Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Kryptik Trojan removal.


  • This topic is locked This topic is locked
2 replies to this topic

#1 Cliff.DeVaul

Cliff.DeVaul

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:27 PM

Posted 25 September 2010 - 10:26 PM

Good day,

I've had an issue for a rather long time now with trying to use many different spyware/malware/adware removal tools to rid my computer of all the threats/viruses/trojans it had on it when I purchased it. (used of course) I am including the log from my ESET Scan. Currently ESET is the only program I actively use for antivirus/network security/antispam etc. etc. If you could help me remove what appears to be the only thing left the Kriptik trojan. It will randomly try to access the internet (Internet Explorer is my prefered browser) and when I search via google or bing it will occassionally shoot me to some random site. Now that I have ESET up and operational it stops these things from happening but it is unable to completely remove all the files even after multiple scans, halts, restarts, etc. I hope there is something we can do to resolve this and thank you for your time.

Scan Log
Version of virus signature database: 5479 (20100925)
Date: 9/25/2010 Time: 9:18:51 PM
Scanned disks, folders and files: Operating memory;C:\Boot sector;C:\
C:\WINDOWS\system32\dot3gpclnt32.dll - a variant of Win32/Kryptik.FCE trojan - cleaned by deleting (after the next restart) - quarantined [1,2]
C:\hiberfil.sys - error opening [4]
C:\pagefile.sys - error opening [4]
C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\u4j1wked.default\extensions\{31c30968-51ca-4b86-b42e-3770a8bd31d0}\chrome\xulcache.jar » ZIP » content/overlay.xul - JS/Agent.NCP trojan - was a part of the deleted object
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pmpsx1jq.default\extensions\{31c30968-51ca-4b86-b42e-3770a8bd31d0}\chrome\xulcache.jar » ZIP » content/overlay.xul - JS/Agent.NCP trojan - was a part of the deleted object
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{29EB03EB-17FE-410A-9345-9844DC0A2EA6}\Microsoft\Outlook Express\Inbox.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{29EB03EB-17FE-410A-9345-9844DC0A2EA6}\Microsoft\Outlook Express\Outbox.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0I662T51\comment-func[1].php » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.94516D55_6406_464D_9270_8D4D33342AE2 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.A1FFBB52_4F2E_44F1_8614_5D66C2EF43F0 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.03A77D79_488A_445D_B528_0E0089E3FCB3 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.D495C848_F235_46BF_A9A0_77D7C2120E3B » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.445237FC_7259_4EAD_ACEF_7ED7A95D32D7 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.79A89863_540B_470E_9C71_D57F22BFA44D » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.5ACB9F6A_C06C_4121_B854_7133C2ED29A8 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.15989D71_6BEB_424A_88DF_78A882081F91 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.1C571119_9D2B_4542_84BD_0CD3AA24E739 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.C4EB4D09_95BA_4DC2_9551_B6E637DA2230 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.BC3B29D8_FFCF_4BFA_B238_F79FEAB1AF5E » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.C39C5B26_ED03_4B04_9CFD_166FDC7523D1 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.C05C46CB_E961_4BBA_86BE_4FE1A4426A32 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.87E45AFF_C0E7_4B6E_8E37_52EEB71BF5B7 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.E34CAC5A_4546_4E3A_BFFA_CE28E0CED140 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.14AFC4D4_5454_4AD5_B7FC_10D4FAB85CF3 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.B4924446_617C_4229_8C33_089CD780544D » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.F02247A4_BA3B_4A1D_B7EA_2CB2F17490B7 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.7E03236B_A15C_465D_8924_859B2954BFA2 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.0F75E4D6_4C58_47F6_B626_BA408BA6F03B » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.B3E4ACDE_961E_474B_87CC_22A67A5E77CB » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.D8256176_51D5_41D4_B965_C7B0BC9E4A27 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht.D073AD43_9C5B_4759_A404_ED1717BEEAD7 » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\LS_HSI.msi » MSI » Data1.cab » CAB » Getting_Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\LightScribe\Content\Getting Started.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Common Files\Wise Installation Wizard\WIS95431C66CF9A4913BFFF6050785AFB65_4_2_24_3011.MSI » MSI » Cabs.w1.cab » CAB » SHDS.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\resources.jar » ZIP » com/sun/org/apache/xerces/internal/impl/msg/XIncludeMessages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\resources.jar » ZIP » com/sun/xml/internal/fastinfoset/resources/ResourceBundle.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Java\jre6\lib\resources.jar » ZIP » javax/xml/bind/Messages.properties » MIME - is OK (internal scanning not performed)
C:\Program Files\Microsoft\Search Enhancement Pack\Installers\SearchEnhancementPack2.0.264\SearchEnhancementPack.msi » MSI » SEP.cab » CAB » SHff_chrome_manifest » MIME - is OK (internal scanning not performed)
