Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help > Resolved HJT Threads
Windows32 variant found using world of warcraft Windows32 variant found using world of warcraft
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

Resolved HJT Threads Resolved spyware and popup issues.

 
Page 1 of 2 1 2 >
 
Thread Tools
Old 03-14-2007, 04:22 AM   #1 (permalink)
Registered User
 
Tidus_poor_pant's Avatar
 
Join Date: May 2006
Posts: 58
OS: XP


Windows32 variant found using world of warcraft
I have tried running all of my anti virus programs, in safe mode, but they never pick up this stupid trojan, it mainly pops up in the corner telling me i have to buy some program to get rid of spyware on my computer, takes me to momsluts.com and dawnspy.com etc. I cant use any of the online scanners they just dont work, and world of warcraft was the first thing to actually pick up the virus, in the opening screen it pops up telling me not to log in cuz of a keylogger Win32.variant will take my details, now this is my HJT log, can u fix me?

Logfile of HijackThis v1.99.1
Scan saved at 8:18:20 PM, on 14/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\Program Files\Java\jre1.5.0_06\bin\svchost.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Program Files\Video Access ActiveX Object\isadd.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll (file missing)
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ServiceHost] "C:\Program Files\Java\jre1.5.0_06\bin\svchost.exe" ""
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\res\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Fuujin\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://desktop.optusnet.com.au/dsl/favorites/homepage
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1147821690204
O17 - HKLM\System\CCS\Services\Tcpip\..\{2CD18F93-0B31-4145-9B4E-72EDAB1BE4C1}: NameServer = 85.255.114.46
O17 - HKLM\System\CCS\Services\Tcpip\..\{784E3C24-8ACC-4AA8-A6D0-90AE2E383F63}: NameServer = 85.255.114.46
O17 - HKLM\System\CCS\Services\Tcpip\..\{992E4E62-4D9F-4205-B0D7-12CD9E9F806E}: NameServer = 85.255.114.46
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF99C083-C817-44E3-B3F0-18393547ABA5}: NameServer = 85.255.114.46
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.46 85.255.112.210
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.46 85.255.112.210
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
Tidus_poor_pant is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 03-17-2007, 04:32 AM   #2 (permalink)
Registered User
 
Tidus_poor_pant's Avatar
 
Join Date: May 2006
Posts: 58
OS: XP


Re: Windows32 variant found using world of warcraft
.bump.
Tidus_poor_pant is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 03-19-2007, 03:11 PM   #3 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 26,432
OS: 2000 Pro; XP Pro; XP Home


Re: Windows32 variant found using world of warcraft
Hello and Welcome. Apologies for the delay, but the forum is very busy of late.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please go to: VirusTotal
  • At the top of the page you'll find a "Browse" button. Click the "Browse" button and browse to this file in BOLD:

    C:\Program Files\Java\jre1.5.0_06\bin\svchost.exe

  • Click "Open".
  • Then click the "Send" button at the top of the VirusTotal page.
  • This will scan the file. Please be patient.
  • Once scanned, copy and paste the results in your next reply.


---------------------------------------------------------------------------------------------

Next, do this:

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/file...Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads a text file will open (report.txt), you can close it - the file has already been saved.

**If you receive an error message while trying to run FixWareout, copy autoexec.nt from the C:\WINDOWS\repair folder to C:\WINDOWS\system32 folder, and run FixWareout again.

Run HijackThis. Click "Do a System Scan Only", and place a check next to the following items (if found):

O4 - HKLM\..\Run: [ServiceHost] "C:\Program Files\Java\jre1.5.0_06\bin\svchost.exe" ""
O17 - HKLM\System\CCS\Services\Tcpip\..\{2CD18F93-0B31-4145-9B4E-72EDAB1BE4C1}: NameServer = 85.255.114.46
O17 - HKLM\System\CCS\Services\Tcpip\..\{784E3C24-8ACC-4AA8-A6D0-90AE2E383F63}: NameServer = 85.255.114.46
O17 - HKLM\System\CCS\Services\Tcpip\..\{992E4E62-4D9F-4205-B0D7-12CD9E9F806E}: NameServer = 85.255.114.46
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF99C083-C817-44E3-B3F0-18393547ABA5}: NameServer = 85.255.114.46
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.46 85.255.112.210
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.46 85.255.112.210

Click FIX CHECKED. Close HijackThis.

