Unwanted Title 2

[reddevils78]

I used my Pen Drive in this cyber cafe and then forgot to scan it at home. Since then, a weird name "Sujin.com.np" keeps on appearing besides the name of every window that I open. Also, everytime I open the Internet Explorer (Vr. 7) "Sujin.com.np" comes as my homepage and I tried to change the homepage but nothing happens. I scanned my PC with antivirus, antitrojans and spywares but they find nothing. Though the performance of my PC hasn't declined.. the thing is nagging me though..
You will find what I mean in that image below

PC Configuration:
WinXP SP2
512 MB DDR1 Ram
intel 865Gsa motherboard
P4
nVidia Geforce 6200

[reddevils78]

hey any one helping me with this?

[LonnyRJones]

Welcome

Please follow as many of the 5 steps as possible and then post the required logs in this thread.
http://www.techsupportforum.com/secu...sting-log.html
Also in your next post please let us know of any problems you may have following the 5 steps and an update on system behaviour

You may wish to subscribe to this thread (thread tools > subscribe to this thread) so you are informed as soon as you receive a reply.

Logs required:
Both texts from dds and a panda online scan report.

[reddevils78]

Sorry that wasn't helpful.. no such malwares

[LonnyRJones]

Download Deckard's System Scanner (DSS) to your Desktop.
Note:You must be logged onto an account with administrator privileges.

1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. If prompted to let dds download Hijackthis choose YES.
4. When the scan is complete, two text files will open - main.txt <- this one will be maximized
   and extra.txt <-this one will be minimized
5. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply Please
   attach extra.txt to your post.

To attach a file to a new post, simply

1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and copy and paste the following into the "Upload File from your Computer" box:

   C:\Deckard\System Scanner\extra.txt

2. Click Upload.

Post a report from one of the fallowing online scans
Panda ActiveScan-Free online scanner,
http://www.pandasoftware.com/products/activescan.htm
Pess "scan your PC now" allow the active x to install (if prompted)
Do a full scan > Click the my computer button
After the scan click see report then Save the report and post it back here please.
If you have problems read the FAQ http://www.pandasoftware.com/actives...q.asp?IdLang=2



http://www.kaspersky.com/virusscanner
Click scan settings and place a check next to use [x]extended database etc etc. Click ok.
Then choose: my computer: scan all your hard drives and mapped disks.
when finished click save as text and post that in your reply.
Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

[reddevils78]

Deckard's System Scanner v20071014.68
Run by Chora on 2008-01-02 20:17:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
18: 2008-01-02 14:32:22 UTC - RP54 - Deckard's System Scanner Restore Point
17: 2007-12-31 10:08:13 UTC - RP53 - Software Distribution Service 3.0
16: 2007-12-27 14:42:13 UTC - RP52 - Removed FEAR
15: 2007-12-27 14:42:08 UTC - RP51 - Removed FEAR Extraction Point
14: 2007-12-24 11:04:12 UTC - RP50 - Installed FEAR Extraction Point


-- First Restore Point --
1: 2007-12-21 03:35:29 UTC - RP37 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-02 20:18:39
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.5730.11)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CachemanXP\CachemanXP.exe
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slmdmsr.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ESET\nod32kui.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Documents and Settings\Chora\Local Settings\Temporary Internet Files\Content.IE5\YJXAP6AU\dss[1].exe
C:\WINDOWS\system32\rundll32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sujin.com.np/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Sujin.com.np
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\VirusRemoval.vbs
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\Program Files\CachemanXP\CachemanXP.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\ESET\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - Unknown owner - C:\WINDOWS\system32\slmdmsr.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe


--
End of file - 7377 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 RecAgent - c:\windows\system32\drivers\sldrv\recagent.sys <Not Verified; ; Modem>
R3 Mtlmnt5 - c:\windows\system32\drivers\sldrv\mtlmnt5.sys <Not Verified; ; Modem>
R3 Mtlstrm - c:\windows\system32\drivers\sldrv\mtlstrm.sys <Not Verified; ; Modem>
R3 Slntamr (SmartLink AMR_PCI Driver) - c:\windows\system32\drivers\sldrv\slntamr.sys <Not Verified; ; Modem>
R3 SlNtHal - c:\windows\system32\drivers\sldrv\slnthal.sys <Not Verified; ; Modem>
R3 SlWdmSup - c:\windows\system32\drivers\sldrv\slwdmsup.sys <Not Verified; ; Modem>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CachemanXPService (CachemanXP) - c:\progra~1\cachem~1\cachemanxp.exe <Not Verified; Outertech; >
R2 SLService (SmartLinkService) - slmdmsr.exe <Not Verified; ; Modem>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-01-02 20:01:30 422 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{638D8521-B8EE-487B-A421-137EFFFA7202}.job


