Viruses and Trojans, Oh My!

AWSOME · 08-06-2007, 08:51 AM

I think I have vundo and something called downloader. (Nortan Anti-virus detected it but I don't think it got rid of it.) So yeah, I know you guys are the best so can you help me?

Deckard's System Scanner v20070804.61
Run by Kenneth on 2007-08-06 at 09:37:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-08-06 09:41:50
Platform: Windows 2000 Service Pack 4 (5.00.2195)
MSIE: Internet Explorer (6.00.2800.1106)

Running processes:
C:\WINNT\system32\SMSS.EXE
C:\WINNT\system32\WINLOGON.EXE
C:\WINNT\system32\SERVICES.EXE
C:\WINNT\system32\LSASS.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Bethesda Softworks\SV\PI\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\mstask.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\wbem\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINPENJR\win32\PPHIDPAD.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\POP Peeper\POPPeeper.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVW32.EXE
C:\Internet download\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F0 - win.ini: run=
F3 - REG:win.ini: Run=C:\WINNT\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINNT\system32\vqcxqdqe.dll
O2 - BHO: (no name) - {E9BD0828-1FD9-410C-A50F-43EBE65D310F} - C:\WINNT\system32\iifedbc.dll
O2 - BHO: (no name) - {EFADAF50-FD11-44E3-99BA-AE72D4980F29} - C:\WINNT\system32\mlljg.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL
O4 - HKEY_LOCAL_MACHINE\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKEY_LOCAL_MACHINE\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKEY_LOCAL_MACHINE\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKEY_LOCAL_MACHINE\..\Run: [nwiz] nwiz.exe /install
O4 - HKEY_LOCAL_MACHINE\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKEY_LOCAL_MACHINE\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKEY_LOCAL_MACHINE\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKEY_LOCAL_MACHINE\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [PinnacleDriverCheck] C:\WINNT\system32\PSDrvCheck.exe -CheckReg
O4 - HKEY_LOCAL_MACHINE\..\Run: [SystemOptimizer] rundll32.exe "C:\WINNT\system32\blqnfcmi.dll",forkonce
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} () - http://plug-in.reallusion.com/CrazyTalk4.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1176860841987
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get...nt/swflash.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/game...lugin10USA.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O20 - Winlogon Notify: iifedbc - C:\WINNT\system32\iifedbc.dll
O20 - Winlogon Notify: mlljg - C:\WINNT\system32\mlljg.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
O23 - Service: Macromedia Licensing Service - Unknown owner - "C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\winnt\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\winnt\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\winnt\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 ppmoucls - c:\winnt\system32\drivers\ppmoucls.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R1 pptchpad (PenPower Touchpad) - c:\winnt\system32\drivers\pptchpd5.sys
R2 enodpl - c:\winnt\system32\drivers\enodpl.sys
R2 tandpl - c:\winnt\system32\drivers\tandpl.sys
R3 ASAPIW2k - c:\winnt\system32\drivers\asapiw2k.sys <Not Verified; Pinnacle Systems GmbH; asapi>
R3 Cap7134 (TVFM 503 WDM Video Capture) - c:\winnt\system32\drivers\cap7134.sys <Not Verified; AVerMedia TECHNOLOGIES, Inc.; cap7134>
R3 SaiClass - c:\winnt\system32\drivers\saintbus.sys <Not Verified; Saitek; Configuration Software>
R3 SaiMini - c:\winnt\system32\drivers\saimini.sys <Not Verified; Saitek; Configuration Software>

S3 EagleNT - c:\winnt\system32\drivers\eaglent.sys (file missing)
S3 NCHSSVAD (SoundTap Recorder) - c:\winnt\system32\drivers\nchssvad.sys <Not Verified; NCH Swift Sound; NCH Swift Sound Virtual Audio Device>
S3 SaiNtHid - c:\winnt\system32\drivers\sainthid.sys <Not Verified; Saitek; Configuration Software>
S3 SaiNtSub - c:\winnt\system32\drivers\saintsub.sys <Not Verified; Saitek; Configuration Software>
S3 scrcap - c:\winnt\system32\drivers\scrcap.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Easy Internet Keyboard
Device ID: ACPI\PNP0303\4&102163C3&0
Manufacturer: Logitech
Name: Easy Internet Keyboard
PNP Device ID: ACPI\PNP0303\4&102163C3&0
Service: i8042prt

Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: ZD Soft Screen Capture Driver
Device ID: ROOT\DISPLAY\0000
Manufacturer: ZD Soft
Name: ZD Soft Screen Capture Driver
PNP Device ID: ROOT\DISPLAY\0000
Service: scrcap

-- Scheduled Tasks -------------------------------------------------------------

2006-12-17 07:07:14 554 --a------ C:\WINNT\Tasks\Norton AntiVirus - Scan my computer - Stan Siu.job

-- Files created between 2007-07-06 and 2007-08-06 -----------------------------

2025-01-01 18:38:16 0 d-------- C:\Documents and Settings\Kenneth\Application Data\Symantec
2007-08-06 09:21:05 125504 --a------ C:\WINNT\system32\blqnfcmi.dll
2007-08-06 09:15:24 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_450.dat
2007-08-06 09:13:54 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_2a8.dat
2007-08-06 08:58:02 125504 -----n--- C:\WINNT\system32\mcxxhcbt.dll
2007-08-03 17:02:28 1760125 ---hs---- C:\WINNT\system32\gjllm.ini2
2007-08-03 15

14 0 d-------- C:\Program Files\Pinnacle Systems
2007-08-03 13:58:10 0 d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2007-08-03 13:58:09 0 d-------- C:\Program Files\SmartSound Software
2007-08-03 13:19:36 155721 -----n--- C:\WINNT\system32\RALMain.dll <Not Verified; Pinnacle Systems GmbH; Register Abstraction Layer>
2007-08-03 13:19:36 204881 -----n--- C:\WINNT\system32\DiskIO.dll <Not Verified; Pinnacle Systems GmbH; Media File Sequencer>
2007-08-03 13:19:35 81920 -----n--- C:\WINNT\system32\vdrmux.dll <Not Verified; Pinnacle Systems; Pinnacle Systems vdrmux>
2007-08-03 13:19:35 46592 -----n--- C:\WINNT\system32\vdrcodec.dll <Not Verified; Pinnacle Systems; Studio 600>
2007-08-03 13:19:35 294912 -----n--- C:\WINNT\system32\pvmjpg21.dll <Not Verified; Pegasus Imaging Corporation; PICVideo>
2007-08-03 13:19:34 44544 -----n--- C:\WINNT\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
2007-08-03 13:19:34 73728 -----n--- C:\WINNT\system32\MMAviAx.dll <Not Verified; Pinnacle Systems GmbH; miroVIDEO MFP>
2007-08-03 13:19:34 32768 -----n--- C:\WINNT\system32\MLPagAx.dll <Not Verified; Pinnacle Systems GmbH; MLPag DLL>
2007-08-03 13:19:34 40960 -----n--- C:\WINNT\system32\langserv.dll <Not Verified; Pinnacle Systems GmbH; miroVIDEO LangServ>
2007-08-03 13:19:34 18432 --a------ C:\WINNT\system32\Cachex.dll <Not Verified; Pinnacle Systems GmbH; Cache DLL>
2007-08-03 13:19:34 114759 -----n--- C:\WINNT\system32\Aviprax.dll <Not Verified; Pinnacle Systems GmbH; miroVIDEO AFP>
2007-08-03 13:12:56 11264 --a------ C:\WINNT\system32\drivers\asapiW2k.sys <Not Verified; Pinnacle Systems GmbH; asapi>
2007-08-03 13:12:54 406016 --a------ C:\WINNT\system32\PSDrvCheck.exe
2007-08-03 13:12:53 19456 --a------ C:\WINNT\system32\asapi.dll <Not Verified; VoB Computersysteme GmbH; >
2007-08-03 13:12:12 61440 --a------ C:\WINNT\system32\pclepim1.dll <Not Verified; Pinnacle Systems; Microsoft Windows>
2007-08-03 13:12:09 49152 --a------ C:\WINNT\system32\PCLEGetGuid.dll <Not Verified; Pinnacle Systems; Guid_dll>
2007-08-03 10:53:22 69184 --a------ C:\WINNT\system32\vqcxqdqe.dll
2007-08-03 10:49:09 125504 --a------ C:\WINNT\system32\cdcuscnb.dll
2007-08-03 09:59:13 0 d-------- C:\Program Files\SmartSound Software Inc
2007-08-03 08:58:47 0 d--h---c- C:\WINNT\$SQLUninstallMDAC28-KB927779-x86-ENU$
2007-08-02 22:03:53 1762414 ---hs---- C:\WINNT\system32\gjllm.bak2
2007-08-02 21:39:39 228960 --a------ C:\WINNT\system32\mlljg.dll
2007-08-02 21:29:26 31254 --a------ C:\WINNT\system32\iifedbc.dll
2007-08-02 11:45:41 0 --a------ C:\WINNT\2
2007-08-02 11:42:16 18 --a------ C:\WINNT\?
2007-08-02 11:15:29 0 d-------- C:\Program Files\Microsoft SQL Server
2007-08-02 11:10:09 0 d-------- C:\Documents and Settings\Kenneth\Application Data\Sony
2007-07-27 09:35:33 0 d-------- C:\Program Files\notepad2
2007-07-26 10:10:13 0 d-------- C:\Documents and Settings\Kenneth\Application Data\Galactic Magnate
2007-07-26 09:48:01 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_4dc.dat
2007-07-24 16:26:17 0 d-------- C:\Program Files\Qualcomm
2007-07-22 16:57:47 0 d-------- C:\Program Files\Virtools
2007-07-21 22:17:38 0 d-------- C:\WINNT\Simpson Backround
2007-07-18 18:38:16 0 d-------- C:\Program Files\Mozilla Thunderbird
2007-07-18 14:36:00 595 --a------ C:\WINNT\eReg.dat
2007-07-18 07:43:06 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_428.dat
2007-07-15 23

24 0 d-------- C:\Program Files\Three Rings Design
2007-07-15 23:00:02 0 d-------- C:\Documents and Settings\Kenneth\Application Data\yoclient
2007-07-13 20:22:13 0 d-------- C:\Program Files\DivX
2007-07-12 10:01:55 83968 --a------ C:\WINNT\UnGins.exe
2007-07-11 09:19:22 0 d-------- C:\Program Files\Toolkit3
2007-07-11 08:38:47 283862 --a------ C:\WINNT\system32\smpeg.dll
2007-07-11 08:38:47 310849 --a------ C:\WINNT\system32\SDL_ttf.dll
2007-07-11 08:38:47 396903 --a------ C:\WINNT\system32\SDL_mixer.dll
2007-07-11 08:38:47 211033 --a------ C:\WINNT\system32\SDL_image.dll
2007-07-11 08:38:47 335629 --a------ C:\WINNT\system32\SDL.dll
2007-07-10 17:51:18 53248 --a------ C:\WINNT\system32\zlib.dll <Not Verified; ; ZLib.DLL>
2007-07-10 17:51:18 356352 --a------ C:\WINNT\system32\SciLexer.dll <Not Verified; Neil Hodgson neilh@scintilla.org; Scintilla>
2007-07-10 17:51:18 352256 --a------ C:\WINNT\system32\libmng.dll
2007-07-10 17:51:18 368640 --a------ C:\WINNT\system32\js32.dll
2007-07-10 17:51:18 233472 --a------ C:\WINNT\system32\corona.dll
2007-07-10 17:51:18 618496 --a------ C:\WINNT\system32\audiere.dll <Not Verified; http://aegisknight.org/; audiere>
2007-07-10 17:17:43 0 --a------ C:\WINNT\a
2007-07-10 17:17:23 317952 -ra------ C:\WINNT\system32\Roboex32.dll <Not Verified; Blue Sky Software Corporation.; RoboHELP Classic>
2007-07-10 17:17:23 48640 -ra------ C:\WINNT\system32\INETWH32.DLL <Not Verified; Blue Sky Software; Blue Sky Software - INETWH32>

-- Find3M Report ---------------------------------------------------------------

2007-08-06 09:41:14 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-03 19:05:22 1101952 ---h----- C:\WINNT\ShellIconCache
2007-08-03 13:58:22 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-03 12:19:17 0 d-------- C:\Program Files\Pinnacle
2007-08-02 22:28:47 18 --a------ C:\WINNT\?
2007-08-02 21:05:24 0 d-------- C:\Program Files\Bethesda Softworks
2007-08-02 18:44:57 0 d-------- C:\Documents and Settings\Kenneth\Application Data\CoreFTP
2007-08-01 18:48:23 17250 --a------ C:\WINNT\mozver.dat
2007-07-25 13:34:21 0 d-------- C:\Program Files\Java
2007-07-23 20:30:27 0 d-------- C:\Program Files\Canon
2007-07-18 14:25:48 0 d-------- C:\Program Files\EA GAMES
2007-07-16 18:40:24 0 d-------- C:\Program Files\Norton Internet Security
2007-07-10 17:57:12 0 d-------- C:\Program Files\WMV9_VCM
2007-06-28 23:27:59 20898 --a------ C:\WINNT\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2007-06-28 23:27:59 164352 --a------ C:\WINNT\system32\SpoonUninstall.exe
2007-06-28 23:27:51 0 d-------- C:\Program Files\Illustrate
2007-06-28 23:21:15 0 d-------- C:\Program Files\Audacity
2007-06-28 23:21:15 0 d-------- C:\Documents and Settings\Kenneth\Application Data\Audacity
2007-06-28 12:15:32 0 d-------- C:\Documents and Settings\Kenneth\Application Data\IBP
2007-06-28 10:45:24 0 d-------- C:\Program Files\CamStudio
2007-06-27 21:08:20 0 d-------- C:\Documents and Settings\Kenneth\Application Data\Viewpoint
2007-06-26 22:24:59 0 d-------- C:\Program Files\POP Peeper
2007-06-25 12:27:07 0 d-------- C:\Documents and Settings\Kenneth\Application Data\Azureus
2007-06-25 09:05:58 0 d-------- C:\Program Files\Real
2007-06-22 11:59:16 0 d-------- C:\Documents and Settings\Kenneth\Application Data\MSNInstaller
2007-06-20 09:04:37 0 d-------- C:\Documents and Settings\Kenneth\Application Data\Reno 911 Paintball
2007-06-18 13:46:03 0 d-------- C:\Documents and Settings\Kenneth\Application Data\fretsonfire
2007-06-14 11:19:15 0 d-------- C:\Documents and Settings\Kenneth\Application Data\Atari
2007-06-14 09:10:52 0 d-------- C:\Program Files\AIM6
2007-06-12 21:23:26 0 d-a------ C:\Program Files\Common Files
2007-06-12 21:23:26 0 d-------- C:\Documents and Settings\Kenneth\Application Data\Netscape
2007-06-12 21:22:17 0 d-------- C:\Program Files\Netscape
2007-06-12 10:37:57 0 d-------- C:\Documents and Settings\Kenneth\Application Data\POP Peeper
2007-06-06 19:31:57 0 d-------- C:\Documents and Settings\Kenneth\Application Data\OpenOffice.org2
2007-05-20 09:58:30 65536 --a------ C:\WINNT\IFinst27.exe
2007-05-12 21:22:33 169 --a------ C:\WINNT\system32\EUSOFT.SYS
2007-05-12 19:38:58 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_608.dat
2007-05-07 18:21:42 737280 --a------ C:\WINNT\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6039E6C-BDE9-4de5-BB40-768CAA584FDC}]
08/03/07 10:53a 69184 --a------ C:\WINNT\system32\vqcxqdqe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E9BD0828-1FD9-410C-A50F-43EBE65D310F}]
08/02/07 09:29p 31254 --a------ C:\WINNT\system32\iifedbc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EFADAF50-FD11-44E3-99BA-AE72D4980F29}]
08/02/07 09:39p 228960 --a------ C:\WINNT\system32\mlljg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 02:05p C:\WINNT\system32\mobsync.exe]
"Cmaudio"="cmicnfg.cpl" []
"NvCplDaemon"="C:\WINNT\System32\NvCpl.dll" [08/11/06 08:43p]
"nwiz"="nwiz.exe" [08/11/06 08:43p C:\WINNT\system32\nwiz.exe]
"NvMediaCenter"="C:\WINNT\System32\NvMcTray.dll" [08/11/06 08:43p]
"Logitech Utility"="Logi_MwX.Exe" [11/07/03 04:50a C:\WINNT\LOGI_MWX.EXE]
"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [07/09/01 12:50p]
"projselector"="C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" [10/16/03 05:25p]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [05/01/03 07:44p]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [10/16/03 09:15p]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [07/15/03 01:38p]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [07/03/01 10:11a]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/08/07 06:03p]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [11/02/04 12:59p]
"Profiler"="C:\Program Files\Saitek\Software\Profiler.exe" [01/28/04 10:19a]
"SaiSmart"="C:\Program Files\Saitek\Software\SaiSmart.exe" [01/28/04 10:19a]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/16/07 11:54a]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/07 04:00a]
"PPHIDPAD"="C:\WINPENJR\Win32\pphidpad.exe" [10/02/01 11:23a]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [12/01/03 11:38a]
"PinnacleDriverCheck"="C:\WINNT\system32\PSDrvCheck.exe" [03/10/04 04:26p]
"SystemOptimizer"="C:\WINNT\system32\blqnfcmi.dll" [08/06/07 09:21a]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [06/02/05 05:03p]
"POP Peeper"="C:\Program Files\POP Peeper\POPPeeper.exe" [11/15/06 11:02p]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E9BD0828-1FD9-410C-A50F-43EBE65D310F}"= C:\WINNT\system32\iifedbc.dll [08/02/07 09:29p 31254]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifedbc]
iifedbc.dll 08/02/07 09:29p 31254 C:\WINNT\system32\iifedbc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlljg]
C:\WINNT\system32\mlljg.dll 08/02/07 09:39p 228960 C:\WINNT\system32\mlljg.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