---------------------------------------------------------------------------------------------


Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
  5. Please attach extra.txt to your post.
To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\Deckard\System Scanner\extra.txt
  3. Click Upload.

What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

---------------------------------------------------------------------------------------------

Please return with results from:

VirusTotal scan
FixWareout (C:\fixwareout\report.txt )
main.txt
extra.txt

----------------------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 03-20-2007, 04:11 PM   #4 (permalink)
Registered User
 
Tidus_poor_pant's Avatar
 
Join Date: May 2006
Posts: 58
OS: XP


Re: Windows32 variant found using world of warcraft
For some reason I have a program called WD Diagnostics on my computer that is a "new" program, I havent installed it...should I remove it?

Deckard's System Scanner v20070318.32
Run by Stabbystabby on 2007-03-21 at 08:08:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2007-03-20 22:08:25 UTC - RP1 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Stabbystabby.exe) ----------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 8:08:55 AM, on 21/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Stabbystabby\Desktop\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\HJT\Stabbystabby.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Program Files\Video Access ActiveX Object\isadd.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll (file missing)
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\res\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Fuujin\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://desktop.optusnet.com.au/dsl/favorites/homepage
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1147821690204
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe


-- HijackThis Fixed Entries (C:\HJT\backups\) ----------------------------------

backup-20060513-214744-446 O20 - Winlogon Notify: winrkp32 - winrkp32.dll (file missing)
backup-20060513-214744-666 O4 - HKCU\..\Run: [108e4069.exe] C:\Documents and Settings\Stabbystabby\Local Settings\Application Data\108e4069.exe
backup-20060513-214744-749 R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
backup-20060516-073045-524 R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)
backup-20060516-073045-844 O4 - HKCU\..\Run: [108e4069.exe] C:\Documents and Settings\Fuujin\Local Settings\Application Data\108e4069.exe
backup-20070309-133742-381 O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
backup-20070309-133742-396 O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
backup-20070309-133742-669 O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
backup-20070309-133742-986 O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\Dealio.dll (file missing)
backup-20070309-133743-531 O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
backup-20070309-133743-549 O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\Dealio.dll (file missing)
backup-20070309-133743-964 O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll (file missing)
backup-20070309-133852-678 O4 - HKLM\..\Run: [au] "C:\Program Files\Dealio\DealioAu.exe"
backup-20070309-134125-660 O21 - SSODL: buprestidae - {b59f3ba4-98da-4b5f-8a2d-7b56fb11140b} - C:\WINDOWS\system32\cthkpcv.dll (file missing)
backup-20070309-134249-384 O4 - Global Startup: Digital Line Detect.lnk = ?
backup-20070321-080716-400 O4 - HKLM\..\Run: [ServiceHost] "C:\Program Files\Java\jre1.5.0_06\bin\svchost.exe" ""
backup-20070321-080716-567 O17 - HKLM\System\CCS\Services\Tcpip\..\{2CD18F93-0B31-4145-9B4E-72EDAB1BE4C1}: NameServer = 85.255.114.46
backup-20070321-080717-497 O17 - HKLM\System\CCS\Services\Tcpip\..\{784E3C24-8ACC-4AA8-A6D0-90AE2E383F63}: NameServer = 85.255.114.46
backup-20070321-080717-530 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.46 85.255.112.210
backup-20070321-080717-707 O17 - HKLM\System\CCS\Services\Tcpip\..\{EF99C083-C817-44E3-B3F0-18393547ABA5}: NameServer = 85.255.114.46
backup-20070321-080717-797 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.46 85.255.112.210
backup-20070321-080717-893 O17 - HKLM\System\CCS\Services\Tcpip\..\{992E4E62-4D9F-4205-B0D7-12CD9E9F806E}: NameServer = 85.255.114.46

