Hi its FarSeeR Casey this is my Logfile
i appreciate ya help and Ty for replying!! here is the log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:01:01 AM, on 20/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\Program Files\VentSrv\ventrilo_srv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe "
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,"C:\WINDOWS\system32\microsoft.exe",
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: {eec753eb-a41a-19ba-f0b4-afabb695d0a8} - {8a0d596b-bafa-4b0f-ab91-a14abe357cee} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [First 01 Poll Send] C:\Documents and Settings\All Users\Application Data\SETUP BEND FIRST 01\ONCE BAGS.exe
O4 - HKLM\..\Run: [1ce10e2c] rundll32.exe "C:\WINDOWS\system32\gbswfymo.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Warkeys Update.lnk = C:\Documents and Settings\Justin\Desktop\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1202728700234
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {589c111a-fa0a-48ea-902a-900cd103d1e3} - C:\WINDOWS\system32\msziptools.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0032EF5.dat
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe
--
End of file - 7986 bytes
-
Hi
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should see a blue screen prompt that says:
The Recovery Console was successfully installed.
Please continue as follows:
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.
- Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New HijackThis log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
0 - Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
-
Hello and thx for replying Blade81 here is the combo fix log and the high jack this log
ComboFix 08-10-18.03 - Justin 2008-10-20 2:51:42.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1581 [GMT 10:00]
Running from: C:\Documents and Settings\Justin\Desktop\ComboFix.exe
.
ADS - system32: deleted 1727023 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Justin\Favorites\Download programs.url
C:\Documents and Settings\Justin\Favorites\Games.url
C:\Documents and Settings\Justin\Favorites\Translator.url
C:\Documents and Settings\Justin\Favorites\Videos.url
C:\Documents and Settings\Justin\Start Menu\Programs\Download programs.url
C:\Documents and Settings\Justin\Start Menu\Programs\Games.url
C:\Documents and Settings\Justin\Start Menu\Programs\Translator.url
C:\Documents and Settings\Justin\Start Menu\Programs\Videos.url
C:\WINDOWS\system32\bb1.dat
C:\WINDOWS\system32\hmcniqug.ini
C:\WINDOWS\system32\ibjiwrlj.ini
C:\WINDOWS\system32\jkSsDJlm.ini
C:\WINDOWS\system32\jkSsDJlm.ini2
C:\WINDOWS\system32\kgpmyxkj.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\omyfwsbg.ini
C:\WINDOWS\system32\OXwyayxx.ini
C:\WINDOWS\system32\OXwyayxx.ini2
C:\WINDOWS\system32\rCIPstwa.ini
C:\WINDOWS\system32\rCIPstwa.ini2
C:\WINDOWS\system32\rtc.dat
C:\WINDOWS\system32\TDSSadw.dll
C:\WINDOWS\system32\TDSSerrors.log
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\TDSSl.dll
C:\WINDOWS\system32\TDSSmain.dll
C:\WINDOWS\system32\TDSSserf1.dll
C:\WINDOWS\system32\tdssservers.dat
C:\WINDOWS\system32\windows
F:\install.exe
F:\RECYCLER\server.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2008-09-19 to 2008-10-19 )))))))))))))))))))))))))))))))
.
2008-10-19 21:22 . 2008-10-19 21:22 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-10-18 19:24 . 2008-10-18 19:40 <DIR> d-------- C:\Program Files\PC Doc Pro
2008-10-16 21:07 . 2008-10-16 21:08 746,086 --a------ C:\asdasdad.exe
2008-10-14 23:49 . 2008-10-14 23:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Blizzard
2008-10-11 20:27 . 2008-10-11 20:27 <DIR> d-------- C:\.jagex_cache_32
2008-10-11 02:22 . 2008-10-11 02:22 42 --a------ C:\WINDOWS\system32\RegistryEasy.lie
2008-10-11 01:58 . 2008-10-19 15:39 <DIR> d-------- C:\Program Files\Registry Easy
2008-10-08 15:59 . 2008-10-08 16:09 <DIR> d-------- C:\Program Files\Common
2008-10-07 22:05 . 2008-09-08 23:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-10-07 22:05 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\o4Patch.exe
2008-10-07 22:05 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-10-07 22:04 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-10-07 22:04 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-10-07 22:04 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-10-07 22:04 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-10-07 22:04 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-10-07 22:04 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-10-07 22:04 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-10-04 12:01 . 2008-10-04 12:01 7,704 --a------ C:\WINDOWS\system32\msziptools.dll
2008-10-03 19:52 . 2008-10-03 19:52 26 --a------ C:\WINDOWS\colorpalette.ini
2008-10-03 19:45 . 2008-10-03 19:49 14 --a------ C:\WINDOWS\system32\sys_api.dlx
2008-10-02 10:48 . 2008-10-02 10:48 1 --a------ C:\Documents and Settings\Justin\SI.bin
2008-10-01 23:34 . 2008-10-01 23:34 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-09-29 19:45 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-09-29 19:45 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-19 12:05 2,094 ----a-w C:\WINDOWS\system32\tmp.reg
2008-10-19 05:38 --------- d-----w C:\Documents and Settings\Justin\Application Data\Ventrilo
2008-10-19 05:38 --------- d-----w C:\Documents and Settings\Justin\Application Data\uTorrent
2008-10-19 05:38 --------- d-----w C:\Documents and Settings\Justin\Application Data\TeamViewer
2008-10-19 05:38 --------- d-----w C:\Documents and Settings\Justin\Application Data\Skype
2008-10-19 05:38 --------- d-----w C:\Documents and Settings\Justin\Application Data\IMVU
2008-10-19 05:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-10-19 04:08 --------- d-----w C:\Program Files\Warcraft III
2008-10-19 03:14 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-10-18 17:15 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-18 17:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-14 20:43 --------- d-----w C:\Program Files\World of Warcraft
2008-10-14 15:19 139,144 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-10-14 15:19 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-10-13 20:31 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-11 10:27 23 ----a-w C:\Documents and Settings\Justin\jagex_runescape_preferences.dat
2008-10-05 03:10 --------- d-----w C:\Program Files\DivX
2008-10-02 00:51 --------- d-----w C:\Program Files\Steam
2008-10-02 00:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-02 00:40 --------- d-----w C:\Program Files\Doom 3
2008-10-02 00:39 --------- d-----w C:\Program Files\WC3Banlist
2008-10-02 00:31 --------- d-----w C:\Program Files\CamStudio
2008-09-20 20:59 --------- d-----w C:\Documents and Settings\Justin\Application Data\thunk name
2008-09-18 13:24 --------- d-----w C:\Program Files\TeamViewer3
2008-09-17 13:51 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-09-16 00:14 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-09-16 00:14 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-09-16 00:12 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-09-16 00:12 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-09-16 00:12 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-09-16 00:12 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-09-16 00:12 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-09-16 00:12 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-09-16 00:12 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-09-16 00:12 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-09-16 00:12 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-09-16 00:12 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-09-16 00:11 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-09-16 00:11 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-09-16 00:11 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-09-16 00:11 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-09-16 00:11 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-09-16 00:11 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-09-16 00:11 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-09-13 12:02 --------- d-----w C:\Program Files\Garena
2008-09-07 10:34 --------- d-----w C:\Program Files\thunk name
2008-09-07 10:34 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-07 10:34 --------- d-----w C:\Program Files\Circle Developement
2008-09-07 10:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\SETUP BEND FIRST 01
2008-09-05 09:32 --------- d-----w C:\Program Files\IMVU
2008-08-26 10:03 --------- d-----w C:\Documents and Settings\Justin\Application Data\Tourney Master 3 ES1 Ultimate
2008-08-23 16:22 --------- d-----w C:\Program Files\Vstplugins
2008-08-23 16:22 --------- d-----w C:\Program Files\Sony
2008-08-23 16:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2008-08-08 11:46 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-07-22 00:42 42,320 ----a-w C:\WINDOWS\system32\xfcodec.dll
2008-04-30 17:21 8,055 ----a-w C:\Program Files\hijackthis.log
2008-04-28 13:12 6,144 --sha-w C:\Program Files\Thumbs.db
2008-04-25 12:18 396,288 ----a-w C:\Program Files\HijackThis.exe
2008-04-03 08:16 616,569,723 ----a-w C:\Program Files\fear_update_en_100-107_108.exe
2008-02-11 12:21 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-24 68856]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 2321600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"FixCamera"="C:\WINDOWS\FixCamera.exe" [2005-12-06 20480]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2006-01-06 110592]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-01-06 344064]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"First 01 Poll Send"="C:\Documents and Settings\All Users\Application Data\SETUP BEND FIRST 01\ONCE BAGS.exe" [2008-10-20 5397504]
"nwiz"="nwiz.exe" [2007-12-05 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-29 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-02 8699904]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoNetSetup"= 0 (0x0)
"NoNetSetupIDPage"= 0 (0x0)
"NoNetSetupSecurityPage"= 0 (0x0)
"NoWorkgroupContents"= 0 (0x0)
"NoEntireNetwork"= 0 (0x0)
"NoFileSharingControl"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)
"RestrictRun"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 0 (0x0)
"NoClose"= 0 (0x0)
"NoSetFolders"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Documents and Settings\\Justin\\Desktop\\uTorrent.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9111:TCP"= 9111:TCP:*:Disabled:SolidNetworkManager
"9111:UDP"= 9111:UDP:*:Disabled:SolidNetworkManager
"60126:TCP"= 60126:TCP:*:Disabled:SolidNetworkManager
"60126:UDP"= 60126:UDP:*:Disabled:SolidNetworkManager
"10032:TCP"= 10032:TCP:*:Disabled:SolidNetworkManager
"10032:UDP"= 10032:UDP:*:Disabled:SolidNetworkManager
"34469:TCP"= 34469:TCP:*:Disabled:SolidNetworkManager
"34469:UDP"= 34469:UDP:*:Disabled:SolidNetworkManager
"86:TCP"= 86:TCP:BroadCam Web Server
R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys [2004-02-25 24827]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-01-04 10219904]
S3 teamviewervpn;TeamViewer VPN Adapter;C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D36BC2F0-5126-0119-29A0-F1A0E668340F}]
C:\WINDOWS\system32:windows.exe
.
Contents of the 'Scheduled Tasks' folder
2008-09-07 C:\WINDOWS\Tasks\AD43AD199A202C75.job
- c:\docume~1\justin\applic~1\thunkn~1\Mail Meta Joy.exe [2008-09-07 20:35]
2008-06-11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
2008-10-10 C:\WINDOWS\Tasks\Schedule Task Weekly.job
- C:\Program Files\Registry Easy\RE.exe [2008-09-23 16:30]
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
BHO-{8a0d596b-bafa-4b0f-ab91-a14abe357cee} - (no file)
WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
HKLM-Run-1ce10e2c - C:\WINDOWS\system32\gbswfymo.dll
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\wxep9b73.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.daemon-search.com/startpage
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npssn.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
FF -: plugin - C:\WINDOWS\system32\SolidStateNetworks\SolidStateION\npssn.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-20 02:55:38
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\Program Files\VentSrv\ventrilo_srv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-10-20 3:01:44 - machine was rebooted [Justin]
ComboFix-quarantined-files.txt 2008-10-19 17:01:41
ComboFix2.txt 2008-06-10 21:06:45
ComboFix3.txt 2008-06-10 19:12:06
ComboFix4.txt 2008-05-03 18:47:51
Pre-Run: 18,765,463,552 bytes free
Post-Run: 18,956,709,888 bytes free
292
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:04:01 AM, on 20/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\Program Files\VentSrv\ventrilo_srv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [First 01 Poll Send] C:\Documents and Settings\All Users\Application Data\SETUP BEND FIRST 01\ONCE BAGS.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Warkeys Update.lnk = C:\Documents and Settings\Justin\Desktop\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1202728700234
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe
--
End of file - 7626 bytes
0 -
Hi
Looks like you have installed MSN Messenger Live Plus with sponsors. Please uninstall it thru add/remove programs. You may reinstall it without sponsors after we've got you clean.
Upload following file to http://www.virustotal.com and post back the results:
C:\WINDOWS\colorpalette.ini
C:\WINDOWS\system32\sys_api.dlx
C:\Documents and Settings\Justin\SI.bin
Start hjt, do a system scan, check (if found):
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
Close browsers and fix checked.
Uninstall old Adobe Reader and get the latest one here or get Foxit Reader here.