-- End of Deckard's System Scanner: finished at 2007-08-06 at 09:54:18 ---------

Thank you so much!

AWSOME · 08-06-2007, 02:20 PM

Well, I know I'm not supposed to do this but I used other posts to help me get rid of my viruses and trojans. Thanks anyway! You guys are THE BEST.

Ried · 08-07-2007, 12:04 AM

What exactly did you do?

Simply running ComboFix or VundoFix is not enough. Would you please post the logs of the tools you ran and I'd be glad to look them over.

AWSOME · 08-07-2007, 01:39 PM

Let's see, I used AVG Anti-Spyware, Combofix, Vunodfix, CCleaner, Cleaner, and smitfraudfix.

AVG and Smitfraud I used while in safe mode, while combofix and vundofix I used during normal mode.

SmitFraudFix v2.208

Scan done at 11:46:50.47, Mon 08/06/2007
Run from C:\Documents and Settings\X\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1E74E39C-2540-4840-B615-52A2EFF36CAD}: DhcpNameServer=68.87.77.130 68.87.72.130
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1E74E39C-2540-4840-B615-52A2EFF36CAD}: DhcpNameServer=68.87.77.130 68.87.72.130
HKLM\SYSTEM\CS2\Services\Tcpip\..\{1E74E39C-2540-4840-B615-52A2EFF36CAD}: DhcpNameServer=68.87.77.130 68.87.72.130
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.77.130 68.87.72.130
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.77.130 68.87.72.130
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.87.77.130 68.87.72.130

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

ComboFix 07-08-06.5 - "X" 2007-08-06 15:00:55.1 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.490 [GMT -5:00]

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINNT\system32\drivers\sfsync02.sys
C:\WINNT\system32\gjllm.ini
C:\WINNT\system32\iifedbc.dll
C:\WINNT\system32\mlljg.dll
C:\WINNT\system32\qwerty12.exe
C:\WINNT\system32\scbywmiq.dll
C:\WINNT\system32\vqcxqdqe.dll

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_SFSYNC02
-------\sfsync02

((((((((((((((((((((((((( Files Created from 2007-07-06 to 2007-08-06 )))))))))))))))))))))))))))))))

2007-08-06 14:37 51,200 --a------ C:\WINNT\nircmd.exe
2007-08-06 14:07 <DIR> d-------- C:\VundoFix Backups
2007-08-06 11:47 4,470 --a------ C:\WINNT\system32\tmp.reg
2007-08-06 11:46 53,248 --a------ C:\WINNT\system32\Process.exe
2007-08-06 11:46 51,200 --a------ C:\WINNT\system32\dumphive.exe
2007-08-06 11:46 288,417 --a------ C:\WINNT\system32\SrchSTS.exe
2007-08-06 11:31 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_2d0.dat
2007-08-06 11:25 574,508 --a------ C:\WINNT\system32\ysrhfgfd.exe
2007-08-06 10:53 3,968 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys
2007-08-06 10:53 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-06 10:42 <DIR> d-------- C:\Program Files\CCleaner
2007-08-06 09:30 <DIR> d-------- C:\Deckard
2007-08-06 09:21 125,504 --a------ C:\WINNT\system32\blqnfcmi.dll
2007-08-03 15:06 <DIR> d-------- C:\Program Files\Pinnacle Systems
2007-08-03 13:58 <DIR> d-------- C:\Program Files\SmartSound Software
2007-08-03 13:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SmartSound Software Inc
2007-08-03 13:19 81,920 --a------ C:\WINNT\system32\vdrmux.dll
2007-08-03 13:19 76,800 --a------ C:\WINNT\system32\Lfwmf13n.dll
2007-08-03 13:19 73,728 --a------ C:\WINNT\system32\MMAviAx.dll
2007-08-03 13:19 73,728 --a------ C:\WINNT\system32\lffax13n.dll
2007-08-03 13:19 65,536 --a------ C:\WINNT\system32\Lfpct13n.dll
2007-08-03 13:19 46,592 --a------ C:\WINNT\system32\vdrcodec.dll
2007-08-03 13:19 453,120 --a------ C:\WINNT\system32\ltkrn13n.dll
2007-08-03 13:19 44,544 --a------ C:\WINNT\system32\msxml4a.dll
2007-08-03 13:19 40,960 --a------ C:\WINNT\system32\langserv.dll
2007-08-03 13:19 393,216 --a------ C:\WINNT\system32\LFCMP13n.DLL
2007-08-03 13:19 32,768 --a------ C:\WINNT\system32\MLPagAx.dll
2007-08-03 13:19 30,208 --a------ C:\WINNT\system32\lfbmp13n.dll
2007-08-03 13:19 294,912 --a------ C:\WINNT\system32\pvmjpg21.dll
2007-08-03 13:19 278,016 --a------ C:\WINNT\system32\LFJ2K13n.dll
2007-08-03 13:19 24,576 --a------ C:\WINNT\system32\lftga13n.dll
2007-08-03 13:19 204,881 --a------ C:\WINNT\system32\DiskIO.dll
2007-08-03 13:19 18,432 --a------ C:\WINNT\system32\Cachex.dll
2007-08-03 13:19 155,721 --a------ C:\WINNT\system32\RALMain.dll
2007-08-03 13:19 153,088 --a------ C:\WINNT\system32\ltfil13n.DLL
2007-08-03 13:19 143,360 --a------ C:\WINNT\system32\lftif13n.dll
2007-08-03 13:19 114,759 --a------ C:\WINNT\system32\Aviprax.dll
2007-08-03 13:19 1,693,696 --a------ C:\WINNT\system32\LTCLR13n.dll
2007-08-03 13:12 61,440 --a------ C:\WINNT\system32\pclepim1.dll
2007-08-03 13:12 49,152 --a------ C:\WINNT\system32\PCLEGetGuid.dll
2007-08-03 13:12 406,016 --a------ C:\WINNT\system32\PSDrvCheck.exe
2007-08-03 13:12 19,456 --a------ C:\WINNT\system32\asapi.dll
2007-08-03 13:12 11,264 --a------ C:\WINNT\system32\drivers\asapiW2k.sys
2007-08-03 10:49 125,504 --a------ C:\WINNT\system32\cdcuscnb.dll
2007-08-03 09:59 <DIR> d-------- C:\Program Files\SmartSound Software Inc
2007-08-03 08:58 <DIR> d--h-c--- C:\WINNT\$SQLUninstallMDAC28-KB927779-x86-ENU$
2007-08-02 11:18 1,110,528 --a------ C:\WINNT\system32\msxml3.dll
2007-08-02 11:16 33,340 --a------ C:\WINNT\system32\dbmsqlgc.dll
2007-08-02 11:15 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2007-08-02 11:11 94,208 --a--c--- C:\WINNT\system32\dllcache\odbcint.dll
2007-08-02 11:11 94,208 --a------ C:\WINNT\system32\odbcint.dll
2007-08-02 11:11 90,112 --a--c--- C:\WINNT\system32\dllcache\msjro.dll
2007-08-02 11:11 73,728 --a--c--- C:\WINNT\system32\dllcache\msdaosp.dll
2007-08-02 11:11 73,728 --a------ C:\WINNT\system32\DBnetlib.dll
2007-08-02 11:11 73,728 --a------ C:\WINNT\system32\cliconfg.dll
2007-08-02 11:11 69,632 --a--c--- C:\WINNT\system32\dllcache\oledb32r.dll
2007-08-02 11:11 61,440 --a--c--- C:\WINNT\system32\dllcache\odbccu32.dll
2007-08-02 11:11 61,440 --a--c--- C:\WINNT\system32\dllcache\odbccr32.dll
2007-08-02 11:11 61,440 --a--c--- C:\WINNT\system32\dllcache\msadcf.dll
2007-08-02 11:11 61,440 --a------ C:\WINNT\system32\odbccu32.dll
2007-08-02 11:11 61,440 --a------ C:\WINNT\system32\odbccr32.dll
2007-08-02 11:11 53,248 --a--c--- C:\WINNT\system32\dllcache\msadrh15.dll
2007-08-02 11:11 53,248 --a--c--- C:\WINNT\system32\dllcache\msador15.dll
2007-08-02 11:11 507,904 --a--c--- C:\WINNT\system32\dllcache\msado15.dll
2007-08-02 11:11 49,152 --a--c--- C:\WINNT\system32\dllcache\msadcs.dll
2007-08-02 11:11 442,368 --a--c--- C:\WINNT\system32\dllcache\oledb32.dll
2007-08-02 11:11 44,032 --a--c--- C:\WINNT\system32\dllcache\msxml3r.dll
2007-08-02 11:11 44,032 --a------ C:\WINNT\system32\msxml3r.dll
2007-08-02 11:11 4,656 --a--c--- C:\WINNT\system32\dllcache\ds16gt.dll
2007-08-02 11:11 4,656 --a------ C:\WINNT\system32\ds16gt.dll
2007-08-02 11:11 4,096 --a--c--- C:\WINNT\system32\dllcache\msdaurl.dll
2007-08-02 11:11 4,096 --a--c--- C:\WINNT\system32\dllcache\msdasc.dll
2007-08-02 11:11 4,096 --a--c--- C:\WINNT\system32\dllcache\msdaer.dll
2007-08-02 11:11 4,096 --a--c--- C:\WINNT\system32\dllcache\msdaenum.dll
2007-08-02 11:11 4,096 --a--c--- C:\WINNT\system32\dllcache\msdadc.dll
2007-08-02 11:11 36,864 --a--c--- C:\WINNT\system32\dllcache\mscpxl32.dll
2007-08-02 11:11 36,864 --a------ C:\WINNT\system32\mscpxl32.dll
2007-08-02 11:11 32,768 --a--c--- C:\WINNT\system32\dllcache\odbcad32.exe
2007-08-02 11:11 32,768 --a--c--- C:\WINNT\system32\dllcache\msdfmap.dll
2007-08-02 11:11 32,768 --a------ C:\WINNT\system32\odbcad32.exe
2007-08-02 11:11 315,392 --a--c--- C:\WINNT\system32\dllcache\msadce.dll
2007-08-02 11:11 303,104 --a--c--- C:\WINNT\system32\dllcache\msdasql.dll
2007-08-02 11:11 28,672 --a------ C:\WINNT\system32\DBnmpntw.dll
2007-08-02 11:11 28,672 --a------ C:\WINNT\system32\dbmsgnet.dll
2007-08-02 11:11 26,224 --a--c--- C:\WINNT\system32\dllcache\odbc16gt.dll
2007-08-02 11:11 26,224 --a------ C:\WINNT\system32\odbc16gt.dll
2007-08-02 11:11 24,576 --a--c--- C:\WINNT\system32\dllcache\msxactps.dll
2007-08-02 11:11 24,576 --a--c--- C:\WINNT\system32\dllcache\msader15.dll
2007-08-02 11:11 24,576 --a--c--- C:\WINNT\system32\dllcache\msaddsr.dll
2007-08-02 11:11 24,576 --a------ C:\WINNT\system32\dbmsvinn.dll
2007-08-02 11:11 24,576 --a------ C:\WINNT\system32\dbmsrpcn.dll
2007-08-02 11:11 24,576 --a------ C:\WINNT\system32\dbmsadsn.dll
2007-08-02 11:11 225,280 --a--c--- C:\WINNT\system32\dllcache\msdaora.dll
2007-08-02 11:11 221,184 --a--c--- C:\WINNT\system32\dllcache\ODBC32.dll
2007-08-02 11:11 221,184 --a------ C:\WINNT\system32\ODBC32.dll
2007-08-02 11:11 20,480 --a--c--- C:\WINNT\system32\dllcache\msdatt.dll
2007-08-02 11:11 20,480 --a--c--- C:\WINNT\system32\dllcache\msadcer.dll
2007-08-02 11:11 20,480 --a------ C:\WINNT\system32\msorc32r.dll
2007-08-02 11:11 20,480 --a------ C:\WINNT\system32\cliconfg.exe
2007-08-02 11:11 192,512 --a--c--- C:\WINNT\system32\dllcache\msdaprst.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