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 DRVMCDB - c:\windows\system32\drivers\drvmcdb.sys
R1 DLACDBHM - c:\windows\system32\drivers\dlacdbhm.sys
R1 DLARTL_N - c:\windows\system32\drivers\dlartl_n.sys
R1 ewido security suite driver - c:\program files\ewido anti-malware\guard.sys
R1 FsVga - c:\windows\system32\drivers\fsvga.sys
R1 ikhlayer (Kernel Anti-Spyware Driver) - c:\windows\system32\drivers\ikhlayer.sys
R2 DLABOIOM - c:\windows\system32\dla\dlaboiom.sys
R2 DLADResN - c:\windows\system32\dla\dladresn.sys
R2 DLAIFS_M - c:\windows\system32\dla\dlaifs_m.sys
R2 DLAOPIOM - c:\windows\system32\dla\dlaopiom.sys
R2 DLAPoolM - c:\windows\system32\dla\dlapoolm.sys
R2 DLAUDF_M - c:\windows\system32\dla\dlaudf_m.sys
R2 DLAUDFAM - c:\windows\system32\dla\dlaudfam.sys
R2 DRVNDDM - c:\windows\system32\drivers\drvnddm.sys
R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys
R3 ENETHUSB (Speedstream Ethernet USB Adapter) - c:\windows\system32\drivers\enethusb.sys
R3 HSF_DP - c:\windows\system32\drivers\hsf_dp.sys
R3 HSFHWBS2 - c:\windows\system32\drivers\hsfhwbs2.sys
R3 LHidFilt (Logitech SetPoint KMDF HID Filter Driver) - c:\windows\system32\drivers\lhidfilt.sys
R3 LMouFilt (Logitech SetPoint KMDF Mouse Filter Driver) - c:\windows\system32\drivers\lmoufilt.sys
R3 LUsbFilt (Logitech SetPoint KMDF USB Filter) - c:\windows\system32\drivers\lusbfilt.sys
R3 MODEMCSA (Unimodem Streaming Filter Device) - c:\windows\system32\drivers\modemcsa.sys
R3 PID_0928 (Logitech QuickCam Express(PID_0928)) - c:\windows\system32\drivers\lv561av.sys
R3 STHDA (SigmaTel High Definition Audio CODEC) - c:\windows\system32\drivers\sthda.sys
R3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys

S2 {09BB444F-B2E2-4009-BAF2-7B727681223E} (BuddyVM) - c:\program files\vmlaunch\buddyvm.sys (file missing)
S3 Bridge (MAC Bridge) - c:\windows\system32\drivers\bridge.sys
S3 BridgeMP (MAC Bridge Miniport) - c:\windows\system32\drivers\bridge.sys
S3 dtscsi - c:\windows\system32\drivers\dtscsi.sys (file missing)
S3 ialm - c:\windows\system32\drivers\ialmnt5.sys
S3 LHidUsbK (Logitech SetPoint USB Receiver device driver) - c:\windows\system32\drivers\lhidusbk.sys
S3 RT25USBAP (Nintendo Wi-Fi USB Connector Service) - c:\windows\system32\drivers\rt25usbap.sys
S4 cbidf - c:\windows\system32\drivers\cbidf2k.sys
S4 dac2w2k - c:\windows\system32\drivers\dac2w2k.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 ewido security suite guard - c:\program files\ewido anti-malware\ewidoguard.exe


