Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Popups Help


  • This topic is locked This topic is locked
14 replies to this topic

#1 DanTycoon

DanTycoon

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Location:Burlington, Connecticut, USA
  • Local time:01:41 AM

Posted 05 August 2006 - 07:36 PM

EDIT: I've chaged HijackThis.exe to Hello.exe beause I've read that some programs terminate when they find HijackThis.exe running. The updated log replaced the old one.

I've had these 2 popups happen one right after i close the first one, see below for what they say. I can't use Ad-Aware and Spybot because when I remove the problems, I can't connect to the internet with my wireless adapter.

The first one that pops up says:

NOTICE: If your computer has been running slower than normal, it may be infected with Viruses, Adware or Spyware.

WinAntiVirus can perform a quick and completely FREE scan of youe system for malicious programs.

Download WinAntiVirus FREE now!

OK Cancel


either one I click on takes me to their website. After I close the window it comes up with

NOTICE: You have not completed viruses and spyware scan. If your computer has viruses, spyware and adware trojans, it can cause your private and billing information leaks, unpredictable or erratic system behavior, freezes, crashes or permanent damage to your PC.

WinAntivirus Pro 2006 can perform a wuick and completely FREE scan of your sysrem to firal and spyware infections.

Would you like WinAntiVirus Pro 2006 to scan for and, if found, remove any malicious software now? (Recommended)

OK Cancel


This time when I click cancel, it brings up another popup with the message

WinAntiVirus Pro 2006 will scan your system for threats now.

Please select "RUN" or "OPEN" when prompted to start the installation.

This file has been digitally signed and independently certified as 100% free of viruses, adware and spyware.

OK


Click on it, takes you to another page for their product, and a window opens up to download their 87kb program. That ends the popup parade.

Sometimes when I'm exploring my computer, a popup with internet explorer will come up the same exact size as my current window with an ad for something I can't remember :thumbsup: .

And sometimes i get a popup that says:

NOTICE: If your computer is not protected, it could be prone to Viruses, inpredictable behavior and crashes. Protecting your computer increases system security and can prevent data loss. Click on OK for more information.

OK


When i click ok it sends me to a website with, lo and behold, WinAntiSpyware 2006! It asks me to install an ActiveX control, which I'll never do. So please help. Here's my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 8:55:12 PM, on 8/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\vmnetdhcp.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Media Connect 2\WMCCFG.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\DllHost.exe
C:\Documents and Settings\Daniel\Desktop\hijack\Hello.exe

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\dapbho.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3A497F7F-13F9-451F-A5F8-75A993260EAC} - C:\WINDOWS\system32\ssqrr.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - (no file)
O2 - BHO: (no name) - {B3B8DD2F-E623-4F59-9CD0-41012597B32E} - (no file)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: (no name) - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - (no file)
O2 - BHO: (no name) - {f7d40011-29bb-43eb-9c97-875ce89e9e36} - (no file)
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - (no file)
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [BCMSMMSG] "BCMSMMSG.exe"
O4 - HKLM\..\Run: [dla] "C:\WINDOWS\system32\dla\tfswctrl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"
O4 - HKLM\..\Run: [IgfxTray] "C:\WINDOWS\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [nwiz] "nwiz.exe " /install
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [IMEKRMIG6.1] "C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe " /SYNC
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WiziWYG XP Startup.lnk = C:\Program Files\Praxisoft\WiziWYG XP\WiziWYGXP.exe
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1154823354718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1154823452140
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{698DE69A-709E-4707-BF74-CAC23A121C48}: NameServer = 68.87.73.242,68.87.71.226
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: repairs303169590.dll,wbsys.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ssqrr - C:\WINDOWS\system32\ssqrr.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~2\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wineij32 - wineij32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Connected Agent Service (AgentSrv) - Unknown owner - C:\Program Files\BackUp Solutions\AgentSrv.EXE (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

Edited by DanTycoon, 05 August 2006 - 07:58 PM.


BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:06:41 AM

Posted 06 August 2006 - 07:39 AM

Hello DanTycoon, welcome to Bleeping Computer's security forum.
My name is David, I will be helping you with your log today.

It is a good idea to print off these instructions:
This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available.
You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
A print out of the instructions would be a good reference to make sure you don't yet lost.
Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out!
If you have any queries about the process or just general questions, just ask.

You have a Vundo infection.
Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it.
Put a check next to "Run VundoFix as a task".
You will receive a message saying vundofix will close and re-open in a minute or less - Click OK
When VundoFix re-opens, click "Scan for Vundo" button.
Once the scan is complete, right Click inside the listbox (white box) and click "add more files"
Copy and paste the 2 entries below into the top 2 boxes (no arrows):

--> C:\WINDOWS\system32\ssqrr.dll
--> C:\WINDOWS\system32\rrqss.*

Click "Add Files" and click "Close Window".
Click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo - this is normal.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt in your next reply.

Download Combofix to your desktop.
Doubleclick combo.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.

David

#3 DanTycoon

DanTycoon
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Location:Burlington, Connecticut, USA
  • Local time:01:41 AM

Posted 06 August 2006 - 08:06 AM

With VudnoFix, it wouldn't take "C:\WINDOWS\system32\rrqss.*" and here are the logs:

-------------------------------------------------------VundoFix------------------------------------------------------------
VundoFix V5.1.6

Running as SYSTEM
from c:\windows\system32\VundoFix.exe

Checking Java version...

Java version is 1.5.0.2

Java version is 1.5.0.4

Java version is 1.5.0.6

Scan started at 8:47:06 2006/08/06

Listing files found while scanning....

No infected files were found.


Beginning removal...

The process smss.exe was successfully stopped

The process winlogon.exe could not be stopped
Vundofix may not be able to delete some files that were found.

The process explorer.exe was successfully stopped

The process iexplore.exe was successfully stopped

The process rundll32.exe was successfully stopped

Attempting to delete C:\WINDOWS\system32\ssqrr.dll
C:\WINDOWS\system32\ssqrr.dll Could not be deleted.

Performing Repairs to the registry.
Done!

--------------------------------------------------ComboFix--------------------------------------------------------------

Start Time= Sun 08/06/2006 8:58:10.57
Running from: C:\Documents and Settings\Daniel\Desktop