Open notepad and copy/paste the text in the quotebox below into it:
File::
C:\asdasdad.exe
C:\WINDOWS\system32\msziptools.dll
C:\WINDOWS\system32\windows.exe
C:\WINDOWS\Tasks\AD43AD199A202C75.job
Folder::
C:\Documents and Settings\Justin\Application Data\thunk name
C:\Program Files\thunk name
C:\Program Files\Messenger Plus! Live
C:\Program Files\Circle Developement
C:\Documents and Settings\All Users\Application Data\SETUP BEND FIRST 01
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"First 01 Poll Send"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D36BC2F0-5126-0119-29A0-F1A0E668340F}]
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.
Post back its report, a fresh hjt log and above mentioned ComboFix resultant log.
0 -
okay thx u for replying sorry it took so long due to scans here u go as u asked!
File colorpalette.ini received on 10.19.2008 21:54:06 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/36 (0%)
Loading server information...
Your file is queued in position: 5.
Estimated start time is between 60 and 85 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
AhnLab-V3 2008.10.18.0 2008.10.19 -
AntiVir 7.9.0.5 2008.10.19 -
Authentium 5.1.0.4 2008.10.19 -
Avast 4.8.1248.0 2008.10.15 -
AVG 8.0.0.161 2008.10.18 -
BitDefender 7.2 2008.10.19 -
CAT-QuickHeal 9.50 2008.10.18 -
ClamAV 0.93.1 2008.10.19 -
DrWeb 4.44.0.09170 2008.10.19 -
eSafe 7.0.17.0 2008.10.19 -
eTrust-Vet 31.6.6154 2008.10.17 -
Ewido 4.0 2008.10.19 -
F-Prot 4.4.4.56 2008.10.19 -
F-Secure 8.0.14332.0 2008.10.19 -
Fortinet 3.113.0.0 2008.10.19 -
GData 19 2008.10.19 -
Ikarus T3.1.1.44.0 2008.10.19 -
K7AntiVirus 7.10.498 2008.10.18 -
Kaspersky 7.0.0.125 2008.10.19 -
McAfee 5408 2008.10.17 -
Microsoft 1.4005 2008.10.19 -
NOD32 3536 2008.10.19 -
Norman 5.80.02 2008.10.17 -
Panda 9.0.0.4 2008.10.19 -
PCTools 4.4.2.0 2008.10.19 -
Prevx1 V2 2008.10.19 -
Rising 20.66.62.00 2008.10.19 -
SecureWeb-Gateway 6.7.6 2008.10.19 -
Sophos 4.34.0 2008.10.19 -
Sunbelt 3.1.1732.1 2008.10.18 -
Symantec 10 2008.10.19 -
TheHacker 6.3.1.0.119 2008.10.18 -
TrendMicro 8.700.0.1004 2008.10.17 -
VBA32 3.12.8.7 2008.10.19 -
ViRobot 2008.10.18.1426 2008.10.18 -
VirusBuster 4.5.11.0 2008.10.19 -
Additional information
File size: 26 bytes
MD5...: 86d8eeb49f5f19785c92d79c7df3a769
SHA1..: feac2652b97820af374d6e6913f0ef460532a5cf
SHA256: 1b4fd210506c172b3c0b263eb2da2fd84d88986676650a5b0e3bc29324d67625
SHA512: 2319ed123d1652a4b48cc91abf83e12a4df5e32a634bd4b539c4b822c29f6c52
703bd10e5887b046a78501d282057bebca5d2abff27bc520a0967b21322bf3c4
PEiD..: -
TrID..: File type identification
Generic INI configuration (100.0%)
PEInfo: -
====================================================
File sys_api.dlx received on 10.19.2008 21:58:50 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/36 (0%)
Loading server information...
Your file is queued in position: 4.
Estimated start time is between 55 and 78 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
AhnLab-V3 2008.10.18.0 2008.10.19 -
AntiVir 7.9.0.5 2008.10.19 -
Authentium 5.1.0.4 2008.10.19 -
Avast 4.8.1248.0 2008.10.15 -
AVG 8.0.0.161 2008.10.18 -
BitDefender 7.2 2008.10.19 -
CAT-QuickHeal 9.50 2008.10.18 -
ClamAV 0.93.1 2008.10.19 -
DrWeb 4.44.0.09170 2008.10.19 -
eSafe 7.0.17.0 2008.10.19 -
eTrust-Vet 31.6.6154 2008.10.17 -
Ewido 4.0 2008.10.19 -
F-Prot 4.4.4.56 2008.10.19 -
F-Secure 8.0.14332.0 2008.10.19 -
Fortinet 3.113.0.0 2008.10.19 -
GData 19 2008.10.19 -
Ikarus T3.1.1.44.0 2008.10.19 -
K7AntiVirus 7.10.498 2008.10.18 -
Kaspersky 7.0.0.125 2008.10.19 -
McAfee 5408 2008.10.17 -
Microsoft 1.4005 2008.10.19 -
NOD32 3536 2008.10.19 -
Norman 5.80.02 2008.10.17 -
Panda 9.0.0.4 2008.10.19 -
PCTools 4.4.2.0 2008.10.19 -
Prevx1 V2 2008.10.19 -
Rising 20.66.62.00 2008.10.19 -
SecureWeb-Gateway 6.7.6 2008.10.19 -
Sophos 4.34.0 2008.10.19 -
Sunbelt 3.1.1732.1 2008.10.18 -
Symantec 10 2008.10.19 -
TheHacker 6.3.1.0.119 2008.10.18 -
TrendMicro 8.700.0.1004 2008.10.17 -
VBA32 3.12.8.7 2008.10.19 -
ViRobot 2008.10.18.1426 2008.10.18 -
VirusBuster 4.5.11.0 2008.10.19 -
Additional information
File size: 14 bytes
MD5...: 6b6350020113a97a396a00b17c0a7b2c
SHA1..: 5b88eae3b3ee6ddce11cf66acc374de8b03f8ec2
SHA256: 989a39c448cd9f18ece8116027194703633ff44690fb2080f1c59da32b022c76
SHA512: 245e686d1b06e613469e70a2b021950e1e0647db4aabcbfe46e26b054032433d
46bd58ebb4736ac1421d906a7b22a7365f97c28386b9ec4579d54e888b020f66
PEiD..: -
TrID..: File type identification
Generic INI configuration (100.0%)
PEInfo: -
======================================================================
File SI.bin received on 10.19.2008 22:01:05 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/36 (0%)
Loading server information...
Your file is queued in position: 3.
Estimated start time is between 50 and 71 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
AhnLab-V3 2008.10.18.0 2008.10.19 -
AntiVir 7.9.0.5 2008.10.19 -
Authentium 5.1.0.4 2008.10.19 -
Avast 4.8.1248.0 2008.10.15 -
AVG 8.0.0.161 2008.10.18 -
BitDefender 7.2 2008.10.19 -
CAT-QuickHeal 9.50 2008.10.18 -
ClamAV 0.93.1 2008.10.19 -
DrWeb 4.44.0.09170 2008.10.19 -
eSafe 7.0.17.0 2008.10.19 -
eTrust-Vet 31.6.6154 2008.10.17 -
Ewido 4.0 2008.10.19 -
F-Prot 4.4.4.56 2008.10.19 -
F-Secure 8.0.14332.0 2008.10.19 -
Fortinet 3.113.0.0 2008.10.19 -
GData 19 2008.10.19 -
Ikarus T3.1.1.44.0 2008.10.19 -
K7AntiVirus 7.10.498 2008.10.18 -
Kaspersky 7.0.0.125 2008.10.19 -
McAfee 5408 2008.10.17 -
Microsoft 1.4005 2008.10.19 -
NOD32 3536 2008.10.19 -
Norman 5.80.02 2008.10.17 -
Panda 9.0.0.4 2008.10.19 -
PCTools 4.4.2.0 2008.10.19 -
Prevx1 V2 2008.10.19 -
Rising 20.66.62.00 2008.10.19 -
SecureWeb-Gateway 6.7.6 2008.10.19 -
Sophos 4.34.0 2008.10.19 -
Sunbelt 3.1.1732.1 2008.10.18 -
Symantec 10 2008.10.19 -
TheHacker 6.3.1.0.119 2008.10.18 -
TrendMicro 8.700.0.1004 2008.10.17 -
VBA32 3.12.8.7 2008.10.19 -
ViRobot 2008.10.18.1426 2008.10.18 -
VirusBuster 4.5.11.0 2008.10.19 -
Additional information
File size: 1 bytes
MD5...: 7a9405d459c2a928b12952e276f9a8f5
SHA1..: 986b212420e3b977068244e6bd916575bb0c15e5
SHA256: 966c7c47125c74575a9a1153b799faf55be33a04e3d9f98760a3eeac377103df
SHA512: 3128c2d6cd842857fb31616f568bd337087e00213438db787b6e969fab7ca0c8
71120ae1bd6a227219672dc18b412c718973883ee987922d0248201b2092ad56
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
0 -
and this is the combo fix log
ComboFix 08-10-19.01 - Justin 2008-10-20 6:06:55.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1522 [GMT 10:00]
Running from: C:\Documents and Settings\Justin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Justin\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\asdasdad.exe
C:\WINDOWS\system32\msziptools.dll
C:\WINDOWS\system32\windows.exe
C:\WINDOWS\Tasks\AD43AD199A202C75.job
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\asdasdad.exe
C:\Documents and Settings\All Users\Application Data\SETUP BEND FIRST 01
C:\Documents and Settings\All Users\Application Data\SETUP BEND FIRST 01\ONCE BAGS.exe
C:\Documents and Settings\Justin\Application Data\thunk name
C:\Documents and Settings\Justin\Application Data\thunk name\0
C:\Documents and Settings\Justin\Application Data\thunk name\BallElseItchInter.exe
C:\Documents and Settings\Justin\Application Data\thunk name\Mail Meta Joy.exe
C:\Documents and Settings\Justin\Application Data\thunk name\yzmwllll.exe
C:\Program Files\Circle Developement
C:\Program Files\Circle Developement\Uninstall.exe
C:\Program Files\Messenger Plus! Live
C:\Program Files\Messenger Plus! Live\Detoured.dll
C:\Program Files\Messenger Plus! Live\Events Style Sheet.xsl
C:\Program Files\Messenger Plus! Live\lame_enc.dll
C:\Program Files\Messenger Plus! Live\Languages\Lng_Arabic.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_ChineseSimplified.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_ChineseTraditional.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Danish.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Default.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Dutch.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Estonian.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Finnish.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_French.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_German.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Hebrew.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Hungarian.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Italian.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Japanese.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Korean.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Norwegian.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Portuguese.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Spanish.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Swedish.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Thai.ini
C:\Program Files\Messenger Plus! Live\Languages\Lng_Turkish.ini
C:\Program Files\Messenger Plus! Live\libsndfile.dll
C:\Program Files\Messenger Plus! Live\Log Viewer.exe
C:\Program Files\Messenger Plus! Live\MPScripts.dll
C:\Program Files\Messenger Plus! Live\MPSkins.dll
C:\Program Files\Messenger Plus! Live\MPTools.exe
C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
C:\Program Files\Messenger Plus! Live\MsgPlusLiveRes.dll
C:\Program Files\Messenger Plus! Live\MsgPlusLoader.dll
C:\Program Files\Messenger Plus! Live\Uninstall.exe
C:\Program Files\thunk name
C:\WINDOWS\system32\msziptools.dll
C:\WINDOWS\Tasks\AD43AD199A202C75.job
.
((((((((((((((((((((((((( Files Created from 2008-09-19 to 2008-10-19 )))))))))))))))))))))))))))))))
.