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\Aconti.zip » ZIP » aconti.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\Aconti.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\Aconti1.zip » ZIP » aconti.sdb - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\Aconti1.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\Aconti2.zip » ZIP » aconti.log - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\Aconti2.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\Aconti3.zip » ZIP » acontidialer.txt - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\Aconti3.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\Aconti4.zip » ZIP » acontidialer.txt - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\Aconti4.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\AdBreak.zip » ZIP » kvnab.dll - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\AdBreak.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\AdBreak1.zip » ZIP » kvnab.exe - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\AdBreak1.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\AdBreak10.zip » ZIP » xadbrk.dll - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\AdBreak10.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\AdBreak11.zip » ZIP » xadbrk.exe - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\AdBreak11.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\AdBreak12.zip » ZIP » xadbrk_.exe - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\AdBreak12.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\AdBreak2.zip » ZIP » kvnab$.exe - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\AdBreak2.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\AdBreak3.zip » ZIP » pbsysie.dll - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\AdBreak3.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\AdBreak4.zip » ZIP » wbeCheck.exe - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\AdBreak4.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\AdBreak5.zip » ZIP » wbeInst$.exe - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\AdBreak5.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\AdBreak6.zip » ZIP » settn.dll - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\AdBreak6.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\AdBreak7.zip » ZIP » hcwprn.exe - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\AdBreak7.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\AdBreak8.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\AdBreak8.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\AdBreak9.zip » ZIP » cbinst$.exe - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\AdBreak9.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\CnsMin.zip » ZIP » assist/asbar.dll - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\CnsMin.zip » ZIP » helper.dll - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\CnsMin.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\ConOptBHO.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\ConOptBHO.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\ConOptBHO1.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\ConOptBHO1.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\ConOptBHO2.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\ConOptBHO2.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\ConOptBHO3.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\ConOptBHO3.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\FakeAlertcc.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\FakeAlertcc.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\FaSSt.zip » ZIP » 7search.dll - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\FaSSt.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\FaSSt1.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\FaSSt1.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\FaSSt2.zip » ZIP » 7search.dll - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\FaSSt2.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\INetSpeak.zip » ZIP » iexplorr23.dll - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\INetSpeak.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudC.zip » ZIP » 764.exe - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudC.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudC1.zip » ZIP » flt.dll - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudC1.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudC2.zip » ZIP » wml.exe - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudC2.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudC3.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudC3.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudC4.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudC4.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudC5.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudC5.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudC6.zip » ZIP » ace16win.dll - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudC6.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgeneric.zip » ZIP » msole32.exe - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgeneric.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp.zip » ZIP » adbar.dll - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp1.zip » ZIP » daxtime.dll - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp1.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp10.zip » ZIP » kkcomp.exe - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp10.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp11.zip » ZIP » liqad$.exe - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp11.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp12.zip » ZIP » liqad.dll - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp12.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp13.zip » ZIP » liqad.exe - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp13.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp14.zip » ZIP » liqui-Uninstaller.exe - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp14.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp15.zip » ZIP » liqui.dll - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp15.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp16.zip » ZIP » liqui.exe - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp16.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp17.zip » ZIP » ngd.dll - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp17.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp18.zip » ZIP » pbar.dll - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp18.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp19.zip » ZIP » spredirect.dll - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp19.