Tech Support Forum - View Single Post

Socha_62 · 12-03-2006, 01:56 PM

Awesome. Its running just like it use to. Perfect! Only problem is that Pc Cillin is finding CRCK_NSWORKS.A in a few files. It turns out one of my housemates was stick some files in my Shared folder and they're infected with it. So I've gone in and deleted the whole folder. Hopefully that should fix it. These files were never installed, just put in the Shared folder.

Service
Service load:
0% 100%
File: 9D64738EF4.sys
Status:
OK (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 5510bab9317122f84c277d299613acb4
Packers detected:
-
Scanner results
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

Jason - 06-12-03 14

17.87 Service Pack 2
ComboFix 06-12-01W-BetaE - Running from: "C:\Documents and Settings\Jason\desktop"
Command switches used :: /v mwywthuj opnnllk

(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\mwywthuj.dll
C:\WINDOWS\system32\opnnllk.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((((((((( Files Created from 2006-11-03 to 2006-12-03 ))))))))))))))))))))))))))))))))))

2006-12-03 11:08 <DIR> d-------- C:\WINDOWS\temp
2006-12-03 10:13 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2006-12-02 22:39 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-12-02 22:38 <DIR> d-------- C:\Program Files\Grisoft
2006-12-02 20:28 <DIR> d-------- C:\Program Files\StepMania
2006-12-02 20:02 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-12-02 20:02 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-12-02 20:02 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-12-02 20:02 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-12-02 19:47 <DIR> d-------- C:\Program Files\HJT
2006-12-01 16:08 <DIR> d-------- C:\WINNT
2006-12-01 16:06 <DIR> d-------- C:\WINDOWS\erdnt
2006-11-28 21:10 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\dvdcss
2006-11-28 20:37 <DIR> d-------- C:\Program Files\Lavasoft
2006-11-28 20:37 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\Lavasoft
2006-11-28 20:13 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2006-11-28 20:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-11-28 17:06 <DIR> d-------- C:\Program Files\WinRAR
2006-11-28 12:30 641,021 --a------ C:\WINDOWS\unins000.exe
2006-11-28 12:30 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL
2006-11-28 12:30 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2006-11-28 12:30 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE
2006-11-28 12:30 25,244 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2006-11-28 12:30 187,904 --a------ C:\WINDOWS\system32\Lame.exe
2006-11-28 12:30 166,912 --a------ C:\WINDOWS\system32\Lame_enc.dll
2006-11-28 12:30 <DIR> d-------- C:\Program Files\XviD
2006-11-19 22:04 <DIR> d-------- C:\Program Files\Alarm Clock
2006-11-16 09:27 <DIR> d-------- C:\a960884c588070d1b2f0
2006-11-12 17:24 <DIR> d-------- C:\Program Files\iTunes
2006-11-12 17:24 <DIR> d-------- C:\Program Files\iPod
2006-11-12 17:23 <DIR> d-------- C:\Program Files\QuickTime
2006-11-12 17:22 <DIR> d-------- C:\Program Files\Apple Software Update
2006-11-08 12:33 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2006-11-08 12:33 356,096 --a------ C:\WINDOWS\system32\rt61.sys
2006-11-08 12:33 356,096 --a------ C:\WINDOWS\system32\drivers\rt61.sys
2006-11-08 12:33 243,328 --a------ C:\WINDOWS\system32\rt2500.sys
2006-11-08 12:33 17,992 --a------ C:\WINDOWS\system32\drivers\bcm42rly.sys
2006-11-08 12:33 17,992 --a------ C:\WINDOWS\system32\bcm42rly.sys
2006-11-08 12:33 17,992 --a------ C:\WINDOWS\bcm42rly.sys
2006-11-08 12:33 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
2006-11-08 12:32 <DIR> d-------- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-12-03 11:54 -------- d-------- C:\Program Files\Mozilla Firefox
2006-12-03 10:42 -------- d-------- C:\Program Files\MSN Messenger
2006-12-03 10:39 -------- d-------- C:\Program Files\Messenger
2006-12-03 10:39 -------- d-------- C:\Program Files\Internet Explorer
2006-12-03 10:37 -------- d-------- C:\Program Files\Dell Support
2006-12-03 10:36 -------- d-------- C:\Program Files\BAE
2006-12-01 16:08 -------- d-------- C:\Program Files\Common Files
2006-11-22 21:21 -------- d-------- C:\Program Files\Common Files\Adobe
2006-11-22 21:21 -------- d-------- C:\Documents and Settings\Jason\Application Data\Adobe
2006-11-22 21:20 -------- d-------- C:\Program Files\Adobe
2006-11-21 23:05 4096 --a------ C:\Documents and Settings\Jason\Application Data\dvd.bmk
2006-11-10 14:47 -------- d-------- C:\Documents and Settings\Jason\Application Data\SolidWorks
2006-11-08 12:33 20747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2006-11-08 12:33 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-01 21:11 88 -r-hs---- C:\WINDOWS\system32\9D64738EF4.sys
2006-11-01 21:11 3558 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2006-10-31 21:19 -------- d-------- C:\Program Files\TallStick
2006-10-30 15:18 -------- d-------- C:\Program Files\VstPlugins
2006-10-30 15:18 -------- d-------- C:\Program Files\Image-Line
2006-10-22 23:00 -------- d-------- C:\Documents and Settings\Jason\Application Data\DivX
2006-10-22 22:59 -------- d-------- C:\Program Files\DivX
2006-10-16 23:30 -------- d-------- C:\Program Files\Audacity 1.3 Beta
2006-10-13 07:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 07:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 07:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-13 05:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys
2006-10-09 12:26 -------- d-------- C:\Program Files\LimeWire
2006-10-09 12:26 -------- d-------- C:\Program Files\Java
2006-10-02 14:04 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-10-02 14:04 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-10-02 14:04 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-10-02 14:04 635486 --a------ C:\WINDOWS\system32\DivX.dll
2006-09-19 15:43 109360 --a------ C:\WINDOWS\system32\GEARAspi.dll
2006-09-13 00:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"OE_OEM"="\"C:\\Program Files\\Trend Micro\\Internet Security 12\\TMAS_OE\\TMAS_OEMon.exe\""
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SigmatelSysTrayApp"="stsystra.exe"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"
"ISUSPM Startup"="\"c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
@=""
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 12\\pccguide.exe\""
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C671A733-A4AA-4B5F-8CEE-006242C457B5}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 06-12-03 14:14:31.29
C:\ComboFix2.txt ... 06-12-03 11:08
C:\ComboFix3.txt ... 06-12-02 22:33