2008-10-19 21:22 . 2008-10-19 21:22 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-10-18 19:24 . 2008-10-18 19:40 <DIR> d-------- C:\Program Files\PC Doc Pro
2008-10-14 23:49 . 2008-10-14 23:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Blizzard
2008-10-11 20:27 . 2008-10-11 20:27 <DIR> d-------- C:\.jagex_cache_32
2008-10-11 02:22 . 2008-10-11 02:22 42 --a------ C:\WINDOWS\system32\RegistryEasy.lie
2008-10-11 01:58 . 2008-10-19 15:39 <DIR> d-------- C:\Program Files\Registry Easy
2008-10-08 15:59 . 2008-10-08 16:09 <DIR> d-------- C:\Program Files\Common
2008-10-07 22:05 . 2008-09-08 23:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-10-07 22:05 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\o4Patch.exe
2008-10-07 22:05 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-10-07 22:04 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-10-07 22:04 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-10-07 22:04 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-10-07 22:04 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-10-07 22:04 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-10-07 22:04 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-10-07 22:04 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-10-03 19:52 . 2008-10-03 19:52 26 --a------ C:\WINDOWS\colorpalette.ini
2008-10-03 19:45 . 2008-10-03 19:49 14 --a------ C:\WINDOWS\system32\sys_api.dlx
2008-10-02 10:48 . 2008-10-02 10:48 1 --a------ C:\Documents and Settings\Justin\SI.bin
2008-10-01 23:34 . 2008-10-01 23:34 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-09-29 19:45 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-09-29 19:45 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-19 12:05 2,094 ----a-w C:\WINDOWS\system32\tmp.reg
2008-10-19 05:38 --------- d-----w C:\Documents and Settings\Justin\Application Data\Ventrilo
2008-10-19 05:38 --------- d-----w C:\Documents and Settings\Justin\Application Data\uTorrent
2008-10-19 05:38 --------- d-----w C:\Documents and Settings\Justin\Application Data\TeamViewer
2008-10-19 05:38 --------- d-----w C:\Documents and Settings\Justin\Application Data\Skype
2008-10-19 05:38 --------- d-----w C:\Documents and Settings\Justin\Application Data\IMVU
2008-10-19 05:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-10-19 04:08 --------- d-----w C:\Program Files\Warcraft III
2008-10-19 03:14 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-10-18 17:15 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-18 17:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-14 20:43 --------- d-----w C:\Program Files\World of Warcraft
2008-10-14 15:19 139,144 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-10-14 15:19 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-10-13 20:31 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-11 10:27 23 ----a-w C:\Documents and Settings\Justin\jagex_runescape_preferences.dat
2008-10-05 03:10 --------- d-----w C:\Program Files\DivX
2008-10-02 00:51 --------- d-----w C:\Program Files\Steam
2008-10-02 00:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-02 00:40 --------- d-----w C:\Program Files\Doom 3
2008-10-02 00:39 --------- d-----w C:\Program Files\WC3Banlist
2008-10-02 00:31 --------- d-----w C:\Program Files\CamStudio
2008-09-18 13:24 --------- d-----w C:\Program Files\TeamViewer3
2008-09-17 13:51 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-09-16 00:14 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-09-16 00:14 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-09-16 00:12 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-09-16 00:12 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-09-16 00:12 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-09-16 00:12 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-09-16 00:12 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-09-16 00:12 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-09-16 00:12 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-09-16 00:12 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-09-16 00:12 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-09-16 00:12 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-09-16 00:11 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-09-16 00:11 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-09-16 00:11 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-09-16 00:11 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-09-16 00:11 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-09-16 00:11 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-09-16 00:11 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-09-13 12:02 --------- d-----w C:\Program Files\Garena
2008-09-05 09:32 --------- d-----w C:\Program Files\IMVU
2008-08-26 10:03 --------- d-----w C:\Documents and Settings\Justin\Application Data\Tourney Master 3 ES1 Ultimate
2008-08-23 16:22 --------- d-----w C:\Program Files\Vstplugins
2008-08-23 16:22 --------- d-----w C:\Program Files\Sony
2008-08-23 16:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2008-08-08 11:46 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-07-22 00:42 42,320 ----a-w C:\WINDOWS\system32\xfcodec.dll
2008-04-30 17:21 8,055 ----a-w C:\Program Files\hijackthis.log
2008-04-28 13:12 6,144 --sha-w C:\Program Files\Thumbs.db
2008-04-25 12:18 396,288 ----a-w C:\Program Files\HijackThis.exe
2008-04-03 08:16 616,569,723 ----a-w C:\Program Files\fear_update_en_100-107_108.exe
2008-02-11 12:21 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-24 68856]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 2321600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"FixCamera"="C:\WINDOWS\FixCamera.exe" [2005-12-06 20480]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2006-01-06 110592]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-01-06 344064]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"nwiz"="nwiz.exe" [2007-12-05 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-29 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-02 8699904]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoNetSetup"= 0 (0x0)
"NoNetSetupIDPage"= 0 (0x0)
"NoNetSetupSecurityPage"= 0 (0x0)
"NoWorkgroupContents"= 0 (0x0)
"NoEntireNetwork"= 0 (0x0)
"NoFileSharingControl"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)
"RestrictRun"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 0 (0x0)
"NoClose"= 0 (0x0)
"NoSetFolders"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Documents and Settings\\Justin\\Desktop\\uTorrent.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9111:TCP"= 9111:TCP:*:Disabled:SolidNetworkManager
"9111:UDP"= 9111:UDP:*:Disabled:SolidNetworkManager
"60126:TCP"= 60126:TCP:*:Disabled:SolidNetworkManager
"60126:UDP"= 60126:UDP:*:Disabled:SolidNetworkManager
"10032:TCP"= 10032:TCP:*:Disabled:SolidNetworkManager
"10032:UDP"= 10032:UDP:*:Disabled:SolidNetworkManager
"34469:TCP"= 34469:TCP:*:Disabled:SolidNetworkManager
"34469:UDP"= 34469:UDP:*:Disabled:SolidNetworkManager
"86:TCP"= 86:TCP:BroadCam Web Server
R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys [2004-02-25 24827]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-01-04 10219904]
S3 teamviewervpn;TeamViewer VPN Adapter;C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088]
.
Contents of the 'Scheduled Tasks' folder
2008-06-11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
2008-10-10 C:\WINDOWS\Tasks\Schedule Task Weekly.job
- C:\Program Files\Registry Easy\RE.exe [2008-09-23 16:30]
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-20 06:09:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-20 6:10:30
ComboFix-quarantined-files.txt 2008-10-19 20:09:45
ComboFix2.txt 2008-10-19 17:01:45
ComboFix3.txt 2008-06-10 21:06:45
ComboFix4.txt 2008-06-10 19:12:06
ComboFix5.txt 2008-10-19 20:04:39
Pre-Run: 18,931,109,888 bytes free
Post-Run: 18,893,701,120 bytes free
267
0 -
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd">
<html>
<head>
<title>KASPERSKY ONLINE SCANNER 7 REPORT</title>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8'>
<style type='text/css'>
.pagetitle { font-size:20px; color:#FFFFFF; font-family: Arial, Geneva, sans-serif; }
.text { font-size:11px; font-family: Arial, Geneva, sans-serif; }
TD { font-size:11px; font-family: Arial, Geneva, sans-serif; }
</style>
</head>
<body>
<table width='100%' border='0'>
<tr align='center' bgcolor='#005447'>
<td colspan='2' height='30px' class='pagetitle'>
<b>KASPERSKY ONLINE SCANNER 7 REPORT</b>
</td>
</tr>
<tr>
<td colspan='2' height='70px'>
Monday, October 20, 2008<br>
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)<br>
Kaspersky Online Scanner 7 version: 7.0.25.0<br>
Program database last update: Sunday, October 19, 2008 18:50:02<br>
Records in database: 1323742<br>
</td>
</tr>
<tr>
<td colspan='2' height='10px'>
</td>
</tr>
</table>
<table width='100%' border='0'>
<tr bgcolor='#EFEBDE'>
<td colspan='2' height='20px'><b>Scan settings</b></td>
</tr>
<tr>
<td height='15px' width='250px'>Scan using the following database</td>
<td>extended</td>
</tr>
<tr>
<td height='15px'>Scan archives</td>
<td>yes</td>
</tr>
<tr>
<td height='15px'>Scan mail databases</td>
<td>yes</td>
</tr>
<tr>
<td colspan='2' height='10px'>
</td>
</tr>
<tr bgcolor='#EFEBDE'>
<td height='20px'><b>Scan area</b></td>
<td>My Computer</td>
</tr>
<tr>
<td colspan='2' height='20px'>
A:\<br>
C:\<br>
D:\<br>
E:\<br>
F:\<br>
G:\<br>
H:\
</td>
</tr>
<tr>
<td colspan='2' height='10px'>
</td>
</tr>
<tr bgcolor='#EFEBDE'>
<td colspan='2' height='20px'><b>Scan statistics</b></td>
</tr>
<tr>
<td height='15px'>Files scanned</td>
<td>63096</td>
</tr>
<tr>
<td height='15px'>Threat name</td>
<td>4</td>
</tr>
<tr>
<td height='15px'>Infected objects</td>
<td>9</td>
</tr>
<tr>
<td height='15px'>Suspicious objects</td>
<td>0</td>
</tr>
<tr>
<td height='15px'>Duration of the scan</td>
<td>01:29:33</td>
</tr>
</table>
<br>
<table width='100%%' border="0">
<tr bgcolor='#EFEBDE'><td height='20px'><b>File name</b></td>
<td width='200px'><b>Threat name</b></td>
<td width='100px'><b>Threats count</b></td>
</tr>
<tr><td height='20px'>C:\AcCs_Manager\server1.exe</td><td>Infected: Backdoor.Win32.Poison.cpb</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Justin\Desktop\SmitfraudFix.exe</td><td>Infected: not-a-virus:RiskTool.Win32.Reboot.f</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Justin\Desktop\Warcraft_www.primewarez.com\SmitfraudFix\Reboot.exe</td><td>Infected: not-a-virus:RiskTool.Win32.Reboot.f</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Justin\My Documents\Stuff\Prince Of Persia 1\SmitfraudFix\Reboot.exe</td><td>Infected: not-a-virus:RiskTool.Win32.Reboot.f</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Justin\My Documents\Stuff\Prince Of Persia 1\SmitfraudFix\SmitfraudFix.zip</td><td>Infected: not-a-virus:RiskTool.Win32.Reboot.f</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Justin\My Documents\Stuff\SmitfraudFix\Reboot.exe</td><td>Infected: not-a-virus:RiskTool.Win32.Reboot.f</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Justin\My Documents\Stuff\SmitfraudFix\SmitfraudFix.zip</td><td>Infected: not-a-virus:RiskTool.Win32.Reboot.f</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Justin\My Documents\Stuff\W3G\GGTVPlayer.exe</td><td>Infected: HackTool.Win32.PassDic.p</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Program Files\DAEMON Tools Lite\SRSAI.exe</td><td>Infected: not-a-virus:AdWare.Win32.Shopper.r</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td colspan='3' height='20px'><b>
The scan was stopped by the user.</td></tr></table>
</body>
</html>
===========
Note it did not fuilly complete the scan becuz my internet got d/ced)
and the HJT log file
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:59:28 AM, on 20/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\Program Files\VentSrv\ventrilo_srv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\tsnp2std.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Justin\Desktop\StealthBot\Eurobot\StealthBot v2.6R3.exe
C:\Documents and Settings\Justin\Desktop\StealthBot\WestBot\StealthBot v2.6R3.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Warkeys Update.lnk = C:\Documents and Settings\Justin\Desktop\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1202728700234
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe
--
End of file - 7450 bytes
and now the combo fix!!!
===============
ComboFix 08-10-19.01 - Justin 2008-10-20 8:00:55.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1511 [GMT 10:00]
Running from: C:\Documents and Settings\Justin\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-09-19 to 2008-10-19 )))))))))))))))))))))))))))))))
.