-- Files created between 2007-12-02 and 2008-01-02 -----------------------------

2008-01-01 20:09:02 0 d-------- C:\Program Files\Winamp
2008-01-01 20:09:02 0 d-------- C:\Documents and Settings\Chora\Application Data\Winamp
2007-12-25 20:16:24 0 d-------- C:\Program Files\CachemanXP
2007-12-23 14:55:24 0 d-------- C:\Program Files\Alcohol Soft
2007-12-23 14:36:29 0 d-------- C:\Program Files\Common Files\EasyInfo
2007-12-22 20:17:32 0 d-------- C:\WINDOWS\Adobe Illustrator CS
2007-12-20 16:25:42 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-12-20 16:23:24 0 d-------- C:\WINDOWS\nview
2007-12-20 16:21:44 0 d-------- C:\NVIDIA
2007-12-14 05:47:39 0 d-------- C:\Program Files\EA Sports
2007-12-14 05:37:04 0 dr-h----- C:\Documents and Settings\Chora\Application Data\SecuROM
2007-12-13 08:11:46 0 d-------- C:\Documents and Settings\Chora\Application Data\nView_Wallpaper
2007-12-12 10:59:10 8 --a------ C:\WINDOWS\system32\nvModes.dat
2007-12-12 10:41:05 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2007-12-12 07:51:31 11310 -rahs---- C:\WINDOWS\system32\VirusRemoval.vbs
2007-12-10 18:25:09 0 d-------- C:\Documents and Settings\Chora\Contacts
2007-12-10 18:24:39 0 d-------- C:\WINDOWS\system32\DRVSTORE
2007-12-10 18:23:31 0 d-------- C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2007-12-10 18:23:27 0 d-------- C:\Program Files\Windows Live
2007-12-10 18:23:25 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-10 18:11:35 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-12-10 18:11:32 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-12-10 17:56:00 0 d-------- C:\Program Files\ADOBE READER 8
2007-12-10 17:48:55 0 d-------- C:\WINDOWS\SxsCaPendDel
2007-12-09 21:27:38 0 d-------- C:\Documents and Settings\Chora\Application Data\Macromedia
2007-12-05 20:00:04 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-12-05 08:28:20 0 d-------- C:\Documents and Settings\Chora\Application Data\Adobe
2007-12-04 21:12:25 0 d-------- C:\Documents and Settings\sanjaya\Application Data\Macromedia
2007-12-04 20:42:47 0 d-------- C:\Documents and Settings\sanjaya\Application Data\Adobe
2007-12-04 04:39:21 0 d-------- C:\WINDOWS\pss
2007-12-04 03:41:49 0 d-------- C:\Program Files\Need For Speed - Porsche Unleashed
2007-12-04 03:29:15 0 d-------- C:\Documents and Settings\Chora\Application Data\Identities
2007-12-04 03:29:07 100247 --a------ C:\Documents and Settings\Chora\xmlUpdater.exe
2007-12-04 03:29:07 0 d--h----- C:\Documents and Settings\Chora\Templates
2007-12-04 03:29:07 0 dr------- C:\Documents and Settings\Chora\Start Menu
2007-12-04 03:29:07 0 dr-h----- C:\Documents and Settings\Chora\SendTo
2007-12-04 03:29:07 0 dr-h----- C:\Documents and Settings\Chora\Recent
2007-12-04 03:29:07 0 d--h----- C:\Documents and Settings\Chora\PrintHood
2007-12-04 03:29:07 0 d--h----- C:\Documents and Settings\Chora\NetHood
2007-12-04 03:29:07 0 dr------- C:\Documents and Settings\Chora\My Documents
2007-12-04 03:29:07 0 dr------- C:\Documents and Settings\Chora\Favorites
2007-12-04 03:29:07 0 d-------- C:\Documents and Settings\Chora\Desktop
2007-12-04 03:29:07 0 d--hs---- C:\Documents and Settings\Chora\Cookies
2007-12-04 03:29:07 0 dr-h----- C:\Documents and Settings\Chora\Application Data
2007-12-04 03:29:07 0 d-------- C:\Documents and Settings\Chora\Application Data\Notepad++
2007-12-04 03:29:07 0 d-------- C:\Documents and Settings\Chora\Application Data\MetaProducts
2007-12-04 03:29:06 2883584 --ah----- C:\Documents and Settings\Chora\NTUSER.DAT
2007-12-04 03:29:06 0 d--h----- C:\Documents and Settings\Chora\Local Settings
2007-12-04 03:29:06 0 d-------- C:\Documents and Settings\Chora\7zSD03.tmp
2007-12-04 03:29:06 0 d-------- C:\Documents and Settings\Chora\7zSD00.tmp
2007-12-04 03:07:20 0 d-------- C:\WINDOWS\system32\appmgmt
2007-12-04 02:58:23 151552 --a------ C:\WINDOWS\system32\SLMOHServ.dll <Not Verified; ; SLMOHServ Dynamic Link Library>
2007-12-04 02:58:23 380928 --a------ C:\WINDOWS\system32\slmh.exe <Not Verified; ; Modem Helper>
2007-12-04 02:58:23 540672 --a------ C:\WINDOWS\system32\SLLights.dll <Not Verified; ; SLLights>
