 MiB
Pagefile Memory (total/avail): 2443.26 MiB / 1983.41 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1868.19 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 97.66 GiB total, 81.45 GiB free.
D: is Fixed (NTFS) - 51.39 GiB total, 49.26 GiB free.
E: is CDROM (CDFS)
F: is CDROM (No Media)
G: is Removable (FAT32)
H: is Fixed (NTFS) - 74.53 GiB total, 9.72 GiB free.

\\.\PHYSICALDRIVE1 - Hitachi HDS721680PLA380 - 74.53 GiB - 1 partition
\PARTITION0 - Installable File System - 74.53 GiB - H:

\\.\PHYSICALDRIVE0 - WDC WD1600AAJS-00PSA0 - 149.05 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 97.66 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 51.39 GiB - D:

\\.\PHYSICALDRIVE2 - JetFlash TS2GJFV60 USB Device - 1937.53 MiB - 1 partition
\PARTITION0 - Unknown - 1937.22 MiB - G:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Konata Izumi\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=XPSP3-WBB
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Konata Izumi
LOGONSERVER=\\XPSP3-WBB
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Sun\SDK\bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\KONATA~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\KONATA~1\LOCALS~1\Temp
USERDOMAIN=XPSP3-WBB
USERNAME=Konata Izumi
USERPROFILE=C:\Documents and Settings\Konata Izumi
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Konata Izumi (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Ask Toolbar --> rundll32 C:\PROGRA~1\AskSBar\bar\1.bin\AskSBar.dll,O
Auto Shutdown Genius 2.2.8 --> "C:\Program Files\Auto Shutdown Genius\unins000.exe"
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BitTorrent --> C:\Program Files\BitTorrent\uninst.exe
BootSkin --> C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\UNWISE.EXE C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\INSTALL.LOG
CA Yahoo! Anti-Spy (remove only) --> "C:\Program Files\CA Yahoo! Anti-Spy\uninstall.exe"
CachemanXP 1.7.0.1 --> C:\PROGRA~1\CACHEM~1\UNINST~1\Trialpay.exe C:\PROGRA~1\CACHEM~1\UNINST~1\install.log
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
ClearType Tuning Control Panel Applet --> MsiExec.exe /I{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}
COMODO Firewall Pro --> C:\Program Files\COMODO\Firewall\cfpconfg.exe -u
COMODO SafeSurf --> C:\Program Files\COMODO\SafeSurf\cssconfg.exe -u
Defraggler (remove only) --> "C:\Program Files\Defraggler\uninst.exe"
Diablo II --> C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL
eBoostr 2 --> C:\Program Files\eBoostr\uninstall.exe
Frets On Fire --> "C:\Program Files\Frets on Fire\Uninstall.exe"
Garena --> C:\Program Files\InstallShield Installation Information\{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}\setup.exe -runfromtemp -l0x0009 -removeonly
GlassFish V2 UR2 --> "C:\Program Files\glassfish-v2ur2\uninstall.exe"
Hare 1.5.1 --> "C:\Program Files\Dachshund Software\Hare\Uninstall.exe" "C:\Program Files\Dachshund Software\Hare\install.log"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel® Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
Java Platform, Enterprise Edition 5 SDK --> "C:\Sun\SDK\uninstall.exe" -javahome "C:\Sun\SDK\jdk"
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LogonStudio --> C:\PROGRA~1\WINCUS~1\LOGONS~1\UNWISE.EXE C:\PROGRA~1\WINCUS~1\LOGONS~1\INSTALL.LOG
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Ultimate 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ULTIMATER /dll OSETUP.DLL
Microsoft Office Ultimate 2007 --> MsiExec.exe /X{91120000-002E-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 8 --> MsiExec.exe /X{3C5F1B30-B10B-4579-86DD-D00F662E1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NetBeans IDE 6.1 --> "C:\Program Files\NetBeans 6.1\uninstall.exe"
O2jam --> "C:\Program Files\e-Games\O2jam\uninstall.exe"
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
SpeedBit Video Accelerator --> C:\PROGRA~1\SPEEDB~1\UNWISE.EXE C:\PROGRA~1\SPEEDB~1\INSTALL.LOG
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
StepMania (remove only) --> "C:\Program Files\StepMania\uninstall.exe"
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
WindowBlinds --> C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\INSTALL.LOG
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WindowZones 1.0 --> "C:\Program Files\WindowZones\unins000.exe"
WinZip 11.2 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE


-- Application Event Log -------------------------------------------------------

Event Record #/Type455 / Warning
Event Submitted/Written: 08/08/2008 07:09:54 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type357 / Warning
Event Submitted/Written: 08/03/2008 09:17:14 PM
Event ID/Source: 63 / WinMgmt
Event Description:
A provider, OffProv12, has been registered in the WMI namespace, Root\MSAPPS12, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Event Record #/Type356 / Warning
Event Submitted/Written: 08/03/2008 09:17:14 PM
Event ID/Source: 63 / WinMgmt
Event Description:
A provider, OffProv12, has been registered in the WMI namespace, Root\MSAPPS12, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Event Record #/Type263 / Error
Event Submitted/Written: 08/01/2008 05:23:53 AM
Event ID/Source: 11904 / MsiInstaller
Event Description:
Product: VeohTV BETA -- Error 1904.Module C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll failed to register. HRESULT -2147220473. Contact your support personnel.

Event Record #/Type259 / Warning
Event Submitted/Written: 08/01/2008 03:01:50 AM
Event ID/Source: 2002 / LoadPerf
Event Description:
The MOF file created for the Outlook service could not be loaded. The
error code returned by the MOF Compiler is contained in the Record Data.
Before the performance counters of this service can be collected by WMI
the MOF file will need to be loaded manually. Contact the vendor of this
service for additional information.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type2757 / Error
Event Submitted/Written: 08/08/2008 08:00:48 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The DNS Client service terminated with the following error:
%%1714

Event Record #/Type2752 / Error
Event Submitted/Written: 08/08/2008 08:00:48 PM
Event ID/Source: 11004 / dnscache
Event Description:
Unable to start DNS Client service. Could not start the
Remote Procedure Call (RPC) interface for this service.
To correct the problem, you may restart the RPC and DNS
Client services. To do so, use the following commands at a command
prompt: (1) type "net start rpc" to start the RPC service, and (2)
type "net start dnscache" to start the DNS Client service. For
specific error code information, see the record data displayed below.

Event Record #/Type2749 / Error
Event Submitted/Written: 08/08/2008 08:00:40 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The DNS Client service terminated with the following error:
%%1714

Event Record #/Type2744 / Error
Event Submitted/Written: 08/08/2008 08:00:40 PM
Event ID/Source: 11004 / dnscache
Event Description:
Unable to start DNS Client service. Could not start the
Remote Procedure Call (RPC) interface for this service.
To correct the problem, you may restart the RPC and DNS
Client services. To do so, use the following commands at a command
prompt: (1) type "net start rpc" to start the RPC service, and (2)
type "net start dnscache" to start the DNS Client service. For
specific error code information, see the record data displayed below.

Event Record #/Type2717 / Warning
Event Submitted/Written: 08/08/2008 08:00:14 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 001BB9ADBD67. The IP address being used is 169.254.43.116.



-- End of Deckard's System Scanner: finished at 2008-08-08 22:53:35 ------------

BC AdBot (Login to Remove)

 


#2 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:19 PM

Posted 19 August 2008 - 05:42 AM

Hello and welcome to BC

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

Please see here for instructions
how to install HijackThis and make a logfile. Save it into convenient location and include it to your next reply, please.

Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Please post back with HijackThis log and Kaspersky report.

Regards
Microsoft MVP Consumer Security
Posted Image

Posted Image

#3 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:19 PM

Posted 24 August 2008 - 05:19 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users