2008-10-19 21:22 . 2008-10-19 21:22 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-10-18 19:24 . 2008-10-18 19:40 <DIR> d-------- C:\Program Files\PC Doc Pro
2008-10-14 23:49 . 2008-10-14 23:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Blizzard
2008-10-11 20:27 . 2008-10-11 20:27 <DIR> d-------- C:\.jagex_cache_32
2008-10-11 02:22 . 2008-10-11 02:22 42 --a------ C:\WINDOWS\system32\RegistryEasy.lie
2008-10-11 01:58 . 2008-10-19 15:39 <DIR> d-------- C:\Program Files\Registry Easy
2008-10-08 15:59 . 2008-10-08 16:09 <DIR> d-------- C:\Program Files\Common
2008-10-07 22:05 . 2008-09-08 23:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-10-07 22:05 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\o4Patch.exe
2008-10-07 22:05 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-10-07 22:04 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-10-07 22:04 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-10-07 22:04 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-10-07 22:04 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-10-07 22:04 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-10-07 22:04 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-10-07 22:04 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-10-03 19:52 . 2008-10-03 19:52 26 --a------ C:\WINDOWS\colorpalette.ini
2008-10-03 19:45 . 2008-10-03 19:49 14 --a------ C:\WINDOWS\system32\sys_api.dlx
2008-10-02 10:48 . 2008-10-02 10:48 1 --a------ C:\Documents and Settings\Justin\SI.bin
2008-10-01 23:34 . 2008-10-01 23:34 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-09-29 19:45 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-09-29 19:45 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-19 21:48 --------- d-----w C:\Program Files\Warcraft III
2008-10-19 12:05 2,094 ----a-w C:\WINDOWS\system32\tmp.reg
2008-10-19 05:38 --------- d-----w C:\Documents and Settings\Justin\Application Data\Ventrilo
2008-10-19 05:38 --------- d-----w C:\Documents and Settings\Justin\Application Data\uTorrent
2008-10-19 05:38 --------- d-----w C:\Documents and Settings\Justin\Application Data\TeamViewer
2008-10-19 05:38 --------- d-----w C:\Documents and Settings\Justin\Application Data\Skype
2008-10-19 05:38 --------- d-----w C:\Documents and Settings\Justin\Application Data\IMVU
2008-10-19 05:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-10-19 03:14 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-10-18 17:15 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-18 17:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-14 20:43 --------- d-----w C:\Program Files\World of Warcraft
2008-10-14 15:19 139,144 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-10-14 15:19 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-10-13 20:31 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-11 10:27 23 ----a-w C:\Documents and Settings\Justin\jagex_runescape_preferences.dat
2008-10-05 03:10 --------- d-----w C:\Program Files\DivX
2008-10-02 00:51 --------- d-----w C:\Program Files\Steam
2008-10-02 00:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-02 00:40 --------- d-----w C:\Program Files\Doom 3
2008-10-02 00:39 --------- d-----w C:\Program Files\WC3Banlist
2008-10-02 00:31 --------- d-----w C:\Program Files\CamStudio
2008-09-18 13:24 --------- d-----w C:\Program Files\TeamViewer3
2008-09-17 13:51 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-09-16 00:14 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-09-16 00:14 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-09-16 00:12 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-09-16 00:12 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-09-16 00:12 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-09-16 00:12 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-09-16 00:12 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-09-16 00:12 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-09-16 00:12 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-09-16 00:12 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-09-16 00:12 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-09-16 00:12 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-09-16 00:11 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-09-16 00:11 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-09-16 00:11 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-09-16 00:11 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-09-16 00:11 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-09-16 00:11 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-09-16 00:11 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-09-13 12:02 --------- d-----w C:\Program Files\Garena
2008-09-05 09:32 --------- d-----w C:\Program Files\IMVU
2008-08-26 10:03 --------- d-----w C:\Documents and Settings\Justin\Application Data\Tourney Master 3 ES1 Ultimate
2008-08-23 16:22 --------- d-----w C:\Program Files\Vstplugins
2008-08-23 16:22 --------- d-----w C:\Program Files\Sony
2008-08-23 16:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2008-08-08 11:46 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-07-22 00:42 42,320 ----a-w C:\WINDOWS\system32\xfcodec.dll
2008-04-30 17:21 8,055 ----a-w C:\Program Files\hijackthis.log
2008-04-28 13:12 6,144 --sha-w C:\Program Files\Thumbs.db
2008-04-25 12:18 396,288 ----a-w C:\Program Files\HijackThis.exe
2008-04-03 08:16 616,569,723 ----a-w C:\Program Files\fear_update_en_100-107_108.exe
2008-02-11 12:21 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-24 68856]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 2321600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"FixCamera"="C:\WINDOWS\FixCamera.exe" [2005-12-06 20480]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2006-01-06 110592]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-01-06 344064]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"nwiz"="nwiz.exe" [2007-12-05 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-29 C:\WINDOWS\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-02 8699904]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoNetSetup"= 0 (0x0)
"NoNetSetupIDPage"= 0 (0x0)
"NoNetSetupSecurityPage"= 0 (0x0)
"NoWorkgroupContents"= 0 (0x0)
"NoEntireNetwork"= 0 (0x0)
"NoFileSharingControl"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)
"RestrictRun"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 0 (0x0)
"NoClose"= 0 (0x0)
"NoSetFolders"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Documents and Settings\\Justin\\Desktop\\uTorrent.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9111:TCP"= 9111:TCP:*:Disabled:SolidNetworkManager
"9111:UDP"= 9111:UDP:*:Disabled:SolidNetworkManager
"60126:TCP"= 60126:TCP:*:Disabled:SolidNetworkManager
"60126:UDP"= 60126:UDP:*:Disabled:SolidNetworkManager
"10032:TCP"= 10032:TCP:*:Disabled:SolidNetworkManager
"10032:UDP"= 10032:UDP:*:Disabled:SolidNetworkManager
"34469:TCP"= 34469:TCP:*:Disabled:SolidNetworkManager
"34469:UDP"= 34469:UDP:*:Disabled:SolidNetworkManager
"86:TCP"= 86:TCP:BroadCam Web Server
R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys [2004-02-25 24827]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-01-04 10219904]
S3 teamviewervpn;TeamViewer VPN Adapter;C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088]
.
Contents of the 'Scheduled Tasks' folder
2008-06-11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
2008-10-10 C:\WINDOWS\Tasks\Schedule Task Weekly.job
- C:\Program Files\Registry Easy\RE.exe [2008-09-23 16:30]
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\wxep9b73.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.daemon-search.com/startpage
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npssn.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
FF -: plugin - C:\WINDOWS\system32\SolidStateNetworks\SolidStateION\npssn.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-20 08:04:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-20 8:06:07
ComboFix-quarantined-files.txt 2008-10-19 22:05:53
ComboFix2.txt 2008-10-19 20:10:31
ComboFix3.txt 2008-10-19 17:01:45
ComboFix4.txt 2008-06-10 21:06:45
ComboFix5.txt 2008-10-19 22:00:26
Pre-Run: 18,888,355,840 bytes free
Post-Run: 18,922,590,208 bytes free
223
========================
0 -
Hi
To get complete Kaspersky online scanner report could you try running the scan again, please?
0 -
i will will post it shortly thank you for ya reply.!
0 -
Ok. Shall wait for your input
0 -
okay the scan has finally finished!!!! sorry for the long wait id like to also say about other problems i receive my internet is super slow it always gives me pop up adds even on safe sites my headset(microhphone) plays random sounds ? why is this anyway here is the log
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd">
<html>
<head>
<title>KASPERSKY ONLINE SCANNER 7 REPORT</title>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8'>
<style type='text/css'>
.pagetitle { font-size:20px; color:#FFFFFF; font-family: Arial, Geneva, sans-serif; }
.text { font-size:11px; font-family: Arial, Geneva, sans-serif; }
TD { font-size:11px; font-family: Arial, Geneva, sans-serif; }
</style>
</head>
<body>
<table width='100%' border='0'>
<tr align='center' bgcolor='#005447'>
<td colspan='2' height='30px' class='pagetitle'>
<b>KASPERSKY ONLINE SCANNER 7 REPORT</b>
</td>
</tr>
<tr>
<td colspan='2' height='70px'>
Thursday, October 23, 2008<br>
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)<br>
Kaspersky Online Scanner 7 version: 7.0.25.0<br>
Program database last update: Wednesday, October 22, 2008 09:07:12<br>
Records in database: 1334614<br>
</td>
</tr>
<tr>
<td colspan='2' height='10px'>
</td>
</tr>
</table>
<table width='100%' border='0'>
<tr bgcolor='#EFEBDE'>
<td colspan='2' height='20px'><b>Scan settings</b></td>
</tr>
<tr>
<td height='15px' width='250px'>Scan using the following database</td>
<td>extended</td>
</tr>
<tr>
<td height='15px'>Scan archives</td>
<td>yes</td>
</tr>
<tr>
<td height='15px'>Scan mail databases</td>
<td>yes</td>
</tr>
<tr>
<td colspan='2' height='10px'>
</td>
</tr>
<tr bgcolor='#EFEBDE'>
<td height='20px'><b>Scan area</b></td>
<td>My Computer</td>
</tr>
<tr>
<td colspan='2' height='20px'>
A:\<br>
C:\<br>
D:\<br>
E:\<br>
F:\<br>
G:\<br>
H:\
</td>
</tr>
<tr>
<td colspan='2' height='10px'>
</td>
</tr>
<tr bgcolor='#EFEBDE'>
<td colspan='2' height='20px'><b>Scan statistics</b></td>
</tr>
<tr>
<td height='15px'>Files scanned</td>
<td>114059</td>
</tr>
<tr>
<td height='15px'>Threat name</td>
<td>12</td>
</tr>
<tr>
<td height='15px'>Infected objects</td>
<td>26</td>
</tr>
<tr>
<td height='15px'>Suspicious objects</td>
<td>0</td>
</tr>
<tr>
<td height='15px'>Duration of the scan</td>
<td>05:16:43</td>
</tr>
</table>
<br>
<table width='100%%' border="0">
<tr bgcolor='#EFEBDE'><td height='20px'><b>File name</b></td>
<td width='200px'><b>Threat name</b></td>
<td width='100px'><b>Threats count</b></td>
</tr>
<tr><td height='20px'>C:\AcCs_Manager\server1.exe</td><td>Infected: Backdoor.Win32.Poison.cpb</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Justin\Desktop\SmitfraudFix.exe</td><td>Infected: not-a-virus:RiskTool.Win32.Reboot.f</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Justin\Desktop\Warcraft_www.primewarez.com\SmitfraudFix\Reboot.exe</td><td>Infected: not-a-virus:RiskTool.Win32.Reboot.f</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Justin\My Documents\Stuff\Prince Of Persia 1\SmitfraudFix\IEDFix.C.exe</td><td>Infected: Hoax.Win32.Renos.etc</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Justin\My Documents\Stuff\Prince Of Persia 1\SmitfraudFix\Reboot.exe</td><td>Infected: not-a-virus:RiskTool.Win32.Reboot.f</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Justin\My Documents\Stuff\Prince Of Persia 1\SmitfraudFix\SmitfraudFix.zip</td><td>Infected: Hoax.Win32.Renos.etc</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Justin\My Documents\Stuff\Prince Of Persia 1\SmitfraudFix\SmitfraudFix.zip</td><td>Infected: not-a-virus:RiskTool.Win32.Reboot.f</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Justin\My Documents\Stuff\SmitfraudFix\Reboot.exe</td><td>Infected: not-a-virus:RiskTool.Win32.Reboot.f</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Justin\My Documents\Stuff\SmitfraudFix\SmitfraudFix.zip</td><td>Infected: not-a-virus:RiskTool.Win32.Reboot.f</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Documents and Settings\Justin\My Documents\Stuff\W3G\GGTVPlayer.exe</td><td>Infected: HackTool.Win32.PassDic.p</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\Program Files\DAEMON Tools Lite\SRSAI.exe</td><td>Infected: not-a-virus:AdWare.Win32.Shopper.r</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\QooBox\Quarantine\C\asdasdad.exe.vir</td><td>Infected: Trojan-PSW.Win32.IMMultiPass.wv</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\SETUP BEND FIRST 01\ONCE BAGS.exe.vir</td><td>Infected: Trojan.Win32.Obfuscated.gen</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\QooBox\Quarantine\C\Documents and Settings\Justin\Application Data\thunk name\BallElseItchInter.exe.vir</td><td>Infected: Trojan.Win32.Obfuscated.gen</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\QooBox\Quarantine\C\Documents and Settings\Justin\Application Data\thunk name\Mail Meta Joy.exe.vir</td><td>Infected: Trojan.Win32.Obfuscated.gen</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\QooBox\Quarantine\C\Documents and Settings\Justin\Application Data\thunk name\yzmwllll.exe.vir</td><td>Infected: Trojan.Win32.Obfuscated.vdy</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\QooBox\Quarantine\C\Program Files\Circle Developement\Uninstall.exe.vir</td><td>Infected: Trojan.Win32.Obfuscated.gen</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\QooBox\Quarantine\C\WINDOWS\system32\msziptools.dll.vir</td><td>Infected: Trojan-Downloader.Win32.Agent.aivh</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\QooBox\Quarantine\C\WINDOWS\system32\tdssadw.dll.vir</td><td>Infected: Rootkit.Win32.Clbd.kr</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\QooBox\Quarantine\C\WINDOWS\system32\tdssmain.dll.vir</td><td>Infected: Backdoor.Win32.Agent.tcb</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\QooBox\Quarantine\C\WINDOWS\system32\tdssserf1.dll.vir</td><td>Infected: Backdoor.Win32.TDSS.zj</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\WINDOWS\system32\IEDFix.C.exe</td><td>Infected: Hoax.Win32.Renos.etc</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>C:\WINDOWS\system32\o4Patch.exe</td><td>Infected: Hoax.Win32.Renos.etc</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>F:\Program Files\server.exe</td><td>Infected: Backdoor.Win32.Poison.cpb</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>F:\StealthBot\Jay's Stuff\SmitfraudFix\Reboot.exe</td><td>Infected: not-a-virus:RiskTool.Win32.Reboot.f</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td height='20px'>F:\StealthBot\Jay's Stuff\SmitfraudFix\SmitfraudFix.zip</td><td>Infected: not-a-virus:RiskTool.Win32.Reboot.f</td><td>1</td><td></tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr><td colspan='3' height='20px'><b>
The selected area was scanned.</td></tr></table>
</body>
</html>
0 -
Hi
We need to execute an OTMoveIt3 script
- Please download OTMoveIt3 by OldTimer and save it to your desktop.