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-05 09:35:34 ( .D... ) "C:\Program Files\Microsoft Bootvis"
2006-08-04 20:24:14 ( .D... ) "C:\Program Files\a-squared Free"
2006-08-04 20:18:16 ( .D... ) "C:\Program Files\Quick StartUp"
2006-08-04 20:00:52 ( .D... ) "C:\Documents and Settings\Daniel\Application Data\AVG7"
2006-08-04 20:00:06 ( .D... ) "C:\Program Files\Grisoft"
2006-08-03 10:06:22 ( .D... ) "C:\Program Files\AuditionSEA"
2006-08-02 16:18:20 ( .D... ) "C:\Program Files\MeadCo"
2006-08-01 20:56:48 ( .D... ) "C:\Program Files\Microsoft"
2006-08-01 19:02:56 ( .D... ) "C:\Program Files\PROnetworks"
2006-07-31 21:21:52 ( .D... ) "C:\Program Files\Future algorithms"
2006-07-31 20:19:38 ( .D... ) "C:\Program Files\Ashampoo"
2006-07-31 20:10:36 ( .D... ) "C:\Program Files\AVI to MPEG Converter"
2006-07-31 11:51:32 320000 ( ..... ) "C:\WINDOWS\Reg.dll"
2006-07-31 11:51:32 297984 ( ..... ) "C:\WINDOWS\midas.dll"
2006-07-31 10:22:08 ( .D... ) "C:\Program Files\McAfee.com"
2006-07-31 10:21:54 ( .D... ) "C:\Program Files\Common Files\McAfee"
2006-07-31 10:21:42 ( .D... ) "C:\Program Files\McAfee"
2006-07-31 10:21:22 573492 ( ..... ) "C:\WINDOWS\system32\ssqrr.dll"
2006-07-31 09:25:50 ( .D... ) "C:\Documents and Settings\Daniel\Application Data\McAfee"
2006-07-31 09:01:08 40973 ( ..SH. ) "C:\WINDOWS\system32\tuvstts.dll"
2006-07-30 18:01:14 ( .D... ) "C:\Program Files\Netropa"
2006-07-30 17:52:56 ( .D... ) "C:\Documents and Settings\Daniel\Application Data\Configuration"
2006-07-30 17:45:22 ( .D... ) "C:\Program Files\DriverGuide Toolkit"
2006-07-29 22:58:52 ( .D... ) "C:\Program Files\NetmarbleJP"
2006-07-29 12:21:40 ( .D... ) "C:\Program Files\PowerQuest"
2006-07-28 13:57:34 262144 ( ..... ) "C:\WINDOWS\system32\wrap_oal.dll"
2006-07-28 13:57:34 86016 ( ..... ) "C:\WINDOWS\system32\OpenAL32.dll"
2006-07-28 10:08:16 ( .D... ) "C:\Program Files\Advanced StartUp Manager"
2006-07-27 10:35:40 ( .D... ) "C:\Program Files\Opera"
2006-07-26 13:17:22 ( .D... ) "C:\Program Files\FWC"
2006-07-25 19:06:40 ( .D... ) "C:\Program Files\Praxisoft"
2006-07-24 11:32:44 ( .D... ) "C:\Program Files\Maketorrent 2"
2006-07-23 13:27:22 ( .D... ) "C:\Program Files\Valve Hammer Editor"
2006-07-22 11:46:40 ( .D... ) "C:\Program Files\Narbacular Drop"
2006-07-21 14:33:20 ( .D... ) "C:\Program Files\PearPC Control Panel"
2006-07-21 12:57:38 ( .D... ) "C:\Program Files\PearPC"
2006-07-21 12:51:46 ( .D... ) "C:\Documents and Settings\Daniel\Application Data\VMware"
2006-07-21 12:37:20 ( .D... ) "C:\Program Files\Common Files\VMware"
2006-07-21 12:37:18 ( .D... ) "C:\Program Files\VMware"
2006-07-21 09:30:40 ( .D... ) "C:\Program Files\GiPo@Utilities"
2006-07-21 09:30:40 ( .D... ) "C:\Program Files\Common Files\Gibinsoft Shared"
2006-07-20 16:56:54 ( .D... ) "C:\Program Files\Stellarium"
2006-07-19 22:27:44 4608 ( ..... ) "C:\WINDOWS\system32\w95inf32.dll"
2006-07-19 22:27:44 2272 ( ..... ) "C:\WINDOWS\system32\w95inf16.dll"
2006-07-19 13:46:32 ( .D... ) "C:\Program Files\Just BASIC v1.01"
2006-07-11 21:38:02 ( .D... ) "C:\Program Files\Common Files\Blizzard Entertainment"
2006-07-09 22:28:18 ( .D... ) "C:\Program Files\OO Software"
2006-07-09 08:57:04 ( .D... ) "C:\Documents and Settings\Daniel\Application Data\My Games"
2006-07-09 08:41:46 34308 ( ..... ) "C:\WINDOWS\system32\BASSMOD.dll"
2006-07-08 23:25:00 ( .D... ) "C:\Program Files\Roguescanfix"
2006-07-08 22:28:32 21504 ( ..... ) "C:\WINDOWS\system32\1cc3a322.exe"
2006-07-07 20:06:40 ( .D... ) "C:\Program Files\DOSBox-0.65"
2006-06-30 12:31:12 ( .D... ) "C:\Program Files\Visualization"
2006-06-30 10:42:42 22384 ( ..... ) "C:\WINDOWS\system32\perfil.dll"
2006-06-30 10:42:42 17488 ( ..... ) "C:\WINDOWS\system32\nvgamfil.dll"
2006-06-30 10:42:42 16732 ( ..... ) "C:\WINDOWS\system32\popfil.dll"
2006-06-30 10:42:42 14264 ( ..... ) "C:\WINDOWS\system32\tafil.dll"
2006-06-30 10:42:42 13112 ( ..... ) "C:\WINDOWS\system32\finfil.dll"
2006-06-30 10:42:42 13034 ( ..... ) "C:\WINDOWS\system32\gblfil.dll"
2006-06-30 10:42:42 12502 ( ..... ) "C:\WINDOWS\system32\psyfil.dll"
2006-06-30 10:42:42 12350 ( ..... ) "C:\WINDOWS\system32\entfil.dll"
2006-06-30 10:42:42 12114 ( ..... ) "C:\WINDOWS\system32\sporfil.dll"
2006-06-30 10:42:42 11164 ( ..... ) "C:\WINDOWS\system32\fmfil.dll"
2006-06-30 10:42:42 10834 ( ..... ) "C:\WINDOWS\system32\chtfil.dll"
2006-06-30 10:42:42 9636 ( ..... ) "C:\WINDOWS\system32\gnfil.dll"
2006-06-30 10:42:42 8652 ( ..... ) "C:\WINDOWS\system32\jbfil.dll"
2006-06-30 10:42:42 7582 ( ..... ) "C:\WINDOWS\system32\movfil.dll"
2006-06-30 10:42:42 7036 ( ..... ) "C:\WINDOWS\system32\pkmon.dll"
2006-06-30 10:42:42 6830 ( ..... ) "C:\WINDOWS\system32\swfil.dll"
2006-06-30 10:42:42 5142 ( ..... ) "C:\WINDOWS\system32\iawfil.dll"
2006-06-30 10:42:42 4826 ( ..... ) "C:\WINDOWS\system32\vgamfil.dll"
2006-06-30 10:42:42 4558 ( ..... ) "C:\WINDOWS\system32\wrestfil.dll"
2006-06-30 10:42:42 4442 ( ..... ) "C:\WINDOWS\system32\hatfil.dll"
2006-06-30 10:42:42 3818 ( ..... ) "C:\WINDOWS\system32\viofil.dll"
2006-06-30 10:42:42 3444 ( ..... ) "C:\WINDOWS\system32\srchin.dll"
2006-06-30 10:42:42 2782 ( ..... ) "C:\WINDOWS\system32\lgwfil.dll"
2006-06-30 10:42:42 2164 ( ..... ) "C:\WINDOWS\system32\wzfil.dll"
2006-06-30 10:42:42 1830 ( ..... ) "C:\WINDOWS\system32\cultfil.dll"
2006-06-30 10:42:42 1816 ( ..... ) "C:\WINDOWS\system32\fshrfil.dll"
2006-06-30 10:42:42 1790 ( ..... ) "C:\WINDOWS\system32\csnews.dll"
2006-06-30 10:42:42 1462 ( ..... ) "C:\WINDOWS\system32\tapfil.dll"
2006-06-30 10:42:42 1378 ( ..... ) "C:\WINDOWS\system32\gdwfil.dll"
2006-06-30 10:42:42 980 ( ..... ) "C:\WINDOWS\system32\imgfil.dll"
2006-06-30 10:42:42 724 ( ..... ) "C:\WINDOWS\system32\spmfil.dll"
2006-06-30 10:42:42 670 ( ..... ) "C:\WINDOWS\system32\mp3fil.dll"
2006-06-30 10:42:42 540 ( ..... ) "C:\WINDOWS\system32\srchfrgn.dll"
2006-06-30 10:42:42 514 ( ..... ) "C:\WINDOWS\system32\snetfil.dll"
2006-06-30 10:42:42 400 ( ..... ) "C:\WINDOWS\system32\bsnlst.dll"
2006-06-30 10:42:42 306 ( ..... ) "C:\WINDOWS\system32\picsfil.dll"
2006-06-30 10:42:42 258 ( ..... ) "C:\WINDOWS\system32\srchout.dll"
2006-06-30 10:42:42 194 ( ..... ) "C:\WINDOWS\system32\igefil.dll"
2006-06-30 10:42:42 116 ( ..... ) "C:\WINDOWS\system32\nfil.dll"
2006-06-30 10:42:42 100 ( ..... ) "C:\WINDOWS\system32\bnrfil.dll"
2006-06-30 10:42:42 34 ( ..... ) "C:\WINDOWS\system32\macfil.dll"
2006-06-30 10:42:42 18 ( ..... ) "C:\WINDOWS\system32\lastupdate.dll"
2006-06-30 10:42:40 75140 ( ..... ) "C:\WINDOWS\system32\adwfil.dll"
2006-06-30 10:42:40 7504 ( ..... ) "C:\WINDOWS\system32\auctfil.dll"
2006-06-30 09:57:02 ( .D... ) "C:\Program Files\eMule"
2006-06-26 09:16:38 ( .D... ) "C:\Program Files\NVTweak"
2006-06-25 18:07:48 10 ( ..... ) "C:\WINDOWS\system32\Mste.dll"
2006-06-22 21:40:16 10599 ( A.... ) "C:\delfiles.bat"
2006-06-21 17:46:48 ( .D... ) "C:\Program Files\XLink Kai Evolution VII"
2006-06-21 14:49:32 4 ( ..... ) "C:\WINDOWS\system32\msvcf5bf.sys"
2006-06-19 16:20:42 702768 ( ..... ) "C:\WINDOWS\system32\WgaLogon.dll"
2006-06-15 17:03:42 ( .D... ) "C:\Program Files\XBC"
2006-06-11 10:39:26 ( .D... ) "C:\Documents and Settings\Daniel\Application Data\Systweak"
2006-06-11 10:38:18 ( .D... ) "C:\Program Files\Advanced System Optimizer"
2006-06-06 09:34:56 334174 ( ..... ) "C:\WINDOWS\sqlite3.dll"
2006-06-06 07:45:42 ( .D... ) "C:\Program Files\Opera 9 Beta"
2006-06-02 10:19:56 400 ( ..... ) "C:\WINDOWS\bsnlst.dll"
2006-06-02 02:39:16 270336 ( ..... ) "C:\WINDOWS\system32\oodssrs.dll"
2006-06-02 02:37:22 917504 ( ..... ) "C:\WINDOWS\system32\ooscrsav.scr"
2006-06-02 01:58:20 4096 ( ..... ) "C:\WINDOWS\system32\oodbsrs.dll"
2006-06-02 01:56:08 112128 ( ..... ) "C:\WINDOWS\system32\oodbs.exe"
2006-06-02 01:52:58 339456 ( ..... ) "C:\WINDOWS\system32\oodag.exe"
2006-06-02 01:51:42 10240 ( ..... ) "C:\WINDOWS\system32\oodagrs.dll"
2006-06-02 01:50:06 10240 ( ..... ) "C:\WINDOWS\system32\oodagmg.dll"
2006-06-01 23:57:24 9728 ( ..... ) "C:\WINDOWS\system32\ootmapi.dll"
2006-06-01 19:09:24 208896 ( ..... ) "C:\WINDOWS\system32\NVUNINST.EXE"
2006-06-01 19:09:24 208896 ( ..... ) "C:\WINDOWS\system32\nvudisp.exe"
2006-06-01 17:22:00 7618560 ( ..... ) "C:\WINDOWS\system32\nvcpl.dll"
2006-06-01 17:22:00 5652480 ( ..... ) "C:\WINDOWS\system32\nvdisps.dll"
2006-06-01 17:22:00 5632000 ( ..... ) "C:\WINDOWS\system32\nvoglnt.dll"
2006-06-01 17:22:00 5246976 ( ..... ) "C:\WINDOWS\system32\nvdispsr.dll"
2006-06-01 17:22:00 4529408 ( A.... ) "C:\WINDOWS\system32\nv4_disp.dll"
2006-06-01 17:22:00 3100672 ( ..... ) "C:\WINDOWS\system32\nvgames.dll"
2006-06-01 17:22:00 2977792 ( ..... ) "C:\WINDOWS\system32\nvvitvsr.dll"
2006-06-01 17:22:00 2924544 ( ..... ) "C:\WINDOWS\system32\nvvitvs.dll"
2006-06-01 17:22:00 2916352 ( ..... ) "C:\WINDOWS\system32\nvgamesr.dll"
2006-06-01 17:22:00 2859008 ( ..... ) "C:\WINDOWS\system32\nvmoblsr.dll"
2006-06-01 17:22:00 1740800 ( ..... ) "C:\WINDOWS\system32\nvwssr.dll"
2006-06-01 17:22:00 1662976 ( ..... ) "C:\WINDOWS\system32\nvwdmcpl.dll"
2006-06-01 17:22:00 1519616 ( ..... ) "C:\WINDOWS\system32\nwiz.exe"
2006-06-01 17:22:00 1466368 ( ..... ) "C:\WINDOWS\system32\nview.dll"
2006-06-01 17:22:00 1339392 ( ..... ) "C:\WINDOWS\system32\nvdspsch.exe"
2006-06-01 17:22:00 1257472 ( ..... ) "C:\WINDOWS\system32\nvwss.dll"
2006-06-01 17:22:00 1019904 ( ..... ) "C:\WINDOWS\system32\nvwimg.dll"
2006-06-01 17:22:00 1011712 ( ..... ) "C:\WINDOWS\system32\nvcpluir.dll"
2006-06-01 17:22:00 888832 ( ..... ) "C:\WINDOWS\system32\nvmobls.dll"
2006-06-01 17:22:00 794624 ( ..... ) "C:\WINDOWS\system32\nvcplui.exe"
2006-06-01 17:22:00 581632 ( ..... ) "C:\WINDOWS\system32\nvhwvid.dll"
2006-06-01 17:22:00 466944 ( ..... ) "C:\WINDOWS\system32\nvshell.dll"
2006-06-01 17:22:00 462848 ( ..... ) "C:\WINDOWS\system32\nvmccssr.dll"
2006-06-01 17:22:00 442368 ( ..... ) "C:\WINDOWS\system32\nvappbar.exe"
2006-06-01 17:22:00 425984 ( ..... ) "C:\WINDOWS\system32\keystone.exe"
2006-06-01 17:22:00 311296 ( ..... ) "C:\WINDOWS\system32\nvexpbar.dll"
2006-06-01 17:22:00 286720 ( ..... ) "C:\WINDOWS\system32\nvnt4cpl.dll"
2006-06-01 17:22:00 229376 ( ..... ) "C:\WINDOWS\system32\nvmccs.dll"
2006-06-01 17:22:00 196608 ( ..... ) "C:\WINDOWS\system32\nvapi.dll"
2006-06-01 17:22:00 188416 ( ..... ) "C:\WINDOWS\system32\nvmccss.dll"
2006-06-01 17:22:00 155715 ( ..... ) "C:\WINDOWS\system32\nvsvc32.exe"
2006-06-01 17:22:00 147456 ( ..... ) "C:\WINDOWS\system32\nvcolor.exe"
2006-06-01 17:22:00 86016 ( ..... ) "C:\WINDOWS\system32\nvmctray.dll"
2006-06-01 17:22:00 81920 ( ..... ) "C:\WINDOWS\system32\nvwddi.dll"
2006-06-01 17:22:00 45056 ( ..... ) "C:\WINDOWS\system32\nvmccsrs.dll"
2006-06-01 17:22:00 35840 ( ..... ) "C:\WINDOWS\system32\nvcodins.dll"
2006-06-01 17:22:00 35840 ( ..... ) "C:\WINDOWS\system32\nvcod.dll"
2006-05-31 16:47:58 28080 ( ..... ) "C:\Documents and Settings\Daniel\Application Data\Tab Separated Values (Windows).ADR"
2006-05-31 07:24:16 230168 ( ..... ) "C:\WINDOWS\system32\xactengine2_2.dll"
2006-05-26 19:39:06 221184 ( ..... ) "C:\WINDOWS\system32\UAService7.exe"
2006-05-26 19:39:06 98304 ( ..... ) "C:\WINDOWS\system32\CmdLineExt.dll"
2006-05-21 18:10:10 126976 ( ..... ) "C:\WINDOWS\system32\zip.exe"
2006-05-19 08:59:42 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll"
2006-05-19 08:59:42 111616 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll"
2006-05-19 08:59:42 94720 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll"
2006-05-09 16:15:16 737280 ( ..... ) "C:\WINDOWS\iun6002.exe"
2006-05-08 15:27:18 733696 ( ..... ) "C:\WINDOWS\GPInstall.exe"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-07-31 20:10 706,048 C:\WINDOWS\system32\libmcl-3.1.1.dll
2006-07-31 20:10 3,423,744 C:\WINDOWS\system32\libfilefmt-1.1.0.dll
2006-07-31 20:10 20,480 C:\WINDOWS\system32\libavi-dd-1.2.0.dll
2006-07-31 11:51 320,000 C:\WINDOWS\Reg.dll
2006-07-31 11:51 297,984 C:\WINDOWS\midas.dll
2006-07-31 10:21 573,492 C:\WINDOWS\system32\ssqrr.dll
2006-07-31 09:01 40,973 C:\WINDOWS\system32\tuvstts.dll
2006-07-30 18:01 65,536 C:\WINDOWS\system32\Msikbd.dll
2006-07-30 18:01 28,672 C:\WINDOWS\system32\msiosd32.dll
2006-07-30 18:01 163,840 C:\WINDOWS\DellMMKb.exe
2006-07-28 14:02 62,672 C:\WINDOWS\system32\xinput1_1.dll
2006-07-28 14:02 230,168 C:\WINDOWS\system32\xactengine2_2.dll
2006-07-28 14:02 230,096 C:\WINDOWS\system32\xactengine2_0.dll
2006-07-28 14:02 229,584 C:\WINDOWS\system32\xactengine2_1.dll
2006-07-28 14:02 2,388,176 C:\WINDOWS\system32\d3dx9_30.dll
2006-07-28 14:02 2,332,368 C:\WINDOWS\system32\d3dx9_29.dll
2006-07-28 14:02 2,323,664 C:\WINDOWS\system32\d3dx9_28.dll
2006-07-28 14:02 14,032 C:\WINDOWS\system32\x3daudio1_0.dll
2006-07-28 13:57 86,016 C:\WINDOWS\system32\OpenAL32.dll
2006-07-28 13:57 262,144 C:\WINDOWS\system32\wrap_oal.dll
2006-07-21 12:45 5,120 C:\WINDOWS\system32\vnetinst.dll
2006-07-21 12:45 135,168 C:\WINDOWS\system32\vmnat.exe
2006-07-21 12:45 106,496 C:\WINDOWS\system32\vmnetdhcp.exe
2006-07-21 12:44 385,024 C:\WINDOWS\system32\vnetlib.dll
2006-07-19 22:28 38,160 C:\WINDOWS\system32\LMRTREND.dll
2006-07-19 22:28 182,032 C:\WINDOWS\system32\dxtmsft3.dll
2006-07-19 22:27 63,488 C:\WINDOWS\system32\unam4ie.exe
2006-07-19 22:27 4,608 C:\WINDOWS\system32\w95inf32.dll
2006-07-19 22:27 2,272 C:\WINDOWS\system32\w95inf16.dll
2006-07-19 22:27 194,320 C:\WINDOWS\system32\qcut.dll
2006-07-19 22:27 10,240 C:\WINDOWS\system32\vidx16.dll
2006-07-15 19:21 4,096 C:\WINDOWS\system32\reboot.exe
2006-07-15 19:21 16,384 C:\WINDOWS\system32\restart.exe
2006-07-15 19:21 10,599 C:\delfiles.bat
2006-07-13 22:42 126,976 C:\WINDOWS\system32\zip.exe
2006-07-09 08:41 34,308 C:\WINDOWS\system32\BASSMOD.dll
2006-07-08 22:28 21,504 C:\WINDOWS\system32\1cc3a322.exe
2006-07-02 11:55 9,636 C:\WINDOWS\system32\gnfil.dll
2006-07-02 11:55 8,652 C:\WINDOWS\system32\jbfil.dll
2006-07-02 11:55 724 C:\WINDOWS\system32\spmfil.dll
2006-07-02 11:55 7,582 C:\WINDOWS\system32\movfil.dll
2006-07-02 11:55 7,504 C:\WINDOWS\system32\auctfil.dll
2006-07-02 11:55 7,036 C:\WINDOWS\system32\pkmon.dll
2006-07-02 11:55 670 C:\WINDOWS\system32\mp3fil.dll
2006-07-02 11:55 6,830 C:\WINDOWS\system32\swfil.dll
2006-07-02 11:55 540 C:\WINDOWS\system32\srchfrgn.dll
2006-07-02 11:55 400 C:\WINDOWS\system32\bsnlst.dll
2006-07-02 11:55 4,558 C:\WINDOWS\system32\wrestfil.dll
2006-07-02 11:55 34 C:\WINDOWS\system32\macfil.dll
2006-07-02 11:55 22,384 C:\WINDOWS\system32\perfil.dll
2006-07-02 11:55 2,164 C:\WINDOWS\system32\wzfil.dll
2006-07-02 11:55 194 C:\WINDOWS\system32\igefil.dll
2006-07-02 11:55 18 C:\WINDOWS\system32\lastupdate.dll
2006-07-02 11:55 17,488 C:\WINDOWS\system32\nvgamfil.dll
2006-07-02 11:55 16,732 C:\WINDOWS\system32\popfil.dll
2006-07-02 11:55 14,264 C:\WINDOWS\system32\tafil.dll
2006-07-02 11:55 13,112 C:\WINDOWS\system32\finfil.dll
2006-07-02 11:55 12,502 C:\WINDOWS\system32\psyfil.dll
2006-07-02 11:55 12,350 C:\WINDOWS\system32\entfil.dll
2006-07-02 11:55 12,114 C:\WINDOWS\system32\sporfil.dll
2006-07-02 11:55 116 C:\WINDOWS\system32\nfil.dll
2006-07-02 11:55 11,164 C:\WINDOWS\system32\fmfil.dll
2006-07-02 11:55 100 C:\WINDOWS\system32\bnrfil.dll
2006-07-02 11:55 1,816 C:\WINDOWS\system32\fshrfil.dll
2006-07-02 11:55 1,790 C:\WINDOWS\system32\csnews.dll
2006-07-02 11:55 1,462 C:\WINDOWS\system32\tapfil.dll
2006-07-02 11:51 980 C:\WINDOWS\system32\imgfil.dll
2006-07-02 11:51 75,140 C:\WINDOWS\system32\adwfil.dll
2006-07-02 11:51 514 C:\WINDOWS\system32\snetfil.dll
2006-07-02 11:51 5,142 C:\WINDOWS\system32\iawfil.dll
2006-07-02 11:51 400 C:\WINDOWS\bsnlst.dll
2006-07-02 11:51 4,826 C:\WINDOWS\system32\vgamfil.dll
2006-07-02 11:51 4,442 C:\WINDOWS\system32\hatfil.dll
2006-07-02 11:51 334,174 C:\WINDOWS\sqlite3.dll
2006-07-02 11:51 306 C:\WINDOWS\system32\picsfil.dll
2006-07-02 11:51 3,818 C:\WINDOWS\system32\viofil.dll
2006-07-02 11:51 3,444 C:\WINDOWS\system32\srchin.dll
2006-07-02 11:51 258 C:\WINDOWS\system32\srchout.dll
2006-07-02 11:51 2,782 C:\WINDOWS\system32\lgwfil.dll
2006-07-02 11:51 13,034 C:\WINDOWS\system32\gblfil.dll
2006-07-02 11:51 121,856 C:\WINDOWS\system32\mslspc.exe
2006-07-02 11:51 10,834 C:\WINDOWS\system32\chtfil.dll
2006-07-02 11:51 1,830 C:\WINDOWS\system32\cultfil.dll
2006-07-02 11:51 1,378 C:\WINDOWS\system32\gdwfil.dll
2006-06-25 18:07 10 C:\WINDOWS\system32\Mste.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Dell AIO Printer A920"="\"C:\\Program Files\\Dell AIO Printer A920\\dlbkbmgr.exe\""
"BCMSMMSG"="\"BCMSMMSG.exe\""
"dla"="\"C:\\WINDOWS\\system32\\dla\\tfswctrl.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe\""
"NeroFilterCheck"="\"C:\\WINDOWS\\system32\\NeroCheck.exe\""
"IgfxTray"="\"C:\\WINDOWS\\system32\\igfxtray.exe\""
"HotKeysCmds"="\"C:\\WINDOWS\\system32\\hkcmd.exe\""
"DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"nwiz"="\"nwiz.exe \" /install"
"Dell AIO Printer A940"="\"C:\\Program Files\\Dell AIO Printer A940\\dlbabmgr.exe\""
"IMEKRMIG6.1"="\"C:\\WINDOWS\\ime\\imkr6_1\\IMEKRMIG.EXE\""
"MSPY2002"="\"C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe \" /SYNC"
"SoundMAXPnP"="\"C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"Windows Media Connect 2"="\"C:\\Program Files\\Windows Media Connect 2\\WMCCFG.exe\" /StartQuiet"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Free Download Manager"="C:\\Program Files\\Free Download Manager\\fdm.exe -autorun"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveAutoRun"=dword:02400148
"NoCDBurning"=dword:00000000
"AllowLegacyWebView"=dword:00000001
"AllowUnhashedWebView"=dword:00000001
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"wininet.dll"="regperf.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{8888D1E3-0AE9-1033-0826-040609050001}"="\"C:\\Program Files\\Common Files\\{8888D1E3-0AE9-1033-0826-040609050001}\\Update.exe\" mc-110-12-0000272"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MpfTray"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OneCareUI"="\"C:\\Program Files\\Microsoft Windows OneCare Live\\winssnotify.exe\""