2007-12-04 02:58:23 180224 --a------ C:\WINDOWS\system32\minirec.exe <Not Verified; ; MiniRec>
2007-12-04 02:58:23 15000 --a------ C:\WINDOWS\system32\drivers\winddx.sys <Not Verified; ; Modem>
2007-12-04 02:58:23 225280 --a------ C:\WINDOWS\system32\amr_cpl.dll
2007-12-04 02:58:23 86016 --a------ C:\WINDOWS\SmCfg.exe <Not Verified; ; Modem>
2007-12-04 02:58:13 0 d-------- C:\WINDOWS\system32\drivers\SLDRV
2007-12-04 02:58:11 0 d-------- C:\WINDOWS\Modio
2007-12-04 02:50:06 64512 -----n--- C:\WINDOWS\system32\agrsmdel.exe <Not Verified; Agere Systems; LTRemove>
2007-12-04 02:50:02 0 d-------- C:\WINDOWS\Options
2007-12-04 02:26:50 298104 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2007-12-04 02:19:11 40960 -r------- C:\WINDOWS\system32\ChCfg.exe
2007-12-04 02:18:36 0 d-------- C:\Program Files\Realtek AC97
2007-12-04 02:18:29 307200 -r------- C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Update driver Tool>
2007-12-04 02:18:29 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-04 02:18:18 0 d-------- C:\Program Files\Common Files\InstallShield
2007-12-04 02:16:14 0 d--hs---- C:\WINDOWS\Installer
2007-12-04 02:16:13 0 d-------- C:\Program Files\Common Files\ODBC
2007-12-04 02:16:09 0 d-------- C:\Program Files\Common Files
2007-12-04 02:16:09 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-12-04 02:16:08 0 dr------- C:\Program Files
2007-12-04 02:14:14 0 d--h----- C:\Documents and Settings\All Users\Templates
2007-12-04 02:14:14 0 dr------- C:\Documents and Settings\All Users\Start Menu
2007-12-04 02:14:14 0 d-------- C:\Documents and Settings\All Users\Favorites
2007-12-04 02:14:14 0 dr------- C:\Documents and Settings\All Users\Documents
2007-12-04 02:13:35 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-12-04 02:13:35 0 d-------- C:\WINDOWS\system32\CatRoot
2007-12-04 02:13:29 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-12-04 02:13:29 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-12-04 02:12:07 0 d-------- C:\Documents and Settings
2007-12-04 02:11:53 0 d-------- C:\Program Files\Intel
2007-12-04 02:10:51 0 d-------- C:\TempEI4
2007-12-04 02:09:42 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-12-04 02:07:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-12-04 02:07:42 0 d-------- C:\Program Files\Common Files\Adobe
2007-12-04 02:05:37 0 d-------- C:\WINDOWS
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\WinSxS
2007-12-04 02:05:37 0 dr------- C:\WINDOWS\Web
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\twain_32
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\system32
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\system32\wins
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\system32\wbem
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\system32\usmt
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\system32\spool
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\system32\ShellExt
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\system32\Setup
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\system32\ras
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\system32\PreInstall
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\system32\oobe
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\system32\npp
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\system32\mui
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\system32\Macromed
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\system32\inetsrv
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\system32\IME
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\system32\icsxml
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\system32\ias
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\system32\export
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\system32\en
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\system32\drivers
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-12-04 02:05:37 0 dr-hs---- C:\WINDOWS\system32\dllcache
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\system32\dhcp
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\system32\config