25-01-01 18:38 --------- d-------- C:\DOCUME~1\X\APPLIC~1\Symantec
07-08-06 11:25 --------- d-------- C:\Program Files\Common Files\Symantec Shared
07-08-03 13:58 --------- d--h----- C:\Program Files\InstallShield Installation Information
07-08-03 12:19 --------- d-------- C:\Program Files\Pinnacle
07-08-02 21:05 --------- d-------- C:\Program Files\Bethesda Softworks
07-08-02 18:44 --------- d-------- C:\DOCUME~1\X\APPLIC~1\CoreFTP
07-08-01 18:48 17250 --a------ C:\WINNT\mozver.dat
07-07-23 20:30 --------- d-------- C:\Program Files\Canon
07-07-18 14:25 --------- d-------- C:\Program Files\EA GAMES
07-07-16 18:40 --------- d-------- C:\Program Files\Norton Internet Security
07-07-10 17:57 --------- d-------- C:\Program Files\WMV9_VCM
07-06-28 23:27 20898 --a------ C:\WINNT\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
07-06-28 23:27 164352 --a------ C:\WINNT\system32\SpoonUninstall.exe
07-06-28 23:27 --------- d-------- C:\Program Files\Illustrate
07-06-28 23:21 --------- d-------- C:\Program Files\Audacity
07-06-28 23:21 --------- d-------- C:\DOCUME~1\X\APPLIC~1\Audacity
07-06-28 12:15 --------- d-------- C:\DOCUME~1\X\APPLIC~1\IBP
07-06-28 10:45 --------- d-------- C:\Program Files\CamStudio
07-06-27 21:08 --------- d-------- C:\DOCUME~1\X\APPLIC~1\Viewpoint
07-06-26 22:24 --------- d-------- C:\Program Files\POP Peeper
07-06-25 12:27 --------- d-------- C:\DOCUME~1\X\APPLIC~1\Azureus
07-06-25 09:05 --------- d-------- C:\Program Files\Real
07-06-22 11:59 --------- d-------- C:\DOCUME~1\X\APPLIC~1\MSNInstaller
07-06-20 09:04 --------- d-------- C:\DOCUME~1\X\APPLIC~1\Reno 911 Paintball
07-06-18 13:46 --------- d-------- C:\DOCUME~1\X\APPLIC~1\fretsonfire
07-06-14 11:19 --------- d-------- C:\DOCUME~1\X\APPLIC~1\Atari
07-06-14 09:10 --------- d-------- C:\Program Files\AIM6
07-06-12 21:23 --------- d-------- C:\DOCUME~1\X\APPLIC~1\Netscape
07-06-12 21:22 --------- d-------- C:\Program Files\Netscape
07-06-12 10:37 --------- d-------- C:\DOCUME~1\X\APPLIC~1\POP Peeper
07-06-06 19:31 --------- d-------- C:\DOCUME~1\X\APPLIC~1\OpenOffice.org2
07-05-20 09:58 65536 --a------ C:\WINNT\IFinst27.exe
07-05-12 21:22 169 --a------ C:\WINNT\system32\EUSOFT.SYS
07-05-07 18:21 737280 --a------ C:\WINNT\iun6002.exe
06-12-10 22:01 271 ---h----- C:\Program Files\desktop.ini
06-12-10 22:01 21952 ---h----- C:\Program Files\folder.htt
2007-03-16 15:16:46 56 --sha-r C:\WINNT\system32\E8D8992D70.sys
2007-03-20 01:23:33 1,890 --sha-w C:\WINNT\system32\KGyGaAvL.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-19 14:05 C:\WINNT\system32\mobsync.exe]
"Cmaudio"="cmicnfg.cpl" []
"NvCplDaemon"="C:\WINNT\System32\NvCpl.dll" [06-08-11 20:43 ]
"nwiz"="nwiz.exe" [06-08-11 20:43 C:\WINNT\system32\nwiz.exe]
"NvMediaCenter"="C:\WINNT\System32\NvMcTray.dll" [06-08-11 20:43 ]
"Logitech Utility"="Logi_MwX.Exe" [03-11-07 04:50 C:\WINNT\LOGI_MWX.EXE]
"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [01-07-09 12:50 ]
"projselector"="C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" [03-10-16 17:25 ]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [03-05-01 19:44 ]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [03-10-16 21:15 ]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [03-07-15 13:38 ]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [01-07-03 10:11 ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [07-01-08 18:03 ]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [04-11-02 12:59 ]
"Profiler"="C:\Program Files\Saitek\Software\Profiler.exe" [04-01-28 10:19 ]
"SaiSmart"="C:\Program Files\Saitek\Software\SaiSmart.exe" [04-01-28 10:19 ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07-02-16 11:54 ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07-07-12 04:00 ]
"PPHIDPAD"="C:\WINPENJR\Win32\pphidpad.exe" [01-10-02 11:23 ]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [03-12-01 11:38 ]
"PinnacleDriverCheck"="C:\WINNT\system32\PSDrvCheck.exe" [04-03-10 16:26 ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [07-08-06 11:07 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [05-06-02 17:03 ]
"POP Peeper"="C:\Program Files\POP Peeper\POPPeeper.exe" [06-11-15 23:02 ]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

R1 cdudf;cdudf;C:\WINNT\system32\drivers\cdudf.sys
R1 DVDVRRdr;DVDVRRdr;C:\WINNT\system32\drivers\DVDVRRdr.sys
R1 ppmoucls;ppmoucls;C:\WINNT\system32\DRIVERS\ppmoucls.sys
R1 pptchpad;PenPower Touchpad;C:\WINNT\system32\DRIVERS\pptchpd5.sys
R1 pwd_2k;pwd_2k;C:\WINNT\system32\drivers\pwd_2k.sys
R1 UdfReadr;UdfReadr;C:\WINNT\system32\drivers\UdfReadr.sys
R2 enodpl;enodpl;C:\WINNT\system32\drivers\enodpl.sys
R2 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR;C:\Program Files\Bethesda Softworks\SV\PI\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR
R2 tandpl;tandpl;C:\WINNT\system32\drivers\tandpl.sys
R3 Cap7134;TVFM 503 WDM Video Capture;C:\WINNT\system32\DRIVERS\Cap7134.sys
R3 cmuda;C-Media WDM Audio Interface;C:\WINNT\system32\drivers\cmuda.sys
R3 dvd_2K;dvd_2K;C:\WINNT\system32\drivers\dvd_2K.sys
R3 Icam4USB;Intel PC Camera Pro;C:\WINNT\system32\Drivers\Icam4USB.sys
R3 itchfltr;iTouch Keyboard Filter;C:\WINNT\system32\DRIVERS\itchfltr.sys
R3 LCcfltr;Logitech USB Filter Driver;C:\WINNT\system32\Drivers\LCcFltr.Sys
R3 mmc_2K;mmc_2K;C:\WINNT\system32\drivers\mmc_2K.sys
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver;C:\WINNT\system32\drivers\msmpu401.sys
R3 openhci;Microsoft USB Open Host Controller Driver;C:\WINNT\system32\DRIVERS\openhci.sys
R3 SaiClass;SaiClass;C:\WINNT\system32\drivers\SaiNtBus.sys
R3 SaiMini;SaiMini;C:\WINNT\system32\drivers\SaiMini.sys
S3 EagleNT;EagleNT;\??\C:\WINNT\system32\drivers\EagleNT.sys
S3 MPE;BDA MPE Filter;C:\WINNT\system32\DRIVERS\MPE.sys
S3 NCHSSVAD;SoundTap Recorder;C:\WINNT\system32\drivers\nchssvad.sys
S3 SaiNtHid;SaiNtHid;C:\WINNT\system32\DRIVERS\SaiNtHid.sys
S3 SaiNtSub;SaiNtSub;C:\WINNT\system32\DRIVERS\SaiNtSub.sys
S3 scrcap;scrcap;C:\WINNT\system32\DRIVERS\scrcap.sys
S3 SiS630;SiS630;C:\WINNT\system32\DRIVERS\sis630p.sys
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR;C:\Program Files\Bethesda Softworks\SV\PI\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR
S3 StillCam;Still Serial Digital Camera Driver;C:\WINNT\system32\DRIVERS\serscan.sys

Contents of the 'Scheduled Tasks' folder
2006-12-17 12:07:14 C:\WINNT\Tasks\Norton AntiVirus - Scan my computer - Stan Siu.job - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-06 15:11:01
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MSSYCLM]
"Start"=dword:d00e0325

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-06 15:13:26 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-08-06 15:12

--- E O F ---

VundoFix V6.5.6

Checking Java version...

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 3:22:24 PM 8/6/2007

Listing files found while scanning....

No infected files were found.

VundoFix V6.5.6

Checking Java version...

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 3:23:26 PM 8/6/2007

Listing files found while scanning....

No infected files were found.

I can't seem to find the AVG, CCleaner, or Cleaner log. Maybe it didn't record it. I'm assuming you want my new log for DSS so...

Deckard's System Scanner v20070804.61
Run by Kenneth on 2007-08-07 at 14:46:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Kenneth.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:46:14 PM, on 8/7/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Bethesda Softworks\SV\PI\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\RunDll32.exe
C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINPENJR\Win32\pphidpad.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\POP Peeper\POPPeeper.exe
C:\Program Files\Netscape\Navigator 9\navigator.exe
C:\Internet download\Other\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Kenneth.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\system32\PSDrvCheck.exe -CheckReg
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} - http://plug-in.reallusion.com/CrazyTalk4.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1176860841987
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/game...lugin10USA.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9437 bytes

-- Files created between 2007-07-07 and 2007-08-07 -----------------------------

2025-01-01 18:38:16 0 d-------- C:\Documents and Settings\Kenneth\Application Data\Symantec
2007-08-07 14:36:31 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_2d0.dat
2007-08-07 08:30:33 0 d-------- C:\Documents and Settings\Kenneth\Application Data\fretsonfire
2007-08-06 11:47:00 4470 --a------ C:\WINNT\system32\tmp.reg
2007-08-06 11:46:34 288417 --a------ C:\WINNT\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-08-06 11:46:34 53248 --a------ C:\WINNT\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-08-06 11:46:34 51200 --a------ C:\WINNT\system32\dumphive.exe
2007-08-06 11:25:02 574508 --a------ C:\WINNT\system32\ysrhfgfd.exe
2007-08-06 11:22:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-08-06 10:53:37 0 d-------- C:\Program Files\Trend Micro
2007-08-06 09:21:05 125504 --a------ C:\WINNT\system32\blqnfcmi.dll
2007-08-03 15

14 0 d-------- C:\Program Files\Pinnacle Systems
2007-08-03 13:58:10 0 d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2007-08-03 13:58:09 0 d-------- C:\Program Files\SmartSound Software
2007-08-03 13:19:36 155721 --a------ C:\WINNT\system32\RALMain.dll <Not Verified; Pinnacle Systems GmbH; Register Abstraction Layer>
2007-08-03 13:19:36 204881 --a------ C:\WINNT\system32\DiskIO.dll <Not Verified; Pinnacle Systems GmbH; Media File Sequencer>
2007-08-03 13:19:35 81920 --a------ C:\WINNT\system32\vdrmux.dll <Not Verified; Pinnacle Systems; Pinnacle Systems vdrmux>
2007-08-03 13:19:35 46592 --a------ C:\WINNT\system32\vdrcodec.dll <Not Verified; Pinnacle Systems; Studio 600>
2007-08-03 13:19:35 294912 --a------ C:\WINNT\system32\pvmjpg21.dll <Not Verified; Pegasus Imaging Corporation; PICVideo>
2007-08-03 13:19:34 44544 --a------ C:\WINNT\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
2007-08-03 13:19:34 73728 --a------ C:\WINNT\system32\MMAviAx.dll <Not Verified; Pinnacle Systems GmbH; miroVIDEO MFP>
2007-08-03 13:19:34 32768 --a------ C:\WINNT\system32\MLPagAx.dll <Not Verified; Pinnacle Systems GmbH; MLPag DLL>
2007-08-03 13:19:34 40960 --a------ C:\WINNT\system32\langserv.dll <Not Verified; Pinnacle Systems GmbH; miroVIDEO LangServ>
2007-08-03 13:19:34 18432 --a------ C:\WINNT\system32\Cachex.dll <Not Verified; Pinnacle Systems GmbH; Cache DLL>
2007-08-03 13:19:34 114759 --a------ C:\WINNT\system32\Aviprax.dll <Not Verified; Pinnacle Systems GmbH; miroVIDEO AFP>
2007-08-03 13:12:56 11264 --a------ C:\WINNT\system32\drivers\asapiW2k.sys <Not Verified; Pinnacle Systems GmbH; asapi>
2007-08-03 13:12:54 406016 --a------ C:\WINNT\system32\PSDrvCheck.exe
2007-08-03 13:12:53 19456 --a------ C:\WINNT\system32\asapi.dll <Not Verified; VoB Computersysteme GmbH; >
2007-08-03 13:12:12 61440 --a------ C:\WINNT\system32\pclepim1.dll <Not Verified; Pinnacle Systems; Microsoft Windows>
2007-08-03 13:12:09 49152 --a------ C:\WINNT\system32\PCLEGetGuid.dll <Not Verified; Pinnacle Systems; Guid_dll>
2007-08-03 10:49:09 125504 --a------ C:\WINNT\system32\cdcuscnb.dll
2007-08-03 09:59:13 0 d-------- C:\Program Files\SmartSound Software Inc
2007-08-03 08:58:47 0 d--h---c- C:\WINNT\$SQLUninstallMDAC28-KB927779-x86-ENU$
2007-08-02 11:45:41 0 --a------ C:\WINNT\2
2007-08-02 11:42:16 18 --a------ C:\WINNT\?
2007-08-02 11:15:29 0 d-------- C:\Program Files\Microsoft SQL Server
2007-07-27 09:35:33 0 d-------- C:\Program Files\notepad2
2007-07-24 16:26:17 0 d-------- C:\Program Files\Qualcomm
2007-07-22 16:57:47 0 d-------- C:\Program Files\Virtools
2007-07-21 22:17:38 0 d-------- C:\WINNT\Simpson Backround
2007-07-18 18:38:16 0 d-------- C:\Program Files\Mozilla Thunderbird
2007-07-18 14:36:00 595 --a------ C:\WINNT\eReg.dat
2007-07-15 23

24 0 d-------- C:\Program Files\Three Rings Design
2007-07-15 23:00:02 0 d-------- C:\Documents and Settings\Kenneth\Application Data\yoclient
2007-07-13 20:22:13 0 d-------- C:\Program Files\DivX
2007-07-12 10:01:55 83968 --a------ C:\WINNT\UnGins.exe
2007-07-11 09:19:22 0 d-------- C:\Program Files\Toolkit3
2007-07-11 08:38:47 283862 --a------ C:\WINNT\system32\smpeg.dll
2007-07-11 08:38:47 310849 --a------ C:\WINNT\system32\SDL_ttf.dll
2007-07-11 08:38:47 396903 --a------ C:\WINNT\system32\SDL_mixer.dll
2007-07-11 08:38:47 211033 --a------ C:\WINNT\system32\SDL_image.dll
2007-07-11 08:38:47 335629 --a------ C:\WINNT\system32\SDL.dll
2007-07-10 17:51:18 53248 --a------ C:\WINNT\system32\zlib.dll <Not Verified; ; ZLib.DLL>
2007-07-10 17:51:18 356352 --a------ C:\WINNT\system32\SciLexer.dll <Not Verified; Neil Hodgson neilh@scintilla.org; Scintilla>
2007-07-10 17:51:18 352256 --a------ C:\WINNT\system32\libmng.dll
2007-07-10 17:51:18 368640 --a------ C:\WINNT\system32\js32.dll
2007-07-10 17:51:18 233472 --a------ C:\WINNT\system32\corona.dll
2007-07-10 17:51:18 618496 --a------ C:\WINNT\system32\audiere.dll <Not Verified; http://aegisknight.org/; audiere>
2007-07-10 17:17:43 0 --a------ C:\WINNT\a
2007-07-10 17:17:23 317952 -ra------ C:\WINNT\system32\Roboex32.dll <Not Verified; Blue Sky Software Corporation.; RoboHELP Classic>
2007-07-10 17:17:23 48640 -ra------ C:\WINNT\system32\INETWH32.DLL <Not Verified; Blue Sky Software; Blue Sky Software - INETWH32>