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system
DontDisplayLastUserName REG_DWORD 0 (0x0)
DisableTaskMgr REG_DWORD 0 (0x0)
NoDispAppearancePage REG_DWORD 0 (0x0)
NoColorChoice REG_DWORD 0 (0x0)
NoSizeChoice REG_DWORD 0 (0x0)
NoDispBackgroundPage REG_DWORD 0 (0x0)
NoDispScrSavPage REG_DWORD 0 (0x0)
NoDispCPL REG_DWORD 0 (0x0)
NoVisualStyleChoice REG_DWORD 0 (0x0)
NoDispSettingsPage REG_DWORD 0 (0x0)

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WinDefend


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_DANIEL_Daniel.job

Completion time: Sun 08/06/2006 8:59:51.73
ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt

-----------------------------------------------------------HJT------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:04:47 AM, on 8/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\Program Files\Windows Media Connect 2\WMCCFG.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Windows Media Connect 2\wmccds.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Daniel\Desktop\hijack\Hello.exe
C:\WINDOWS\system32\DllHost.exe

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\dapbho.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - (no file)
O2 - BHO: (no name) - {878E0A7B-ADA7-4910-856B-5287740E76AF} - C:\WINDOWS\system32\ssqrr.dll
O2 - BHO: (no name) - {B3B8DD2F-E623-4F59-9CD0-41012597B32E} - (no file)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: (no name) - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - (no file)
O2 - BHO: (no name) - {f7d40011-29bb-43eb-9c97-875ce89e9e36} - (no file)
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - (no file)
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [BCMSMMSG] "BCMSMMSG.exe"
O4 - HKLM\..\Run: [dla] "C:\WINDOWS\system32\dla\tfswctrl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"
O4 - HKLM\..\Run: [IgfxTray] "C:\WINDOWS\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [nwiz] "nwiz.exe " /install
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [IMEKRMIG6.1] "C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe " /SYNC
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WiziWYG XP Startup.lnk = C:\Program Files\Praxisoft\WiziWYG XP\WiziWYGXP.exe
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1154823354718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1154823452140
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{698DE69A-709E-4707-BF74-CAC23A121C48}: NameServer = 68.87.73.242,68.87.71.226
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: repairs303169590.dll,wbsys.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ssqrr - C:\WINDOWS\system32\ssqrr.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~2\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wineij32 - wineij32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Connected Agent Service (AgentSrv) - Unknown owner - C:\Program Files\BackUp Solutions\AgentSrv.EXE (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:06:41 AM

Posted 06 August 2006 - 08:09 AM

Ok, let's move on.

Go to start > run and copy and paste next command in the field:

"C:\Documents and Settings\Owner\Desktop\combofix.exe" /v ssqrr

Hit enter.
This should start the combofix.

Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot, it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.

David

#5 DanTycoon

DanTycoon
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Location:Burlington, Connecticut, USA
  • Local time:01:41 AM