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\system32\3076
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\system32\2052
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\system32\1054
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\system32\1042
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\system32\1041
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\system32\1037
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\system32\1033
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\system32\1031
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\system32\1028
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\system32\1025
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\system
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\security
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\Resources
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\repair
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\Provisioning
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\PeerNet
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\pchealth
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\Network Diagnostic
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\mui
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\msapps
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\msagent
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\Media
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\l2schemas
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\java
2007-12-04 02:05:37 0 d--h----- C:\WINDOWS\inf
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\ime
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\Help
2007-12-04 02:05:37 0 dr--s---- C:\WINDOWS\Fonts
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\ehome
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\Driver Cache
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\Debug
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\Cursors
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\Connection Wizard
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\Config
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\AppPatch
2007-12-04 02:05:37 0 d-------- C:\WINDOWS\addins
2007-12-04 01:42:00 0 d-------- C:\WINDOWS\system32\NtmsData
2007-12-04 01:39:05 0 d-------- C:\Program Files\Microsoft Works
2007-12-04 01:38:57 0 d-------- C:\Program Files\MSBuild
2007-12-04 01:35:23 0 d-------- C:\WINDOWS\SHELLNEW
2007-12-04 01:35:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-04 01:34:47 0 dr-h----- C:\MSOCache
2007-12-04 01:33:20 0 d--hs---- C:\Recycled
2007-12-04 01:31:36 0 d-------- C:\Documents and Settings\sanjaya\Application Data\Identities
2007-12-04 01:31:31 100247 --a------ C:\Documents and Settings\sanjaya\xmlUpdater.exe
2007-12-04 01:31:31 0 d--hs---- C:\Documents and Settings\sanjaya\Cookies
2007-12-04 01:31:31 0 dr-h----- C:\Documents and Settings\sanjaya\Application Data
2007-12-04 01:31:31 0 d-------- C:\Documents and Settings\sanjaya\Application Data\Notepad++
2007-12-04 01:31:31 0 d---s---- C:\Documents and Settings\sanjaya\Application Data\Microsoft
2007-12-04 01:31:30 0 d--h----- C:\Documents and Settings\sanjaya\Templates
2007-12-04 01:31:30 0 dr------- C:\Documents and Settings\sanjaya\Start Menu
2007-12-04 01:31:30 0 dr-h----- C:\Documents and Settings\sanjaya\SendTo
2007-12-04 01:31:30 0 dr-h----- C:\Documents and Settings\sanjaya\Recent
2007-12-04 01:31:30 0 d--h----- C:\Documents and Settings\sanjaya\PrintHood
2007-12-04 01:31:30 2359296 --ah----- C:\Documents and Settings\sanjaya\NTUSER.DAT
2007-12-04 01:31:30 0 d--h----- C:\Documents and Settings\sanjaya\NetHood
2007-12-04 01:31:30 0 d--h----- C:\Documents and Settings\sanjaya\Local Settings
2007-12-04 01:31:30 0 dr------- C:\Documents and Settings\sanjaya\Favorites
2007-12-04 01:31:30 0 d-------- C:\Documents and Settings\sanjaya\7zSD03.tmp
2007-12-04 01:31:30 0 d-------- C:\Documents and Settings\sanjaya\7zSD00.tmp
2007-12-04 01:25:15 0 d--hs---- C:\System Volume Information
2007-12-04 01:25:14 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-12-04 01:25:14 0 d-------- C:\WINDOWS\Prefetch