-- Scheduled Tasks -------------------------------------------------------------

2007-03-16 21:32:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>


-- Files created between 2007-02-21 and 2007-03-21 -----------------------------

2007-03-20 06:47:25 0 d-------- C:\Program Files\Western Digital Technologies<WESTER~1>
2007-03-14 20:16:52 0 d-------- C:\Program Files\SpywareGuard<SPYWAR~3>
2007-03-13 17:46:01 0 d-------- C:\Program Files\TQDefiler<TQDEFI~1>
2007-03-11 08:34:27 228937 --a------ C:\WINDOWS\Alcohol_Toolbar_Uninstaller_7781.exe<ALCOHO~1.EXE>
2007-03-11 08:34:27 0 d-------- C:\Program Files\Alcohol Toolbar<ALCOHO~2>
2007-03-10 06:34:54 0 d-------- C:\Documents and Settings\Fuujin\Application Data\Real
2007-03-09 15:51:02 0 d-------- C:\sUBs
2007-03-09 15:50:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
2007-03-09 15:43:43 786432 --ah----- C:\Documents and Settings\Administrator.SACRED\NTUSER.DAT
2007-03-09 15:43:43 0 d-------- C:\Documents and Settings\Administrator.SACRED\Application Data\Sun
2007-03-09 15:43:43 0 d-------- C:\Documents and Settings\Administrator.SACRED\Application Data\Gtek
2007-03-09 15:38:05 0 d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools<PCTOOL~1>
2007-03-09 15:31:37 0 d-------- C:\Documents and Settings\Administrator\Application Data\Gtek
2007-03-09 15:31:36 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-03-09 15:31:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2007-03-09 14:48:15 0 d-------- C:\Documents and Settings\Fuujin\Contacts
2007-03-09 14:39:25 0 d-------- C:\WINDOWS\SxsCaPendDel<SXSCAP~1>
2007-03-09 00:37:44 0 d-------- C:\Program Files\Video Access ActiveX Object<VIDEOA~2>
2007-03-04 15:46:05 1419024 --a------ C:\WINDOWS\system32\WdfCoInstaller01005.dll<WDFCOI~1.DLL>
2007-03-04 15:46:05 28176 --a------ C:\WINDOWS\system32\drivers\LUsbFilt.sys
2007-03-04 15:46:05 33296 --a------ C:\WINDOWS\system32\drivers\LMouFilt.Sys
2007-03-04 15:46:05 34576 --a------ C:\WINDOWS\system32\drivers\LHidFilt.Sys
2007-03-04 15:45:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2007-02-24 14:20:03 40960 -ra------ C:\WINDOWS\system32\psfind.dll
2007-02-24 14:15:57 0 d-------- C:\Program Files\THQ


-- Find3M Report ---------------------------------------------------------------

2007-03-20 17:24:22 0 d-------- C:\Documents and Settings\Stabbystabby\Application Data\Azureus
2007-03-15 20:48:31 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~2>
2007-03-13 17:45:53 249856 -----n--- C:\WINDOWS\Setup1.exe
2007-03-13 17:45:52 73216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-03-09 18:29:50 0 d---s---- C:\Documents and Settings\Stabbystabby\Application Data\Microsoft<MICROS~1>
2007-03-08 17:44:54 11776 --a-s---- C:\WINDOWS\system32\geplxss.dll
2007-03-08 17:38:50 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-07 20:28:47 0 d-------- C:\Program Files\World of Warcraft<WORLDO~1>
2007-03-04 15:46:05 0 d-------- C:\Program Files\Common Files\Logitech
2007-03-03 09:07:22 8704 --a------ C:\Documents and Settings\Stabbystabby\Application Data\dvd.bmk
2007-02-28 22:23:46 0 d-------- C:\Program Files\Skype
2007-02-28 22:20:14 0 d-------- C:\Program Files\EndlessOnline<ENDLES~1>
2007-02-24 17:01:21 0 d-------- C:\Program Files\LucasArts<LUCASA~1>
2007-02-24 16:37:00 0 d-------- C:\Program Files\Diablo II<DIABLO~1>
2007-02-15 23:12:44 0 d-------- C:\Program Files\inXile
2007-02-10 10:45:08 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-02-01 05:49:03 0 d-------- C:\Program Files\PlaneShift Crystal Blue<PLANES~1>
2007-01-31 17:20:53 0 d-------- C:\Documents and Settings\Stabbystabby\Application Data\CrystalSpace<CRYSTA~1>
2007-01-31 17:20:53 0 d-------- C:\Documents and Settings\Stabbystabby\Application Data\CrystalApp<CRYSTA~2>
2007-01-30 01:46:32 69632 --a------ C:\WINDOWS\system32\KemXML.dll
2007-01-30 01:46:26 163840 --a------ C:\WINDOWS\system32\kemutb.dll
2007-01-30 01:46:18 110592 --a------ C:\WINDOWS\system32\KemWnd.dll
2007-01-30 01:46:08 135168 --a------ C:\WINDOWS\system32\KemUtil.dll
2007-01-28 16:55:13 0 d-------- C:\Program Files\Acoustica MP3 Audio Mixer<ACOUST~2>
2007-01-27 01:04:55 0 d-------- C:\Program Files\Acoustica Mp3 To Wave Converter Plus<ACOUST~1>
2007-01-26 22:03:39 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-01-26 20:31:08 0 d-------- C:\Program Files\Azureus
2007-01-25 22:34:11 0 d-------- C:\Program Files\Shockwave.com<SHOCKW~1.COM>
2007-01-25 19:52:06 0 d-------- C:\Documents and Settings\Stabbystabby\Application Data\Logitech
2007-01-25 19:48:59 0 d-------- C:\Program Files\Logitech
2007-01-23 15:44:00 101136 --a------ C:\WINDOWS\KHALMNPR.Exe
2007-01-19 12:53:04 51056 --a------ C:\WINDOWS\system32\sirenacm.dll