Posted 06 August 2006 - 08:28 AM

(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\SYSTEM32\SSQRR.DLL
C:\WINDOWS\SYSTEM32\RRQSS.INI


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



9:19:48.39
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-05 09:35:34 ( .D... ) "C:\Program Files\Microsoft Bootvis"
2006-08-04 20:24:14 ( .D... ) "C:\Program Files\a-squared Free"
2006-08-04 20:18:16 ( .D... ) "C:\Program Files\Quick StartUp"
2006-08-04 20:00:52 ( .D... ) "C:\Documents and Settings\Daniel\Application Data\AVG7"
2006-08-04 20:00:06 ( .D... ) "C:\Program Files\Grisoft"
2006-08-03 10:06:22 ( .D... ) "C:\Program Files\AuditionSEA"
2006-08-02 16:18:20 ( .D... ) "C:\Program Files\MeadCo"
2006-08-01 20:56:48 ( .D... ) "C:\Program Files\Microsoft"
2006-08-01 19:02:56 ( .D... ) "C:\Program Files\PROnetworks"
2006-07-31 21:21:52 ( .D... ) "C:\Program Files\Future algorithms"
2006-07-31 20:19:38 ( .D... ) "C:\Program Files\Ashampoo"
2006-07-31 20:10:36 ( .D... ) "C:\Program Files\AVI to MPEG Converter"
2006-07-31 11:51:32 320000 ( ..... ) "C:\WINDOWS\Reg.dll"
2006-07-31 11:51:32 297984 ( ..... ) "C:\WINDOWS\midas.dll"
2006-07-31 10:22:08 ( .D... ) "C:\Program Files\McAfee.com"
2006-07-31 10:21:54 ( .D... ) "C:\Program Files\Common Files\McAfee"
2006-07-31 10:21:42 ( .D... ) "C:\Program Files\McAfee"
2006-07-31 09:25:50 ( .D... ) "C:\Documents and Settings\Daniel\Application Data\McAfee"
2006-07-31 09:01:08 40973 ( A.SH. ) "C:\WINDOWS\system32\tuvstts.dll"
2006-07-30 18:01:14 ( .D... ) "C:\Program Files\Netropa"
2006-07-30 17:52:56 ( .D... ) "C:\Documents and Settings\Daniel\Application Data\Configuration"
2006-07-30 17:45:22 ( .D... ) "C:\Program Files\DriverGuide Toolkit"
2006-07-29 22:58:52 ( .D... ) "C:\Program Files\NetmarbleJP"
2006-07-29 12:21:40 ( .D... ) "C:\Program Files\PowerQuest"
2006-07-28 13:57:34 262144 ( A.... ) "C:\WINDOWS\system32\wrap_oal.dll"
2006-07-28 13:57:34 86016 ( A.... ) "C:\WINDOWS\system32\OpenAL32.dll"
2006-07-28 10:08:16 ( .D... ) "C:\Program Files\Advanced StartUp Manager"
2006-07-27 10:35:40 ( .D... ) "C:\Program Files\Opera"
2006-07-26 13:17:22 ( .D... ) "C:\Program Files\FWC"
2006-07-25 19:06:40 ( .D... ) "C:\Program Files\Praxisoft"
2006-07-24 11:32:44 ( .D... ) "C:\Program Files\Maketorrent 2"
2006-07-23 13:27:22 ( .D... ) "C:\Program Files\Valve Hammer Editor"
2006-07-22 11:46:40 ( .D... ) "C:\Program Files\Narbacular Drop"
2006-07-21 14:33:20 ( .D... ) "C:\Program Files\PearPC Control Panel"
2006-07-21 12:57:38 ( .D... ) "C:\Program Files\PearPC"
2006-07-21 12:51:46 ( .D... ) "C:\Documents and Settings\Daniel\Application Data\VMware"
2006-07-21 12:37:20 ( .D... ) "C:\Program Files\Common Files\VMware"
2006-07-21 12:37:18 ( .D... ) "C:\Program Files\VMware"
2006-07-21 09:30:40 ( .D... ) "C:\Program Files\GiPo@Utilities"
2006-07-21 09:30:40 ( .D... ) "C:\Program Files\Common Files\Gibinsoft Shared"
2006-07-20 16:56:54 ( .D... ) "C:\Program Files\Stellarium"
2006-07-19 22:27:44 4608 ( A.... ) "C:\WINDOWS\system32\w95inf32.dll"
2006-07-19 22:27:44 2272 ( A.... ) "C:\WINDOWS\system32\w95inf16.dll"
2006-07-19 13:46:32 ( .D... ) "C:\Program Files\Just BASIC v1.01"
2006-07-11 21:38:02 ( .D... ) "C:\Program Files\Common Files\Blizzard Entertainment"
2006-07-09 22:28:18 ( .D... ) "C:\Program Files\OO Software"
2006-07-09 08:57:04 ( .D... ) "C:\Documents and Settings\Daniel\Application Data\My Games"
2006-07-09 08:41:46 34308 ( A.... ) "C:\WINDOWS\system32\BASSMOD.dll"
2006-07-08 23:25:00 ( .D... ) "C:\Program Files\Roguescanfix"
2006-07-08 22:28:32 21504 ( A.... ) "C:\WINDOWS\system32\1cc3a322.exe"
2006-07-07 20:06:40 ( .D... ) "C:\Program Files\DOSBox-0.65"
2006-06-30 12:31:12 ( .D... ) "C:\Program Files\Visualization"
2006-06-30 10:42:42 22384 ( A.... ) "C:\WINDOWS\system32\perfil.dll"
2006-06-30 10:42:42 17488 ( A.... ) "C:\WINDOWS\system32\nvgamfil.dll"
2006-06-30 10:42:42 16732 ( A.... ) "C:\WINDOWS\system32\popfil.dll"
2006-06-30 10:42:42 14264 ( A.... ) "C:\WINDOWS\system32\tafil.dll"
2006-06-30 10:42:42 13112 ( A.... ) "C:\WINDOWS\system32\finfil.dll"
2006-06-30 10:42:42 13034 ( A.... ) "C:\WINDOWS\system32\gblfil.dll"
2006-06-30 10:42:42 12502 ( A.... ) "C:\WINDOWS\system32\psyfil.dll"
2006-06-30 10:42:42 12350 ( A.... ) "C:\WINDOWS\system32\entfil.dll"
2006-06-30 10:42:42 12114 ( A.... ) "C:\WINDOWS\system32\sporfil.dll"
2006-06-30 10:42:42 11164 ( A.... ) "C:\WINDOWS\system32\fmfil.dll"
2006-06-30 10:42:42 10834 ( A.... ) "C:\WINDOWS\system32\chtfil.dll"
2006-06-30 10:42:42 9636 ( A.... ) "C:\WINDOWS\system32\gnfil.dll"
2006-06-30 10:42:42 8652 ( A.... ) "C:\WINDOWS\system32\jbfil.dll"
2006-06-30 10:42:42 7582 ( A.... ) "C:\WINDOWS\system32\movfil.dll"
2006-06-30 10:42:42 7036 ( A.... ) "C:\WINDOWS\system32\pkmon.dll"
2006-06-30 10:42:42 6830 ( A.... ) "C:\WINDOWS\system32\swfil.dll"
2006-06-30 10:42:42 5142 ( A.... ) "C:\WINDOWS\system32\iawfil.dll"
2006-06-30 10:42:42 4826 ( A.... ) "C:\WINDOWS\system32\vgamfil.dll"
2006-06-30 10:42:42 4558 ( A.... ) "C:\WINDOWS\system32\wrestfil.dll"
2006-06-30 10:42:42 4442 ( A.... ) "C:\WINDOWS\system32\hatfil.dll"
2006-06-30 10:42:42 3818 ( A.... ) "C:\WINDOWS\system32\viofil.dll"
2006-06-30 10:42:42 3444 ( A.... ) "C:\WINDOWS\system32\srchin.dll"
2006-06-30 10:42:42 2782 ( A.... ) "C:\WINDOWS\system32\lgwfil.dll"
2006-06-30 10:42:42 2164 ( A.... ) "C:\WINDOWS\system32\wzfil.dll"
2006-06-30 10:42:42 1830 ( A.... ) "C:\WINDOWS\system32\cultfil.dll"
2006-06-30 10:42:42 1816 ( A.... ) "C:\WINDOWS\system32\fshrfil.dll"
2006-06-30 10:42:42 1790 ( A.... ) "C:\WINDOWS\system32\csnews.dll"
2006-06-30 10:42:42 1462 ( A.... ) "C:\WINDOWS\system32\tapfil.dll"
2006-06-30 10:42:42 1378 ( A.... ) "C:\WINDOWS\system32\gdwfil.dll"
2006-06-30 10:42:42 980 ( A.... ) "C:\WINDOWS\system32\imgfil.dll"
2006-06-30 10:42:42 724 ( A.... ) "C:\WINDOWS\system32\spmfil.dll"
2006-06-30 10:42:42 670 ( A.... ) "C:\WINDOWS\system32\mp3fil.dll"
2006-06-30 10:42:42 540 ( A.... ) "C:\WINDOWS\system32\srchfrgn.dll"
2006-06-30 10:42:42 514 ( A.... ) "C:\WINDOWS\system32\snetfil.dll"
2006-06-30 10:42:42 400 ( A.... ) "C:\WINDOWS\system32\bsnlst.dll"
2006-06-30 10:42:42 306 ( A.... ) "C:\WINDOWS\system32\picsfil.dll"
2006-06-30 10:42:42 258 ( A.... ) "C:\WINDOWS\system32\srchout.dll"
2006-06-30 10:42:42 194 ( A.... ) "C:\WINDOWS\system32\igefil.dll"
2006-06-30 10:42:42 116 ( A.... ) "C:\WINDOWS\system32\nfil.dll"
2006-06-30 10:42:42 100 ( A.... ) "C:\WINDOWS\system32\bnrfil.dll"
2006-06-30 10:42:42 34 ( A.... ) "C:\WINDOWS\system32\macfil.dll"
2006-06-30 10:42:42 18 ( A.... ) "C:\WINDOWS\system32\lastupdate.dll"
2006-06-30 10:42:40 75140 ( A.... ) "C:\WINDOWS\system32\adwfil.dll"
2006-06-30 10:42:40 7504 ( A.... ) "C:\WINDOWS\system32\auctfil.dll"
2006-06-30 09:57:02 ( .D... ) "C:\Program Files\eMule"
2006-06-26 09:16:38 ( .D... ) "C:\Program Files\NVTweak"
2006-06-25 18:07:48 10 ( A.... ) "C:\WINDOWS\system32\Mste.dll"
2006-06-22 21:40:16 10599 ( A.... ) "C:\delfiles.bat"
2006-06-21 17:46:48 ( .D... ) "C:\Program Files\XLink Kai Evolution VII"
2006-06-21 14:49:32 4 ( A.... ) "C:\WINDOWS\system32\msvcf5bf.sys"
2006-06-19 16:20:42 702768 ( A.... ) "C:\WINDOWS\system32\WgaLogon.dll"
2006-06-15 17:03:42 ( .D... ) "C:\Program Files\XBC"
2006-06-11 10:39:26 ( .D... ) "C:\Documents and Settings\Daniel\Application Data\Systweak"
2006-06-11 10:38:18 ( .D... ) "C:\Program Files\Advanced System Optimizer"
2006-06-06 09:34:56 334174 ( ..... ) "C:\WINDOWS\sqlite3.dll"
2006-06-06 07:45:42 ( .D... ) "C:\Program Files\Opera 9 Beta"
2006-06-02 10:19:56 400 ( ..... ) "C:\WINDOWS\bsnlst.dll"
2006-06-02 02:39:16 270336 ( A.... ) "C:\WINDOWS\system32\oodssrs.dll"
2006-06-02 02:37:22 917504 ( A.... ) "C:\WINDOWS\system32\ooscrsav.scr"
2006-06-02 01:58:20 4096 ( A.... ) "C:\WINDOWS\system32\oodbsrs.dll"
2006-06-02 01:56:08 112128 ( A.... ) "C:\WINDOWS\system32\oodbs.exe"
2006-06-02 01:52:58 339456 ( A.... ) "C:\WINDOWS\system32\oodag.exe"
2006-06-02 01:51:42 10240 ( A.... ) "C:\WINDOWS\system32\oodagrs.dll"
2006-06-02 01:50:06 10240 ( A.... ) "C:\WINDOWS\system32\oodagmg.dll"
2006-06-01 23:57:24 9728 ( A.... ) "C:\WINDOWS\system32\ootmapi.dll"
2006-06-01 19:09:24 208896 ( A.... ) "C:\WINDOWS\system32\NVUNINST.EXE"
2006-06-01 19:09:24 208896 ( A.... ) "C:\WINDOWS\system32\nvudisp.exe"
2006-06-01 17:22:00 7618560 ( A.... ) "C:\WINDOWS\system32\nvcpl.dll"
2006-06-01 17:22:00 5652480 ( A.... ) "C:\WINDOWS\system32\nvdisps.dll"
2006-06-01 17:22:00 5632000 ( A.... ) "C:\WINDOWS\system32\nvoglnt.dll"
2006-06-01 17:22:00 5246976 ( A.... ) "C:\WINDOWS\system32\nvdispsr.dll"
2006-06-01 17:22:00 4529408 ( A.... ) "C:\WINDOWS\system32\nv4_disp.dll"
2006-06-01 17:22:00 3100672 ( A.... ) "C:\WINDOWS\system32\nvgames.dll"
2006-06-01 17:22:00 2977792 ( A.... ) "C:\WINDOWS\system32\nvvitvsr.dll"
2006-06-01 17:22:00 2924544 ( A.... ) "C:\WINDOWS\system32\nvvitvs.dll"
2006-06-01 17:22:00 2916352 ( A.... ) "C:\WINDOWS\system32\nvgamesr.dll"
2006-06-01 17:22:00 2859008 ( A.... ) "C:\WINDOWS\system32\nvmoblsr.dll"
2006-06-01 17:22:00 1740800 ( A.... ) "C:\WINDOWS\system32\nvwssr.dll"
2006-06-01 17:22:00 1662976 ( A.... ) "C:\WINDOWS\system32\nvwdmcpl.dll"
2006-06-01 17:22:00 1519616 ( A.... ) "C:\WINDOWS\system32\nwiz.exe"
2006-06-01 17:22:00 1466368 ( A.... ) "C:\WINDOWS\system32\nview.dll"
2006-06-01 17:22:00 1339392 ( A.... ) "C:\WINDOWS\system32\nvdspsch.exe"
2006-06-01 17:22:00 1257472 ( A.... ) "C:\WINDOWS\system32\nvwss.dll"
2006-06-01 17:22:00 1019904 ( A.... ) "C:\WINDOWS\system32\nvwimg.dll"
2006-06-01 17:22:00 1011712 ( A.... ) "C:\WINDOWS\system32\nvcpluir.dll"
2006-06-01 17:22:00 888832 ( A.... ) "C:\WINDOWS\system32\nvmobls.dll"
2006-06-01 17:22:00 794624 ( A.... ) "C:\WINDOWS\system32\nvcplui.exe"
2006-06-01 17:22:00 581632 ( A.... ) "C:\WINDOWS\system32\nvhwvid.dll"
2006-06-01 17:22:00 466944 ( A.... ) "C:\WINDOWS\system32\nvshell.dll"
2006-06-01 17:22:00 462848 ( A.... ) "C:\WINDOWS\system32\nvmccssr.dll"
2006-06-01 17:22:00 442368 ( A.... ) "C:\WINDOWS\system32\nvappbar.exe"
2006-06-01 17:22:00 425984 ( A.... ) "C:\WINDOWS\system32\keystone.exe"
2006-06-01 17:22:00 311296 ( A.... ) "C:\WINDOWS\system32\nvexpbar.dll"
2006-06-01 17:22:00 286720 ( A.... ) "C:\WINDOWS\system32\nvnt4cpl.dll"
2006-06-01 17:22:00 229376 ( A.... ) "C:\WINDOWS\system32\nvmccs.dll"
2006-06-01 17:22:00 196608 ( A.... ) "C:\WINDOWS\system32\nvapi.dll"
2006-06-01 17:22:00 188416 ( A.... ) "C:\WINDOWS\system32\nvmccss.dll"
2006-06-01 17:22:00 155715 ( A.... ) "C:\WINDOWS\system32\nvsvc32.exe"
2006-06-01 17:22:00 147456 ( A.... ) "C:\WINDOWS\system32\nvcolor.exe"
2006-06-01 17:22:00 86016 ( A.... ) "C:\WINDOWS\system32\nvmctray.dll"
2006-06-01 17:22:00 81920 ( A.... ) "C:\WINDOWS\system32\nvwddi.dll"
2006-06-01 17:22:00 45056 ( A.... ) "C:\WINDOWS\system32\nvmccsrs.dll"
2006-06-01 17:22:00 35840 ( A.... ) "C:\WINDOWS\system32\nvcodins.dll"
2006-06-01 17:22:00 35840 ( A.... ) "C:\WINDOWS\system32\nvcod.dll"
2006-05-31 16:47:58 28080 ( ..... ) "C:\Documents and Settings\Daniel\Application Data\Tab Separated Values (Windows).ADR"
2006-05-31 07:24:16 230168 ( A.... ) "C:\WINDOWS\system32\xactengine2_2.dll"
2006-05-26 19:39:06 221184 ( A.... ) "C:\WINDOWS\system32\UAService7.exe"
2006-05-26 19:39:06 98304 ( A.... ) "C:\WINDOWS\system32\CmdLineExt.dll"
2006-05-21 18:10:10 126976 ( A.... ) "C:\WINDOWS\system32\zip.exe"
2006-05-19 08:59:42 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll"
2006-05-19 08:59:42 111616 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll"
2006-05-19 08:59:42 94720 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll"
2006-05-09 16:15:16 737280 ( ..... ) "C:\WINDOWS\iun6002.exe"
2006-05-08 15:27:18 733696 ( ..... ) "C:\WINDOWS\GPInstall.exe"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-07-31 20:10 706,048 C:\WINDOWS\system32\libmcl-3.1.1.dll
2006-07-31 20:10 3,423,744 C:\WINDOWS\system32\libfilefmt-1.1.0.dll
2006-07-31 20:10 20,480 C:\WINDOWS\system32\libavi-dd-1.2.0.dll
2006-07-31 11:51 320,000 C:\WINDOWS\Reg.dll
2006-07-31 11:51 297,984 C:\WINDOWS\midas.dll
2006-07-31 09:01 40,973 C:\WINDOWS\system32\tuvstts.dll
2006-07-30 18:01 65,536 C:\WINDOWS\system32\Msikbd.dll
2006-07-30 18:01 28,672 C:\WINDOWS\system32\msiosd32.dll
2006-07-30 18:01 163,840 C:\WINDOWS\DellMMKb.exe
2006-07-28 14:02 62,672 C:\WINDOWS\system32\xinput1_1.dll
2006-07-28 14:02 230,168 C:\WINDOWS\system32\xactengine2_2.dll
2006-07-28 14:02 230,096 C:\WINDOWS\system32\xactengine2_0.dll
2006-07-28 14:02 229,584 C:\WINDOWS\system32\xactengine2_1.dll
2006-07-28 14:02 2,388,176 C:\WINDOWS\system32\d3dx9_30.dll
2006-07-28 14:02 2,332,368 C:\WINDOWS\system32\d3dx9_29.dll
2006-07-28 14:02 2,323,664 C:\WINDOWS\system32\d3dx9_28.dll
2006-07-28 14:02 14,032 C:\WINDOWS\system32\x3daudio1_0.dll
2006-07-28 13:57 86,016 C:\WINDOWS\system32\OpenAL32.dll
2006-07-28 13:57 262,144 C:\WINDOWS\system32\wrap_oal.dll
2006-07-21 12:45 5,120 C:\WINDOWS\system32\vnetinst.dll
2006-07-21 12:45 135,168 C:\WINDOWS\system32\vmnat.exe
2006-07-21 12:45 106,496 C:\WINDOWS\system32\vmnetdhcp.exe
2006-07-21 12:44 385,024 C:\WINDOWS\system32\vnetlib.dll
2006-07-19 22:28 38,160 C:\WINDOWS\system32\LMRTREND.dll
2006-07-19 22:28 182,032 C:\WINDOWS\system32\dxtmsft3.dll
2006-07-19 22:27 63,488 C:\WINDOWS\system32\unam4ie.exe
2006-07-19 22:27 4,608 C:\WINDOWS\system32\w95inf32.dll
2006-07-19 22:27 2,272 C:\WINDOWS\system32\w95inf16.dll
2006-07-19 22:27 194,320 C:\WINDOWS\system32\qcut.dll
2006-07-19 22:27 10,240 C:\WINDOWS\system32\vidx16.dll
2006-07-15 19:21 4,096 C:\WINDOWS\system32\reboot.exe
2006-07-15 19:21 16,384 C:\WINDOWS\system32\restart.exe
2006-07-15 19:21 10,599 C:\delfiles.bat
2006-07-13 22:42 126,976 C:\WINDOWS\system32\zip.exe
2006-07-09 08:41 34,308 C:\WINDOWS\system32\BASSMOD.dll
2006-07-08 22:28 21,504 C:\WINDOWS\system32\1cc3a322.exe
2006-07-02 11:55 9,636 C:\WINDOWS\system32\gnfil.dll
2006-07-02 11:55 8,652 C:\WINDOWS\system32\jbfil.dll
2006-07-02 11:55 724 C:\WINDOWS\system32\spmfil.dll
2006-07-02 11:55 7,582 C:\WINDOWS\system32\movfil.dll
2006-07-02 11:55 7,504 C:\WINDOWS\system32\auctfil.dll
2006-07-02 11:55 7,036 C:\WINDOWS\system32\pkmon.dll
2006-07-02 11:55 670 C:\WINDOWS\system32\mp3fil.dll
2006-07-02 11:55 6,830 C:\WINDOWS\system32\swfil.dll
2006-07-02 11:55 540 C:\WINDOWS\system32\srchfrgn.dll
2006-07-02 11:55 400 C:\WINDOWS\system32\bsnlst.dll
2006-07-02 11:55 4,558 C:\WINDOWS\system32\wrestfil.dll
2006-07-02 11:55 34 C:\WINDOWS\system32\macfil.dll
2006-07-02 11:55 22,384 C:\WINDOWS\system32\perfil.dll
2006-07-02 11:55 2,164 C:\WINDOWS\system32\wzfil.dll
2006-07-02 11:55 194 C:\WINDOWS\system32\igefil.dll
2006-07-02 11:55 18 C:\WINDOWS\system32\lastupdate.dll
2006-07-02 11:55 17,488 C:\WINDOWS\system32\nvgamfil.dll
2006-07-02 11:55 16,732 C:\WINDOWS\system32\popfil.dll
2006-07-02 11:55 14,264 C:\WINDOWS\system32\tafil.dll
2006-07-02 11:55 13,112 C:\WINDOWS\system32\finfil.dll
2006-07-02 11:55 12,502 C:\WINDOWS\system32\psyfil.dll
2006-07-02 11:55 12,350 C:\WINDOWS\system32\entfil.dll
2006-07-02 11:55 12,114 C:\WINDOWS\system32\sporfil.dll
2006-07-02 11:55 116 C:\WINDOWS\system32\nfil.dll
2006-07-02 11:55 11,164 C:\WINDOWS\system32\fmfil.dll
2006-07-02 11:55 100 C:\WINDOWS\system32\bnrfil.dll
2006-07-02 11:55 1,816 C:\WINDOWS\system32\fshrfil.dll
2006-07-02 11:55 1,790 C:\WINDOWS\system32\csnews.dll
2006-07-02 11:55 1,462 C:\WINDOWS\system32\tapfil.dll
2006-07-02 11:51 980 C:\WINDOWS\system32\imgfil.dll
2006-07-02 11:51 75,140 C:\WINDOWS\system32\adwfil.dll
2006-07-02 11:51 514 C:\WINDOWS\system32\snetfil.dll
2006-07-02 11:51 5,142 C:\WINDOWS\system32\iawfil.dll
2006-07-02 11:51 400 C:\WINDOWS\bsnlst.dll
2006-07-02 11:51 4,826 C:\WINDOWS\system32\vgamfil.dll
2006-07-02 11:51 4,442 C:\WINDOWS\system32\hatfil.dll
2006-07-02 11:51 334,174 C:\WINDOWS\sqlite3.dll
2006-07-02 11:51 306 C:\WINDOWS\system32\picsfil.dll
2006-07-02 11:51 3,818 C:\WINDOWS\system32\viofil.dll
2006-07-02 11:51 3,444 C:\WINDOWS\system32\srchin.dll
2006-07-02 11:51 258 C:\WINDOWS\system32\srchout.dll
2006-07-02 11:51 2,782 C:\WINDOWS\system32\lgwfil.dll
2006-07-02 11:51 13,034 C:\WINDOWS\system32\gblfil.dll
2006-07-02 11:51 121,856 C:\WINDOWS\system32\mslspc.exe
2006-07-02 11:51 10,834 C:\WINDOWS\system32\chtfil.dll
2006-07-02 11:51 1,830 C:\WINDOWS\system32\cultfil.dll
2006-07-02 11:51 1,378 C:\WINDOWS\system32\gdwfil.dll
2006-06-25 18:07 10 C:\WINDOWS\system32\Mste.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Dell AIO Printer A920"="\"C:\\Program Files\\Dell AIO Printer A920\\dlbkbmgr.exe\""
"BCMSMMSG"="\"BCMSMMSG.exe\""
"dla"="\"C:\\WINDOWS\\system32\\dla\\tfswctrl.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe\""
"NeroFilterCheck"="\"C:\\WINDOWS\\system32\\NeroCheck.exe\""
"IgfxTray"="\"C:\\WINDOWS\\system32\\igfxtray.exe\""
"HotKeysCmds"="\"C:\\WINDOWS\\system32\\hkcmd.exe\""
"DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"nwiz"="\"nwiz.exe \" /install"
"Dell AIO Printer A940"="\"C:\\Program Files\\Dell AIO Printer A940\\dlbabmgr.exe\""
"IMEKRMIG6.1"="\"C:\\WINDOWS\\ime\\imkr6_1\\IMEKRMIG.EXE\""
"MSPY2002"="\"C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe \" /SYNC"
"SoundMAXPnP"="\"C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"Windows Media Connect 2"="\"C:\\Program Files\\Windows Media Connect 2\\WMCCFG.exe\" /StartQuiet"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Free Download Manager"="C:\\Program Files\\Free Download Manager\\fdm.exe -autorun"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"flags"=dword:00000008