2007-12-04 01:25:13 282624 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-12-04 01:25:05 282624 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-12-04 01:24:06 282624 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-12-04 01:24:05 0 d-------- C:\Program Files\TaskSwitchXP
2007-12-04 01:24:04 0 d-------- C:\Program Files\7-Zip
2007-12-04 01:24:04 0 d-------- C:\Documents and Settings\Default User\7zSD03.tmp
2007-12-04 01:24:03 0 d-------- C:\Documents and Settings\Default User\7zSD00.tmp
2007-12-04 01:24:02 0 d-------- C:\Program Files\Notepad++
2007-12-04 01:24:02 0 d-------- C:\Documents and Settings\Default User\Application Data\Notepad++
2007-12-04 01:22:21 0 d--h----- C:\WINDOWS\$hf_mig$
2007-12-04 01:22:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-12-04 01:21:58 0 -rahs---- C:\MSDOS.SYS
2007-12-04 01:21:58 0 -rahs---- C:\IO.SYS
2007-12-04 01:21:58 0 --a------ C:\CONFIG.SYS
2007-12-04 01:21:58 0 --a------ C:\AUTOEXEC.BAT
2007-12-04 01:20:53 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-12-04 01:20:42 0 dr------- C:\WINDOWS\Offline Web Pages
2007-12-04 01:20:42 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-12-04 01:20:30 0 d--h----- C:\Program Files\WindowsUpdate
2007-12-04 01:20:13 0 d-------- C:\WINDOWS\system32\DirectX
2007-12-04 01:19:31 0 d---s---- C:\WINDOWS\Tasks
2007-12-04 01:19:30 0 d-------- C:\Program Files\Common Files\MSSoap
2007-12-04 01:19:26 0 d-------- C:\WINDOWS\srchasst
2007-12-04 01:19:17 0 d-------- C:\Program Files\Movie Maker
2007-12-04 01:19:09 0 d-------- C:\WINDOWS\system32\Restore
2007-12-04 01:18:18 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-12-04 01:18:09 0 d-------- C:\WINDOWS\Registration
2007-12-04 01:18:04 0 d-------- C:\Program Files\Online Services
2007-12-04 01:17:49 0 d-------- C:\Program Files\Windows Media Connect 2
2007-12-04 01:17:47 0 d-------- C:\Program Files\HashTab Shell Extension
2007-12-04 01:17:46 0 d-------- C:\Program Files\Microsoft PowerToys
2007-12-04 01:17:41 35840 --a------ C:\WINDOWS\system32\wul.exe <Not Verified; NirSoft; WinUpdatesList>
2007-12-04 01:17:41 8576 --a------ C:\WINDOWS\system32\vcdrom.sys <Not Verified; Microsoft Corporation; VirtualCdRom>
2007-12-04 01:17:41 23552 --a------ C:\WINDOWS\system32\vcdrom.exe <Not Verified; ; VCDControlTool Application>
2007-12-04 01:17:41 244856 --a------ C:\WINDOWS\system32\TweakUI.exe <Not Verified; Microsoft Corporation; Microsoft® Windows(TM) Shell PowerToys>
2007-12-04 01:17:41 712704 --a------ C:\WINDOWS\system32\TimeZone.exe <Not Verified; Microsoft; Time Zone>
2007-12-04 01:17:41 71168 --a------ C:\WINDOWS\system32\pserv2.exe <Not Verified; http://p-nand-q.com; pserv2>
2007-12-04 01:17:41 94720 --a------ C:\WINDOWS\system32\MsiZap.exe <Not Verified; Microsoft Corporation; Windows Installer - Unicode>
2007-12-04 01:17:40 40960 --a------ C:\WINDOWS\system32\msicuu.exe <Not Verified; Microsoft Corporation; Windows Installer Clean Up>
2007-12-04 01:17:40 24576 --a------ C:\WINDOWS\system32\MemTest.exe <Not Verified; ; memTest Application>
2007-12-04 01:17:40 49152 --a------ C:\WINDOWS\system32\latency.exe
2007-12-04 01:17:40 303104 --a------ C:\WINDOWS\system32\HostsXpert.exe <Not Verified; funkytoad.com; HostsXpert>
2007-12-04 01:17:40 356352 --a------ C:\WINDOWS\system32\DFX.exe <Not Verified; DjLizard.net; Dial-a-fix>
2007-12-04 01:17:39 1029833 --a------ C:\WINDOWS\system32\cpuz.exe <Not Verified; CPUID; CPU-Z Application>
2007-12-04 01:17:39 186368 --a------ C:\WINDOWS\system32\cplbonus.dll <Not Verified; KelCorp; Kels CPL Bonus AddOn>
2007-12-04 01:17:39 118144 --a------ C:\WINDOWS\system32\BootSafe.exe <Not Verified; SuperAdBlocker.com; BootSafe Application>
2007-12-04 01:17:37 0 d-------- C:\Program Files\Messenger
2007-12-04 01:17:33 0 d-------- C:\Program Files\MSN Gaming Zone
2007-12-04 01:17:16 946448 --a------ C:\WINDOWS\system32\calc.exe <Not Verified; Microsoft Corporation; Microsoft® Calculator Plus>
2007-12-04 01:16:52 0 d-------- C:\Program Files\Windows NT
2007-12-04 01:16:48 0 d-------- C:\WINDOWS\system32\MsDtc
2007-12-04 01:16:46 0 d-------- C:\WINDOWS\system32\Com