- Double click theOTMoveIt3 icon on your desktop.
- Paste the following code under the Paste Fix Here area. Do not include the word
Code
.:Files
C:\AcCs_Manager\server1.exe
C:\Documents and Settings\Justin\Desktop\SmitfraudFix.exe
C:\Documents and Settings\Justin\Desktop\Warcraft_www.primewarez.com\SmitfraudFix
C:\Documents and Settings\Justin\My Documents\Stuff\Prince Of Persia 1\SmitfraudFix
C:\Documents and Settings\Justin\My Documents\Stuff\SmitfraudFix
C:\Documents and Settings\Justin\My Documents\Stuff\W3G\GGTVPlayer.exe
C:\Program Files\DAEMON Tools Lite\SRSAI.exe
C:\WINDOWS\system32\IEDFix.C.exe
C:\WINDOWS\system32\o4Patch.exe
F:\Program Files\server.exe
F:\StealthBot\Jay's Stuff\SmitfraudFix
- Push the large MoveIt button.
-
OTMI3 may ask to reboot the machine. Please do so if asked.
- Copy/Paste the contents under the Results line here in your next reply with a fresh hjt log.
- If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
0 - Please download OTMoveIt3 by OldTimer and save it to your desktop.
-
========== FILES ==========
C:\AcCs_Manager\server1.exe moved successfully.
C:\Documents and Settings\Justin\Desktop\SmitfraudFix.exe moved successfully.
C:\Documents and Settings\Justin\Desktop\Warcraft_www.primewarez.com\SmitfraudFix moved successfully.
C:\Documents and Settings\Justin\My Documents\Stuff\Prince Of Persia 1\SmitfraudFix\backups moved successfully.
C:\Documents and Settings\Justin\My Documents\Stuff\Prince Of Persia 1\SmitfraudFix moved successfully.
C:\Documents and Settings\Justin\My Documents\Stuff\SmitfraudFix moved successfully.
C:\Documents and Settings\Justin\My Documents\Stuff\W3G\GGTVPlayer.exe moved successfully.
C:\Program Files\DAEMON Tools Lite\SRSAI.exe moved successfully.
C:\WINDOWS\system32\IEDFix.C.exe moved successfully.
C:\WINDOWS\system32\o4Patch.exe moved successfully.
F:\Program Files\server.exe moved successfully.
F:\StealthBot\Jay's Stuff\SmitfraudFix\backups moved successfully.
F:\StealthBot\Jay's Stuff\SmitfraudFix moved successfully.
OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10242008_073319
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:35:22 AM, on 24/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\Program Files\VentSrv\ventrilo_srv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Warkeys Update.lnk = C:\Documents and Settings\Justin\Desktop\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1202728700234
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe
--
End of file - 7752 bytes
0 -
Hi again
Please download Malwarebytes' Anti-Malware to your desktop.
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform full scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
- Please post contents of that file & a fresh hjt log in your next reply. Still problems?
0 - Double-click mbam-setup.exe and follow the prompts to install the program.
-
Malwarebytes' Anti-Malware 1.30
Database version: 1312
Windows 5.1.2600 Service Pack 2
25/10/2008 6:29:59 AM
mbam-log-2008-10-25 (06-29-59).txt
Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|G:\|H:\|)
Objects scanned: 163167
Time elapsed: 44 minute(s), 12 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\main.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\QooBox\Quarantine\C\WINDOWS\system32\kgpmyxkj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{003C2EE7-432E-42B9-B7ED-C2C43D81F642}\RP2\A0000047.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Common\helper.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:31:06 AM, on 25/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\Program Files\VentSrv\ventrilo_srv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Warkeys Update.lnk = C:\Documents and Settings\Justin\Desktop\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1202728700234
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe
--
End of file - 7783 bytes
0 -
only problems im getting friend are ''my microphone plays random noises out of no where!! and i get pop up adds from no were :/
0 -
Hi
Generate an Uninstall List
* Open HijackThis
* Click on Open Misc Tools Section
* Click on Open Uninstall Manager
* Click on Save list
* Save it to your Desktop
* Post it on your next reply.
After that download Lop S&D by Eric_71 and save it to your desktop.
Lop S&D will only run on Windows XP and Windows Vista
Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.
To see how to disable security programs visit this tutorial:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
You will need to disable following programs:
(list here)
- Double-click Lop S&D.exe
- Choose the language by typing of the corresponding letter and press Enter
- Click OK at the informative window
- Type 1, to choose Option 1 (Search) then press Enter
- Wait until the end of the scan
- A report will be generated, post the contents of it in your next reply.
(Copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt)
0 - Double-click Lop S&D.exe
-
22Pixels Photoshop Flock
Ad-Aware
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 7.0.8
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AGEIA PhysX v7.03.21
AIM 6
AIM Pro
America's Army
AOL Search
Apple Mobile Device Support
Apple Software Update
Ares 2.0.9
Battlefield 2
DivX Converter
DivX Player
DivX Web Player
Fraps (remove only)
Garena
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
iTunes
J2SE Runtime Environment 5.0 Update 12
Java 6 Update 3
Java 6 Update 5
Java 6 Update 7
Kaspersky Online Scanner
KeyCraft
Malwarebytes' Anti-Malware
Messenger Plus! Live
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Mozilla Firefox (3.0.3)
MSXML 6.0 Parser (KB925673)
MySpaceIM
Nero 7 Demo
ninemsn Internet Software
NVIDIA Drivers
OpenOffice.org Installer 1.0
PDF Settings
PlayLinc
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Registry Easy v4.7
Rhapsody Player Engine
Skypeâ„¢ 3.6
Sony Vegas Pro 8.0
SUPERAntiSpyware Free Edition
TeamSpeak 2 RC2
TeamViewer 3
Update for Windows XP (KB898461)
USB Mass Storage Toolbox
USB2.0 PC Camera (SN9C201&202)
Ventrilo Client
Ventrilo Server
VideoLAN VLC media player 0.8.6e
WavePad Uninstall
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Presentation Foundation
Windows Workflow Foundation
WinPcap 4.0.2
WinRAR archiver
World of Warcraft
Xfire (remove only)
Xvid 1.1.3 final uninstall
Yahoo! Browser Services
Yahoo! Messenger
Yahoo! Toolbar
0 -
Hi
Uninstall these:
J2SE Runtime Environment 5.0 Update 12
Javaâ„¢ 6 Update 3
Javaâ„¢ 6 Update 5
Also, uninstall Messenger Plus! Live for now.
Since the logs contain strong proof that your Adobe CS3 products are not legal I instruct to uninstall those if you want me to continue helping you with this.
We need to execute an OTMoveIt3 script
- Double click theOTMoveIt3 icon on your desktop.
- Paste the following code under the Paste Fix Here area. Do not include the word
Code
.:Files
C:\DOCUME~1\Justin\Application Data\uTorrent\Over 200 Game Keygens.1.torrent
C:\DOCUME~1\Justin\Application Data\uTorrent\Over 200 Game Keygens.2.torrent
C:\DOCUME~1\Justin\Application Data\uTorrent\Over 200 Game Keygens.3.torrent
C:\DOCUME~1\Justin\Application Data\uTorrent\Over 200 Game Keygens.torrent
C:\DOCUME~1\Justin\Desktop\Pics of me\Trying to crack.JPG
C:\DOCUME~1\Justin\Favorites\Adobe Photoshop CS3 full version download with crack, serial number, keygen..url
C:\DOCUME~1\Justin\My Documents\Adobe[1].PhotoShop.CS3.Extended.Keygen.Activation.-.CAM
C:\DOCUME~1\Justin\My Documents\[isoHunt] Over 200 Game Keygens.torrent
- Push the large MoveIt button.
-
OTMI3 may ask to reboot the machine. Please do so if asked.
- Copy/Paste the contents under the Results line here in your next reply with a fresh hjt log.
- If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Download GMER and save it your desktop:
- Extract it to your desktop and double-click GMER.exe
- Click rootkit-tab and then scan.
-
Don't check
Show All
box while scanning in progress!
- When scanning is ready, click Copy.
- This copies log to clipboard
- Post log in your reply.
0 - Double click theOTMoveIt3 icon on your desktop.
-
--------------------\\ Lop S&D 4.2.4-7 XP/Vista
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel® Pentium® D CPU 3.40GHz )
BIOS : Award Modular BIOS v6.00PG
USER : Justin ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - NTFS - Total : 74 Go Free : 16 Go
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (Local Disk) - NTFS - Total : 38 Go Free : 8 Go
G:\ (Local Disk) - NTFS - Total : 36 Go Free : 3 Go
H:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 23-10-2008|23:15 )
Option : [1] ( Sun 26/10/2008| 0:14 )
--------------------\\ Listing folders in APPLIC~1
[09/06/2008|02:06] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[02/03/2008|01:43] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[26/03/2008|01:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[11/02/2008|10:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[11/02/2008|10:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP
[27/04/2008|03:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[27/04/2008|03:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[09/06/2008|02:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg8
[14/10/2008|11:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Blizzard
[19/02/2008|04:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FLEXnet
[04/05/2008|08:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[04/05/2008|05:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Kaspersky Lab
[10/06/2008|03:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[24/10/2008|11:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[04/05/2008|07:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Messenger Plus!
[11/02/2008|09:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[14/08/2008|07:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft Help
[29/03/2008|01:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NCH Software
[29/03/2008|01:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NCH Swift Sound
[11/02/2008|09:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Skype
[24/08/2008|02:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sony
[19/10/2008|03:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[28/02/2008|12:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[14/10/2008|06:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[23/02/2008|12:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia
[19/10/2008|03:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller
[04/03/2008|11:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo!