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveAutoRun"=dword:02400148
"NoCDBurning"=dword:00000000
"AllowLegacyWebView"=dword:00000001
"AllowUnhashedWebView"=dword:00000001
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"wininet.dll"="regperf.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{8888D1E3-0AE9-1033-0826-040609050001}"="\"C:\\Program Files\\Common Files\\{8888D1E3-0AE9-1033-0826-040609050001}\\Update.exe\" mc-110-12-0000272"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MpfTray"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OneCareUI"="\"C:\\Program Files\\Microsoft Windows OneCare Live\\winssnotify.exe\""

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system
DontDisplayLastUserName REG_DWORD 0 (0x0)
DisableTaskMgr REG_DWORD 0 (0x0)
NoDispAppearancePage REG_DWORD 0 (0x0)
NoColorChoice REG_DWORD 0 (0x0)
NoSizeChoice REG_DWORD 0 (0x0)
NoDispBackgroundPage REG_DWORD 0 (0x0)
NoDispScrSavPage REG_DWORD 0 (0x0)
NoDispCPL REG_DWORD 0 (0x0)
NoVisualStyleChoice REG_DWORD 0 (0x0)
NoDispSettingsPage REG_DWORD 0 (0x0)

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WinDefend


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_DANIEL_Daniel.job

Completion time: Sun 08/06/2006 9:20:00.96
ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt

ComboFix.2006-08-06.091159.txt

-------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:26:25 AM, on 8/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Media Connect 2\WMCCFG.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Daniel\Desktop\hijack\Hello.exe

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\dapbho.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - (no file)
O2 - BHO: (no name) - {878E0A7B-ADA7-4910-856B-5287740E76AF} - C:\WINDOWS\system32\ssqrr.dll (file missing)
O2 - BHO: (no name) - {B3B8DD2F-E623-4F59-9CD0-41012597B32E} - (no file)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: (no name) - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - (no file)
O2 - BHO: (no name) - {f7d40011-29bb-43eb-9c97-875ce89e9e36} - (no file)
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - (no file)
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [BCMSMMSG] "BCMSMMSG.exe"
O4 - HKLM\..\Run: [dla] "C:\WINDOWS\system32\dla\tfswctrl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"
O4 - HKLM\..\Run: [IgfxTray] "C:\WINDOWS\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [nwiz] "nwiz.exe " /install
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [IMEKRMIG6.1] "C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe " /SYNC
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WiziWYG XP Startup.lnk = C:\Program Files\Praxisoft\WiziWYG XP\WiziWYGXP.exe
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1154823354718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1154823452140
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{698DE69A-709E-4707-BF74-CAC23A121C48}: NameServer = 68.87.73.242,68.87.71.226
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: repairs303169590.dll,wbsys.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ssqrr - C:\WINDOWS\system32\ssqrr.dll (file missing)
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~2\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wineij32 - wineij32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Connected Agent Service (AgentSrv) - Unknown owner - C:\Program Files\BackUp Solutions\AgentSrv.EXE (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:06:41 AM

Posted 06 August 2006 - 03:11 PM

Hello there DanTycoon,

It is a good idea to print off these instructions:
This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available.
You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
A print out of the instructions would be a good reference to make sure you don't yet lost.
Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out!
If you have any queries about the process or just general questions, just ask.

1) Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - (no file)
O2 - BHO: (no name) - {878E0A7B-ADA7-4910-856B-5287740E76AF} - C:\WINDOWS\system32\ssqrr.dll (file missing)
O2 - BHO: (no name) - {B3B8DD2F-E623-4F59-9CD0-41012597B32E} - (no file)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: (no name) - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - (no file)
O2 - BHO: (no name) - {f7d40011-29bb-43eb-9c97-875ce89e9e36} - (no file)
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - (no file)
O20 - AppInit_DLLs: repairs303169590.dll,wbsys.dll
O20 - Winlogon Notify: ssqrr - C:\WINDOWS\system32\ssqrr.dll (file missing)
O20 - Winlogon Notify: wineij32 - wineij32.dll (file missing)


Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

2) Download KillBox from the following link :
http://www.bleepingcomputer.com/files/killbox.php
Unzip the folder to your desktop.