Incident Status Location

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt[.go.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt[.gostats.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt[hc2.humanclick.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Jason\Cookies\jason@adrevolver[3].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason\Cookies\jason@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Jason\Cookies\jason@atwola[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Jason\Cookies\jason@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Jason\Cookies\jason@dist.belnk[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason\Cookies\jason@doubleclick[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Jason\Cookies\jason@drivecleaner[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Jason\Cookies\jason@errorsafe[1].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Jason\Cookies\jason@fortunecity[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Jason\Cookies\jason@go[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Jason\Cookies\jason@mediaplex[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jason\Cookies\jason@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason\Cookies\jason@realmedia[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason\Cookies\jason@realmedia[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Jason\Cookies\jason@stats.drivecleaner[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Jason\Cookies\jason@www.drivecleaner[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Jason\Cookies\jason@www.errorsafe[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jason\Desktop\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jason\My Documents\Software Downloads\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Virus:Eicar.Mod Not disinfected C:\Program Files\Trend Micro\Internet Security 12\tmhelp.chm[/PCC12/Test_virus.htm]
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe

Logfile of HijackThis v1.99.1
Scan saved at 3:47:47 PM, on 12/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\UGS\License Servers\UGNXFLEXlm\lmgrd.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\UGS\License Servers\UGNXFLEXlm\uglmd.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HJT\hijackthis\Socha.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{95248D73-4C96-41BC-954A-1A5B3723BEA9}: NameServer = 24.247.15.53,24.247.24.53
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Unigraphics License Server (uglmd) - Macrovision Corporation - C:\Program Files\UGS\License Servers\UGNXFLEXlm\lmgrd.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