[08/05/2008|10:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo! Companion
[11/02/2008|06:47] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[11/02/2008|10:30] C:\DOCUME~1\Justin\APPLIC~1\<DIR> acccore
[29/06/2008|08:22] C:\DOCUME~1\Justin\APPLIC~1\<DIR> Address Book
[04/10/2008|05:11] C:\DOCUME~1\Justin\APPLIC~1\<DIR> Adobe
[15/06/2008|08:20] C:\DOCUME~1\Justin\APPLIC~1\<DIR> AdobeUM
[07/04/2008|10:25] C:\DOCUME~1\Justin\APPLIC~1\<DIR> Ahead
[13/03/2008|04:15] C:\DOCUME~1\Justin\APPLIC~1\<DIR> AIM
[13/03/2008|04:15] C:\DOCUME~1\Justin\APPLIC~1\<DIR> AIMPro
[11/06/2008|11:09] C:\DOCUME~1\Justin\APPLIC~1\<DIR> Apple Computer
[27/03/2008|09:44] C:\DOCUME~1\Justin\APPLIC~1\<DIR> Codemasters
[23/02/2008|09:21] C:\DOCUME~1\Justin\APPLIC~1\<DIR> DAEMON Tools
[11/06/2008|10:50] C:\DOCUME~1\Justin\APPLIC~1\<DIR> DivX
[15/02/2008|04:53] C:\DOCUME~1\Justin\APPLIC~1\<DIR> Google
[09/06/2008|02:07] C:\DOCUME~1\Justin\APPLIC~1\<DIR> Hamachi
[20/07/2008|04:37] C:\DOCUME~1\Justin\APPLIC~1\<DIR> Help
[11/02/2008|06:51] C:\DOCUME~1\Justin\APPLIC~1\<DIR> Identities
[19/10/2008|03:38] C:\DOCUME~1\Justin\APPLIC~1\<DIR> IMVU
[14/02/2008|08:39] C:\DOCUME~1\Justin\APPLIC~1\<DIR> InstallShield
[14/07/2008|09:31] C:\DOCUME~1\Justin\APPLIC~1\<DIR> Macromedia
[24/10/2008|11:34] C:\DOCUME~1\Justin\APPLIC~1\<DIR> Malwarebytes
[25/06/2008|08:22] C:\DOCUME~1\Justin\APPLIC~1\<DIR> Microsoft
[29/06/2008|08:25] C:\DOCUME~1\Justin\APPLIC~1\<DIR> Mozilla
[11/02/2008|09:10] C:\DOCUME~1\Justin\APPLIC~1\<DIR> MSNInstaller
[11/02/2008|10:03] C:\DOCUME~1\Justin\APPLIC~1\<DIR> MySpace
[29/03/2008|01:37] C:\DOCUME~1\Justin\APPLIC~1\<DIR> NCH Software
[29/03/2008|01:28] C:\DOCUME~1\Justin\APPLIC~1\<DIR> NCH Swift Sound
[09/06/2008|02:07] C:\DOCUME~1\Justin\APPLIC~1\<DIR> Paltalk
[30/03/2008|11:40] C:\DOCUME~1\Justin\APPLIC~1\<DIR> Publish Providers
[24/03/2008|05:26] C:\DOCUME~1\Justin\APPLIC~1\<DIR> Real
[29/03/2008|01:28] C:\DOCUME~1\Justin\APPLIC~1\<DIR> Recordpad
[19/10/2008|03:38] C:\DOCUME~1\Justin\APPLIC~1\<DIR> Skype
[18/01/2008|01:40] C:\DOCUME~1\Justin\APPLIC~1\<DIR> skypePM
[30/03/2008|11:40] C:\DOCUME~1\Justin\APPLIC~1\<DIR> Sony
[30/03/2008|11:20] C:\DOCUME~1\Justin\APPLIC~1\<DIR> Sony Setup
[15/02/2008|04:55] C:\DOCUME~1\Justin\APPLIC~1\<DIR> Sun
[10/06/2008|12:33] C:\DOCUME~1\Justin\APPLIC~1\<DIR> SUPERAntiSpyware.com
[11/02/2008|10:18] C:\DOCUME~1\Justin\APPLIC~1\<DIR> teamspeak2
[19/10/2008|03:38] C:\DOCUME~1\Justin\APPLIC~1\<DIR> TeamViewer
[26/08/2008|08:03] C:\DOCUME~1\Justin\APPLIC~1\<DIR> Tourney Master 3 ES1 Ultimate
[19/10/2008|03:38] C:\DOCUME~1\Justin\APPLIC~1\<DIR> uTorrent
[19/10/2008|03:38] C:\DOCUME~1\Justin\APPLIC~1\<DIR> Ventrilo
[01/05/2008|11:50] C:\DOCUME~1\Justin\APPLIC~1\<DIR> Viewpoint
[04/03/2008|08:42] C:\DOCUME~1\Justin\APPLIC~1\<DIR> vlc
[12/06/2008|07:49] C:\DOCUME~1\Justin\APPLIC~1\<DIR> Windows Live Writer
[24/07/2008|10:26] C:\DOCUME~1\Justin\APPLIC~1\<DIR> Xfire
[08/05/2008|10:38] C:\DOCUME~1\Justin\APPLIC~1\<DIR> yahoo!
[09/06/2008|02:06] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[02/05/2008|12:17] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> TeamViewer
[12/02/2008|12:48] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Xfire
[09/06/2008|02:06] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft
[29/03/2008|01:28] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> NCH Swift Sound
[12/02/2008|12:37] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Xfire
--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks
[11/10/2008 01:59 AM][--a------] C:\WINDOWS\tasks\Schedule Task Weekly.job
[11/06/2008 11:04 AM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[24/04/2008 11:27 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[04/08/2004 11:07 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing Folders in C:\Program Files
[22/07/2008|08:14] C:\Program Files\<DIR> Adobe
[27/03/2008|09:43] C:\Program Files\<DIR> AGEIA Technologies
[13/03/2008|04:15] C:\Program Files\<DIR> AIM
[11/02/2008|10:29] C:\Program Files\<DIR> AIM6
[29/06/2008|04:24] C:\Program Files\<DIR> America's Army
[20/02/2008|11:38] C:\Program Files\<DIR> America's Army Server Manager
[11/02/2008|10:29] C:\Program Files\<DIR> AOL
[24/02/2008|03:13] C:\Program Files\<DIR> AOL Games
[11/02/2008|10:29] C:\Program Files\<DIR> AOL Search
[11/06/2008|11:04] C:\Program Files\<DIR> Apple Software Update
[12/05/2008|08:57] C:\Program Files\<DIR> Ares
[01/05/2008|11:03] C:\Program Files\<DIR> Bonjour
[11/02/2008|08:29] C:\Program Files\<DIR> BroadCom GB LAN
[22/10/2008|09:26] C:\Program Files\<DIR> BSR Screen Recorder 4
[02/10/2008|10:31] C:\Program Files\<DIR> CamStudio
[25/10/2008|06:29] C:\Program Files\<DIR> Common
[20/10/2008|08:02] C:\Program Files\<DIR> Common Files
[11/02/2008|06:44] C:\Program Files\<DIR> ComPlus Applications
[19/02/2008|06:50] C:\Program Files\<DIR> Conduit
[24/10/2008|07:33] C:\Program Files\<DIR> DAEMON Tools Lite
[12/05/2008|03:36] C:\Program Files\<DIR> Deskshare
[08/08/2008|09:57] C:\Program Files\<DIR> directx
[05/10/2008|01:10] C:\Program Files\<DIR> DivX
[02/10/2008|10:40] C:\Program Files\<DIR> Doom 3
[27/05/2008|01:44] C:\Program Files\<DIR> EA GAMES
[11/06/2008|12:37] C:\Program Files\<DIR> Game Cam V2
[13/09/2008|10:02] C:\Program Files\<DIR> Garena
[11/02/2008|08:29] C:\Program Files\<DIR> Gigabyte
[14/07/2008|09:30] C:\Program Files\<DIR> Google
[05/09/2008|07:32] C:\Program Files\<DIR> IMVU
[02/10/2008|10:48] C:\Program Files\<DIR> InstallShield Installation Information
[11/02/2008|08:27] C:\Program Files\<DIR> Intel
[11/06/2008|10:56] C:\Program Files\<DIR> Internet Explorer
[27/04/2008|03:09] C:\Program Files\<DIR> iPod
[27/04/2008|03:09] C:\Program Files\<DIR> iTunes
[19/07/2008|06:27] C:\Program Files\<DIR> Java
[02/07/2008|06:37] C:\Program Files\<DIR> KLC
[10/06/2008|03:39] C:\Program Files\<DIR> Lavasoft
[24/10/2008|11:34] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[03/03/2008|11:26] C:\Program Files\<DIR> Messenger
[01/05/2008|11:50] C:\Program Files\<DIR> MetaStream
[11/02/2008|06:47] C:\Program Files\<DIR> microsoft frontpage
[11/02/2008|07:17] C:\Program Files\<DIR> Microsoft Office
[26/02/2008|03:39] C:\Program Files\<DIR> Microsoft SQL Server Compact Edition
[11/02/2008|07:17] C:\Program Files\<DIR> Microsoft Visual Studio
[11/02/2008|07:17] C:\Program Files\<DIR> Microsoft Works
[30/03/2008|12:45] C:\Program Files\<DIR> Movie Maker
[26/10/2008|12:07] C:\Program Files\<DIR> Mozilla Firefox
[30/03/2008|11:29] C:\Program Files\<DIR> MSBuild
[11/02/2008|09:10] C:\Program Files\<DIR> MSN
[11/02/2008|06:44] C:\Program Files\<DIR> MSN Gaming Zone
[11/02/2008|10:03] C:\Program Files\<DIR> MySpace
[29/03/2008|01:38] C:\Program Files\<DIR> NCH Software
[29/03/2008|01:38] C:\Program Files\<DIR> NCH Swift Sound
[11/02/2008|07:12] C:\Program Files\<DIR> Nero
[11/02/2008|06:45] C:\Program Files\<DIR> NetMeeting
[14/02/2008|08:39] C:\Program Files\<DIR> Ocean Technologies & Media
[11/02/2008|06:44] C:\Program Files\<DIR> Online Services
[11/02/2008|06:45] C:\Program Files\<DIR> Outlook Express
[09/06/2008|02:07] C:\Program Files\<DIR> Paltalk Messenger
[18/10/2008|07:40] C:\Program Files\<DIR> PC Doc Pro
[26/03/2008|01:29] C:\Program Files\<DIR> PlayLinc
[27/04/2008|03:09] C:\Program Files\<DIR> QuickTime
[11/03/2008|09:43] C:\Program Files\<DIR> Real
[11/02/2008|08:32] C:\Program Files\<DIR> Realtek
[30/03/2008|11:26] C:\Program Files\<DIR> Reference Assemblies
[19/10/2008|03:39] C:\Program Files\<DIR> Registry Easy
[11/02/2008|09:59] C:\Program Files\<DIR> Skype
[24/08/2008|02:22] C:\Program Files\<DIR> Sony
[30/03/2008|11:20] C:\Program Files\<DIR> Sony Setup
[19/10/2008|03:15] C:\Program Files\<DIR> Spybot - Search & Destroy
[11/02/2008|10:29] C:\Program Files\<DIR> StealthBot
[02/10/2008|10:51] C:\Program Files\<DIR> Steam
[19/07/2008|06:27] C:\Program Files\<DIR> Sun
[10/06/2008|12:33] C:\Program Files\<DIR> SUPERAntiSpyware
[11/02/2008|10:18] C:\Program Files\<DIR> Teamspeak2_RC2
[18/09/2008|11:24] C:\Program Files\<DIR> TeamViewer3
[01/10/2008|11:34] C:\Program Files\<DIR> TeaTimer (Spybot - Search & Destroy)
[25/04/2008|10:17] C:\Program Files\<DIR> Trend Micro
[26/03/2008|01:08] C:\Program Files\<DIR> Ubisoft
[11/02/2008|06:51] C:\Program Files\<DIR> Uninstall Information
[27/02/2008|12:35] C:\Program Files\<DIR> USBToolbox
[29/06/2008|09:17] C:\Program Files\<DIR> uTorrent
[11/02/2008|09:29] C:\Program Files\<DIR> Ventrilo
[16/06/2008|08:57] C:\Program Files\<DIR> VentSrv
[04/03/2008|08:42] C:\Program Files\<DIR> VideoLAN
[01/05/2008|11:01] C:\Program Files\<DIR> Viewpoint
[24/08/2008|02:22] C:\Program Files\<DIR> Vstplugins
[25/10/2008|03:12] C:\Program Files\<DIR> Warcraft III
[02/10/2008|10:39] C:\Program Files\<DIR> WC3Banlist
[27/02/2008|01:32] C:\Program Files\<DIR> Windows Live
[25/10/2008|11:55] C:\Program Files\<DIR> Windows Live Safety Center
[27/02/2008|01:19] C:\Program Files\<DIR> Windows Live Toolbar
[22/02/2008|05:34] C:\Program Files\<DIR> Windows Media Connect 2
[23/02/2008|06:02] C:\Program Files\<DIR> Windows Media Player
[11/02/2008|06:44] C:\Program Files\<DIR> Windows NT
[11/02/2008|06:46] C:\Program Files\<DIR> WindowsUpdate
[16/05/2008|09:17] C:\Program Files\<DIR> WinPcap
[20/07/2008|04:37] C:\Program Files\<DIR> WinRAR
[12/05/2008|09:46] C:\Program Files\<DIR> Wolfenstein - Enemy Territory
[22/10/2008|01:42] C:\Program Files\<DIR> World of Warcraft
[11/02/2008|06:47] C:\Program Files\<DIR> xerox
[24/07/2008|10:19] C:\Program Files\<DIR> Xfire
[03/03/2008|11:26] C:\Program Files\<DIR> Xvid
[11/02/2008|09:22] C:\Program Files\<DIR> Yahoo!