-- Find3M Report ---------------------------------------------------------------

2007-08-07 14:46:23 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-07 10:26:24 1099632 ---h----- C:\WINNT\ShellIconCache
2007-08-06 18:31:32 504551 --a------ C:\WINNT\system32\Line Rider Theater.scr <Not Verified; Axialis Software; Axialis Screen Saver Producer>
2007-08-03 13:58:22 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-03 12:19:17 0 d-------- C:\Program Files\Pinnacle
2007-08-02 22:28:47 18 --a------ C:\WINNT\?
2007-08-02 21:05:24 0 d-------- C:\Program Files\Bethesda Softworks
2007-08-02 18:44:57 0 d-------- C:\Documents and Settings\Kenneth\Application Data\CoreFTP
2007-08-01 18:48:23 17250 --a------ C:\WINNT\mozver.dat
2007-07-25 13:34:21 0 d-------- C:\Program Files\Java
2007-07-23 20:30:27 0 d-------- C:\Program Files\Canon
2007-07-18 14:25:48 0 d-------- C:\Program Files\EA GAMES
2007-07-16 18:40:24 0 d-------- C:\Program Files\Norton Internet Security
2007-07-10 17:57:12 0 d-------- C:\Program Files\WMV9_VCM
2007-06-28 23:27:59 20898 --a------ C:\WINNT\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2007-06-28 23:27:59 164352 --a------ C:\WINNT\system32\SpoonUninstall.exe
2007-06-28 23:27:51 0 d-------- C:\Program Files\Illustrate
2007-06-28 23:21:15 0 d-------- C:\Program Files\Audacity
2007-06-28 23:21:15 0 d-------- C:\Documents and Settings\Kenneth\Application Data\Audacity
2007-06-28 12:15:32 0 d-------- C:\Documents and Settings\Kenneth\Application Data\IBP
2007-06-28 10:45:24 0 d-------- C:\Program Files\CamStudio
2007-06-26 22:24:59 0 d-------- C:\Program Files\POP Peeper
2007-06-25 09:05:58 0 d-------- C:\Program Files\Real
2007-06-22 11:59:16 0 d-------- C:\Documents and Settings\Kenneth\Application Data\MSNInstaller
2007-06-14 11:19:15 0 d-------- C:\Documents and Settings\Kenneth\Application Data\Atari
2007-06-14 09:10:52 0 d-------- C:\Program Files\AIM6
2007-06-12 21:23:26 0 d-a------ C:\Program Files\Common Files
2007-06-12 21:23:26 0 d-------- C:\Documents and Settings\Kenneth\Application Data\Netscape
2007-06-12 21:22:17 0 d-------- C:\Program Files\Netscape
2007-06-12 10:37:57 0 d-------- C:\Documents and Settings\Kenneth\Application Data\POP Peeper
2007-05-20 09:58:30 65536 --a------ C:\WINNT\IFinst27.exe
2007-05-12 21:22:33 169 --a------ C:\WINNT\system32\EUSOFT.SYS
2007-05-07 18:21:42 737280 --a------ C:\WINNT\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 02:05p C:\WINNT\system32\mobsync.exe]
"Cmaudio"="cmicnfg.cpl" []
"NvCplDaemon"="C:\WINNT\System32\NvCpl.dll" [08/11/06 08:43p]
"nwiz"="nwiz.exe" [08/11/06 08:43p C:\WINNT\system32\nwiz.exe]
"NvMediaCenter"="C:\WINNT\System32\NvMcTray.dll" [08/11/06 08:43p]
"Logitech Utility"="Logi_MwX.Exe" [11/07/03 04:50a C:\WINNT\LOGI_MWX.EXE]
"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [07/09/01 12:50p]
"projselector"="C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" [10/16/03 05:25p]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [05/01/03 07:44p]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [10/16/03 09:15p]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [07/15/03 01:38p]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [07/03/01 10:11a]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/08/07 06:03p]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [11/02/04 12:59p]
"Profiler"="C:\Program Files\Saitek\Software\Profiler.exe" [01/28/04 10:19a]
"SaiSmart"="C:\Program Files\Saitek\Software\SaiSmart.exe" [01/28/04 10:19a]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/16/07 11:54a]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/07 04:00a]
"PPHIDPAD"="C:\WINPENJR\Win32\pphidpad.exe" [10/02/01 11:23a]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [12/01/03 11:38a]
"PinnacleDriverCheck"="C:\WINNT\system32\PSDrvCheck.exe" [03/10/04 04:26p]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [06/02/05 05:03p]
"POP Peeper"="C:\Program Files\POP Peeper\POPPeeper.exe" [11/15/06 11:02p]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

-- End of Deckard's System Scanner: finished at 2007-08-07 at 14:47:03 ---------

Ried · 08-07-2007, 03:43 PM

Awesome work, AWSOM.

(sorry, you know I just couldn't resist)

Really, you did well.

Just a few files need to be removed, and then an online scan to search for any remants thay may still be lurking about.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.

***************************************************

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

---------------------------------------------------------------------

Open notepad and copy/paste the text in the quotebox below into it:

Quote:

File::
C:\WINNT\system32\ysrhfgfd.exe
C:\WINNT\system32\blqnfcmi.dll

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

--------------------------------------------------------------------

Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Perform an online scan with Internet Explorer with Panda ActiveScan

Click on located at the bottom of the page.
A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*

Begin the scan by selecting

If it finds any malware, it will offer you a report.
Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
Click on then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

--------------------------------------------------------------------

Run a new scan with HijackThis and save the log.

--------------------------------------------------------------------

Please include the following in your next reply:

C:\ComboFix.txt
Panda results
HijackThis log

AWSOME · 08-08-2007, 10:55 AM

Pretty good for a guy who can't spell awesome, eh?

Ok, I got the results!

ComboFix 07-08-04.3 - "X" 08/08/2007 7:25:50.2 [GMT -5:00] - NTFS
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.True
Command switches used :: C:\Documents and Settings\X\Desktop\CFScript.txt

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINNT\system32\blqnfcmi.dll
C:\WINNT\system32\ysrhfgfd.exe

((((((((((((((((((((((((( Files Created from 2007-07-08 to 2007-08-08 )))))))))))))))))))))))))))))))

2007-08-08 07:25 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_468.dat
2007-08-08 07:14 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_2cc.dat
2007-08-07 17:17 <DIR> d-------- C:\Program Files\HC
2007-08-07 08:30 <DIR> d-------- C:\DOCUME~1\X\APPLIC~1\fretsonfire
2007-08-06 14:37 51,200 --a------ C:\WINNT\nircmd.exe
2007-08-06 11:47 4,470 --a------ C:\WINNT\system32\tmp.reg
2007-08-06 11:46 53,248 --a------ C:\WINNT\system32\Process.exe
2007-08-06 11:46 51,200 --a------ C:\WINNT\system32\dumphive.exe
2007-08-06 11:46 288,417 --a------ C:\WINNT\system32\SrchSTS.exe
2007-08-06 10:53 3,968 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys
2007-08-06 10:53 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-06 09:30 <DIR> d-------- C:\Deckard
2007-08-03 15:06 <DIR> d-------- C:\Program Files\Pinnacle Systems
2007-08-03 13:58 <DIR> d-------- C:\Program Files\SmartSound Software
2007-08-03 13:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SmartSound Software Inc
2007-08-03 13:19 81,920 --a------ C:\WINNT\system32\vdrmux.dll
2007-08-03 13:19 76,800 --a------ C:\WINNT\system32\Lfwmf13n.dll
2007-08-03 13:19 73,728 --a------ C:\WINNT\system32\MMAviAx.dll
2007-08-03 13:19 73,728 --a------ C:\WINNT\system32\lffax13n.dll
2007-08-03 13:19 65,536 --a------ C:\WINNT\system32\Lfpct13n.dll
2007-08-03 13:19 46,592 --a------ C:\WINNT\system32\vdrcodec.dll
2007-08-03 13:19 453,120 --a------ C:\WINNT\system32\ltkrn13n.dll
2007-08-03 13:19 44,544 --a------ C:\WINNT\system32\msxml4a.dll
2007-08-03 13:19 40,960 --a------ C:\WINNT\system32\langserv.dll
2007-08-03 13:19 393,216 --a------ C:\WINNT\system32\LFCMP13n.DLL
2007-08-03 13:19 32,768 --a------ C:\WINNT\system32\MLPagAx.dll
2007-08-03 13:19 30,208 --a------ C:\WINNT\system32\lfbmp13n.dll
2007-08-03 13:19 294,912 --a------ C:\WINNT\system32\pvmjpg21.dll
2007-08-03 13:19 278,016 --a------ C:\WINNT\system32\LFJ2K13n.dll
2007-08-03 13:19 24,576 --a------ C:\WINNT\system32\lftga13n.dll
2007-08-03 13:19 204,881 --a------ C:\WINNT\system32\DiskIO.dll
2007-08-03 13:19 18,432 --a------ C:\WINNT\system32\Cachex.dll
2007-08-03 13:19 155,721 --a------ C:\WINNT\system32\RALMain.dll
2007-08-03 13:19 153,088 --a------ C:\WINNT\system32\ltfil13n.DLL
2007-08-03 13:19 143,360 --a------ C:\WINNT\system32\lftif13n.dll
2007-08-03 13:19 114,759 --a------ C:\WINNT\system32\Aviprax.dll
2007-08-03 13:19 1,693,696 --a------ C:\WINNT\system32\LTCLR13n.dll
2007-08-03 13:12 61,440 --a------ C:\WINNT\system32\pclepim1.dll
2007-08-03 13:12 49,152 --a------ C:\WINNT\system32\PCLEGetGuid.dll
2007-08-03 13:12 406,016 --a------ C:\WINNT\system32\PSDrvCheck.exe
2007-08-03 13:12 19,456 --a------ C:\WINNT\system32\asapi.dll
2007-08-03 13:12 11,264 --a------ C:\WINNT\system32\drivers\asapiW2k.sys
2007-08-03 10:49 125,504 --a------ C:\WINNT\system32\cdcuscnb.dll
2007-08-03 09:59 <DIR> d-------- C:\Program Files\SmartSound Software Inc
2007-08-03 08:58 <DIR> d--h-c--- C:\WINNT\$SQLUninstallMDAC28-KB927779-x86-ENU$
2007-08-02 11:18 1,110,528 --a------ C:\WINNT\system32\msxml3.dll
2007-08-02 11:16 33,340 --a------ C:\WINNT\system32\dbmsqlgc.dll
2007-08-02 11:15 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2007-08-02 11:11 94,208 --a--c--- C:\WINNT\system32\dllcache\odbcint.dll
2007-08-02 11:11 94,208 --a------ C:\WINNT\system32\odbcint.dll
2007-08-02 11:11 90,112 --a--c--- C:\WINNT\system32\dllcache\msjro.dll
2007-08-02 11:11 73,728 --a--c--- C:\WINNT\system32\dllcache\msdaosp.dll
2007-08-02 11:11 73,728 --a------ C:\WINNT\system32\DBnetlib.dll
2007-08-02 11:11 73,728 --a------ C:\WINNT\system32\cliconfg.dll
2007-08-02 11:11 69,632 --a--c--- C:\WINNT\system32\dllcache\oledb32r.dll
2007-08-02 11:11 61,440 --a--c--- C:\WINNT\system32\dllcache\odbccu32.dll
2007-08-02 11:11 61,440 --a--c--- C:\WINNT\system32\dllcache\odbccr32.dll
2007-08-02 11:11 61,440 --a--c--- C:\WINNT\system32\dllcache\msadcf.dll
2007-08-02 11:11 61,440 --a------ C:\WINNT\system32\odbccu32.dll
2007-08-02 11:11 61,440 --a------ C:\WINNT\system32\odbccr32.dll
2007-08-02 11:11 53,248 --a--c--- C:\WINNT\system32\dllcache\msadrh15.dll
2007-08-02 11:11 53,248 --a--c--- C:\WINNT\system32\dllcache\msador15.dll
2007-08-02 11:11 507,904 --a--c--- C:\WINNT\system32\dllcache\msado15.dll
2007-08-02 11:11 49,152 --a--c--- C:\WINNT\system32\dllcache\msadcs.dll
2007-08-02 11:11 442,368 --a--c--- C:\WINNT\system32\dllcache\oledb32.dll
2007-08-02 11:11 44,032 --a--c--- C:\WINNT\system32\dllcache\msxml3r.dll
2007-08-02 11:11 44,032 --a------ C:\WINNT\system32\msxml3r.dll
2007-08-02 11:11 4,656 --a--c--- C:\WINNT\system32\dllcache\ds16gt.dll
2007-08-02 11:11 4,656 --a------ C:\WINNT\system32\ds16gt.dll
2007-08-02 11:11 4,096 --a--c--- C:\WINNT\system32\dllcache\msdaurl.dll
2007-08-02 11:11 4,096 --a--c--- C:\WINNT\system32\dllcache\msdasc.dll
2007-08-02 11:11 4,096 --a--c--- C:\WINNT\system32\dllcache\msdaer.dll
2007-08-02 11:11 4,096 --a--c--- C:\WINNT\system32\dllcache\msdaenum.dll
2007-08-02 11:11 4,096 --a--c--- C:\WINNT\system32\dllcache\msdadc.dll
2007-08-02 11:11 36,864 --a--c--- C:\WINNT\system32\dllcache\mscpxl32.dll
2007-08-02 11:11 36,864 --a------ C:\WINNT\system32\mscpxl32.dll
2007-08-02 11:11 32,768 --a--c--- C:\WINNT\system32\dllcache\odbcad32.exe
2007-08-02 11:11 32,768 --a--c--- C:\WINNT\system32\dllcache\msdfmap.dll
2007-08-02 11:11 32,768 --a------ C:\WINNT\system32\odbcad32.exe
2007-08-02 11:11 315,392 --a--c--- C:\WINNT\system32\dllcache\msadce.dll
2007-08-02 11:11 303,104 --a--c--- C:\WINNT\system32\dllcache\msdasql.dll
2007-08-02 11:11 28,672 --a------ C:\WINNT\system32\DBnmpntw.dll
2007-08-02 11:11 28,672 --a------ C:\WINNT\system32\dbmsgnet.dll
2007-08-02 11:11 26,224 --a--c--- C:\WINNT\system32\dllcache\odbc16gt.dll
2007-08-02 11:11 26,224 --a------ C:\WINNT\system32\odbc16gt.dll
2007-08-02 11:11 24,576 --a--c--- C:\WINNT\system32\dllcache\msxactps.dll
2007-08-02 11:11 24,576 --a--c--- C:\WINNT\system32\dllcache\msader15.dll
2007-08-02 11:11 24,576 --a--c--- C:\WINNT\system32\dllcache\msaddsr.dll
2007-08-02 11:11 24,576 --a------ C:\WINNT\system32\dbmsvinn.dll
2007-08-02 11:11 24,576 --a------ C:\WINNT\system32\dbmsrpcn.dll
2007-08-02 11:11 24,576 --a------ C:\WINNT\system32\dbmsadsn.dll
2007-08-02 11:11 225,280 --a--c--- C:\WINNT\system32\dllcache\msdaora.dll
2007-08-02 11:11 221,184 --a--c--- C:\WINNT\system32\dllcache\ODBC32.dll
2007-08-02 11:11 221,184 --a------ C:\WINNT\system32\ODBC32.dll
2007-08-02 11:11 20,480 --a--c--- C:\WINNT\system32\dllcache\msdatt.dll
2007-08-02 11:11 20,480 --a--c--- C:\WINNT\system32\dllcache\msadcer.dll
2007-08-02 11:11 20,480 --a------ C:\WINNT\system32\msorc32r.dll
2007-08-02 11:11 20,480 --a------ C:\WINNT\system32\cliconfg.exe
2007-08-02 11:11 192,512 --a--c--- C:\WINNT\system32\dllcache\msdaprst.dll
2007-08-02 11:11 188,416 --a--c--- C:\WINNT\system32\dllcache\msdaps.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