-- Find3M Report ---------------------------------------------------------------

2007-12-04 02:14:16 62 --ahs---- C:\Documents and Settings\Chora\Application Data\desktop.ini
2007-10-04 17:14:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-10-04 17:14:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-10-04 17:14:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-10-04 17:14:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-10-04 17:14:00 1478656 --a------ C:\WINDOWS\system32\nview.dll
2007-10-04 17:14:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-10-04 17:14:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-10-04 17:14:00 425984 --a------ C:\WINDOWS\system32\keystone.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [05/15/2007 04:15 AM]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [12/04/2007 02:25 AM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [09/20/2005 08:20 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [09/20/2005 08:21 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [09/20/2005 08:17 AM]
"@"="" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/04/2007 05:14 PM]
"nwiz"="nwiz.exe" [10/04/2007 05:14 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/04/2007 05:14 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [05/15/2007 04:15 AM]
"TaskSwitchXP"="C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe" [08/05/2006 04:14 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"TaskSwitchXP"=C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"=0 (0x0)
"NoDesktopCleanupWizard"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\VirusRemoval.vbs"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ce4ef44-a856-11dc-9c9f-0016768aa907}]
AutoRun\command- wscript.exe VirusRemoval.vbs
open\Command- wscript.exe VirusRemoval.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2e33a0c-aee5-11dc-9cb7-0016768aa907}]
AutoRun\command- wscript.exe VirusRemoval.vbs
open\Command- wscript.exe VirusRemoval.vbs




-- End of Deckard's System Scanner: finished at 2008-01-02 20:20:40 ------------

[reddevils78]

hey dude,, I have formed a new post Unwanted Title 2 to attach the other document

[reddevils78]

Deckard's System Scanner v20071014.68
-- End of Deckard's System Scanner: finished at 2008-01-02 20:20:40 ------------

[LonnyRJones]

Hi

Quote:

C:\Documents and Settings\Chora\Local Settings\Temporary Internet Files\Content.IE5\YJXAP6AU\dss[1].exe

Part of the instructions were to first download not open, in the future dont run/or open downloads unless the instructions say to explicitly.
You didnt let dds download Hijackthis

Download the HijackThis Installer: http://www.trendsecure.com/portal/en...HJTInstall.exe
Save HJTInstall.exe to your desktop.
Double-click on HJTInstall.exe to run the program.
By default it will install to C:\Program Files\Trend Micro\HijackThis.
Accept the license agreement by clicking the "I Accept" button.
click on the none of the above Just start the program button
click scan then save log and post that please.

also dont forget to post either a panda or kaspersky online report.

[reddevils78]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:54:43 PM, on 1/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slmdmsr.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\Chora\Desktop\New Folder\Programs\WLinstaller.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\installer\Dashboard.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sujin.com.np/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Sujin.com.np
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\VirusRemoval.vbs
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A52CE61-2F1E-4A97-91DD-6AE438DBEE40}: NameServer = 202.79.32.98 202.79.32.97
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: CachemanXP (CachemanXPService) - Outertech - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slmdmsr.exe

--
End of file - 7122 bytes

[reddevils78]

hey canI uninstall this programs?

[LonnyRJones]

Uninstall what programs ?

Download this file - combofix.exe to your desktop (dont run it yet)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Launch Notepad (Important, not wordpad or other third party text editor), and copy and paste the contents
of the code box below into a new text file. (dont include the word code)
Save it as file name: cfscript.txt

Code:

file::
C:\WINDOWS\system32\VirusRemoval.vbs
registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ce4ef44-a856-11dc-9c9f-0016768aa907}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2e33a0c-aee5-11dc-9cb7-0016768aa907}]
killall::

http://users.pandora.be/bluepatchy/m...s/CFScript.gif
As in the picture above drag and drop cfscript.txt onto combofix.exe
when it is finished a text will open, post it.