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"Desktop Service Centre"="C:\\Program Files\\OptusNet DSL Internet\\DSC.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}"="buprestidae"
"{aed6f6a3-183c-488d-9f90-23db99f56e7f}"="apathies"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WdfLoadGroup

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
Shell\AutoRun\command D:\Launch.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I]
Shell\AutoRun\command I:\wd_windows_tools\setup.exe


-- End of Deckard's System Scanner: finished at 2007-03-21 at 08:09:19 ---------

AhnLab-V3 2007.3.21.0 03.20.2007 no virus found
AntiVir 7.3.1.44 03.20.2007 no virus found
Authentium 4.93.8 03.20.2007 no virus found
Avast 4.7.936.0 03.20.2007 no virus found
AVG 7.5.0.447 03.20.2007 no virus found
BitDefender 7.2 03.20.2007 no virus found
CAT-QuickHeal 9.00 03.20.2007 no virus found
ClamAV devel-20070312 03.20.2007 no virus found
DrWeb 4.33 03.20.2007 no virus found
eSafe 7.0.14.0 03.20.2007 no virus found
eTrust-Vet 30.6.3496 03.20.2007 no virus found
Ewido 4.0 03.20.2007 no virus found
FileAdvisor 1 03.20.2007 no virus found
Fortinet 2.85.0.0 03.20.2007 no virus found
F-Prot 4.3.1.45 03.20.2007 no virus found
F-Secure 6.70.13030.0 03.20.2007 no virus found
Ikarus T3.1.1.3 03.20.2007 no virus found
Kaspersky 4.0.2.24 03.20.2007 no virus found
McAfee 4988 03.20.2007 no virus found
Microsoft 1.2306 03.20.2007 no virus found
NOD32v2 2129 03.20.2007 no virus found
Norman 5.80.02 03.20.2007 no virus found
Panda 9.0.0.4 03.20.2007 Suspicious file
Prevx1 V2 03.20.2007 Malicious
Sophos 4.15.0 03.13.2007 no virus found
Sunbelt 2.2.907.0 03.16.2007 no virus found
Symantec 10 03.20.2007 no virus found
TheHacker 6.1.6.078 03.20.2007 no virus found
UNA 1.83 03.16.2007 no virus found
VBA32 3.11.2 03.19.2007 no virus found
VirusBuster 4.3.7:9 03.20.2007 no virus found
Webwasher-Gateway 6.0.1 03.20.2007 Virus.Win32.FileInfector.gen!90 (suspicious)


Fixwareout Last edited 2/11/2007
Post this report in the forums please
...
»»»»»Prerun check

»»»»» System restarted

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.



Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other
C:\WINDOWS\Temp\kdguv.ren 63389 04/08/2004



»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"Desktop Service Centre"="C:\\Program Files\\OptusNet DSL Internet\\DSC.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"ServiceHost"="\"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\svchost.exe\" \"\""
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»
Attached Files
File Type: txt extra.txt (18.6 KB, 1 views)
Last edited by Tidus_poor_pant : 03-20-2007 at 04:14 PM.
Tidus_poor_pant is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 03-20-2007, 06:01 PM   #5 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 26,432
OS: 2000 Pro; XP Pro; XP Home


Re: Windows32 variant found using world of warcraft
Your Avast! antivirus appears to be disabled. Is this intentional? You have no protection with it disabled. Please attempt to re-enable it.

Quote:
For some reason I have a program called WD Diagnostics on my computer that is a "new" program, I havent installed it...should I remove it?
Did you recently install a new Western Digital hard drive? WD Diagnostics is a set of tools that gets installed alongside, though you should be aware of this happening.

Let's get to the rest of your infection.