12/10/06 10:01p 271 ---h----- C:\Program Files\desktop.ini
12/10/06 10:01p 21952 ---h----- C:\Program Files\folder.htt
08/07/07 05:02p --------- d-------- C:\Program Files\Common Files\Symantec Shared
08/06/07 06:31p 504551 --a------ C:\WINNT\system32\Line Rider Theater.scr
08/03/07 12:19p --------- d-------- C:\Program Files\Pinnacle
08/03/07 01:58p --------- d--h----- C:\Program Files\InstallShield Installation Information
08/02/07 09:05p --------- d-------- C:\Program Files\Bethesda Softworks
08/02/07 06:44p --------- d-------- C:\DOCUME~1\X\APPLIC~1\CoreFTP
08/01/07 06:48p 17250 --a------ C:\WINNT\mozver.dat
07/23/07 08:30p --------- d-------- C:\Program Files\Canon
07/18/07 02:25p --------- d-------- C:\Program Files\EA GAMES
07/16/07 06:40p --------- d-------- C:\Program Files\Norton Internet Security
07/10/07 05:57p --------- d-------- C:\Program Files\WMV9_VCM
06/28/07 12:15p --------- d-------- C:\DOCUME~1\X\APPLIC~1\IBP
06/28/07 11:27p 20898 --a------ C:\WINNT\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
06/28/07 11:27p 164352 --a------ C:\WINNT\system32\SpoonUninstall.exe
06/28/07 11:27p --------- d-------- C:\Program Files\Illustrate
06/28/07 11:21p --------- d-------- C:\Program Files\Audacity
06/28/07 11:21p --------- d-------- C:\DOCUME~1\X\APPLIC~1\Audacity
06/28/07 10:45a --------- d-------- C:\Program Files\CamStudio
06/26/07 10:24p --------- d-------- C:\Program Files\POP Peeper
06/25/07 09:05a --------- d-------- C:\Program Files\Real
06/22/07 11:59a --------- d-------- C:\DOCUME~1\X\APPLIC~1\MSNInstaller
06/14/07 11:19a --------- d-------- C:\DOCUME~1\X\APPLIC~1\Atari
06/14/07 09:10a --------- d-------- C:\Program Files\AIM6
06/12/07 10:37a --------- d-------- C:\DOCUME~1\X\APPLIC~1\POP Peeper
06/12/07 09:23p --------- d-------- C:\DOCUME~1\X\APPLIC~1\Netscape
06/12/07 09:22p --------- d-------- C:\Program Files\Netscape
05/20/07 09:58a 65536 --a------ C:\WINNT\IFinst27.exe
05/12/07 09:22p 169 --a------ C:\WINNT\system32\EUSOFT.SYS
01/01/25 06:38p --------- d-------- C:\DOCUME~1\X\APPLIC~1\Symantec
2007-03-16 15:16:46 56 --sha-r C:\WINNT\system32\E8D8992D70.sys
2007-03-20 01:23:33 1,890 --sha-w C:\WINNT\system32\KGyGaAvL.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 02:05p C:\WINNT\system32\mobsync.exe]
"Cmaudio"="cmicnfg.cpl" []
"NvCplDaemon"="C:\WINNT\System32\NvCpl.dll" [08/11/06 08:43p]
"nwiz"="nwiz.exe" [08/11/06 08:43p C:\WINNT\system32\nwiz.exe]
"NvMediaCenter"="C:\WINNT\System32\NvMcTray.dll" [08/11/06 08:43p]
"Logitech Utility"="Logi_MwX.Exe" [11/07/03 04:50a C:\WINNT\LOGI_MWX.EXE]
"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [07/09/01 12:50p]
"projselector"="C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" [10/16/03 05:25p]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [05/01/03 07:44p]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [10/16/03 09:15p]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [07/15/03 01:38p]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [07/03/01 10:11a]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/08/07 06:03p]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [11/02/04 12:59p]
"Profiler"="C:\Program Files\Saitek\Software\Profiler.exe" [01/28/04 10:19a]
"SaiSmart"="C:\Program Files\Saitek\Software\SaiSmart.exe" [01/28/04 10:19a]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/16/07 11:54a]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/07 04:00a]
"PPHIDPAD"="C:\WINPENJR\Win32\pphidpad.exe" [10/02/01 11:23a]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [12/01/03 11:38a]
"PinnacleDriverCheck"="C:\WINNT\system32\PSDrvCheck.exe" [03/10/04 04:26p]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [06/02/05 05:03p]
"POP Peeper"="C:\Program Files\POP Peeper\POPPeeper.exe" [11/15/06 11:02p]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

R1 cdudf;cdudf;C:\WINNT\system32\drivers\cdudf.sys
R1 DVDVRRdr;DVDVRRdr;C:\WINNT\system32\drivers\DVDVRRdr.sys
R1 ppmoucls;ppmoucls;C:\WINNT\system32\DRIVERS\ppmoucls.sys
R1 pptchpad;PenPower Touchpad;C:\WINNT\system32\DRIVERS\pptchpd5.sys
R1 pwd_2k;pwd_2k;C:\WINNT\system32\drivers\pwd_2k.sys
R1 UdfReadr;UdfReadr;C:\WINNT\system32\drivers\UdfReadr.sys
R2 enodpl;enodpl;C:\WINNT\system32\drivers\enodpl.sys
R2 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR;C:\Program Files\Bethesda Softworks\SV\PI\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR
R2 tandpl;tandpl;C:\WINNT\system32\drivers\tandpl.sys
R3 Cap7134;TVFM 503 WDM Video Capture;C:\WINNT\system32\DRIVERS\Cap7134.sys
R3 cmuda;C-Media WDM Audio Interface;C:\WINNT\system32\drivers\cmuda.sys
R3 dvd_2K;dvd_2K;C:\WINNT\system32\drivers\dvd_2K.sys
R3 Icam4USB;Intel PC Camera Pro;C:\WINNT\system32\Drivers\Icam4USB.sys
R3 itchfltr;iTouch Keyboard Filter;C:\WINNT\system32\DRIVERS\itchfltr.sys
R3 LCcfltr;Logitech USB Filter Driver;C:\WINNT\system32\Drivers\LCcFltr.Sys
R3 mmc_2K;mmc_2K;C:\WINNT\system32\drivers\mmc_2K.sys
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver;C:\WINNT\system32\drivers\msmpu401.sys
R3 openhci;Microsoft USB Open Host Controller Driver;C:\WINNT\system32\DRIVERS\openhci.sys
R3 SaiClass;SaiClass;C:\WINNT\system32\drivers\SaiNtBus.sys
R3 SaiMini;SaiMini;C:\WINNT\system32\drivers\SaiMini.sys
S3 EagleNT;EagleNT;\??\C:\WINNT\system32\drivers\EagleNT.sys
S3 MPE;BDA MPE Filter;C:\WINNT\system32\DRIVERS\MPE.sys
S3 NCHSSVAD;SoundTap Recorder;C:\WINNT\system32\drivers\nchssvad.sys
S3 SaiNtHid;SaiNtHid;C:\WINNT\system32\DRIVERS\SaiNtHid.sys
S3 SaiNtSub;SaiNtSub;C:\WINNT\system32\DRIVERS\SaiNtSub.sys
S3 scrcap;scrcap;C:\WINNT\system32\DRIVERS\scrcap.sys
S3 SiS630;SiS630;C:\WINNT\system32\DRIVERS\sis630p.sys
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR;C:\Program Files\Bethesda Softworks\SV\PI\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR
S3 StillCam;Still Serial Digital Camera Driver;C:\WINNT\system32\DRIVERS\serscan.sys

Contents of the 'Scheduled Tasks' folder
2006-12-17 12:07:14 C:\WINNT\Tasks\Norton AntiVirus - Scan my computer - Stan Siu.job - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-08 07:30:52
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 08/08/2007 7:32:18
C:\ComboFix-quarantined-files.txt ... 08/08/07 07:31a
C:\ComboFix2.txt ... 08/07/07 02:40p

--- E O F ---

Incident Status Location

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\inu8kwtn.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\inu8kwtn.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\inu8kwtn.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\inu8kwtn.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\inu8kwtn.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\inu8kwtn.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\inu8kwtn.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\inu8kwtn.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\inu8kwtn.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\inu8kwtn.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.go.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.com.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.overture.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.atwola.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\X\Cookies\X@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\X\Cookies\X@ad.yieldmanager[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\X\Cookies\X@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\X\Cookies\X@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\X\Cookies\X@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\X\Cookies\X@atwola[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\X\Cookies\X@doubleclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\X\Cookies\X@mediaplex[1].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\X\Desktop\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINNT\nircmd.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINNT\system32\cdcuscnb.dll
Potentially unwanted tool:Application/Processor Not disinfected C:\WINNT\system32\Process.exe

Deckard's System Scanner v20070804.61
Run by X on 2007-08-08 at 11:59:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as X.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:28 AM, on 8/8/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Bethesda Softworks\SV\PI\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINPENJR\Win32\pphidpad.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\POP Peeper\POPPeeper.exe
C:\WINNT\explorer.exe
C:\Program Files\Netscape\Navigator 9\navigator.exe
C:\Internet download\Other\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\X.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\system32\PSDrvCheck.exe -CheckReg
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} - http://plug-in.reallusion.com/CrazyTalk4.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1176860841987
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/game...lugin10USA.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9547 bytes

-- Files created between 2007-07-08 and 2007-08-08 -----------------------------

2025-01-01 18:38:16 0 d-------- C:\Documents and Settings\X\Application Data\Symantec
2007-08-08 07:39:14 0 d-------- C:\WINNT\system32\ActiveScan
2007-08-08 07:25:50 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_468.dat
2007-08-08 07:14:38 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_2cc.dat
2007-08-07 17:17:49 0 d-------- C:\Program Files\HC
2007-08-07 08:30:33 0 d-------- C:\Documents and Settings\X\Application Data\fretsonfire
2007-08-06 11:47:00 4470 --a------ C:\WINNT\system32\tmp.reg
2007-08-06 11:46:34 288417 --a------ C:\WINNT\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-08-06 11:46:34 53248 --a------ C:\WINNT\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-08-06 11:46:34 51200 --a------ C:\WINNT\system32\dumphive.exe
2007-08-06 11:22:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-08-06 10:53:37 0 d-------- C:\Program Files\Trend Micro
2007-08-03 15

14 0 d-------- C:\Program Files\Pinnacle Systems
2007-08-03 13:58:10 0 d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2007-08-03 13:58:09 0 d-------- C:\Program Files\SmartSound Software
2007-08-03 13:19:36 155721 --a------ C:\WINNT\system32\RALMain.dll <Not Verified; Pinnacle Systems GmbH; Register Abstraction Layer>
2007-08-03 13:19:36 204881 --a------ C:\WINNT\system32\DiskIO.dll <Not Verified; Pinnacle Systems GmbH; Media File Sequencer>
2007-08-03 13:19:35 81920 --a------ C:\WINNT\system32\vdrmux.dll <Not Verified; Pinnacle Systems; Pinnacle Systems vdrmux>
2007-08-03 13:19:35 46592 --a------ C:\WINNT\system32\vdrcodec.dll <Not Verified; Pinnacle Systems; Studio 600>
2007-08-03 13:19:35 294912 --a------ C:\WINNT\system32\pvmjpg21.dll <Not Verified; Pegasus Imaging Corporation; PICVideo>
2007-08-03 13:19:34 44544 --a------ C:\WINNT\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
2007-08-03 13:19:34 73728 --a------ C:\WINNT\system32\MMAviAx.dll <Not Verified; Pinnacle Systems GmbH; miroVIDEO MFP>
2007-08-03 13:19:34 32768 --a------ C:\WINNT\system32\MLPagAx.dll <Not Verified; Pinnacle Systems GmbH; MLPag DLL>
2007-08-03 13:19:34 40960 --a------ C:\WINNT\system32\langserv.dll <Not Verified; Pinnacle Systems GmbH; miroVIDEO LangServ>
2007-08-03 13:19:34 18432 --a------ C:\WINNT\system32\Cachex.dll <Not Verified; Pinnacle Systems GmbH; Cache DLL>
2007-08-03 13:19:34 114759 --a------ C:\WINNT\system32\Aviprax.dll <Not Verified; Pinnacle Systems GmbH; miroVIDEO AFP>
2007-08-03 13:12:56 11264 --a------ C:\WINNT\system32\drivers\asapiW2k.sys <Not Verified; Pinnacle Systems GmbH; asapi>
2007-08-03 13:12:54 406016 --a------ C:\WINNT\system32\PSDrvCheck.exe
2007-08-03 13:12:53 19456 --a------ C:\WINNT\system32\asapi.dll <Not Verified; VoB Computersysteme GmbH; >
2007-08-03 13:12:12 61440 --a------ C:\WINNT\system32\pclepim1.dll <Not Verified; Pinnacle Systems; Microsoft Windows>
2007-08-03 13:12:09 49152 --a------ C:\WINNT\system32\PCLEGetGuid.dll <Not Verified; Pinnacle Systems; Guid_dll>
2007-08-03 10:49:09 125504 --a------ C:\WINNT\system32\cdcuscnb.dll
2007-08-03 09:59:13 0 d-------- C:\Program Files\SmartSound Software Inc
2007-08-03 08:58:47 0 d--h---c- C:\WINNT\$SQLUninstallMDAC28-KB927779-x86-ENU$
2007-08-02 11:45:41 0 --a------ C:\WINNT\2
2007-08-02 11:42:16 18 --a------ C:\WINNT\?
2007-08-02 11:15:29 0 d-------- C:\Program Files\Microsoft SQL Server
2007-07-27 09:35:33 0 d-------- C:\Program Files\notepad2
2007-07-24 16:26:17 0 d-------- C:\Program Files\Qualcomm
2007-07-22 16:57:47 0 d-------- C:\Program Files\Virtools
2007-07-21 22:17:38 0 d-------- C:\WINNT\Simpson Backround
2007-07-18 18:38:16 0 d-------- C:\Program Files\Mozilla Thunderbird
2007-07-18 14:36:00 595 --a------ C:\WINNT\eReg.dat
2007-07-15 23

24 0 d-------- C:\Program Files\Three Rings Design
2007-07-15 23:00:02 0 d-------- C:\Documents and Settings\X\Application Data\yoclient
2007-07-13 20:22:13 0 d-------- C:\Program Files\DivX
2007-07-12 10:01:55 83968 --a------ C:\WINNT\UnGins.exe
2007-07-11 09:19:22 0 d-------- C:\Program Files\Toolkit3
2007-07-11 08:38:47 283862 --a------ C:\WINNT\system32\smpeg.dll
2007-07-11 08:38:47 310849 --a------ C:\WINNT\system32\SDL_ttf.dll
2007-07-11 08:38:47 396903 --a------ C:\WINNT\system32\SDL_mixer.dll
2007-07-11 08:38:47 211033 --a------ C:\WINNT\system32\SDL_image.dll
2007-07-11 08:38:47 335629 --a------ C:\WINNT\system32\SDL.dll
2007-07-10 17:51:18 53248 --a------ C:\WINNT\system32\zlib.dll <Not Verified; ; ZLib.DLL>
2007-07-10 17:51:18 356352 --a------ C:\WINNT\system32\SciLexer.dll <Not Verified; Neil Hodgson neilh@scintilla.org; Scintilla>
2007-07-10 17:51:18 352256 --a------ C:\WINNT\system32\libmng.dll
2007-07-10 17:51:18 368640 --a------ C:\WINNT\system32\js32.dll
2007-07-10 17:51:18 233472 --a------ C:\WINNT\system32\corona.dll
2007-07-10 17:51:18 618496 --a------ C:\WINNT\system32\audiere.dll <Not Verified; http://aegisknight.org/; audiere>
2007-07-10 17:17:43 0 --a------ C:\WINNT\a
2007-07-10 17:17:23 317952 -ra------ C:\WINNT\system32\Roboex32.dll <Not Verified; Blue Sky Software Corporation.; RoboHELP Classic>
2007-07-10 17:17:23 48640 -ra------ C:\WINNT\system32\INETWH32.DLL <Not Verified; Blue Sky Software; Blue Sky Software - INETWH32>