--------------------\\ Listing Folders in C:\Program Files\Common Files
[26/03/2008|01:19] C:\Program Files\Common Files\<DIR> Adobe
[11/02/2008|07:13] C:\Program Files\Common Files\<DIR> Ahead
[11/02/2008|10:29] C:\Program Files\Common Files\<DIR> AOL
[27/04/2008|03:08] C:\Program Files\Common Files\<DIR> Apple
[17/09/2008|11:51] C:\Program Files\Common Files\<DIR> Blizzard Entertainment
[11/02/2008|07:17] C:\Program Files\Common Files\<DIR> DESIGNER
[24/05/2008|03:20] C:\Program Files\Common Files\<DIR> EasyInfo
[27/02/2008|12:35] C:\Program Files\Common Files\<DIR> InstallShield
[15/02/2008|04:52] C:\Program Files\Common Files\<DIR> Java
[19/02/2008|04:34] C:\Program Files\Common Files\<DIR> Macrovision Shared
[30/03/2008|11:30] C:\Program Files\Common Files\<DIR> Microsoft Shared
[11/02/2008|06:45] C:\Program Files\Common Files\<DIR> MSSoap
[13/03/2008|04:15] C:\Program Files\Common Files\<DIR> Nullsoft
[12/02/2008|05:38] C:\Program Files\Common Files\<DIR> ODBC
[11/03/2008|09:43] C:\Program Files\Common Files\<DIR> Real
[11/02/2008|06:45] C:\Program Files\Common Files\<DIR> Services
[11/02/2008|09:59] C:\Program Files\Common Files\<DIR> Skype
[02/03/2008|06:09] C:\Program Files\Common Files\<DIR> snp2std
[12/02/2008|05:38] C:\Program Files\Common Files\<DIR> SpeechEngines
[11/02/2008|07:15] C:\Program Files\Common Files\<DIR> System
[26/02/2008|03:33] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller
[10/06/2008|03:39] C:\Program Files\Common Files\<DIR> Wise Installation Wizard
[11/03/2008|09:43] C:\Program Files\Common Files\<DIR> xing shared
--------------------\\ Process
( 40 Processes )
... OK !
--------------------\\ Searching with S_Lop
No Lop folder found !
--------------------\\ Searching for Lop Files - Folders
C:\DOCUME~1\Justin\Cookies\justin@adopt.euroclick[2].txt
--------------------\\ Searching within the Registry
..... OK !
--------------------\\ Checking the Hosts file
Hosts file CLEAN
--------------------\\ Searching for hidden files with Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-26 00:16:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 120
--------------------\\ Searching for other infections
--------------------\\ ROOTKIT !!
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TDSSserv]
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\Justin\Application Data\uTorrent\Over 200 Game Keygens.1.torrent
C:\DOCUME~1\Justin\Application Data\uTorrent\Over 200 Game Keygens.2.torrent
C:\DOCUME~1\Justin\Application Data\uTorrent\Over 200 Game Keygens.3.torrent
C:\DOCUME~1\Justin\Application Data\uTorrent\Over 200 Game Keygens.torrent
C:\DOCUME~1\Justin\Desktop\Pics of me\Trying to crack.JPG
C:\DOCUME~1\Justin\Favorites\Adobe Photoshop CS3 full version download with crack, serial number, keygen..url
C:\DOCUME~1\Justin\My Documents\Adobe[1].PhotoShop.CS3.Extended.Keygen.Activation.-.CAM
C:\DOCUME~1\Justin\My Documents\[isoHunt] Over 200 Game Keygens.torrent
C:\DOCUME~1\Justin\My Documents\Adobe[1].PhotoShop.CS3.Extended.Keygen.Activation.-.CAM\2006 pic.jpg.jpg
C:\DOCUME~1\Justin\My Documents\Adobe[1].PhotoShop.CS3.Extended.Keygen.Activation.-.CAM\Adobe PhotoShop CS3 Extended Keygen + Activation - CAM
C:\DOCUME~1\Justin\My Documents\Adobe[1].PhotoShop.CS3.Extended.Keygen.Activation.-.CAM\America's Army Mission Editor.lnk
C:\DOCUME~1\Justin\My Documents\Adobe[1].PhotoShop.CS3.Extended.Keygen.Activation.-.CAM\archer (2)3.JPG
C:\DOCUME~1\Justin\My Documents\Adobe[1].PhotoShop.CS3.Extended.Keygen.Activation.-.CAM\Bane.jpg
C:\DOCUME~1\Justin\My Documents\Adobe[1].PhotoShop.CS3.Extended.Keygen.Activation.-.CAM\cBu Sig.bmp
C:\DOCUME~1\Justin\My Documents\Adobe[1].PhotoShop.CS3.Extended.Keygen.Activation.-.CAM\Convo with lidz.html
C:\DOCUME~1\Justin\My Documents\Adobe[1].PhotoShop.CS3.Extended.Keygen.Activation.-.CAM\DivX Converter.lnk
C:\DOCUME~1\Justin\My Documents\Adobe[1].PhotoShop.CS3.Extended.Keygen.Activation.-.CAM\Dragon Light.jpg.jpg
C:\DOCUME~1\Justin\My Documents\Adobe[1].PhotoShop.CS3.Extended.Keygen.Activation.-.CAM\DSC00164.JPG
C:\DOCUME~1\Justin\My Documents\Adobe[1].PhotoShop.CS3.Extended.Keygen.Activation.-.CAM\DSC00177.JPG
C:\DOCUME~1\Justin\My Documents\Adobe[1].PhotoShop.CS3.Extended.Keygen.Activation.-.CAM\Firefox Setup 2.0.0.12.exe
C:\DOCUME~1\Justin\My Documents\Adobe[1].PhotoShop.CS3.Extended.Keygen.Activation.-.CAM\GGClient_setup.exe
C:\DOCUME~1\Justin\My Documents\Adobe[1].PhotoShop.CS3.Extended.Keygen.Activation.-.CAM\Install_MSN_Messenger.exe
C:\DOCUME~1\Justin\My Documents\Adobe[1].PhotoShop.CS3.Extended.Keygen.Activation.-.CAM\Internet.lnk
C:\DOCUME~1\Justin\My Documents\Adobe[1].PhotoShop.CS3.Extended.Keygen.Activation.-.CAM\Joanna.txt
C:\DOCUME~1\Justin\My Documents\Adobe[1].PhotoShop.CS3.Extended.Keygen.Activation.-.CAM\JoannaFlower.jpg
C:\DOCUME~1\Justin\My Documents\Adobe[1].PhotoShop.CS3.Extended.Keygen.Activation.-.CAM\Kevin Federline - Lose Control.mp3
C:\DOCUME~1\Justin\My Documents\Adobe[1].PhotoShop.CS3.Extended.Keygen.Activation.-.CAM\me and my fiance at the Missouri Breaks.jpg
C:\DOCUME~1\Justin\My Documents\Adobe[1].PhotoShop.CS3.Extended.Keygen.Activation.-.CAM\me and my fiance before dinner.jpg
C:\DOCUME~1\Justin\My Documents\Adobe[1].PhotoShop.CS3.Extended.Keygen.Activation.-.CAM\My Computer.lnk
C:\DOCUME~1\Justin\My Documents\Adobe[1].PhotoShop.CS3.Extended.Keygen.Activation.-.CAM\My Sharing Folders.lnk
C:\DOCUME~1\Justin\My Documents\Adobe[1].PhotoShop.CS3.Extended.Keygen.Activation.-.CAM\My spawn pic 2007.jpg
C:\DOCUME~1\Justin\My Documents\Adobe[1].PhotoShop.CS3.Extended.Keygen.Activation.-.CAM\newDragonpic.jpg.jpg
C:\DOCUME~1\Justin\My Documents\Adobe[1].PhotoShop.CS3.Extended.Keygen.Activation.-.CAM\Plugs.exe
C:\DOCUME~1\Justin\My Documents\Adobe[1].PhotoShop.CS3.Extended.Keygen.Activation.-.CAM\PunkDragon.jpg.png
C:\DOCUME~1\Justin\My Documents\Adobe[1].PhotoShop.CS3.Extended.Keygen.Activation.-.CAM\Rihanna - Please Don't Stop The Music.mp3
C:\DOCUME~1\Justin\My Documents\Adobe[1].PhotoShop.CS3.Extended.Keygen.Activation.-.CAM\SF A-Team Videos.lnk
C:\DOCUME~1\Justin\My Documents\Adobe[1].PhotoShop.CS3.Extended.Keygen.Activation.-.CAM\SkypeSetup.exe
C:\DOCUME~1\Justin\My Documents\Adobe[1].PhotoShop.CS3.Extended.Keygen.Activation.-.CAM\Spawn07.jpg
C:\DOCUME~1\Justin\My Documents\Adobe[1].PhotoShop.CS3.Extended.Keygen.Activation.-.CAM\Spawn2007pic3.jpg
C:\DOCUME~1\Justin\My Documents\Adobe[1].PhotoShop.CS3.Extended.Keygen.Activation.-.CAM\StealthBot.rar
C:\DOCUME~1\Justin\My Documents\Adobe[1].PhotoShop.CS3.Extended.Keygen.Activation.-.CAM\Stich.jpg
C:\DOCUME~1\Justin\My Documents\Adobe[1].PhotoShop.CS3.Extended.Keygen.Activation.-.CAM\Thumbs.db
C:\DOCUME~1\Justin\My Documents\Adobe[1].PhotoShop.CS3.Extended.Keygen.Activation.-.CAM\untitled.bmp
C:\DOCUME~1\Justin\My Documents\Adobe[1].PhotoShop.CS3.Extended.Keygen.Activation.-.CAM\untitled.JPG
C:\DOCUME~1\Justin\My Documents\Adobe[1].PhotoShop.CS3.Extended.Keygen.Activation.-.CAM\worst day of my life..txt
[F:1348][D:21]-> C:\DOCUME~1\Justin\LOCALS~1\Temp
[F:75][D:0]-> C:\DOCUME~1\Justin\Cookies
[F:1454][D:5]-> C:\DOCUME~1\Justin\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - Sun 26/10/2008| 0:18 - Option : [1]
--------------------\\ Scan completed at 0:18:45
0 -
um about the adobe photoshop thing its my brothers program and i dont wanna touch it since i dont no about it. and im sure its not a virus since its a means of making pictures or somthing so i am sorry but i can not remove it and i really do apreicate the help belive me i do if i could make it up 2 u i would
========== FILES ==========
C:\DOCUME~1\Justin\Application Data\uTorrent\Over 200 Game Keygens.1.torrent moved successfully.
C:\DOCUME~1\Justin\Application Data\uTorrent\Over 200 Game Keygens.2.torrent moved successfully.
C:\DOCUME~1\Justin\Application Data\uTorrent\Over 200 Game Keygens.3.torrent moved successfully.
C:\DOCUME~1\Justin\Application Data\uTorrent\Over 200 Game Keygens.torrent moved successfully.
C:\DOCUME~1\Justin\Desktop\Pics of me\Trying to crack.JPG moved successfully.
C:\DOCUME~1\Justin\Favorites\Adobe Photoshop CS3 full version download with crack, serial number, keygen..url moved successfully.
C:\DOCUME~1\Justin\My Documents\Adobe[1].PhotoShop.CS3.Extended.Keygen.Activation.-.CAM\Adobe PhotoShop CS3 Extended Keygen + Activation - CAM moved successfully.
C:\DOCUME~1\Justin\My Documents\Adobe[1].PhotoShop.CS3.Extended.Keygen.Activation.-.CAM moved successfully.
C:\DOCUME~1\Justin\My Documents\[isoHunt] Over 200 Game Keygens.torrent moved successfully.
OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10262008_053816
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:39:15 AM, on 26/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\Program Files\VentSrv\ventrilo_srv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Warkeys Update.lnk = C:\Documents and Settings\Justin\Desktop\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1202728700234
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe
--
End of file - 7572 bytes
0 -
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-10-26 10:45:22
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.14 ----
SSDT spps.sys ZwCreateKey [0xBA6A80E0]
SSDT spps.sys ZwEnumerateKey [0xBA6C6CA2]
SSDT spps.sys ZwEnumerateValueKey [0xBA6C7030]
SSDT spps.sys ZwOpenKey [0xBA6A80C0]
SSDT spps.sys ZwQueryKey [0xBA6C7108]
SSDT spps.sys ZwQueryValueKey [0xBA6C6F88]
SSDT spps.sys ZwSetValueKey [0xBA6C719A]
INT 0x62 ? 8A9D0BF8
INT 0x63 ? 8A961BF8
INT 0x82 ? 8A9D0BF8
INT 0x83 ? 8A8F0BF8
INT 0xA4 ? 8A8F0BF8
INT 0xB4 ? 8A8F0BF8
---- Kernel code sections - GMER 1.0.14 ----
? spps.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B9D1362C 5 Bytes JMP 8A8F01D8
.text aj97cr4o.SYS B9C37384 1 Byte [ 20 ]
.text aj97cr4o.SYS B9C37386 35 Bytes [ 00, 68, 00, 00, 00, 00, 00, ... ]
.text aj97cr4o.SYS B9C373AA 24 Bytes [ 00, 00, 20, 00, 00, E0, 00, ... ]
.text aj97cr4o.SYS B9C373C4 3 Bytes [ 00, 00, 00 ]
.text aj97cr4o.SYS B9C373C9 1 Byte [ 00 ]
.text ...