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp2.zip » ZIP » dp0.dll - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp2.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp20.zip » ZIP » wml.exe - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp20.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp21.zip » ZIP » xxxvideo.exe - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp21.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp22.zip » ZIP » systune.exe - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp22.zip » ZIP » __acelog.ndx - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp22.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp23.zip » ZIP » vxddsk.exe - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp23.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp24.zip » ZIP » vxddsk.exe - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp24.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp25.zip » ZIP » BarLcher.dll - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp25.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp26.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp26.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp27.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp27.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp28.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp28.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp29.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp29.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp3.zip » ZIP » eventlowg.dll - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp3.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp30.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp30.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp31.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp31.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp32.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp32.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp33.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp33.zip » ZIP » sbRecovery.ini - incorrect CRC checksum, the file may be damaged
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp34.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp34.zip » ZIP » sbRecovery.ini - incorrect CRC checksum, the file may be damaged
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp35.zip » ZIP » sbRecovery.reg - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp35.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp4.zip » ZIP » fhfmm-Uninstaller.exe - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp4.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp5.zip » ZIP » fhfmm.exe - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp5.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp6.zip » ZIP » ie_32.exe - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp6.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp7.zip » ZIP » jd2002.dll - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp7.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp8.zip » ZIP » kkcomp$.exe - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp8.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp9.zip » ZIP » kkcomp.dll - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SmitfraudCgp9.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SWAgent.zip » ZIP » awmsg.dat - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SWAgent.zip » ZIP » guid.dat - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SWAgent.zip » ZIP » ijl15.dll - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SWAgent.zip » ZIP » mfc42.dll - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SWAgent.zip » ZIP » msvcrt.dll - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SWAgent.zip » ZIP » unins000.dat - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SWAgent.zip » ZIP » unis000.exe - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SWAgent.zip » ZIP » winam.dat - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\SWAgent.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\WinBHOje.zip » ZIP » freesearchclub.dll - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\WinBHOje.zip » ZIP » lookerlive.dll - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\WinBHOje.zip » ZIP » usafindsite.dll - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc21\Recovery\WinBHOje.zip » ZIP » sbRecovery.ini - error - password-protected file
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc56\SearchEnhancementPackSetup[1].EXE » CAB » SearchEnhancementPack.msi » MSI » SEP.cab » CAB » SHff_chrome_manifest » MIME - is OK (internal scanning not performed)
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-1015\Dc60\Apple Software Update\AppleApplicationSupport.msi » MSI - error - unknown compression method
C:\RECYCLER\S-1-5-21-3153192716-2055876044-2461819512-500\Dc2\SpyHunter\SHDS.mht » MIME - is OK (internal scanning not performed)
C:\WINDOWS\I386\COMPDATA\MSMQCOMP.TXT » MIME - is OK (internal scanning not performed)
C:\WINDOWS\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D\3.5.30729\Chrome_manifest.3643236F_FC70_11D3_A536_0090278A1BB8 » MIME - is OK (internal scanning not performed)
C:\WINDOWS\system32\dot3gpclnt32.dll - a variant of Win32/Kryptik.FCE trojan - cleaned by deleting - quarantined [1]
C:\WINDOWS\Temp\NOD12B.tmp - a variant of Win32/Kryptik.FCE trojan - cleaned by deleting (after the next restart) - quarantined [1,2]
C:\WINDOWS\Temp\NOD2.tmp - a variant of Win32/Kryptik.FCE trojan - cleaned by deleting (after the next restart) - quarantined [1,2]
C:\WORKSSETUP\MSWORKS\REDIST\IE6\IENT_S1.CAB » CAB » IENT_1.CAB » CAB » MSHTML.DLL - next archive volume not found
C:\WORKSSETUP\MSWORKS\REDIST\IE6\IE_S1.CAB » CAB » IE_1.CAB » CAB » MSHTML.TLB - next archive volume not found
C:\WORKSSETUP\OFFICE\YS561405.CAB » CAB » VIDEO.MHT_1033 » MIME - is OK (internal scanning not performed)
Number of scanned objects: 187402
Number of threats found: 6
Number of cleaned objects: 6
Time of completion: 9:51:15 PM Total scanning time: 1944 sec (00:32:24)