-- Find3M Report ---------------------------------------------------------------

2007-08-08 10:18:14 0 d-------- C:\Program Files\QuickTime
2007-08-08 10:11:41 0 d-------- C:\Program Files\Norton Internet Security
2007-08-08 09:53:34 0 d-------- C:\Program Files\inXile entertainment
2007-08-08 09:53:33 504551 --a------ C:\WINNT\system32\Line Rider Theater.scr <Not Verified; Axialis Software; Axialis Screen Saver Producer>
2007-08-08 09:36:05 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-07 21:15:08 1100842 ---h----- C:\WINNT\ShellIconCache
2007-08-03 13:58:22 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-03 12:19:17 0 d-------- C:\Program Files\Pinnacle
2007-08-02 22:28:47 18 --a------ C:\WINNT\?
2007-08-02 21:05:24 0 d-------- C:\Program Files\Bethesda Softworks
2007-08-02 18:44:57 0 d-------- C:\Documents and Settings\X\Application Data\CoreFTP
2007-08-01 18:48:23 17250 --a------ C:\WINNT\mozver.dat
2007-07-25 13:34:21 0 d-------- C:\Program Files\Java
2007-07-23 20:30:27 0 d-------- C:\Program Files\Canon
2007-07-18 14:25:48 0 d-------- C:\Program Files\EA GAMES
2007-07-10 17:57:12 0 d-------- C:\Program Files\WMV9_VCM
2007-06-28 23:27:59 20898 --a------ C:\WINNT\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2007-06-28 23:27:59 164352 --a------ C:\WINNT\system32\SpoonUninstall.exe
2007-06-28 23:27:51 0 d-------- C:\Program Files\Illustrate
2007-06-28 23:21:15 0 d-------- C:\Program Files\Audacity
2007-06-28 23:21:15 0 d-------- C:\Documents and Settings\X\Application Data\Audacity
2007-06-28 12:15:32 0 d-------- C:\Documents and Settings\X\Application Data\IBP
2007-06-28 10:45:24 0 d-------- C:\Program Files\CamStudio
2007-06-26 22:24:59 0 d-------- C:\Program Files\POP Peeper
2007-06-25 09:05:58 0 d-------- C:\Program Files\Real
2007-06-22 11:59:16 0 d-------- C:\Documents and Settings\X\Application Data\MSNInstaller
2007-06-14 11:19:15 0 d-------- C:\Documents and Settings\X\Application Data\Atari
2007-06-14 09:10:52 0 d-------- C:\Program Files\AIM6
2007-06-12 21:23:26 0 d-a------ C:\Program Files\Common Files
2007-06-12 21:23:26 0 d-------- C:\Documents and Settings\X\Application Data\Netscape
2007-06-12 21:22:17 0 d-------- C:\Program Files\Netscape
2007-06-12 10:37:57 0 d-------- C:\Documents and Settings\X\Application Data\POP Peeper
2007-05-20 09:58:30 65536 --a------ C:\WINNT\IFinst27.exe
2007-05-12 21:22:33 169 --a------ C:\WINNT\system32\EUSOFT.SYS

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 02:05p C:\WINNT\system32\mobsync.exe]
"Cmaudio"="cmicnfg.cpl" []
"NvCplDaemon"="C:\WINNT\System32\NvCpl.dll" [08/11/06 08:43p]
"nwiz"="nwiz.exe" [08/11/06 08:43p C:\WINNT\system32\nwiz.exe]
"NvMediaCenter"="C:\WINNT\System32\NvMcTray.dll" [08/11/06 08:43p]
"Logitech Utility"="Logi_MwX.Exe" [11/07/03 04:50a C:\WINNT\LOGI_MWX.EXE]
"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [07/09/01 12:50p]
"projselector"="C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" [10/16/03 05:25p]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [05/01/03 07:44p]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [10/16/03 09:15p]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [07/15/03 01:38p]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [07/03/01 10:11a]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/08/07 06:03p]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [11/02/04 12:59p]
"Profiler"="C:\Program Files\Saitek\Software\Profiler.exe" [01/28/04 10:19a]
"SaiSmart"="C:\Program Files\Saitek\Software\SaiSmart.exe" [01/28/04 10:19a]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/16/07 11:54a]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/07 04:00a]
"PPHIDPAD"="C:\WINPENJR\Win32\pphidpad.exe" [10/02/01 11:23a]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [12/01/03 11:38a]
"PinnacleDriverCheck"="C:\WINNT\system32\PSDrvCheck.exe" [03/10/04 04:26p]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [06/02/05 05:03p]
"POP Peeper"="C:\Program Files\POP Peeper\POPPeeper.exe" [11/15/06 11:02p]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

-- End of Deckard's System Scanner: finished at 2007-08-08 at 12:00:32 ---------

Ried · 08-08-2007, 11:06 PM

One more file left (this is why we run online scans as well.

)

Please ensure Hidden files and folders are viewable:

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading:
* select Show hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
*Also, make sure there is no checkmark beside Hide file extensions for known file types.
* Click OK.

--------------------------------------------------------------------

Using 'My Computer', navigate to and delete the following File

C:\WINNT\system32\ cdcuscnb.dll

--------------------------------------------------------------------

You have a lot of undesirable cookis in FireFox, Netscape and IE. Run AVG A-S--it should take care of those for you.

If not, clear them yourself via each browsers' Tools>Internet Options

You're good to go. If there aren't any more problems, please continue with these final instructions and helpful links:

Reset hidden/system files and folders

===============
Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Deselect the Show hidden files and folders option.
* Select the Hide file extensions for known types option.
* Select the Hide protected operating system files option.
Click Yes to confirm.
Click OK.

Ensure Windows Auto Update is Enabled
*Go to Start>Run - type wuaucpl.cpl
*Tick on the checkbox - "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".

**************************************************************************************

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

IE-SPYAD.EXE to block access to malicious websites so you cannot be redirected to them from an infected site or email. IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. This is a self-extracting .ZIP file, save it to your desktop. Once downloaded, double-click on it to extract the files inside (default dir is C:\IE-SPYAD)

Now navigate to C:\ie-spyad. Double click to open it.
From within the folder, double-click install.bat
Select Option #2 - Install the new IE-SPYAD list, by typing 2
Then return to the main menu.
Select option #4 - Add the old porn sites domain, by typing 4

Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released.

In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?

HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein
THE ANTI-SPYWARE TUTORIAL
MAKING INTERNET EXPLORER SAFER
Understanding and Using Firewalls

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

-----------------------------------------------------

Follow the list above and the potential for infection will reduce dramatically.

AWSOME · 08-09-2007, 07:53 AM

Teehee, when I was about to delete that file, my nortan anti-virus popped in and deleted it for me!

Thank you so much! You have been a great help!

Ried · 08-09-2007, 07:57 AM

You're quite welcome.

Take care, AWSOME.

08-06-2007, 02:20 PM	#2 (permalink)
AWSOME Registered User Join Date: Oct 2006 Posts: 12 OS: Win2000	Re: Viruses and Trojans, Oh My! Well, I know I'm not supposed to do this but I used other posts to help me get rid of my viruses and trojans. Thanks anyway! You guys are THE BEST.

08-07-2007, 12:04 AM	#3 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,606 OS: WinXP and Vista	Re: Viruses and Trojans, Oh My! What exactly did you do? Simply running ComboFix or VundoFix is not enough. Would you please post the logs of the tools you ran and I'd be glad to look them over. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