12-03-2006, 01:56 PM	#11 (permalink)
Socha_62 Registered User Join Date: Nov 2005 Posts: 29 OS: XP	Awesome. Its running just like it use to. Perfect! Only problem is that Pc Cillin is finding CRCK_NSWORKS.A in a few files. It turns out one of my housemates was stick some files in my Shared folder and they're infected with it. So I've gone in and deleted the whole folder. Hopefully that should fix it. These files were never installed, just put in the Shared folder. Service Service load: 0% 100% File: 9D64738EF4.sys Status: OK (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) MD5 5510bab9317122f84c277d299613acb4 Packers detected: - Scanner results AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing VirusBuster Found nothing VBA32 Found nothing Jason - 06-12-03 1417.87 Service Pack 2 ComboFix 06-12-01W-BetaE - Running from: "C:\Documents and Settings\Jason\desktop" Command switches used :: /v mwywthuj opnnllk (((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log ))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\mwywthuj.dll C:\WINDOWS\system32\opnnllk.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ((((((((((((((((((((((((((((((( Files Created from 2006-11-03 to 2006-12-03 )))))))))))))))))))))))))))))))))) 2006-12-03 11:08 <DIR> d-------- C:\WINDOWS\temp 2006-12-03 10:13 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2006-12-02 22:39 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2006-12-02 22:38 <DIR> d-------- C:\Program Files\Grisoft 2006-12-02 20:28 <DIR> d-------- C:\Program Files\StepMania 2006-12-02 20:02 53,248 --a------ C:\WINDOWS\system32\Process.exe 2006-12-02 20:02 40,960 --a------ C:\WINDOWS\system32\swsc.exe 2006-12-02 20:02 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2006-12-02 20:02 135,168 --a------ C:\WINDOWS\system32\swreg.exe 2006-12-02 19:47 <DIR> d-------- C:\Program Files\HJT 2006-12-01 16:08 <DIR> d-------- C:\WINNT 2006-12-01 16:06 <DIR> d-------- C:\WINDOWS\erdnt 2006-11-28 21:10 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\dvdcss 2006-11-28 20:37 <DIR> d-------- C:\Program Files\Lavasoft 2006-11-28 20:37 <DIR> d-------- C:\Documents and Settings\Jason\Application Data\Lavasoft 2006-11-28 20:13 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2006-11-28 20:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2006-11-28 17:06 <DIR> d-------- C:\Program Files\WinRAR 2006-11-28 12:30 641,021 --a------ C:\WINDOWS\unins000.exe 2006-11-28 12:30 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL 2006-11-28 12:30 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL 2006-11-28 12:30 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE 2006-11-28 12:30 25,244 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS 2006-11-28 12:30 187,904 --a------ C:\WINDOWS\system32\Lame.exe 2006-11-28 12:30 166,912 --a------ C:\WINDOWS\system32\Lame_enc.dll 2006-11-28 12:30 <DIR> d-------- C:\Program Files\XviD 2006-11-19 22:04 <DIR> d-------- C:\Program Files\Alarm Clock 2006-11-16 09:27 <DIR> d-------- C:\a960884c588070d1b2f0 2006-11-12 17:24 <DIR> d-------- C:\Program Files\iTunes 2006-11-12 17:24 <DIR> d-------- C:\Program Files\iPod 2006-11-12 17:23 <DIR> d-------- C:\Program Files\QuickTime 2006-11-12 17:22 <DIR> d-------- C:\Program Files\Apple Software Update 2006-11-08 12:33 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll 2006-11-08 12:33 356,096 --a------ C:\WINDOWS\system32\rt61.sys 2006-11-08 12:33 356,096 --a------ C:\WINDOWS\system32\drivers\rt61.sys 2006-11-08 12:33 243,328 --a------ C:\WINDOWS\system32\rt2500.sys 2006-11-08 12:33 17,992 --a------ C:\WINDOWS\system32\drivers\bcm42rly.sys 2006-11-08 12:33 17,992 --a------ C:\WINDOWS\system32\bcm42rly.sys 2006-11-08 12:33 17,992 --a------ C:\WINDOWS\bcm42rly.sys 2006-11-08 12:33 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys 2006-11-08 12:32 <DIR> d-------- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor 2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-12-03 11:54 -------- d-------- C:\Program Files\Mozilla Firefox 2006-12-03 10:42 -------- d-------- C:\Program Files\MSN Messenger 2006-12-03 10:39 -------- d-------- C:\Program Files\Messenger 2006-12-03 10:39 -------- d-------- C:\Program Files\Internet Explorer 2006-12-03 10:37 -------- d-------- C:\Program Files\Dell Support 2006-12-03 10:36 -------- d-------- C:\Program Files\BAE 2006-12-01 16:08 -------- d-------- C:\Program Files\Common Files 2006-11-22 21:21 -------- d-------- C:\Program Files\Common Files\Adobe 2006-11-22 21:21 -------- d-------- C:\Documents and Settings\Jason\Application Data\Adobe 2006-11-22 21:20 -------- d-------- C:\Program Files\Adobe 2006-11-21 23:05 4096 --a------ C:\Documents and Settings\Jason\Application Data\dvd.bmk 2006-11-10 14:47 -------- d-------- C:\Documents and Settings\Jason\Application Data\SolidWorks 2006-11-08 12:33 20747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys 2006-11-08 12:33 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-11-01 21:11 88 -r-hs---- C:\WINDOWS\system32\9D64738EF4.sys 2006-11-01 21:11 3558 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2006-10-31 21:19 -------- d-------- C:\Program Files\TallStick 2006-10-30 15:18 -------- d-------- C:\Program Files\VstPlugins 2006-10-30 15:18 -------- d-------- C:\Program Files\Image-Line 2006-10-22 23:00 -------- d-------- C:\Documents and Settings\Jason\Application