Notes:
[1] Object has been deleted as it only contained the virus body.
[2] Object is in use (open or running). A system restart is required for the cleaning to complete.
[4] Object cannot be opened. It may be in use by another application or operating system.

I've downloaded and run both DDS and GMER. The following are the reports from them:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 0:17:02.52 on Mon 09/27/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1150.628 [GMT -5:00]

AV: ESET Smart Security 4.2 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\windows\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\windows\system32\ctfmon.exe
C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
C:\windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0GIRWI53\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bing.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJxdm128YYUS&fl=0&ptb=pUellmtBKvVDMzyz6PKPNQ&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=sb&searchfor={searchTerms}
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: ooVoo Video Chat Toolbar: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - c:\program files\oovoo_chat\tbooV1.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe
uWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: {00af7e21-faf4-4dce-8f3e-f803e283ef98} - c:\windows\system32\iasnap32.dll
{010de8e9-892f-4668-bf70-55bb80f1b851}
{015efc43-faf4-4dce-8f3e-f803e283ef98}
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {66E72884-4FD2-464F-A6B8-468F31C40E36} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: {8853756d-5b6e-c725-cf1f-64a6a0a14318} - c4cef769
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0401.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: ooVoo Video Chat Toolbar: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - c:\program files\oovoo_chat\tbooV1.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: ooVoo Video Chat Toolbar: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - c:\program files\oovoo_chat\tbooV1.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0401.0\npwinext.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [Performance Center] c:\program files\ascentive\performance center\ApcMain.exe -m
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [TPNF] c:\program files\toshiba\touchpad\TPTray.exe
mRun: [SVPWUTIL] c:\program files\toshiba\windows utilities\SVPWUTIL.exe SVPwUTIL
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
mExplorerRun: [RTHDBPL] c:\documents and settings\owner\application data\syswin\lsass.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\virtua~1.lnk - c:\windows\system32\virtualexpander\VirtualExpander.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\snapde~1.lnk - c:\windows\twain_32\ca561a\SnapDetect.exe
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: google.com\mail
Trusted Zone: google.com\www
Trusted Zone: skillport.com
Trusted Zone: skillwsa.com
Trusted Zone: t-mobile.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} - hxxp://www-cdn.freerealms.com/gamedata/plugins/1.0.3.93/FreeRealmsInstaller.cab?v=1047
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212339447728
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {895D1291-D5BD-4982-BA84-AD11D29C1D6A} - hxxp://community.weightwatchers.com/Scripts/ImageUploader6.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: afcdcecaeaba - c:\windows\system32\afcdcecaeaba.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: b4bda73c989 - c:\windows\system32\dot3gpclnt32.dll
AppInit_DLLs: c:\windows\system32\dot3gpclnt32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-7-29 115008]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2010-8-12 810144]
R2 NetFxUpdate_v1.1.4322;Microsoft .NET Framework v1.1.4322 Update;c:\windows\microsoft.net\framework\v1.1.4322\netfxupdate.exe [2007-1-15 73728]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\sh4ser~1.exe --> c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [?]
S3 autorun;autorun;\??\c:\huadio.tmp --> c:\huadio.tmp [?]
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
S3 MemStPCI;Sony Memory Stick controller (PCI);c:\windows\system32\drivers\memstpci.sys [2008-2-12 26112]
S4 MonLANS;Monitoring LAN Service;c:\windows\netcomms.exe service --> c:\windows\netcomms.exe service [?]
S4 SysMon0.0.1.342;System Monitor;c:\windows\iosysc.exe service --> c:\windows\iosysc.exe service [?]