I see you have ewido anti-malware installed alongside AVG Anti-Spyware. AVG Anti-Spyware is the replacement application for ewido anti-malware, ever since Grisoft bought ewido. I recommend you uninstall ewido anti-malware.


Also Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs):

J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03

These are outdated versions, and security risks simply by having them still installed.

Leave J2SE Runtime Environment 5.0 Update 10 alone.

---------------------------------------------------------------------------------------------

Please print out or copy these instructions/tutorial to Notepad as the internet will not (while in Safe Mode) be available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

---------------------------------------------------------------------------------------------

Please download the Suspicious file Packer from Safer-Networking.Org and unzip it to your desktop.

Run SFP.exe.

Please copy the following lines into the Step 1: Paste Text window:

C:\Program Files\Java\jre1.5.0_06\bin\svchost.exe

then click "Continue".

This will create a .cab file on your desktop named requested-files[Date/Time].cab

Next, please visit TheSpyKillers forum HERE

Read the first topic for instructions on uploading files then start a new Topic, post a link to this thread and upload the requested files.cab archive from your desktop.

Please return with a link to your Spykillers thread in your next reply.

---------------------------------------------------------------------------------------------

Please download SmitfraudFix (by S!Ri) to your Desktop.

---------------------------------------------------------------------------------------------

I see you have AVG Anti-Spyware already. Please update it's definitions, and run a scan where I have placed it in this fix.

Run AVG Anti-Spyware
  • From the main screen, click on update, then click the Start
    update     button.
  • After the update finishes (the status bar at the bottom will display "Update
    successful")
  • select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"
  • Exit AVG Anti-Spyware. DO NOT scan yet.

---------------------------------------------------------------------------------------------

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
  • We'll use this later.

    ---------------------------------------------------------------------------------------------

    Reboot your computer in Safe Mode.
    • If the computer is running, shut down Windows, and then turn off the power.
    • Wait 30 seconds, and then turn the computer on.
    • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
    • Ensure that the Safe Mode option is selected.
    • Press Enter. The computer then begins to start in Safe mode.
    • Login on your usual account.

    ---------------------------------------------------------------------------------------------

    Double-click smitfraudfix.exe to start the tool.
    Select option #2 - Clean by typing 2 and press Enter.
    Wait for the tool to complete and disk cleanup to finish.
    You will be prompted : " Registry cleaning - Do you want to clean the registry?" answer Yes by typing Y and hit Enter.
    The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question " Replace infected file?" by typing Y and hit Enter.

    A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot back into in Safe Mode.

    The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: (C:\rapport.txt) or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

    ---------------------------------------------------------------------------------------------

    Clean out your Temporary Internet files.

    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

---------------------------------------------------------------------------------------------


Next go to Control Panel click Display>Desktop>Customize Desktop>Web> Now, Uncheck Everything and delete if present:
  • "Security Info"
  • "Warning Message"
  • "Security Desktop"
  • "Warning Homepage"
  • "Desktop Uninstall" or something similar
Also make sure the 'Lock desktop items' box is unticked. Click OK, and then Click Apply, then OK.

---------------------------------------------------------------------------------------------

Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

Restart in normal mode.

---------------------------------------------------------------------------------------------

Double-click smitfraudfix.exe to start the tool.
Select option #3 - Delete Trusted zone by typing 3 and press Enter
Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.

Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.

---------------------------------------------------------------------------------------------

Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click on located at the bottom of the page.
  2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*
Begin the scan by selecting
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on then click
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan


---------------------------------------------------------------------------------------------

Run a new HijackThis scan. Save the log file and post it here.

---------------------------------------------------------------------------------------------

Then post the following logs in your next reply...

link to Spykillers thread
C:\rapport.txt (log from the tool)
AVG Anti-Spyware log
Panda log
Hijackthis log
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 03-22-2007, 01:36 AM   #6 (permalink)
Registered User
 
Tidus_poor_pant's Avatar
 
Join Date: May 2006
Posts: 58
OS: XP


Re: Windows32 variant found using world of warcraft
There is this stupid Drwatson process that constantly tells me that it is crashing and then freezes the computer. Also the reason why avast isnt working is because the trial is up and it wants me to buy a registration code now.