Data\DivX 2006-10-22 22:59 -------- d-------- C:\Program Files\DivX 2006-10-16 23:30 -------- d-------- C:\Program Files\Audacity 1.3 Beta 2006-10-13 07:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll 2006-10-13 07:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll 2006-10-13 07:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll 2006-10-13 05:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys 2006-10-09 12:26 -------- d-------- C:\Program Files\LimeWire 2006-10-09 12:26 -------- d-------- C:\Program Files\Java 2006-10-02 14:04 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2006-10-02 14:04 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll 2006-10-02 14:04 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll 2006-10-02 14:04 635486 --a------ C:\WINDOWS\system32\DivX.dll 2006-09-19 15:43 109360 --a------ C:\WINDOWS\system32\GEARAspi.dll 2006-09-13 00:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup" "OE_OEM"="\"C:\\Program Files\\Trend Micro\\Internet Security 12\\TMAS_OE\\TMAS_OEMon.exe\"" "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SigmatelSysTrayApp"="stsystra.exe" "ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\"" "DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe" "ISUSPM Startup"="\"c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup" "ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start" @="" "pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 12\\pccguide.exe\"" "DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE" "Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{C671A733-A4AA-4B5F-8CEE-006242C457B5}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoCDBurning"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 Usnsvc REG_MULTI_SZ usnsvc\0\0 Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\AppleSoftwareUpdate.job Completion time: 06-12-03 14:14:31.29 C:\ComboFix2.txt ... 06-12-03 11:08 C:\ComboFix3.txt ... 06-12-02 22:33 Incident Status Location Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt[.advertising.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt[.atdmt.com/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt[.adultfriendfinder.com/] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt[.atwola.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt[.go.com/] Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt[.gostats.com/] Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt[.maxserving.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt[.realmedia.com/] Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\d920863x.default\cookies.txt[hc2.humanclick.com/] Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Jason\Cookies\jason@adrevolver[3].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jason\Cookies\jason@atdmt[2].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Jason\Cookies\jason@atwola[1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Jason\Cookies\jason@belnk[1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Jason\Cookies\jason@dist.belnk[2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jason\Cookies\jason@doubleclick[1].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Jason\Cookies\jason@drivecleaner[2].txt Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Jason\Cookies\jason@errorsafe[1].txt Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Jason\Cookies\jason@fortunecity[1].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Jason\Cookies\jason@go[2].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Jason\Cookies\jason@mediaplex[1].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jason\Cookies\jason@questionmarket[1].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason\Cookies\jason@realmedia[1].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jason\Cookies\jason@realmedia[2].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Jason\Cookies\jason@stats.drivecleaner[2].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Jason\Cookies\jason@www.drivecleaner[2].txt Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Jason\Cookies\jason@www.errorsafe[1].txt Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jason\Desktop\SmitfraudFix\Process.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jason\My Documents\Software Downloads\SmitfraudFix.zip[SmitfraudFix/Process.exe] Virus:Eicar.Mod Not disinfected C:\Program Files\Trend Micro\Internet Security 12\tmhelp.chm[/PCC12/Test_virus.htm] Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe Logfile of HijackThis v1.99.1 Scan saved at 3:47:47 PM, on 12/3/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\Program Files\UGS\License Servers\UGNXFLEXlm\lmgrd.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe C:\Program Files\UGS\License Servers\UGNXFLEXlm\uglmd.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\stsystra.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Dell Support\DSAgnt.exe C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HJT\hijackthis\Socha.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{95248D73-4C96-41BC-954A-1A5B3723BEA9}: NameServer = 24.247.15.53,24.247.24.53 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe O23 - Service: Unigraphics License Server (uglmd) - Macrovision Corporation - C:\Program Files\UGS\License Servers\UGNXFLEXlm\lmgrd.exe O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)