=============== Created Last 30 ================

2010-09-26 00:54:42 316416 ----a-w- c:\windows\system32\iasnap32.dll
2010-09-26 00:54:36 0 d-sh--w- c:\docume~1\owner\applic~1\SysWin
2010-09-26 00:54:24 1094144 --sha-w- c:\windows\system32\23.tmp
2010-09-16 02:00:34 0 d-----w- c:\program files\ESET
2010-09-02 23:15:39 0 d-----w- c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP
2010-09-01 23:35:27 94 ----a-w- c:\windows\system32\643da03b
2010-09-01 00:33:58 0 d-----w- c:\program files\Microsoft
2010-09-01 00:32:45 5729 ----a-w- c:\windows\GnuHashes.ini
2010-09-01 00:25:52 0 ---ha-w- c:\documents and settings\owner\toqqgiripw.tmp
2010-09-01 00:25:33 301 --sha-w- c:\windows\system32\1693316972
2010-09-01 00:25:31 1185 ----a-w- c:\windows\system32\1153948736
2010-09-01 00:24:46 235 ----a-w- c:\windows\system32\sl84698622
2010-09-01 00:24:46 0 d-sh--w- c:\windows\system32\SysWoW32
2010-09-01 00:24:31 203776 --sh--w- c:\windows\system32\unrar.exe
2010-09-01 00:24:31 0 d-----w- c:\windows\system32\110084187
2010-09-01 00:23:37 210432 ----a-w- c:\windows\system32\dot3gpclnt32.dll
2010-08-31 03:28:20 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

==================== Find3M ====================

2010-09-26 01:38:20 39936 -c--a-w- c:\windows\system32\dot3gpclnt.dll
2010-09-05 20:18:25 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-09-05 20:18:22 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-04 16:50:36 140752 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-08-03 18:28:36 55256 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2010-07-29 18:31:26 32608 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2010-07-29 18:31:26 134512 ----a-w- c:\windows\system32\drivers\epfw.sys
2010-07-29 18:31:26 115008 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-17 10:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll

============= FINISH: 0:19:03.34 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/15/2005 12:24:11 AM
System Uptime: 9/26/2010 2:09:07 PM (10 hours ago)

Motherboard: TOSHIBA | | HBT10
Processor: Intel® Celeron® M processor 1.40GHz | JP5 | 1400/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 37 GiB total, 16.954 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Atheros AR5005G Wireless Network Adapter
Device ID: PCI\VEN_168C&DEV_001A&SUBSYS_7094144F&REV_01\4&253A0906&0&10A4
Manufacturer: Atheros
Name: Atheros AR5005G Wireless Network Adapter
PNP Device ID: PCI\VEN_168C&DEV_001A&SUBSYS_7094144F&REV_01\4&253A0906&0&10A4
Service: AR5211

Class GUID: {CFB15040-5BC7-11D3-B194-0060B0EFD4AA}
Description: Sony Memory Stick controller (PCI)
Device ID: ROOT\UNKNOWN\0000
Manufacturer: Sony Corporation
Name: Sony Memory Stick controller (PCI)
PNP Device ID: ROOT\UNKNOWN\0000
Service: MemStPCI