http://www.thespykiller.co.uk/index....c=3829.new#new

SmitFraudFix v2.43

Scan done at 13:51:28.76, Thu 22/03/2007
Run from C:\Documents and Settings\Stabbystabby\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» End

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:13:08 PM 22/03/2007

+ Scan result:



HKU\S-1-5-21-3142110722-3165002907-2775495837-1006\Software\Internet Security -> Adware.IntCodec : No action taken.
C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : No action taken.
C:\Documents and Settings\Stabbystabby\My Documents\Hannah stuff\Dir en grey\photo656.jpg -> Backdoor.MSNMaker.w : No action taken.
I:\Hannah\Dir en grey\photo656.jpg -> Backdoor.MSNMaker.w : No action taken.
C:\Program Files\White Elephant\RIP3 The Last Hero\crack.exe -> Downloader.Small.ddp : No action taken.
:mozilla.15:C:\Documents and Settings\Ricky\Application Data\Mozilla\Firefox\Profiles\er8f2okm.default\cookies.txt -> TrackingCookie.Dealtime : No action taken.
:mozilla.16:C:\Documents and Settings\Ricky\Application Data\Mozilla\Firefox\Profiles\er8f2okm.default\cookies.txt -> TrackingCookie.Dealtime : No action taken.
:mozilla.115:C:\Documents and Settings\Fuujin\Application Data\Mozilla\Firefox\Profiles\nd73q4wf.default\cookies.txt -> TrackingCookie.Paypal : No action taken.
:mozilla.68:C:\Documents and Settings\Fuujin\Application Data\Mozilla\Firefox\Profiles\nd73q4wf.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.37:C:\Documents and Settings\Ricky\Application Data\Mozilla\Firefox\Profiles\er8f2okm.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.38:C:\Documents and Settings\Ricky\Application Data\Mozilla\Firefox\Profiles\er8f2okm.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.69:C:\Documents and Settings\Fuujin\Application Data\Mozilla\Firefox\Profiles\nd73q4wf.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.70:C:\Documents and Settings\Fuujin\Application Data\Mozilla\Firefox\Profiles\nd73q4wf.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.75:C:\Documents and Settings\Fuujin\Application Data\Mozilla\Firefox\Profiles\nd73q4wf.default\cookies.txt -> TrackingCookie.Toplist : No action taken.
:mozilla.88:C:\Documents and Settings\Fuujin\Application Data\Mozilla\Firefox\Profiles\nd73q4wf.default\cookies.txt -> TrackingCookie.Webtrends : No action taken.
C:\Program Files\illusion\RapeLay\RapeLay Anti Cum Trainer.exe -> Trojan.Delf.bcg : No action taken.
C:\Program Files\illusion\RapeLay\Rapelay +12 Trainer.exe -> Trojan.Delf.bcg : No action taken.
C:\WINDOWS\system32\geplxss.dll -> Trojan.Dialer.cs : No action taken.
[976] C:\WINDOWS\system32\geplxss.dll -> Trojan.Dialer.cs : No action taken.


::Report end


Incident Status Location

Adware:Adware/SecurityError Not disinfected C:\Program Files\Video Access ActiveX Object\isadd.dll
Adware:adware/securityerror Not disinfected Windows Registry
Adware:adware/abox Not disinfected Windows Registry
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Fuujin\Application Data\Mozilla\Firefox\Profiles\nd73q4wf.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Fuujin\Application Data\Mozilla\Firefox\Profiles\nd73q4wf.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Fuujin\Application Data\Mozilla\Firefox\Profiles\nd73q4wf.default\cookies.txt[.maxserving.com/]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Fuujin\Desktop\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Fuujin\Desktop\SmitfraudFix\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Stabbystabby\Application Data\Mozilla\Firefox\Profiles\yizddhyg.default\cookies.txt[.com.com/]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Stabbystabby\Desktop\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Stabbystabby\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\fixwareout\FindT\nircmd.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\sUBs\TSF\nircmd.exe

Logfile of HijackThis v1.99.1
Scan saved at 5:32:42 PM, on 22/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Program Files\Video Access ActiveX Object\isadd.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll (file missing)
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\res\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Fuujin\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://desktop.optusnet.com.au/dsl/favorites/homepage
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1147821690204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
Tidus_poor_pant is offline  
Digg this Post!