08-07-2007, 01:39 PM	#4 (permalink)
AWSOME Registered User Join Date: Oct 2006 Posts: 12 OS: Win2000	Re: Viruses and Trojans, Oh My! Let's see, I used AVG Anti-Spyware, Combofix, Vunodfix, CCleaner, Cleaner, and smitfraudfix. AVG and Smitfraud I used while in safe mode, while combofix and vundofix I used during normal mode. SmitFraudFix v2.208 Scan done at 11:46:50.47, Mon 08/06/2007 Run from C:\Documents and Settings\X\Desktop\SmitfraudFix\SmitfraudFix OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{1E74E39C-2540-4840-B615-52A2EFF36CAD}: DhcpNameServer=68.87.77.130 68.87.72.130 HKLM\SYSTEM\CS1\Services\Tcpip\..\{1E74E39C-2540-4840-B615-52A2EFF36CAD}: DhcpNameServer=68.87.77.130 68.87.72.130 HKLM\SYSTEM\CS2\Services\Tcpip\..\{1E74E39C-2540-4840-B615-52A2EFF36CAD}: DhcpNameServer=68.87.77.130 68.87.72.130 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.77.130 68.87.72.130 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.77.130 68.87.72.130 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.87.77.130 68.87.72.130 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End ComboFix 07-08-06.5 - "X" 2007-08-06 15:00:55.1 - NTFSx86 Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.490 [GMT -5:00] ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINNT\system32\drivers\sfsync02.sys C:\WINNT\system32\gjllm.ini C:\WINNT\system32\iifedbc.dll C:\WINNT\system32\mlljg.dll C:\WINNT\system32\qwerty12.exe C:\WINNT\system32\scbywmiq.dll C:\WINNT\system32\vqcxqdqe.dll ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_SFSYNC02 -------\sfsync02 ((((((((((((((((((((((((( Files Created from 2007-07-06 to 2007-08-06 ))))))))))))))))))))))))))))))) 2007-08-06 14:37 51,200 --a------ C:\WINNT\nircmd.exe 2007-08-06 14:07 <DIR> d-------- C:\VundoFix Backups 2007-08-06 11:47 4,470 --a------ C:\WINNT\system32\tmp.reg 2007-08-06 11:46 53,248 --a------ C:\WINNT\system32\Process.exe 2007-08-06 11:46 51,200 --a------ C:\WINNT\system32\dumphive.exe 2007-08-06 11:46 288,417 --a------ C:\WINNT\system32\SrchSTS.exe 2007-08-06 11:31 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_2d0.dat 2007-08-06 11:25 574,508 --a------ C:\WINNT\system32\ysrhfgfd.exe 2007-08-06 10:53 3,968 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys 2007-08-06 10:53 <DIR> d-------- C:\Program Files\Trend Micro 2007-08-06 10:42 <DIR> d-------- C:\Program Files\CCleaner 2007-08-06 09:30 <DIR> d-------- C:\Deckard 2007-08-06 09:21 125,504 --a------ C:\WINNT\system32\blqnfcmi.dll 2007-08-03 15:06 <DIR> d-------- C:\Program Files\Pinnacle Systems 2007-08-03 13:58 <DIR> d-------- C:\Program Files\SmartSound Software 2007-08-03 13:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SmartSound Software Inc 2007-08-03 13:19 81,920 --a------ C:\WINNT\system32\vdrmux.dll 2007-08-03 13:19 76,800 --a------ C:\WINNT\system32\Lfwmf13n.dll 2007-08-03 13:19 73,728 --a------ C:\WINNT\system32\MMAviAx.dll 2007-08-03 13:19 73,728 --a------ C:\WINNT\system32\lffax13n.dll 2007-08-03 13:19 65,536 --a------ C:\WINNT\system32\Lfpct13n.dll 2007-08-03 13:19 46,592 --a------ C:\WINNT\system32\vdrcodec.dll 2007-08-03 13:19 453,120 --a------ C:\WINNT\system32\ltkrn13n.dll 2007-08-03 13:19 44,544 --a------ C:\WINNT\system32\msxml4a.dll 2007-08-03 13:19 40,960 --a------ C:\WINNT\system32\langserv.dll 2007-08-03 13:19 393,216 --a------ C:\WINNT\system32\LFCMP13n.DLL 2007-08-03 13:19 32,768 --a------ C:\WINNT\system32\MLPagAx.dll 2007-08-03 13:19 30,208 --a------ C:\WINNT\system32\lfbmp13n.dll 2007-08-03 13:19 294,912 --a------ C:\WINNT\system32\pvmjpg21.dll 2007-08-03 13:19 278,016 --a------ C:\WINNT\system32\LFJ2K13n.dll 2007-08-03 13:19 24,576 --a------ C:\WINNT\system32\lftga13n.dll 2007-08-03 13:19 204,881 --a------ C:\WINNT\system32\DiskIO.dll 2007-08-03 13:19 18,432 --a------ C:\WINNT\system32\Cachex.dll 2007-08-03 13:19 155,721 --a------ C:\WINNT\system32\RALMain.dll 2007-08-03 13:19 153,088 --a------ C:\WINNT\system32\ltfil13n.DLL 2007-08-03 13:19 143,360 --a------ C:\WINNT\system32\lftif13n.dll 2007-08-03 13:19 114,759 --a------ C:\WINNT\system32\Aviprax.dll 2007-08-03 13:19 1,693,696 --a------ C:\WINNT\system32\LTCLR13n.dll 2007-08-03 13:12 61,440 --a------ C:\WINNT\system32\pclepim1.dll 2007-08-03 13:12 49,152 --a------ C:\WINNT\system32\PCLEGetGuid.dll 2007-08-03 13:12 406,016 --a------ C:\WINNT\system32\PSDrvCheck.exe 2007-08-03 13:12 19,456 --a------ C:\WINNT\system32\asapi.dll 2007-08-03 13:12 11,264 --a------ C:\WINNT\system32\drivers\asapiW2k.sys 2007-08-03 10:49 125,504 --a------ C:\WINNT\system32\cdcuscnb.dll 2007-08-03 09:59 <DIR> d-------- C:\Program Files\SmartSound Software Inc 2007-08-03 08:58 <DIR> d--h-c--- C:\WINNT\$SQLUninstallMDAC28-KB927779-x86-ENU$ 2007-08-02 11:18 1,110,528 --a------ C:\WINNT\system32\msxml3.dll 2007-08-02 11:16 33,340 --a------ C:\WINNT\system32\dbmsqlgc.dll 2007-08-02 11:15 <DIR> d-------- C:\Program Files\Microsoft SQL Server 2007-08-02 11:11 94,208 --a--c--- C:\WINNT\system32\dllcache\odbcint.dll 2007-08-02 11:11 94,208 --a------ C:\WINNT\system32\odbcint.dll 2007-08-02 11:11 90,112 --a--c--- C:\WINNT\system32\dllcache\msjro.dll 2007-08-02 11:11 73,728 --a--c--- C:\WINNT\system32\dllcache\msdaosp.dll 2007-08-02 11:11 73,728 --a------ C:\WINNT\system32\DBnetlib.dll 2007-08-02 11:11 73,728 --a------ C:\WINNT\system32\cliconfg.dll 2007-08-02 11:11 69,632 --a--c--- C:\WINNT\system32\dllcache\oledb32r.dll 2007-08-02 11:11 61,440 --a--c--- C:\WINNT\system32\dllcache\odbccu32.dll 2007-08-02 11:11 61,440 --a--c--- C:\WINNT\system32\dllcache\odbccr32.dll 2007-08-02 11:11 61,440 --a--c--- C:\WINNT\system32\dllcache\msadcf.dll 2007-08-02 11:11 61,440 --a------ C:\WINNT\system32\odbccu32.dll 2007-08-02 11:11 61,440 --a------ C:\WINNT\system32\odbccr32.dll 2007-08-02 11:11 53,248 --a--c--- C:\WINNT\system32\dllcache\msadrh15.dll 2007-08-02 11:11 53,248 --a--c--- C:\WINNT\system32\dllcache\msador15.dll 2007-08-02 11:11 507,904 --a--c--- C:\WINNT\system32\dllcache\msado15.dll 2007-08-02 11:11 49,152 --a--c--- C:\WINNT\system32\dllcache\msadcs.dll 2007-08-02 11:11 442,368 --a--c--- C:\WINNT\system32\dllcache\oledb32.dll 2007-08-02 11:11 44,032 --a--c--- C:\WINNT\system32\dllcache\msxml3r.dll 2007-08-02 11:11 44,032 --a------ C:\WINNT\system32\msxml3r.dll 2007-08-02 11:11 4,656 --a--c--- C:\WINNT\system32\dllcache\ds16gt.dll 2007-08-02 11:11 4,656 --a------ C:\WINNT\system32\ds16gt.dll 2007-08-02 11:11 4,096 --a--c--- C:\WINNT\system32\dllcache\msdaurl.dll 2007-08-02 11:11 4,096 --a--c--- C:\WINNT\system32\dllcache\msdasc.dll 2007-08-02 11:11 4,096 --a--c--- C:\WINNT\system32\dllcache\msdaer.dll 2007-08-02 11:11 4,096 --a--c--- C:\WINNT\system32\dllcache\msdaenum.dll 2007-08-02 11:11 4,096 --a--c--- C:\WINNT\system32\dllcache\msdadc.dll 2007-08-02 11:11 36,864 --a--c--- C:\WINNT\system32\dllcache\mscpxl32.dll 2007-08-02 11:11 36,864 --a------ C:\WINNT\system32\mscpxl32.dll 2007-08-02 11:11 32,768 --a--c--- C:\WINNT\system32\dllcache\odbcad32.exe 2007-08-02 11:11 32,768 --a--c--- C:\WINNT\system32\dllcache\msdfmap.dll 2007-08-02 11:11 32,768 --a------ C:\WINNT\system32\odbcad32.exe 2007-08-02 11:11 315,392 --a--c--- C:\WINNT\system32\dllcache\msadce.dll 2007-08-02 11:11 303,104 --a--c--- C:\WINNT\system32\dllcache\msdasql.dll 2007-08-02 11:11 28,672 --a------ C:\WINNT\system32\DBnmpntw.dll 2007-08-02 11:11 28,672 --a------ C:\WINNT\system32\dbmsgnet.dll 2007-08-02 11:11 26,224 --a--c--- C:\WINNT\system32\dllcache\odbc16gt.dll 2007-08-02 11:11 26,224 --a------ C:\WINNT\system32\odbc16gt.dll 2007-08-02 11:11 24,576 --a--c--- C:\WINNT\system32\dllcache\msxactps.dll 2007-08-02 11:11 24,576 --a--c--- C:\WINNT\system32\dllcache\msader15.dll 2007-08-02 11:11 24,576 --a--c--- C:\WINNT\system32\dllcache\msaddsr.dll 2007-08-02 11:11 24,576 --a------ C:\WINNT\system32\dbmsvinn.dll 2007-08-02 11:11 24,576 --a------ C:\WINNT\system32\dbmsrpcn.dll 2007-08-02 11:11 24,576 --a------ C:\WINNT\system32\dbmsadsn.dll 2007-08-02 11:11 225,280 --a--c--- C:\WINNT\system32\dllcache\msdaora.dll 2007-08-02 11:11 221,184 --a--c--- C:\WINNT\system32\dllcache\ODBC32.dll 2007-08-02 11:11 221,184 --a------ C:\WINNT\system32\ODBC32.dll 2007-08-02 11:11 20,480 --a--c--- C:\WINNT\system32\dllcache\msdatt.dll 2007-08-02 11:11 20,480 --a--c--- C:\WINNT\system32\dllcache\msadcer.dll 2007-08-02 11:11 20,480 --a------ C:\WINNT\system32\msorc32r.dll 2007-08-02 11:11 20,480 --a------ C:\WINNT\system32\cliconfg.exe 2007-08-02 11:11 192,512 --a--c--- C:\WINNT\system32\dllcache\msdaprst.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 25-01-01 18:38 --------- d-------- C:\DOCUME~1\X\APPLIC~1\Symantec 07-08-06 11:25 --------- d-------- C:\Program Files\Common Files\Symantec Shared 07-08-03 13:58 --------- d--h----- C:\Program Files\InstallShield Installation Information 07-08-03 12:19 --------- d-------- C:\Program Files\Pinnacle 07-08-02 21:05 --------- d-------- C:\Program Files\Bethesda Softworks 07-08-02 18:44 --------- d-------- C:\DOCUME~1\X\APPLIC~1\CoreFTP 07-08-01 18:48 17250 --a------ C:\WINNT\mozver.dat 07-07-23 20:30 --------- d-------- C:\Program Files\Canon 07-07-18 14:25 --------- d-------- C:\Program Files\EA GAMES 07-07-16 18:40 --------- d-------- C:\Program Files\Norton Internet Security 07-07-10 17:57 --------- d-------- C:\Program Files\WMV9_VCM 07-06-28 23:27 20898 --a------ C:\WINNT\system32\SpoonUninstall-dBpowerAMP Music Converter.dat 07-06-28 23:27 164352 --a------ C:\WINNT\system32\SpoonUninstall.exe 07-06-28 23:27 --------- d-------- C:\Program Files\Illustrate 07-06-28 23:21 --------- d-------- C:\Program Files\Audacity 07-06-28 23:21 --------- d-------- C:\DOCUME~1\X\APPLIC~1\Audacity 07-06-28 12:15 --------- d-------- C:\DOCUME~1\X\APPLIC~1\IBP 07-06-28 10:45 --------- d-------- C:\Program Files\CamStudio 07-06-27 21:08 --------- d-------- C:\DOCUME~1\X\APPLIC~1\Viewpoint 07-06-26 22:24 --------- d-------- C:\Program Files\POP Peeper 07-06-25 12:27 --------- d-------- C:\DOCUME~1\X\APPLIC~1\Azureus 07-06-25 09:05 --------- d-------- C:\Program Files\Real 07-06-22 11:59 --------- d-------- C:\DOCUME~1\X\APPLIC~1\MSNInstaller 07-06-20 09:04 --------- d-------- C:\DOCUME~1\X\APPLIC~1\Reno 911 Paintball 07-06-18 13:46 --------- d-------- C:\DOCUME~1\X\APPLIC~1\fretsonfire 07-06-14 11:19 --------- d-------- C:\DOCUME~1\X\APPLIC~1\Atari 07-06-14 09:10 --------- d-------- C:\Program Files\AIM6 07-06-12 21:23 --------- d-------- C:\DOCUME~1\X\APPLIC~1\Netscape 07-06-12 21:22 --------- d-------- C:\Program Files\Netscape 07-06-12 10:37 --------- d-------- C:\DOCUME~1\X\APPLIC~1\POP Peeper 07-06-06 19:31 --------- d-------- C:\DOCUME~1\X\APPLIC~1\OpenOffice.org2 07-05-20 09:58 65536 --a------ C:\WINNT\IFinst27.exe 07-05-12 21:22 169 --a------ C:\WINNT\system32\EUSOFT.SYS 07-05-07 18:21 737280 --a------ C:\WINNT\iun6002.exe 06-12-10 22:01 271 ---h----- C:\Program Files\desktop.ini 06-12-10 22:01 21952 ---h----- C:\Program Files\folder.htt 2007-03-16 15:16:46 56 --sha-r C:\WINNT\system32\E8D8992D70.sys 2007-03-20 01:23:33 1,890 --sha-w C:\WINNT\system32\KGyGaAvL.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Synchronization Manager"="mobsync.exe" [03-06-19 14:05 C:\WINNT\system32\mobsync.exe] "Cmaudio"="cmicnfg.cpl" [] "NvCplDaemon"="C:\WINNT\System32\NvCpl.dll" [06-08-11 20:43 ] "nwiz"="nwiz.exe" [06-08-11 20:43 C:\WINNT\system32\nwiz.exe] "NvMediaCenter"="C:\WINNT\System32\NvMcTray.dll" [06-08-11 20:43 ] "Logitech Utility"="Logi_MwX.Exe" [03-11-07 04:50 C:\WINNT\LOGI_MWX.EXE] "NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [01-07-09 12:50 ] "projselector"="C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" [03-10-16 17:25 ] "RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [03-05-01 19:44 ] "RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [03-10-16 21:15 ] "RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [03-07-15 13:38 ] "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [01-07-03 10:11 ] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [07-01-08 18:03 ] "SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [04-11-02 12:59 ] "Profiler"="C:\Program Files\Saitek\Software\Profiler.exe" [04-01-28 10:19 ] "SaiSmart"="C:\Program Files\Saitek\Software\SaiSmart.exe" [04-01-28 10:19 ] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07-02-16 11:54 ] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07-07-12 04:00 ] "PPHIDPAD"="C:\WINPENJR\Win32\pphidpad.exe" [01-10-02 11:23 ] "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [03-12-01 11:38 ] "PinnacleDriverCheck"="C:\WINNT\system32\PSDrvCheck.exe" [04-03-10 16:26 ] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [07-08-06 11:07 ] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [05-06-02 17:03 ] "POP Peeper"="C:\Program Files\POP Peeper\POPPeeper.exe" [06-11-15 23:02 ] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys] @="Driver" R1 cdudf;cdudf;C:\WINNT\system32\drivers\cdudf.sys R1 DVDVRRdr;DVDVRRdr;C:\WINNT\system32\drivers\DVDVRRdr.sys R1 ppmoucls;ppmoucls;C:\WINNT\system32\DRIVERS\ppmoucls.sys R1 pptchpad;PenPower Touchpad;C:\WINNT\system32\DRIVERS\pptchpd5.sys R1 pwd_2k;pwd_2k;C:\WINNT\system32\drivers\pwd_2k.sys R1 UdfReadr;UdfReadr;C:\WINNT\system32\drivers\UdfReadr.sys R2 enodpl;enodpl;C:\WINNT\system32\drivers\enodpl.sys R2 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR;C:\Program Files\Bethesda Softworks\SV\PI\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR R2 tandpl;tandpl;C:\WINNT\system32\drivers\tandpl.sys R3 Cap7134;TVFM 503 WDM Video Capture;C:\WINNT\system32\DRIVERS\Cap7134.sys R3 cmuda;C-Media WDM Audio Interface;C:\WINNT\system32\drivers\cmuda.sys R3 dvd_2K;dvd_2K;C:\WINNT\system32\drivers\dvd_2K.sys R3 Icam4USB;Intel PC Camera Pro;C:\WINNT\system32\Drivers\Icam4USB.sys R3 itchfltr;iTouch Keyboard Filter;C:\WINNT\system32\DRIVERS\itchfltr.sys R3 LCcfltr;Logitech USB Filter Driver;C:\WINNT\system32\Drivers\LCcFltr.Sys R3 mmc_2K;mmc_2K;C:\WINNT\system32\drivers\mmc_2K.sys R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver;C:\WINNT\system32\drivers\msmpu401.sys R3 openhci;Microsoft USB Open Host Controller Driver;C:\WINNT\system32\DRIVERS\openhci.sys R3 SaiClass;SaiClass;C:\WINNT\system32\drivers\SaiNtBus.sys R3 SaiMini;SaiMini;C:\WINNT\system32\drivers\SaiMini.sys S3 EagleNT;EagleNT;\??\C:\WINNT\system32\drivers\EagleNT.sys S3 MPE;BDA MPE Filter;C:\WINNT\system32\DRIVERS\MPE.sys S3 NCHSSVAD;SoundTap Recorder;C:\WINNT\system32\drivers\nchssvad.sys S3 SaiNtHid;SaiNtHid;C:\WINNT\system32\DRIVERS\SaiNtHid.sys S3 SaiNtSub;SaiNtSub;C:\WINNT\system32\DRIVERS\SaiNtSub.sys S3 scrcap;scrcap;C:\WINNT\system32\DRIVERS\scrcap.sys S3 SiS630;SiS630;C:\WINNT\system32\DRIVERS\sis630p.sys S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR;C:\Program Files\Bethesda Softworks\SV\PI\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR S3 StillCam;Still Serial Digital Camera Driver;C:\WINNT\system32\DRIVERS\serscan.sys Contents of the 'Scheduled Tasks' folder 2006-12-17 12:07:14 C:\WINNT\Tasks\Norton AntiVirus - Scan my computer - Stan Siu.job - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe ************************************************************************ catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-06 15:11:01 Windows 5.0.2195 Service Pack 4 NTFS scanning hidden processes ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\MSSYCLM] "Start"=dword:d00e0325 scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ Completion time: 2007-08-06 15:13:26 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 07-08-06 15:12 --- E O F --- VundoFix V6.5.6 Checking Java version... Java version is 1.5.0.10 Java version is 1.5.0.11 Scan started at 3:22:24 PM 8/6/2007 Listing files found while scanning.... No infected files were found. VundoFix V6.5.6 Checking Java version... Java version is 1.5.0.10 Java version is 1.5.0.11 Scan started at 3:23:26 PM 8/6/2007 Listing files found while scanning.... No infected files were found. I can't seem to find the AVG, CCleaner, or Cleaner log. Maybe it didn't record it. I'm assuming you want my new log for DSS so... Deckard's System Scanner v20070804.61 Run by Kenneth on 2007-08-07 at 14:46:04 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Kenneth.exe) --------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:46:14 PM, on 8/7/2007 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\hidserv.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Bethesda Softworks\SV\PI\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINNT\System32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINNT\system32\stisvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\MsPMSPSv.exe C:\WINNT\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\RunDll32.exe C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe C:\Program Files\Saitek\Software\Profiler.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\Program Files\Saitek\Software\SaiSmart.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINPENJR\Win32\pphidpad.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\POP Peeper\POPPeeper.exe C:\Program Files\Netscape\Navigator 9\navigator.exe C:\Internet download\Other\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Kenneth.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\system32\PSDrvCheck.exe -CheckReg O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} - http://plug-in.reallusion.com/CrazyTalk4.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1176860841987 O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/game...lugin10USA.cab O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 9437 bytes -- Files created between 2007-07-07 and 2007-08-07 ----------------------------- 2025-01-01 18:38:16 0 d-------- C:\Documents and Settings\Kenneth\Application Data\Symantec 2007-08-07 14:36:31 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_2d0.dat 2007-08-07 08:30:33 0 d-------- C:\Documents and Settings\Kenneth\Application Data\fretsonfire 2007-08-06 11:47:00 4470 --a------ C:\WINNT\system32\tmp.reg 2007-08-06 11:46:34 288417 --a------ C:\WINNT\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS> 2007-08-06 11:46:34 53248 --a------ C:\WINNT\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility> 2007-08-06 11:46:34 51200 --a------ C:\WINNT\system32\dumphive.exe 2007-08-06 11:25:02 574508 --a------ C:\WINNT\system32\ysrhfgfd.exe 2007-08-06 11:22:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-08-06 10:53:37 0 d-------- C:\Program Files\Trend Micro 2007-08-06 09:21:05 125504 --a------ C:\WINNT\system32\blqnfcmi.dll 2007-08-03 1514 0 d-------- C:\Program Files\Pinnacle Systems 2007-08-03 13:58:10 0 d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc 2007-08-03 13:58:09 0 d-------- C:\Program Files\SmartSound Software 2007-08-03 13:19:36 155721 --a------ C:\WINNT\system32\RALMain.dll <Not Verified; Pinnacle Systems GmbH; Register Abstraction Layer> 2007-08-03 13:19:36 204881 --a------ C:\WINNT\system32\DiskIO.dll <Not Verified; Pinnacle Systems GmbH; Media File Sequencer> 2007-08-03 13:19:35 81920 --a------ C:\WINNT\system32\vdrmux.dll <Not Verified; Pinnacle Systems; Pinnacle Systems vdrmux> 2007-08-03 13:19:35 46592 --a------ C:\WINNT\system32\vdrcodec.dll <Not Verified; Pinnacle Systems; Studio 600> 2007-08-03 13:19:35 294912 --a------ C:\WINNT\system32\pvmjpg21.dll <Not Verified; Pegasus Imaging Corporation; PICVideo> 2007-08-03 13:19:34 44544 --a------ C:\WINNT\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1> 2007-08-03 13:19:34 73728 --a------ C:\WINNT\system32\MMAviAx.dll <Not Verified; Pinnacle Systems GmbH; miroVIDEO MFP> 2007-08-03 13:19:34 32768 --a------ C:\WINNT\system32\MLPagAx.dll <Not Verified; Pinnacle Systems GmbH; MLPag DLL> 2007-08-03 13:19:34 40960 --a------ C:\WINNT\system32\langserv.dll <Not Verified; Pinnacle Systems GmbH; miroVIDEO LangServ> 2007-08-03 13:19:34 18432 --a------ C:\WINNT\system32\Cachex.dll <Not Verified; Pinnacle Systems GmbH; Cache DLL> 2007-08-03 13:19:34 114759 --a------ C:\WINNT\system32\Aviprax.dll <Not Verified; Pinnacle Systems GmbH; miroVIDEO AFP> 2007-08-03 13:12:56 11264 --a------ C:\WINNT\system32\drivers\asapiW2k.sys <Not Verified; Pinnacle Systems GmbH; asapi> 2007-08-03 13:12:54 406016 --a------ C:\WINNT\system32\PSDrvCheck.exe 2007-08-03 13:12:53 19456 --a------ C:\WINNT\system32\asapi.dll <Not Verified; VoB Computersysteme GmbH; > 2007-08-03 13:12:12 61440 --a------ C:\WINNT\system32\pclepim1.dll <Not Verified; Pinnacle Systems; Microsoft Windows> 2007-08-03 13:12:09 49152 --a------ C:\WINNT\system32\PCLEGetGuid.dll <Not Verified; Pinnacle Systems; Guid_dll> 2007-08-03 10:49:09 125504 --a------ C:\WINNT\system32\cdcuscnb.dll 2007-08-03 09:59:13 0 d-------- C:\Program Files\SmartSound Software Inc 2007-08-03 08:58:47 0 d--h---c- C:\WINNT\$SQLUninstallMDAC28-KB927779-x86-ENU$ 2007-08-02 11:45:41 0 --a------ C:\WINNT\2 2007-08-02 11:42:16 18 --a------ C:\WINNT\? 2007-08-02 11:15:29 0 d-------- C:\Program Files\Microsoft SQL Server 2007-07-27 09:35:33 0 d-------- C:\Program Files\notepad2 2007-07-24 16:26:17 0 d-------- C:\Program Files\Qualcomm 2007-07-22 16:57:47 0 d-------- C:\Program Files\Virtools 2007-07-21 22:17:38 0 d-------- C:\WINNT\Simpson Backround 2007-07-18 18:38:16 0 d-------- C:\Program Files\Mozilla Thunderbird 2007-07-18 14:36:00 595 --a------ C:\WINNT\eReg.dat 2007-07-15 2324 0 d-------- C:\Program Files\Three Rings Design 2007-07-15 23:00:02 0 d-------- C:\Documents and Settings\Kenneth\Application Data\yoclient 2007-07-13 20:22:13 0 d-------- C:\Program Files\DivX 2007-07-12 10:01:55 83968 --a------ C:\WINNT\UnGins.exe 2007-07-11 09:19:22 0 d-------- C:\Program Files\Toolkit3 2007-07-11 08:38:47 283862 --a------ C:\WINNT\system32\smpeg.dll 2007-07-11 08:38:47 310849 --a------ C:\WINNT\system32\SDL_ttf.dll 2007-07-11 08:38:47 396903 --a------ C:\WINNT\system32\SDL_mixer.dll 2007-07-11 08:38:47 211033 --a------ C:\WINNT\system32\SDL_image.dll 2007-07-11 08:38:47 335629 --a------ C:\WINNT\system32\SDL.dll 2007-07-10 17:51:18 53248 --a------ C:\WINNT\system32\zlib.dll <Not Verified; ; ZLib.DLL> 2007-07-10 17:51:18 356352 --a------ C:\WINNT\system32\SciLexer.dll <Not Verified; Neil Hodgson neilh@scintilla.org; Scintilla> 2007-07-10 17:51:18 352256 --a------ C:\WINNT\system32\libmng.dll 2007-07-10 17:51:18 368640 --a------ C:\WINNT\system32\js32.dll 2007-07-10 17:51:18 233472 --a------ C:\WINNT\system32\corona.dll 2007-07-10 17:51:18 618496 --a------ C:\WINNT\system32\audiere.dll <Not Verified; http://aegisknight.org/; audiere> 2007-07-10 17:17:43 0 --a------ C:\WINNT\a 2007-07-10 17:17:23 317952 -ra------ C:\WINNT\system32\Roboex32.dll <Not Verified; Blue Sky Software Corporation.; RoboHELP Classic> 2007-07-10 17:17:23 48640 -ra------ C:\WINNT\system32\INETWH32.DLL <Not Verified; Blue Sky Software; Blue Sky Software - INETWH32> -- Find3M Report --------------------------------------------------------------- 2007-08-07 14:46:23 0 d-------- C:\Program Files\Common Files\Symantec Shared 2007-08-07 10:26:24 1099632 ---h----- C:\WINNT\ShellIconCache 2007-08-06 18:31:32 504551 --a------ C:\WINNT\system32\Line Rider Theater.scr <Not Verified; Axialis Software; Axialis Screen Saver Producer> 2007-08-03 13:58:22 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-08-03 12:19:17 0 d-------- C:\Program Files\Pinnacle 2007-08-02 22:28:47 18 --a------ C:\WINNT\? 2007-08-02 21:05:24 0 d-------- C:\Program Files\Bethesda Softworks 2007-08-02 18:44:57 0 d-------- C:\Documents and Settings\Kenneth\Application Data\CoreFTP 2007-08-01 18:48:23 17250 --a------ C:\WINNT\mozver.dat 2007-07-25 13:34:21 0 d-------- C:\Program Files\Java 2007-07-23 20:30:27 0 d-------- C:\Program Files\Canon 2007-07-18 14:25:48 0 d-------- C:\Program Files\EA GAMES 2007-07-16 18:40:24 0 d-------- C:\Program Files\Norton Internet Security 2007-07-10 17:57:12 0 d-------- C:\Program Files\WMV9_VCM 2007-06-28 23:27:59 20898 --a------ C:\WINNT\system32\SpoonUninstall-dBpowerAMP Music Converter.dat 2007-06-28 23:27:59 164352 --a------ C:\WINNT\system32\SpoonUninstall.exe 2007-06-28 23:27:51 0 d-------- C:\Program Files\Illustrate 2007-06-28 23:21:15 0 d-------- C:\Program Files\Audacity 2007-06-28 23:21:15 0 d-------- C:\Documents and Settings\Kenneth\Application Data\Audacity 2007-06-28 12:15:32 0 d-------- C:\Documents and Settings\Kenneth\Application Data\IBP 2007-06-28 10:45:24 0 d-------- C:\Program Files\CamStudio 2007-06-26 22:24:59 0 d-------- C:\Program Files\POP Peeper 2007-06-25 09:05:58 0 d-------- C:\Program Files\Real 2007-06-22 11:59:16 0 d-------- C:\Documents and Settings\Kenneth\Application Data\MSNInstaller 2007-06-14 11:19:15 0 d-------- C:\Documents and Settings\Kenneth\Application Data\Atari 2007-06-14 09:10:52 0 d-------- C:\Program Files\AIM6 2007-06-12 21:23:26 0 d-a------ C:\Program Files\Common Files 2007-06-12 21:23:26 0 d-------- C:\Documents and Settings\Kenneth\Application Data\Netscape 2007-06-12 21:22:17 0 d-------- C:\Program Files\Netscape 2007-06-12 10:37:57 0 d-------- C:\Documents and Settings\Kenneth\Application Data\POP Peeper 2007-05-20 09:58:30 65536 --a------ C:\WINNT\IFinst27.exe 2007-05-12 21:22:33 169 --a------ C:\WINNT\system32\EUSOFT.SYS 2007-05-07 18:21:42 737280 --a------ C:\WINNT\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module> -- Registry Dump --------------------------------------------------------------- Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Synchronization Manager"="mobsync.exe" [06/19/03 02:05p C:\WINNT\system32\mobsync.exe] "Cmaudio"="cmicnfg.cpl" [] "NvCplDaemon"="C:\WINNT\System32\NvCpl.dll" [08/11/06 08:43p] "nwiz"="nwiz.exe" [08/11/06 08:43p C:\WINNT\system32\nwiz.exe] "NvMediaCenter"="C:\WINNT\System32\NvMcTray.dll" [08/11/06 08:43p] "Logitech Utility"="Logi_MwX.Exe" [11/07/03 04:50a C:\WINNT\LOGI_MWX.EXE] "NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [07/09/01 12:50p] "projselector"="C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" [10/16/03 05:25p] "RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [05/01/03 07:44p] "RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [10/16/03 09:15p] "RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [07/15/03 01:38p] "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [07/03/01 10:11a] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/08/07 06:03p] "SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [11/02/04 12:59p] "Profiler"="C:\Program Files\Saitek\Software\Profiler.exe" [01/28/04 10:19a] "SaiSmart"="C:\Program Files\Saitek\Software\SaiSmart.exe" [01/28/04 10:19a] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/16/07 11:54a] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/07 04:00a] "PPHIDPAD"="C:\WINPENJR\Win32\pphidpad.exe" [10/02/01 11:23a] "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [12/01/03 11:38a] "PinnacleDriverCheck"="C:\WINNT\system32\PSDrvCheck.exe" [03/10/04 04:26p] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [06/02/05 05:03p] "POP Peeper"="C:\Program Files\POP Peeper\POPPeeper.exe" [11/15/06 11:02p] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys] @="Driver" -- End of Deckard's System Scanner: finished at 2007-08-07 at 14:47:03 ---------