Start Killbox.exe
Select the "Delete on Reboot" option.
Click on the "All Files" button (!important!),which will then flash green.
Copy the complete text in bold below to the clipboard by highlighting the filepaths and pressing Control + C:

C:\Program Files\Common Files\{8888D1E3-0AE9-1033-0826-040609050001}\Update.exe
C:\WINDOWS\system32\tuvstts.dll
C:\WINDOWS\system32\1cc3a322.exe
C:\WINDOWS\system32\perfil.dll
C:\WINDOWS\system32\nvgamfil.dll
C:\WINDOWS\system32\popfil.dll
C:\WINDOWS\system32\tafil.dll
C:\WINDOWS\system32\finfil.dll
C:\WINDOWS\system32\gblfil.dll
C:\WINDOWS\system32\psyfil.dll
C:\WINDOWS\system32\entfil.dll
C:\WINDOWS\system32\sporfil.dll
C:\WINDOWS\system32\fmfil.dll
C:\WINDOWS\system32\fmfil.dll
C:\WINDOWS\system32\gnfil.dll
C:\WINDOWS\system32\jbfil.dll
C:\WINDOWS\system32\movfil.dll
C:\WINDOWS\system32\movfil.dll
C:\WINDOWS\system32\swfil.dll
C:\WINDOWS\system32\iawfil.dll
C:\WINDOWS\system32\vgamfil.dll
C:\WINDOWS\system32\wrestfil.dll
C:\WINDOWS\system32\hatfil.dll
C:\WINDOWS\system32\viofil.dll
C:\WINDOWS\system32\srchin.dll
C:\WINDOWS\system32\lgwfil.dll
C:\WINDOWS\system32\wzfil.dll
C:\WINDOWS\system32\cultfil.dll
C:\WINDOWS\system32\fshrfil.dll
C:\WINDOWS\system32\csnews.dll
C:\WINDOWS\system32\tapfil.dll
C:\WINDOWS\system32\gdwfil.dll
C:\WINDOWS\system32\gdwfil.dll
C:\WINDOWS\system32\spmfil.dll
C:\WINDOWS\system32\mp3fil.dll
C:\WINDOWS\system32\srchfrgn.dll
C:\WINDOWS\system32\snetfil.dll
C:\WINDOWS\system32\snetfil.dll
C:\WINDOWS\system32\picsfil.dll
C:\WINDOWS\system32\srchout.dll
C:\WINDOWS\system32\igefil.dll
C:\WINDOWS\system32\nfil.dll
C:\WINDOWS\system32\bnrfil.dll
C:\WINDOWS\system32\macfil.dll
C:\WINDOWS\system32\lastupdate.dll
C:\WINDOWS\system32\adwfil.dll
C:\WINDOWS\system32\auctfil.dll
C:\WINDOWS\system32\Mste.dll
C:\WINDOWS\system32\msvcf5bf.sys
C:\WINDOWS\bsnlst.dll"
C:\WINDOWS\iun6002.exe
C:\WINDOWS\GPInstall.exe
C:\WINDOWS\system32\repairs303169590.dll
C:\WINDOWS\system32\regperf.exe


Open 'file' in the killboxmenu on top and choose Paste from clipboard
You must use the file File menu--pasting by right-clicking the mouse will only enter one file.
Then press the button that looks like a red circle with a white X in it.
Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to Reboot now, click "yes".
Click OK at any Pending File Rename Operations prompt, let me know if there appear.
If you don't get that message, reboot manually.
Your computer should reboot now.

3) Please open notepad and and copy and paste next bold in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

Save this as "fix.reg" Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

4) Please find and delete this folder:
C:\Program Files\Common Files\{8888D1E3-0AE9-1033-0826-040609050001}

5) Download GMER from Here
Right Click the Zip and Select "Extract All"
Double Click gmer.exe to launch the program.
Click on the Rootkit Tab and then click Scan.
It takes a while to run, once complete, copy the results to notepad and save them somewhere safe.
Post those results in the next reply.

Please post back with a new Hijackthis log, a new Combofix log and the GMER log.
David

Edited by D-Trojanator, 06 August 2006 - 03:12 PM.


#7 DanTycoon

DanTycoon
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Location:Burlington, Connecticut, USA
  • Local time:01:41 AM

Posted 06 August 2006 - 04:49 PM

Here's the logs. No rename popups.

----------------------------------------------------------HJT--------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 5:44:48 PM, on 8/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Media Connect 2\WMCCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Documents and Settings\Daniel\Desktop\hijack\Hello.exe

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\dapbho.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3A497F7F-13F9-451F-A5F8-75A993260EAC} - C:\WINDOWS\system32\ssqrr.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [BCMSMMSG] "BCMSMMSG.exe"
O4 - HKLM\..\Run: [dla] "C:\WINDOWS\system32\dla\tfswctrl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"
O4 - HKLM\..\Run: [IgfxTray] "C:\WINDOWS\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [nwiz] "nwiz.exe " /install
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [IMEKRMIG6.1] "C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe " /SYNC
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WiziWYG XP Startup.lnk = C:\Program Files\Praxisoft\WiziWYG XP\WiziWYGXP.exe
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{698DE69A-709E-4707-BF74-CAC23A121C48}: NameServer = 68.87.73.242,68.87.71.226
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~2\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Connected Agent Service (AgentSrv) - Unknown owner - C:\Program Files\BackUp Solutions\AgentSrv.EXE (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe


----------------------------------------------------------ComboFix-------------------------------------------------------

Start Time= Sun 08/06/2006 17:39:43.59
Running from: C:\Documents and Settings\Daniel\Desktop

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-06 16:51:48 528446 ( A.... ) "C:\WINDOWS\gmer.dll"
2006-08-06 15:30:56 77312 ( A.... ) "C:\WINDOWS\system32\VundoFix.exe"
2006-08-06 10:17:32 ( .D... ) "C:\Program Files\Konvertor"
2006-08-05 09:35:34 ( .D... ) "C:\Program Files\Microsoft Bootvis"
2006-08-04 20:24:14 ( .D... ) "C:\Program Files\a-squared Free"
2006-08-04 20:18:16 ( .D... ) "C:\Program Files\Quick StartUp"
2006-08-04 20:00:52 ( .D... ) "C:\Documents and Settings\Daniel\Application Data\AVG7"
2006-08-04 20:00:06 ( .D... ) "C:\Program Files\Grisoft"
2006-08-03 10:06:22 ( .D... ) "C:\Program Files\AuditionSEA"
2006-08-02 16:18:20 ( .D... ) "C:\Program Files\MeadCo"
2006-08-01 20:56:48 ( .D... ) "C:\Program Files\Microsoft"
2006-08-01 19:02:56 ( .D... ) "C:\Program Files\PROnetworks"
2006-07-31 21:21:52 ( .D... ) "C:\Program Files\Future algorithms"
2006-07-31 20:19:38 ( .D... ) "C:\Program Files\Ashampoo"
2006-07-31 20:10:36 ( .D... ) "C:\Program Files\AVI to MPEG Converter"
2006-07-31 11:51:32 320000 ( ..... ) "C:\WINDOWS\Reg.dll"
2006-07-31 11:51:32 297984 ( ..... ) "C:\WINDOWS\midas.dll"
2006-07-31 10:22:08 ( .D... ) "C:\Program Files\McAfee.com"
2006-07-31 10:21:54 ( .D... ) "C:\Program Files\Common Files\McAfee"
2006-07-31 10:21:42 ( .D... ) "C:\Program Files\McAfee"
2006-07-31 09:25:50 ( .D... ) "C:\Documents and Settings\Daniel\Application Data\McAfee"
2006-07-30 18:01:14 ( .D... ) "C:\Program Files\Netropa"
2006-07-30 17:52:56 ( .D... ) "C:\Documents and Settings\Daniel\Application Data\Configuration"
2006-07-30 17:45:22 ( .D... ) "C:\Program Files\DriverGuide Toolkit"
2006-07-29 22:58:52 ( .D... ) "C:\Program Files\NetmarbleJP"
2006-07-29 12:21:40 ( .D... ) "C:\Program Files\PowerQuest"
2006-07-28 13:57:34 262144 ( A.... ) "C:\WINDOWS\system32\wrap_oal.dll"
2006-07-28 13:57:34 86016 ( A.... ) "C:\WINDOWS\system32\OpenAL32.dll"
2006-07-28 10:08:16 ( .D... ) "C:\Program Files\Advanced StartUp Manager"
2006-07-27 10:35:40 ( .D... ) "C:\Program Files\Opera"
2006-07-26 13:17:22 ( .D... ) "C:\Program Files\FWC"
2006-07-25 19:06:40 ( .D... ) "C:\Program Files\Praxisoft"
2006-07-24 11:32:44 ( .D... ) "C:\Program Files\Maketorrent 2"
2006-07-23 13:27:22 ( .D... ) "C:\Program Files\Valve Hammer Editor"
2006-07-22 11:46:40 ( .D... ) "C:\Program Files\Narbacular Drop"
2006-07-21 14:33:20 ( .D... ) "C:\Program Files\PearPC Control Panel"
2006-07-21 12:57:38 ( .D... ) "C:\Program Files\PearPC"
2006-07-21 12:51:46 ( .D... ) "C:\Documents and Settings\Daniel\Application Data\VMware"
2006-07-21 12:37:20 ( .D... ) "C:\Program Files\Common Files\VMware"
2006-07-21 12:37:18 ( .D... ) "C:\Program Files\VMware"
2006-07-21 09:30:40 ( .D... ) "C:\Program Files\GiPo@Utilities"
2006-07-21 09:30:40 ( .D... ) "C:\Program Files\Common Files\Gibinsoft Shared"
2006-07-20 16:56:54 ( .D... ) "C:\Program Files\Stellarium"
2006-07-19 22:27:44 4608 ( A.... ) "C:\WINDOWS\system32\w95inf32.dll"
2006-07-19 22:27:44 2272 ( A.... ) "C:\WINDOWS\system32\w95inf16.dll"
2006-07-19 13:46:32 ( .D... ) "C:\Program Files\Just BASIC v1.01"
2006-07-11 21:38:02 ( .D... ) "C:\Program Files\Common Files\Blizzard Entertainment"
2006-07-09 22:28:18 ( .D... ) "C:\Program Files\OO Software"
2006-07-09 08:57:04 ( .D... ) "C:\Documents and Settings\Daniel\Application Data\My Games"
2006-07-09 08:41:46 34308 ( A.... ) "C:\WINDOWS\system32\BASSMOD.dll"
2006-07-08 23:25:00 ( .D... ) "C:\Program Files\Roguescanfix"
2006-07-07 20:06:40 ( .D... ) "C:\Program Files\DOSBox-0.65"
2006-06-30 12:31:12 ( .D... ) "C:\Program Files\Visualization"
2006-06-30 10:42:42 10834 ( A.... ) "C:\WINDOWS\system32\chtfil.dll"
2006-06-30 10:42:42 7036 ( A.... ) "C:\WINDOWS\system32\pkmon.dll"
2006-06-30 10:42:42 980 ( A.... ) "C:\WINDOWS\system32\imgfil.dll"
2006-06-30 10:42:42 400 ( A.... ) "C:\WINDOWS\system32\bsnlst.dll"
2006-06-30 09:57:02 ( .D... ) "C:\Program Files\eMule"
2006-06-26 09:16:38 ( .D... ) "C:\Program Files\NVTweak"
2006-06-22 21:40:16 10599 ( A.... ) "C:\delfiles.bat"
2006-06-21 17:46:48 ( .D... ) "C:\Program Files\XLink Kai Evolution VII"
2006-06-19 16:20:42 702768 ( A.... ) "C:\WINDOWS\system32\WgaLogon.dll"
2006-06-15 17:03:42 ( .D... ) "C:\Program Files\XBC"
2006-06-11 10:39:26 ( .D... ) "C:\Documents and Settings\Daniel\Application Data\Systweak"
2006-06-11 10:38:18 ( .D... ) "C:\Program Files\Advanced System Optimizer"
2006-06-06 20:49:00 745531 ( A.... ) "C:\WINDOWS\gmer.exe"
2006-06-06 09:34:56 334174 ( ..... ) "C:\WINDOWS\sqlite3.dll"
2006-06-06 07:45:42 ( .D... ) "C:\Program Files\Opera 9 Beta"
2006-06-02 10:19:56 400 ( ..... ) "C:\WINDOWS\bsnlst.dll"
2006-06-02 02:39:16 270336 ( A.... ) "C:\WINDOWS\system32\oodssrs.dll"
2006-06-02 02:37:22 917504 ( A.... ) "C:\WINDOWS\system32\ooscrsav.scr"
2006-06-02 01:58:20 4096 ( A.... ) "C:\WINDOWS\system32\oodbsrs.dll"
2006-06-02 01:56:08 112128 ( A.... ) "C:\WINDOWS\system32\oodbs.exe"
2006-06-02 01:52:58 339456 ( A.... ) "C:\WINDOWS\system32\oodag.exe"
2006-06-02 01:51:42 10240 ( A.... ) "C:\WINDOWS\system32\oodagrs.dll"
2006-06-02 01:50:06 10240 ( A.... ) "C:\WINDOWS\system32\oodagmg.dll"
2006-06-01 23:57:24 9728 ( A.... ) "C:\WINDOWS\system32\ootmapi.dll"
2006-06-01 19:09:24 208896 ( A.... ) "C:\WINDOWS\system32\NVUNINST.EXE"
2006-06-01 19:09:24 208896 ( A.... ) "C:\WINDOWS\system32\nvudisp.exe"
2006-06-01 17:22:00 7618560 ( A.... ) "C:\WINDOWS\system32\nvcpl.dll"
2006-06-01 17:22:00 5652480 ( A.... ) "C:\WINDOWS\system32\nvdisps.dll"
2006-06-01 17:22:00 5632000 ( A.... ) "C:\WINDOWS\system32\nvoglnt.dll"
2006-06-01 17:22:00 5246976 ( A.... ) "C:\WINDOWS\system32\nvdispsr.dll"
2006-06-01 17:22:00 4529408 ( A.... ) "C:\WINDOWS\system32\nv4_disp.dll"
2006-06-01 17:22:00 3100672 ( A.... ) "C:\WINDOWS\system32\nvgames.dll"
2006-06-01 17:22:00 2977792 ( A.... ) "C:\WINDOWS\system32\nvvitvsr.dll"
2006-06-01 17:22:00 2924544 ( A.... ) "C:\WINDOWS\system32\nvvitvs.dll"
2006-06-01 17:22:00 2916352 ( A.... ) "C:\WINDOWS\system32\nvgamesr.dll"
2006-06-01 17:22:00 2859008 ( A.... ) "C:\WINDOWS\system32\nvmoblsr.dll"
2006-06-01 17:22:00 1740800 ( A.... ) "C:\WINDOWS\system32\nvwssr.dll"
2006-06-01 17:22:00 1662976 ( A.... ) "C:\WINDOWS\system32\nvwdmcpl.dll"
2006-06-01 17:22:00 1519616 ( A.... ) "C:\WINDOWS\system32\nwiz.exe"
2006-06-01 17:22:00 1466368 ( A.... ) "C:\WINDOWS\system32\nview.dll"
2006-06-01 17:22:00 1339392 ( A.... ) "C:\WINDOWS\system32\nvdspsch.exe"
2006-06-01 17:22:00 1257472 ( A.... ) "C:\WINDOWS\system32\nvwss.dll"
2006-06-01 17:22:00 1019904 ( A.... ) "C:\WINDOWS\system32\nvwimg.dll"
2006-06-01 17:22:00 1011712 ( A.... ) "C:\WINDOWS\system32\nvcpluir.dll"
2006-06-01 17:22:00 888832 ( A.... ) "C:\WINDOWS\system32\nvmobls.dll"
2006-06-01 17:22:00 794624 ( A.... ) "C:\WINDOWS\system32\nvcplui.exe"
2006-06-01 17:22:00 581632 ( A.... ) "C:\WINDOWS\system32\nvhwvid.dll"
2006-06-01 17:22:00 466944 ( A.... ) "C:\WINDOWS\system32\nvshell.dll"
2006-06-01 17:22:00 462848 ( A.... ) "C:\WINDOWS\system32\nvmccssr.dll"
2006-06-01 17:22:00 442368 ( A.... ) "C:\WINDOWS\system32\nvappbar.exe"
2006-06-01 17:22:00 425984 ( A.... ) "C:\WINDOWS\system32\keystone.exe"
2006-06-01 17:22:00 311296 ( A.... ) "C:\WINDOWS\system32\nvexpbar.dll"
2006-06-01 17:22:00 286720 ( A.... ) "C:\WINDOWS\system32\nvnt4cpl.dll"
2006-06-01 17:22:00 229376 ( A.... ) "C:\WINDOWS\system32\nvmccs.dll"
2006-06-01 17:22:00 196608 ( A.... ) "C:\WINDOWS\system32\nvapi.dll"
2006-06-01 17:22:00 188416 ( A.... ) "C:\WINDOWS\system32\nvmccss.dll"
2006-06-01 17:22:00 155715 ( A.... ) "C:\WINDOWS\system32\nvsvc32.exe"
2006-06-01 17:22:00 147456 ( A.... ) "C:\WINDOWS\system32\nvcolor.exe"
2006-06-01 17:22:00 86016 ( A.... ) "C:\WINDOWS\system32\nvmctray.dll"
2006-06-01 17:22:00 81920 ( A.... ) "C:\WINDOWS\system32\nvwddi.dll"
2006-06-01 17:22:00 45056 ( A.... ) "C:\WINDOWS\system32\nvmccsrs.dll"
2006-06-01 17:22:00 35840 ( A.... ) "C:\WINDOWS\system32\nvcodins.dll"
2006-06-01 17:22:00 35840 ( A.... ) "C:\WINDOWS\system32\nvcod.dll"
2006-05-31 16:47:58 28080 ( ..... ) "C:\Documents and Settings\Daniel\Application Data\Tab Separated Values (Windows).ADR"
2006-05-31 07:24:16 230168 ( A.... ) "C:\WINDOWS\system32\xactengine2_2.dll"
2006-05-26 19:39:06 221184 ( A.... ) "C:\WINDOWS\system32\UAService7.exe"
2006-05-26 19:39:06 98304 ( A.... ) "C:\WINDOWS\system32\CmdLineExt.dll"
2006-05-21 18:10:10 126976 ( A.... ) "C:\WINDOWS\system32\zip.exe"
2006-05-19 08:59:42 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll"
2006-05-19 08:59:42 111616 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll"
2006-05-19 08:59:42 94720 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-08-06 16:51 745,531 C:\WINDOWS\gmer.exe
2006-08-06 16:51 528,446 C:\WINDOWS\gmer.dll
2006-08-06 15:30 77,312 C:\WINDOWS\system32\VundoFix.exe
2006-07-31 20:10 706,048 C:\WINDOWS\system32\libmcl-3.1.1.dll
2006-07-31 20:10 3,423,744 C:\WINDOWS\system32\libfilefmt-1.1.0.dll
2006-07-31 20:10 20,480 C:\WINDOWS\system32\libavi-dd-1.2.0.dll
2006-07-31 11:51 320,000 C:\WINDOWS\Reg.dll
2006-07-31 11:51 297,984 C:\WINDOWS\midas.dll
2006-07-30 18:01 65,536 C:\WINDOWS\system32\Msikbd.dll
2006-07-30 18:01 28,672 C:\WINDOWS\system32\msiosd32.dll
2006-07-30 18:01 163,840 C:\WINDOWS\DellMMKb.exe
2006-07-28 14:02 62,672 C:\WINDOWS\system32\xinput1_1.dll
2006-07-28 14:02 230,168 C:\WINDOWS\system32\xactengine2_2.dll
2006-07-28 14:02 230,096 C:\WINDOWS\system32\xactengine2_0.dll
2006-07-28 14:02 229,584 C:\WINDOWS\system32\xactengine2_1.dll
2006-07-28 14:02 2,388,176 C:\WINDOWS\system32\d3dx9_30.dll
2006-07-28 14:02 2,332,368 C:\WINDOWS\system32\d3dx9_29.dll
2006-07-28 14:02 2,323,664 C:\WINDOWS\system32\d3dx9_28.dll
2006-07-28 14:02 14,032 C:\WINDOWS\system32\x3daudio1_0.dll
2006-07-28 13:57 86,016 C:\WINDOWS\system32\OpenAL32.dll
2006-07-28 13:57 262,144 C:\WINDOWS\system32\wrap_oal.dll
2006-07-21 12:45 5,120 C:\WINDOWS\system32\vnetinst.dll
2006-07-21 12:45 135,168 C:\WINDOWS\system32\vmnat.exe
2006-07-21 12:45 106,496 C:\WINDOWS\system32\vmnetdhcp.exe
2006-07-21 12:44 385,024 C:\WINDOWS\system32\vnetlib.dll
2006-07-19 22:28 38,160 C:\WINDOWS\system32\LMRTREND.dll
2006-07-19 22:28 182,032 C:\WINDOWS\system32\dxtmsft3.dll
2006-07-19 22:27 63,488 C:\WINDOWS\system32\unam4ie.exe
2006-07-19 22:27 4,608 C:\WINDOWS\system32\w95inf32.dll
2006-07-19 22:27 2,272 C:\WINDOWS\system32\w95inf16.dll
2006-07-19 22:27 194,320 C:\WINDOWS\system32\qcut.dll
2006-07-19 22:27 10,240 C:\WINDOWS\system32\vidx16.dll
2006-07-15 19:21 4,096 C:\WINDOWS\system32\reboot.exe
2006-07-15 19:21 16,384 C:\WINDOWS\system32\restart.exe
2006-07-15 19:21 10,599 C:\delfiles.bat
2006-07-13 22:42 126,976 C:\WINDOWS\system32\zip.exe
2006-07-09 08:41 34,308 C:\WINDOWS\system32\BASSMOD.dll
2006-07-02 11:55 7,036 C:\WINDOWS\system32\pkmon.dll
2006-07-02 11:55 400 C:\WINDOWS\system32\bsnlst.dll
2006-07-02 11:51 980 C:\WINDOWS\system32\imgfil.dll
2006-07-02 11:51 400 C:\WINDOWS\bsnlst.dll
2006-07-02 11:51 334,174 C:\WINDOWS\sqlite3.dll
2006-07-02 11:51 121,856 C:\WINDOWS\system32\mslspc.exe
2006-07-02 11:51 10,834 C:\WINDOWS\system32\chtfil.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Dell AIO Printer A920"="\"C:\\Program Files\\Dell AIO Printer A920\\dlbkbmgr.exe\""
"BCMSMMSG"="\"BCMSMMSG.exe\""
"dla"="\"C:\\WINDOWS\\system32\\dla\\tfswctrl.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe\""
"NeroFilterCheck"="\"C:\\WINDOWS\\system32\\NeroCheck.exe\""
"IgfxTray"="\"C:\\WINDOWS\\system32\\igfxtray.exe\""
"HotKeysCmds"="\"C:\\WINDOWS\\system32\\hkcmd.exe\""
"DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"nwiz"="\"nwiz.exe \" /install"
"Dell AIO Printer A940"="\"C:\\Program Files\\Dell AIO Printer A940\\dlbabmgr.exe\""
"IMEKRMIG6.1"="\"C:\\WINDOWS\\ime\\imkr6_1\\IMEKRMIG.EXE\""
"MSPY2002"="\"C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe \" /SYNC"
"SoundMAXPnP"="\"C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"Windows Media Connect 2"="\"C:\\Program Files\\Windows Media Connect 2\\WMCCFG.exe\" /StartQuiet"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Free Download Manager"="C:\\Program Files\\Free Download Manager\\fdm.exe -autorun"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveAutoRun"=dword:02400148
"NoCDBurning"=dword:00000000
"AllowLegacyWebView"=dword:00000001
"AllowUnhashedWebView"=dword:00000001
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"wininet.dll"="regperf.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MpfTray"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OneCareUI"="\"C:\\Program Files\\Microsoft Windows OneCare Live\\winssnotify.exe\""