==== System Restore Points ===================

RP497: 6/28/2010 9:42:10 PM - System Checkpoint
RP498: 6/30/2010 3:20:27 AM - System Checkpoint
RP499: 7/1/2010 3:42:09 AM - System Checkpoint
RP500: 7/2/2010 4:55:39 AM - System Checkpoint
RP501: 7/11/2010 7:34:14 PM - System Checkpoint
RP502: 7/15/2010 10:06:57 PM - System Checkpoint
RP503: 8/30/2010 10:49:16 PM - Software Distribution Service 3.0
RP504: 8/30/2010 10:52:04 PM - Software Distribution Service 3.0
RP505: 8/31/2010 6:41:57 PM - Software Distribution Service 3.0
RP506: 8/31/2010 7:30:09 PM - Installed Java™ 6 Update 21
RP507: 8/31/2010 7:31:41 PM - Installed MSN Toolbar Setup
RP508: 8/31/2010 7:35:44 PM - Removed ooVoo
RP509: 9/1/2010 6:29:23 PM - Software Distribution Service 3.0
RP510: 9/1/2010 9:22:58 PM - Software Distribution Service 3.0
RP511: 9/2/2010 6:16:15 PM - Installed SpyHunter
RP512: 9/4/2010 2:52:34 AM - Removed Ask Toolbar.
RP513: 9/5/2010 9:16:17 AM - System Checkpoint
RP514: 9/7/2010 6:49:14 PM - System Checkpoint
RP515: 9/13/2010 12:46:25 PM - System Checkpoint
RP516: 9/15/2010 1:44:28 AM - Software Distribution Service 3.0
RP517: 9/15/2010 9:00:29 PM - Installed ESET Smart Security
RP518: 9/25/2010 6:11:43 PM - Removed Trend Micro Internet Security
RP519: 9/26/2010 10:30:06 PM - System Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.4
Adobe Shockwave Player 11.5
Alarm
ALPS Touch Pad Driver
Amazon Kindle For PC v1.1
America Online (Choose which version to remove)
Any Video Converter 3.0.1
AOL Spyware Protection
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T Connection Services Manager
Atheros Wireless LAN MiniPCI card Driver
ATI - Software Uninstall Utility
ATI Display Driver
Bonjour
Critical Update for Windows Media Player 11 (KB959772)
ESET Smart Security
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
InterVideo WinDVD for TOSHIBA
iTunes
J2SE Runtime Environment 5.0 Update 2
Java Auto Updater
Java™ 6 Update 21
LightScribe 1.8.15.1
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech Updater
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Search Enhancement Pack
Microsoft UI Engine
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSN Toolbar Platform
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
neroxml
QuickTime
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Roxio Burn Engine
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SpyHunter
TOSHIBA Hardware Setup
TOSHIBA Hotkey Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
Toshiba Tbiosdrv Driver
TouchPad On/Off Utility
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB PC Camera
Utility Common Driver
Ventrilo Client
VideoLAN VLC media player 0.8.4a
Viewpoint Media Player
WD Diagnostics
WebFldrs XP
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Live installer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

9/26/2010 5:08:00 PM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402
9/25/2010 9:05:27 PM, error: Service Control Manager [7000] - The SpyHunter 4 Service service failed to start due to the following error: The system cannot find the path specified.
9/25/2010 7:38:44 PM, error: Service Control Manager [7038] - The ALG service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: Access is denied. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
9/25/2010 7:38:44 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not start due to a logon failure.
9/25/2010 6:42:57 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'dot3gpclnt32.dll' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
9/25/2010 5:58:50 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000043' while processing the file 'dot3gpclnt32.dll' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
9/22/2010 10:49:56 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the wlidsvc service.
9/22/2010 10:35:25 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Spooler service.
9/22/2010 1:12:09 AM, error: Service Control Manager [7038] - The SSDPSRV service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: Access is denied. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
9/22/2010 1:12:09 AM, error: Service Control Manager [7000] - The SSDP Discovery Service service failed to start due to the following error: The service did not start due to a logon failure.
9/22/2010 1:07:39 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/21/2010 11:54:34 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
9/21/2010 11:54:01 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
9/21/2010 11:24:24 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
9/21/2010 11:06:52 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
9/21/2010 10:35:06 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ehdrv epfwtdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SbcpHid SrvcEKIOMngr SrvcSSIOMngr Tcpip tmtdi TPwSav
9/21/2010 10:35:06 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
9/21/2010 10:35:06 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/21/2010 10:35:06 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/21/2010 10:35:06 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
9/21/2010 10:35:06 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/21/2010 10:35:06 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