---- User code sections - GMER 1.0.14 ----
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3452] USER32.dll!DialogBoxParamA 77D588E1 5 Bytes JMP 7E38C4D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3452] USER32.dll!DialogBoxIndirectParamW 77D62598 5 Bytes JMP 7E38C510 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3452] USER32.dll!MessageBoxIndirectA 77D6AEF1 5 Bytes JMP 7E38C491 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3452] USER32.dll!MessageBoxExW 77D80559 5 Bytes JMP 7E38C3D9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3452] USER32.dll!MessageBoxExA 77D8057D 5 Bytes JMP 7E38C413 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3452] USER32.dll!DialogBoxIndirectParamA 77D86CED 5 Bytes JMP 7E38C54B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3452] USER32.dll!MessageBoxIndirectW 77D960B7 5 Bytes JMP 7E38C44D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- Kernel IAT/EAT - GMER 1.0.14 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [bA6A9040] spps.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [bA6A913C] spps.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [bA6A90BE] spps.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [bA6A97FC] spps.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [bA6A96D2] spps.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [bA6B9048] spps.sys
IAT \SystemRoot\System32\Drivers\aj97cr4o.SYS[HAL.dll!KfAcquireSpinLock] 0A64D90F
IAT \SystemRoot\System32\Drivers\aj97cr4o.SYS[HAL.dll!READ_PORT_UCHAR] 046FD406
IAT \SystemRoot\System32\Drivers\aj97cr4o.SYS[HAL.dll!KeGetCurrentIrql] 1672C31D
IAT \SystemRoot\System32\Drivers\aj97cr4o.SYS[HAL.dll!KfRaiseIrql] 1879CE14
IAT \SystemRoot\System32\Drivers\aj97cr4o.SYS[HAL.dll!KfLowerIrql] 3248ED2B
IAT \SystemRoot\System32\Drivers\aj97cr4o.SYS[HAL.dll!HalGetInterruptVector] 3C43E022
IAT \SystemRoot\System32\Drivers\aj97cr4o.SYS[HAL.dll!HalTranslateBusAddress] 2E5EF739
IAT \SystemRoot\System32\Drivers\aj97cr4o.SYS[HAL.dll!KeStallExecutionProcessor] 2055FA30
IAT \SystemRoot\System32\Drivers\aj97cr4o.SYS[HAL.dll!KfReleaseSpinLock] EC01B79A
IAT \SystemRoot\System32\Drivers\aj97cr4o.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] E20ABA93
IAT \SystemRoot\System32\Drivers\aj97cr4o.SYS[HAL.dll!READ_PORT_USHORT] F017AD88
IAT \SystemRoot\System32\Drivers\aj97cr4o.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] FE1CA081
IAT \SystemRoot\System32\Drivers\aj97cr4o.SYS[HAL.dll!WRITE_PORT_UCHAR] D42D83BE
IAT \SystemRoot\System32\Drivers\aj97cr4o.SYS[WMILIB.SYS!WmiSystemControl] C83B99AC
IAT \SystemRoot\System32\Drivers\aj97cr4o.SYS[WMILIB.SYS!WmiCompleteRequest] C63094A5
---- Devices - GMER 1.0.14 ----
Device \FileSystem\Ntfs \Ntfs 8A95D1F8
Device \FileSystem\Fastfat \FatCdrom 8A3C4500
Device \Driver\NetBT \Device\NetBT_Tcpip_{84BEE92E-E48C-4AE4-A908-F4389D0AB71D} 8A4101F8
Device \Driver\usbuhci \Device\USBPDO-0 8A8691F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A95F1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A95F1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A95F1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A95F1F8
Device \Driver\usbuhci \Device\USBPDO-1 8A8691F8
Device \Driver\usbuhci \Device\USBPDO-2 8A8691F8
Device \Driver\PCI_PNP5036 \Device000046 spps.sys
Device \Driver\usbuhci \Device\USBPDO-3 8A8691F8
Device \Driver\usbehci \Device\USBPDO-4 8A859500
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A9D11F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A9D11F8
Device \Driver\Cdrom \Device\CdRom0 8A81E1F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A9D11F8
Device \Driver\Cdrom \Device\CdRom1 8A81E1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 8A9D01F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A9D01F8
Device \Driver\atapi \Device\Ide\IdePort0 8A9D01F8
Device \Driver\atapi \Device\Ide\IdePort1 8A9D01F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f 8A9D01F8
Device \Driver\Cdrom \Device\CdRom2 8A81E1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A4101F8
Device \Driver\NetBT \Device\NetbiosSmb 8A4101F8
Device \Driver\usbuhci \Device\USBFDO-0 8A8691F8
Device \Driver\usbuhci \Device\USBFDO-1 8A8691F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A4011F8
Device \Driver\usbuhci \Device\USBFDO-2 8A8691F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A4011F8
Device \Driver\usbuhci \Device\USBFDO-3 8A8691F8
Device \Driver\usbehci \Device\USBFDO-4 8A859500
Device \Driver\sptd \Device\280653786 spps.sys
Device \Driver\Ftdisk \Device\FtControl 8A9D11F8
Device \Driver\aj97cr4o \Device\Scsi\aj97cr4o1Port3Path0Target0Lun0 8A8091F8
Device \Driver\iteraid \Device\Scsi\iteraid1 8A95E1F8
Device \Driver\iteraid \Device\Scsi\iteraid1Port2Path0Target0Lun0 8A95E1F8
Device \Driver\aj97cr4o \Device\Scsi\aj97cr4o1 8A8091F8
Device \FileSystem\Fastfat \Fat 8A3C4500
Device \FileSystem\Cdfs \Cdfs 8A3BF1F8
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB3 0x40 0xAC 0x3A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001@khjeh 0x22 0x3B 0x3E 0xD1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf40@khjeh 0x5C 0xEB 0xE4 0x9D ...
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSserv.sys
Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2
Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 35
Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset004\Services\MRxDAV\EncryptedDirectories@
Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB3 0x40 0xAC 0x3A ...
Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001
Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001@khjeh 0x22 0x3B 0x3E 0xD1 ...
Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf40
Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf40@khjeh 0x5C 0xEB 0xE4 0x9D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB3 0x40 0xAC 0x3A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001@khjeh 0x22 0x3B 0x3E 0xD1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf40@khjeh 0x5C 0xEB 0xE4 0x9D ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB3 0x40 0xAC 0x3A ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001@khjeh 0x22 0x3B 0x3E 0xD1 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf40
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf40@khjeh 0x5C 0xEB 0xE4 0x9D ...
---- EOF - GMER 1.0.14 ----
0 -
i have removed ADOBE cs3. sorry please continue to help me !
0 -
um about the adobe photoshop thing its my brothers program and i dont wanna touch it since i dont no about it. and im sure its not a virus since its a means of making pictures or somthing so i am sorry but i can not remove it and i really do apreicate the help belive me i do if i could make it up 2 u i would
Hi
It's not a question whether it's a virus or not. As said, we don't help with pirated software here. So, please follow the instructions about uninstalling illegal software if you want me to continue helping in this case.
0 -
Hi
Backup Your Registry with ERUNT:
- Download erunt.zip to your Desktop from here:
http://aumha.org/downloads/erunt.zip
- Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
- Inside the new folder, double-click ERUNT.exe to start the program
- OK all the prompts to back up your registry to the default location.
Note: to restore your registry, go to the backup folder and start ERDNT.exe
Click Start then Run
Type in regedit
Click Ok.
In left pane of registry editor, Navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TDSSserv
If TDSSserv exists then right click on it and choose Delete from the menu.
If you have trouble deleting a key, click once on the key name to highlight it and click on the Permission menu option under Edit. Uncheck Allow inheritible permissions and press copy. Click on everyone and put a checkmark in full control, press apply and ok and attempt to delete the key again.
What symptoms there are left at the moment? You meantioned microphone playing some random noises. Could you describe this a bit more? Also, you meantioned random popups. Could you describe those too, please?
0 - Download erunt.zip to your Desktop from here:
-
i did everything you mentioned.
with the microphone it plays random sounds such s raido sounds or people talking yet i have no programs up that let's me comunicate with people
everytime i go on the internet pop ups always occur even when i have pop up blocker.!
this folder always comes up when i restart windows!!
0 -
Hi
Do those popups appear on some specific sites? What kind of popups are those?
Please download Brute Force Uninstaller to your desktop.
- Right click the BFU folder on your desktop, and choose Extract All
- Click Next
- In the box to choose where to extract the files to,
- Click Browse
- Click on the + sign next to My Computer
- Click on Local Disk (C: )
- Click Make New Folder
- Type in BFU
- Click Next, and Uncheck the Show Extracted Files box and then click Finish.
Download BFU script from:
http://metallica.geekstogo.com/DeepDive.bfu (right-click on the link and choose Save As)
Save it in the same folder you made earlier (c:\BFU).
Using the tool:
- Go to Start > My Computer and navigate to the C:\BFU folder.
- Start the Brute Force Uninstaller by doubleclicking BFU.exe
- Behind the scriptline to execute field click the folder icon and select DeepDive.bfu
- Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.
A notepad file called BFUlogdeepdive.txt will be created on the systemdrive (usually the location will be C:\BFUlogdeepdive.txt). Post the content of that file please.
0 - Right click the BFU folder on your desktop, and choose Extract All
-
hi did everything u told me
BFU v1.12.0
Windows XP SP2 (WinNT 5.01.2600 SP2)
Script started at 7:33:56 AM, on 28/10/2008
Option Unload Explorer: Yes
Option Delete files to Recycle Bin: Yes
Success: ProcessKillByPID 1952
Success: ProcessKill C:\WINDOWS\explorer.exe|1
Success: ProcessKillByPID 1176
Success: ProcessKill iexplore.exe|1
Success: ProcessKillByPID 2300
Success: ProcessKill iexplore.exe|1
Failed: DllUnregister C:\Program Files\Common\helper.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\Common\_helper.dll|1 (file not found)
Failed: DllUnregister \main.dll|1 (file not found)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\AppID\main.DLL (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\AppID\{A0E1054B-01EE-4D57-A059-4D99F339709F} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\CLSID\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\Interface\{986A8AC1-AB4D-4F41-9068-4B01C0197867} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\TypeLib\{8E3C68CD-F500-4A2A-8CB9-132BB38C3573} (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\main.BHO (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Classes\main.BHO.1 (key does not exist)
Failed: RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486} (key does not exist)
Success: FileDelete C:\Program Files\Common\helper.sig
Success: FolderDelete C:\Program Files\Common
Success: SystemRun C:\WINDOWS\explorer.exe||1
Script completed at 7:34:19 AM.
0 -
Hi
Could you respond questions in my previous post regarding popups, please?
Also, does the folder in the screenshot still get opened by itself after a reboot?
0 -
CID popup is related to LOP which usually ships with Messenger plus if installed with sponsors.
Generate an Uninstall List
* Open HijackThis
* Click on Open Misc Tools Section
* Click on Open Uninstall Manager
* Click on Save list
* Save it to your Desktop
* Post it on your next reply.
- After that double-click Lop S&D.exe
- Choose the language by typing of the corresponding letter and press Enter
- Click OK at the informative window
- Type 1, to choose Option 1 (Search) then press Enter
- Wait until the end of the scan
- A report will be generated, post the contents of it in your next reply.
(Copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt)
Have you defragmented your hard drive lately? That might improve speed.
0 - After that double-click Lop S&D.exe
-
so far i haven't seen the folder pop up(yet) and the websites open up such as CID pop up and some sites such as this 1 and gamefaqs.com all cause me pop up adds that spam random idk why... and every time i try to open up a game or just open my computer it feels so laggy like it takes 5 min to loads up i have good computer with a lot of ram and a good graphic card and stuff idk why this could be happening.
0
Please sign in to leave a comment.
Comments
54 comments