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system
DontDisplayLastUserName REG_DWORD 0 (0x0)
DisableTaskMgr REG_DWORD 0 (0x0)
NoDispAppearancePage REG_DWORD 0 (0x0)
NoColorChoice REG_DWORD 0 (0x0)
NoSizeChoice REG_DWORD 0 (0x0)
NoDispBackgroundPage REG_DWORD 0 (0x0)
NoDispScrSavPage REG_DWORD 0 (0x0)
NoDispCPL REG_DWORD 0 (0x0)
NoVisualStyleChoice REG_DWORD 0 (0x0)
NoDispSettingsPage REG_DWORD 0 (0x0)

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WinDefend


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_DANIEL_Daniel.job

Completion time: Sun 08/06/2006 17:43:25.54
ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt

ComboFix.2006-08-06.091159.txt
ComboFix.2006-08-06.173943.txt

----------------------------------------------------------GMER-----------------------------------------------------------

GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-08-06 17:37:49
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.10 ----

SSDT sptd.sys ZwCreateKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT sptd.sys ZwSetValueKey

---- Devices - GMER 1.0.10 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 87387C78
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 86DBDEB0
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CREATE 86DA52C8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_DEVICE_CONTROL [BA91116A] tfsnifs.sys
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_INTERNAL_DEVICE_CONTROL 86DA52C8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CREATE 86DA52C8
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_DEVICE_CONTROL [BA91116A] tfsnifs.sys
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_INTERNAL_DEVICE_CONTROL 86DA52C8
Device \Driver\NetBT \Device\NetBT_Tcpip_{09DADDC5-FE0F-42FF-A5DF-854E6CFF8112} IRP_MJ_CREATE 86DF70E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{56DD1E2C-CD0E-44B9-B78C-338FFB8F1569} IRP_MJ_CREATE 86DF70E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 873D3808
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 873D3808
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 873D3808
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 873D3808
Device \Driver\MPFP \Device\MPFP IRP_MJ_SHUTDOWN [F7CDD85A] avgtdi.sys
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CREATE E1AB4828
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 873D3A40
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 873D3A40
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 873870E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 86DCB7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 86DCB7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSEIRP_MJ_READ 86DCB7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 86DCB7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 86DCB7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 86DCB7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 86DCB7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 86DCB7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 86DCB7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 86DCB7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 86DCB7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 86DCB7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 86DCB7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 86DCB7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 86DCB7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 86DCB7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 86DCB7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 86DCB7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 86DCB7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 86DCB7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 86DCB7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 86DCB7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 86DCB7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 86DCB7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 86DCB7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 86DCB7B0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_PNP 86DCB7B0
Device \Driver\00000055 \Device\00000072 IRP_MJ_SYSTEM_CONTROL [F767CEA8] sptd.sys
Device \Driver\00000055 \Device\00000072 IRP_MJ_DEVICE_CHANGE [F7690A70] sptd.sys
Device \Driver\00000055 \Device\00000072 IRP_MJ_PNP_POWER [F7689728] sptd.sys
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 873870E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 873D3A40
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN [F77828B4] sfsync02.sys
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN [F77828B4] sfsync02.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN [F77828B4] sfsync02.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SHUTDOWN [F77828B4] sfsync02.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SHUTDOWN [F77828B4] sfsync02.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SHUTDOWN [F77828B4] sfsync02.sys
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 873870E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE 873870E8
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CREATE E1011AF0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 86DF70E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 86DF70E8
Device \Driver\usbhub \Device\00000087 IRP_MJ_PNP_POWER [F79A3410] hcmon.sys
Device \Driver\usbhub \Device\00000088 IRP_MJ_PNP_POWER [F79A3410] hcmon.sys
Device \Driver\usbhub \Device\00000089 IRP_MJ_PNP_POWER [F79A3410] hcmon.sys
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 87387EB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{A934E8D3-9D1C-416B-83C7-24434EEFA0A0} IRP_MJ_CREATE 86DF70E8
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_CREATE 87387EB0
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_SHUTDOWN [F79A3DD0] hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_SHUTDOWN [F79A3DD0] hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_SHUTDOWN [F79A3DD0] hcmon.sys
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSEIRP_MJ_READ 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP_POWER 86DBB618
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_SHUTDOWN [F79A3DD0] hcmon.sys
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSEIRP_MJ_READ 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 86DBB618
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP_POWER 86DBB618
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_SHUTDOWN [F79A4190] hcmon.sys
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 86FC6728
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 86FC6728
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSEIRP_MJ_READ 86FC6728
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 86FC6728
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 86FC6728
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 86FC6728
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_EA 86FC6728
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 873D3A40
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 87033258
Device \Driver\usbhub \Device\0000008a IRP_MJ_PNP_POWER [F79A3410] hcmon.sys
Device \Driver\usbhub \Device\0000008b IRP_MJ_PNP_POWER [F79A3410] hcmon.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{698DE69A-709E-4707-BF74-CAC23A121C48} IRP_MJ_CREATE 86DF70E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target1Lun0 IRP_MJ_CREATE 873D30E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target1Lun0 IRP_MJ_SHUTDOWN [F77828B4] sfsync02.sys
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_CREATE 873D30E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_SHUTDOWN [F77828B4] sfsync02.sys
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE 873D30E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SHUTDOWN [F77828B4] sfsync02.sys
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 86DBDEB0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 86D47EB0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL [BA911253] tfsnifs.sys
Device \FileSystem\Cdfs \Cdfs IRP_MJ_INTERNAL_DEVICE_CONTROL 86D47EB0

---- Registry - GMER 1.0.10 ----

Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION 62C75A54A63B3C148098C1921C29E80C6C5FB336DA9FD492E13C58B25272B4F232A1B3EF68932D3DAF838C1FF6367DC7B2E25EE44D34B6F9211B5CCF484D09F4130C02A3FB331C7D7A0CB56FE5697BBEE9297FF8356C105CDB464570A1312C5216F620FECEF0A2A113394299494674D486F7632D06990CD2E65FC615FC5C02F71181CDE65196008C6ECB18060044A2833ECA3A8FAF007B8A5A3EFA918201966A1C7FAA157AE417B7C7B28274F4D0E0D50C4F9804AD5AD343916F600ED7C416BD957A4016C20D6E2D9C9532F48ECAAEEC30E7F6C1F8532D55ACB15785ABC0531D1D2F774929B8310DAF4C3A6EBF06307C2E2B31D1928E45A710782447FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E6675D575E7D6A3B98088EDD5E5BE2F6E6

#8 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:06:41 AM

Posted 07 August 2006 - 03:33 AM

Hi there DanTycoon ,

It is a good idea to print off these instructions:
This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available.
You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
A print out of the instructions would be a good reference to make sure you don't yet lost.
Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out!
If you have any queries about the process or just general questions, just ask.