==== End Of File ===========================



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-27 02:11:42
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pwtdapoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0xB1193610]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0xB1193C10]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDuplicateObject [0xB1193730]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenProcess [0xB11934B0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenThread [0xB1193570]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0xB11936D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0xB1193690]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0xB1193650]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0xB11937D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0xB1193510]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0xB1193590]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateProcess [0xB11934D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0xB11935D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0xB1193750]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[1500] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1500] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1500] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4B6F C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1500] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4AA1 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1500] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4B0C C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1500] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4972 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1500] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E49D4 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1500] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4BD2 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1500] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4A36 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1500] ws2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 10013E4F C:\WINDOWS\system32\dot3gpclnt32.dll (IDE XML Parser interface/Borland Software Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1500] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 10013DD9 C:\WINDOWS\system32\dot3gpclnt32.dll (IDE XML Parser interface/Borland Software Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1500] ws2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 10013D00 C:\WINDOWS\system32\dot3gpclnt32.dll (IDE XML Parser interface/Borland Software Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1500] ws2_32.dll!bind 71AB4480 5 Bytes JMP 10013C8A C:\WINDOWS\system32\dot3gpclnt32.dll (IDE XML Parser interface/Borland Software Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1500] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10013D63 C:\WINDOWS\system32\dot3gpclnt32.dll (IDE XML Parser interface/Borland Software Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1500] ws2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 10013E03 C:\WINDOWS\system32\dot3gpclnt32.dll (IDE XML Parser interface/Borland Software Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1500] ws2_32.dll!WSAAsyncGetHostByName 71ABE99D 5 Bytes JMP 10013E9D C:\WINDOWS\system32\dot3gpclnt32.dll (IDE XML Parser interface/Borland Software Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1500] ws2_32.dll!WSAConnect 71AC0C81 5 Bytes JMP 10013D98 C:\WINDOWS\system32\dot3gpclnt32.dll (IDE XML Parser interface/Borland Software Corporation)
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1708] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Internet Explorer\iexplore.exe[3328] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3328] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD5 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3328] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD135 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3328] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3328] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254666 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3328] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4B6F C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3328] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4AA1 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3328] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4B0C C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3328] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4972 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3328] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E49D4 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3328] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4BD2 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3328] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4A36 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3328] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB80 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3328] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4EF0 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3328] ws2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 10013E4F C:\WINDOWS\system32\dot3gpclnt32.dll (IDE XML Parser interface/Borland Software Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3328] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 10013DD9 C:\WINDOWS\system32\dot3gpclnt32.dll (IDE XML Parser interface/Borland Software Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3328] ws2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 10013D00 C:\WINDOWS\system32\dot3gpclnt32.dll (IDE XML Parser interface/Borland Software Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3328] ws2_32.dll!bind 71AB4480 5 Bytes JMP 10013C8A C:\WINDOWS\system32\dot3gpclnt32.dll (IDE XML Parser interface/Borland Software Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3328] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10013D63 C:\WINDOWS\system32\dot3gpclnt32.dll (IDE XML Parser interface/Borland Software Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3328] ws2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 10013E03 C:\WINDOWS\system32\dot3gpclnt32.dll (IDE XML Parser interface/Borland Software Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3328] ws2_32.dll!WSAAsyncGetHostByName 71ABE99D 5 Bytes JMP 10013E9D C:\WINDOWS\system32\dot3gpclnt32.dll (IDE XML Parser interface/Borland Software Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3328] ws2_32.dll!WSAConnect 71AC0C81 5 Bytes JMP 10013D98 C:\WINDOWS\system32\dot3gpclnt32.dll (IDE XML Parser interface/Borland Software Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

---- EOF - GMER 1.0.15 ----

EDIT: Posts merged ~BP

Edited by Budapest, 27 September 2010 - 02:21 AM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:27 AM

Posted 30 September 2010 - 10:10 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:27 AM

Posted 16 October 2010 - 04:08 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users