1) Go to this page.
Enter the url of this thread in the first field.
Where it says, browse to the file that you want to submit, copy and paste next in the field:

C:\delfiles.bat

Then click the Send File button below.
Please let me know when you have submitted the file.

2) Start Killbox.exe
Select the "Delete on Reboot" option.
Click on the "All Files" button (!important!),which will then flash green.
Copy the complete text in bold below to the clipboard by highlighting the filepaths and pressing Control + C:

C:\WINDOWS\system32\chtfil.dll
C:\WINDOWS\system32\pkmon.dll
C:\WINDOWS\system32\imgfil.dll
C:\WINDOWS\system32\bsnlst.dll
C:\WINDOWS\system32\mslspc.exe
C:\WINDOWS\bsnlst.dll


Open 'file' in the killboxmenu on top and choose Paste from clipboard
You must use the file File menu--pasting by right-clicking the mouse will only enter one file.
Then press the button that looks like a red circle with a white X in it.
Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to Reboot now, click "yes".
Click OK at any Pending File Rename Operations prompt, let me know if there appear.
If you don't get that message, reboot manually.
Your computer should reboot now.

3) Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

O2 - BHO: (no name) - {3A497F7F-13F9-451F-A5F8-75A993260EAC} - C:\WINDOWS\system32\ssqrr.dll (file missing)

Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

4) Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1, and press Enter.
A text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs as a "RiskTool"; it is not a virus, but a program used to stop system processes.

Please post back with the smitfraudfix log and a new Hijackthis log.
David

#9 DanTycoon

DanTycoon
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Location:Burlington, Connecticut, USA
  • Local time:01:41 AM

Posted 07 August 2006 - 08:59 AM

-------------------------------------------------------SmitFraudFix----------------------------------------------------
SmitFraudFix v2.81

Scan done at 9:56:30.98, Mon 08/07/2006
Run from C:\Documents and Settings\Daniel\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Daniel\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Daniel\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

---------------------------------------------------------------HJT---------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 9:58:16 AM, on 8/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Media Connect 2\WMCCFG.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\Opera.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\Documents and Settings\Daniel\Desktop\hijack\Hello.exe

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\dapbho.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [BCMSMMSG] "BCMSMMSG.exe"
O4 - HKLM\..\Run: [dla] "C:\WINDOWS\system32\dla\tfswctrl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"
O4 - HKLM\..\Run: [IgfxTray] "C:\WINDOWS\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [nwiz] "nwiz.exe " /install
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [IMEKRMIG6.1] "C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe " /SYNC
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WiziWYG XP Startup.lnk = C:\Program Files\Praxisoft\WiziWYG XP\WiziWYGXP.exe
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{698DE69A-709E-4707-BF74-CAC23A121C48}: NameServer = 68.87.73.242,68.87.71.226
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~2\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Connected Agent Service (AgentSrv) - Unknown owner - C:\Program Files\BackUp Solutions\AgentSrv.EXE (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

Edited by DanTycoon, 07 August 2006 - 09:04 AM.


#10 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:06:41 AM

Posted 07 August 2006 - 01:19 PM

Hey DanTycoon, got the PM.

You can delete this file now.
It's part of the win32delfkil removal tool:
C:\delfiles.bat

I do not recommend that you have more than one anti virus product installed and running on your computer at a time.
The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to create "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause
1) False Alarms - When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems - Your system may lock up due to both software products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either AVG or Mcafee.
If you remove Mcafee please understand you will have to install a new firewall as the mcafee one will have been uninstalled also.

Please reboot. Malware like this normally never comes alone and there are probably infected files left on your computer.
Please visit Panda Online to carry out a virus scan.
Once you are on the Panda site click the Scan your PC button.
A new window will open...click the Check Now button.
Enter your personal details.
Click the big Scan Now button.
It will ask to install various content - please allow this.
It will start downloading the files it requires for the scan, which may take a while.
When download is complete, click on Local Disks to start the scan.
When the scan completes, click the See Report button.
Click Save Report and save the file to your desktop.
Post the contents of the report in your next reply, along with a new Hijackthis log. Also let me know how the system is running.

David :thumbsup:

#11 DanTycoon

DanTycoon
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Location:Burlington, Connecticut, USA
  • Local time:01:41 AM

Posted 07 August 2006 - 01:44 PM

Its scanning now, and so far no pop-ups. But they only happen when IE is open, and I'm running Panda in IE, so they may be gone. I'll edit with the Panda results and HJT. Just a note, I'm not using McAfee for AntiVirus, just for firewall. If I still have to get rid of McAfee, what would a good firewall be? Thanks.

Oh, Panda finished. I see that there are a lot of bad cookies for Flock and Firefox. I don't use them much anymore so I may uninstall them...I use Opera, I'm not sure if uninstalling will remove the cookies though. Here's the log:

Incident Status Location

Adware:Adware/SystemDoctor Not disinfected C:\!KillBox\1cc3a322.exe
Virus:Trj/Downloader.JUC Disinfected C:\!KillBox\tuvstts.dll
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Daniel\Application Data\Flock\Browser\Profiles\7357ocxd.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Daniel\Application Data\Flock\Browser\Profiles\7357ocxd.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\6la8xpzh.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\6la8xpzh.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\6la8xpzh.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\6la8xpzh.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\6la8xpzh.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\6la8xpzh.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\6la8xpzh.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\6la8xpzh.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\6la8xpzh.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\6la8xpzh.default\cookies.txt[.ehg-nvidia.hitbox.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.2o7.net/]
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.paycounter.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[servedby.advertising.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.valueclick.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.go.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.com.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.phg.hitbox.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.spylog.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.atwola.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Research-int Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.research-int.se/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Abcsearch Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.abcsearch.com/]
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.findwhat.com/]
Spyware:Cookie/Abcsearch Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.abcsearch.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[server.iad.liveperson.net/hc/79635536]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.linksynergy.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.bfast.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.ehg-micron.hitbox.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.microsofteup.112.2o7.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[server.iad.liveperson.net/hc/91338698]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.weborama.fr/]
Spyware:Cookie/FreshAuditionsDating Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.freshauditionsdating.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.ehg-idg.hitbox.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.ehg.hitbox.com/]
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Daniel\Application Data\Mozilla\Flock\Profiles\aoscsk06.default\cookies.txt[.tucows.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Daniel\Cookies\daniel@stats1.reliablestats[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Daniel\Cookies\daniel@zedo[2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Daniel\Desktop\SmitfraudFix\Process.exe
Adware:Adware/SystemDoctor Not disinfected C:\Documents and Settings\Daniel\Local Settings\Application Data\1cc3a322.exe
------------------------------------------------------------HJT------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 2:37:17 PM, on 8/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Media Connect 2\WMCCFG.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\vmnetdhcp.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Opera\Opera.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\Daniel\Desktop\hijack\Hello.exe

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\dapbho.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [BCMSMMSG] "BCMSMMSG.exe"
O4 - HKLM\..\Run: [dla] "C:\WINDOWS\system32\dla\tfswctrl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"
O4 - HKLM\..\Run: [IgfxTray] "C:\WINDOWS\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [nwiz] "nwiz.exe " /install
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [IMEKRMIG6.1] "C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe " /SYNC
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WiziWYG XP Startup.lnk = C:\Program Files\Praxisoft\WiziWYG XP\WiziWYGXP.exe
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{698DE69A-709E-4707-BF74-CAC23A121C48}: NameServer = 68.87.73.242,68.87.71.226
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~2\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Connected Agent Service (AgentSrv) - Unknown owner - C:\Program Files\BackUp Solutions\AgentSrv.EXE (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

#12 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:06:41 AM

Posted 07 August 2006 - 01:54 PM

Hey there,

Please empty this folder:
C:\!KillBox

Please delete this file:
C:\Documents and Settings\Daniel\Local Settings\Application Data\1cc3a322.exe

I want you to clean your cache and cookies from your internet explorer.
There are a few infected files which need to be removed from your system.

° Close all instances of Internet Explorer .
° Go to your control panel and open "Internet Options".
° Click on the "General" tab.
° Click the "Delete Cookies" button, then the "Delete Files" button.
° When prompted, place a tick in the "Delete all offline content" box and click OK.

Also, please clean other Temporary files and Empty the Recycle Bin

° Go to start and click on the "run" button.
° Type the following in the fox --> cleanmgr and click ok.
° Let it scan your system for files to remove.
° Make sure only Temporary Files, Temporary Internet Files, and Recycle Bin are checked.
° Press OK to remove them.

I also want you to clean your cache and cookies from your firefox browser.
There are a few infected files which need to be removed from your system.

° Open the firefox browser.
° Click on the "tools" button and click on "options".
° Click "privacy" in the menu on the left side window.
° Open the History, Cookies and Cache tabs individually.
° Choose the "clear" button on each.
° Click OK to close the Options window

In regards to Mcafee you are very welcome to keep it as a firewall as long as you don't have the antivirus parts active. To be honest with you, unless you paid for Mcafee, I would remove it and install a very reputable free specialist firewall:
Zonealarm, and Kerio are also good, free firewalls.
You can read this tutorial for more infomation:
Understanding and using firewalls.
In my opinion all mcafee products are resource hogs.

Let me know...
David

#13 DanTycoon

DanTycoon
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Location:Burlington, Connecticut, USA
  • Local time:01:41 AM

Posted 07 August 2006 - 02:31 PM

Ok, I think the popups are gone for good. Or at least for a while. As for the firewall, I'd prefer to keep McAfee's. Even if it is a resource hog. Thanks for all the help. I may have another problem, but I think it can wait. And it doesn't belong here...so thanks again.

#14 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:06:41 AM

Posted 07 August 2006 - 02:54 PM

They should be gone for good now, as long as you stay protected.
Glad I could help! :thumbsup:
The latest log is looking clean!
Follow this list and your potential for being infected again will be reduced dramatically.

Use an Anti Virus Software -
* It is very important that your computer has an anti-virus software running on your machine.
* This alone can save you a lot of trouble with malware in the future. See this link for a listing of some on line & their stand-alone anti virus programs:
* Click here for more information on -> Computer Safety On line - Anti-Virus
* I would recommend Grisoft's AVG or AVAST.
* These are the more secure and better ones.

Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

Use a Firewall -
* I can not stress how important it is that you use a Firewall on your computer.
* Without a firewall your computer is susceptible to being hacked and taken over.
* Simply using a Firewall in its default configuration can lower your risk greatly.
* For an article on Firewalls and a listing of some available ones see the link below:
* Click here for more information on -> Computer Safety On line - Software Firewalls
* I would recommend ZoneAlarm as a firewall as it's easy to use.

Visit Microsoft's Windows Update Site Frequently -
* It is important that you visit http://www.windowsupdate.com regularly.
* This will ensure your computer has always the latest security updates available installed on your computer.
* If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Next, if they're not already present, I would recommend the download and installation of some or all of the following programs (all free), and the updating of them regularly

Install Spybot© - Search and Destroy- Install and download Spybot - Search and Destroy with its TeaTimer option.
* This will provide real-time spyware & hijacker protection on your computer alongside your virus protection.
* You should also scan your computer with program on a regular basis just as you would an anti virus software.
* A tutorial on installing & using this product can be found here:
* Click here for more info -->Instructions for - Spybot S & D and Ad-aware

Install Lavasofts© Ad-Aware - Install and download Ad-Aware.
* You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot.
* A tutorial on installing & using this product can be found here:
* Click here for more info -->Instructions for - Spybot S & D and Ad-aware

Install Javacools© SpywareBlaster -
* SpywareBlaster will added a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs.
* A article on anti-malware products with links for this program and others can be found here:
* Click here for more info -->Computer Safety on line - Anti-Malware

Update all these programs regularly - Make sure you update all the programs I have listed regularly.
Without regular updates you WILL NOT be protected when new malicious programs are released.

If you have any addition questions just ask...
David

#15 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:06:41 AM

Posted 20 August 2006 - 09:53 AM

Since this issue appears resolved, this Topic is now closed.

If you need this topic reopened, please request this by sending me
a PM with the address of the thread using the link here. This applies only to the original topic starter.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users