08-08-2007, 10:55 AM	#6 (permalink)
AWSOME Registered User Join Date: Oct 2006 Posts: 12 OS: Win2000	Re: Viruses and Trojans, Oh My! Pretty good for a guy who can't spell awesome, eh? Ok, I got the results! ComboFix 07-08-04.3 - "X" 08/08/2007 7:25:50.2 [GMT -5:00] - NTFS Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.True Command switches used :: C:\Documents and Settings\X\Desktop\CFScript.txt ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINNT\system32\blqnfcmi.dll C:\WINNT\system32\ysrhfgfd.exe ((((((((((((((((((((((((( Files Created from 2007-07-08 to 2007-08-08 ))))))))))))))))))))))))))))))) 2007-08-08 07:25 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_468.dat 2007-08-08 07:14 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_2cc.dat 2007-08-07 17:17 <DIR> d-------- C:\Program Files\HC 2007-08-07 08:30 <DIR> d-------- C:\DOCUME~1\X\APPLIC~1\fretsonfire 2007-08-06 14:37 51,200 --a------ C:\WINNT\nircmd.exe 2007-08-06 11:47 4,470 --a------ C:\WINNT\system32\tmp.reg 2007-08-06 11:46 53,248 --a------ C:\WINNT\system32\Process.exe 2007-08-06 11:46 51,200 --a------ C:\WINNT\system32\dumphive.exe 2007-08-06 11:46 288,417 --a------ C:\WINNT\system32\SrchSTS.exe 2007-08-06 10:53 3,968 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys 2007-08-06 10:53 <DIR> d-------- C:\Program Files\Trend Micro 2007-08-06 09:30 <DIR> d-------- C:\Deckard 2007-08-03 15:06 <DIR> d-------- C:\Program Files\Pinnacle Systems 2007-08-03 13:58 <DIR> d-------- C:\Program Files\SmartSound Software 2007-08-03 13:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SmartSound Software Inc 2007-08-03 13:19 81,920 --a------ C:\WINNT\system32\vdrmux.dll 2007-08-03 13:19 76,800 --a------ C:\WINNT\system32\Lfwmf13n.dll 2007-08-03 13:19 73,728 --a------ C:\WINNT\system32\MMAviAx.dll 2007-08-03 13:19 73,728 --a------ C:\WINNT\system32\lffax13n.dll 2007-08-03 13:19 65,536 --a------ C:\WINNT\system32\Lfpct13n.dll 2007-08-03 13:19 46,592 --a------ C:\WINNT\system32\vdrcodec.dll 2007-08-03 13:19 453,120 --a------ C:\WINNT\system32\ltkrn13n.dll 2007-08-03 13:19 44,544 --a------ C:\WINNT\system32\msxml4a.dll 2007-08-03 13:19 40,960 --a------ C:\WINNT\system32\langserv.dll 2007-08-03 13:19 393,216 --a------ C:\WINNT\system32\LFCMP13n.DLL 2007-08-03 13:19 32,768 --a------ C:\WINNT\system32\MLPagAx.dll 2007-08-03 13:19 30,208 --a------ C:\WINNT\system32\lfbmp13n.dll 2007-08-03 13:19 294,912 --a------ C:\WINNT\system32\pvmjpg21.dll 2007-08-03 13:19 278,016 --a------ C:\WINNT\system32\LFJ2K13n.dll 2007-08-03 13:19 24,576 --a------ C:\WINNT\system32\lftga13n.dll 2007-08-03 13:19 204,881 --a------ C:\WINNT\system32\DiskIO.dll 2007-08-03 13:19 18,432 --a------ C:\WINNT\system32\Cachex.dll 2007-08-03 13:19 155,721 --a------ C:\WINNT\system32\RALMain.dll 2007-08-03 13:19 153,088 --a------ C:\WINNT\system32\ltfil13n.DLL 2007-08-03 13:19 143,360 --a------ C:\WINNT\system32\lftif13n.dll 2007-08-03 13:19 114,759 --a------ C:\WINNT\system32\Aviprax.dll 2007-08-03 13:19 1,693,696 --a------ C:\WINNT\system32\LTCLR13n.dll 2007-08-03 13:12 61,440 --a------ C:\WINNT\system32\pclepim1.dll 2007-08-03 13:12 49,152 --a------ C:\WINNT\system32\PCLEGetGuid.dll 2007-08-03 13:12 406,016 --a------ C:\WINNT\system32\PSDrvCheck.exe 2007-08-03 13:12 19,456 --a------ C:\WINNT\system32\asapi.dll 2007-08-03 13:12 11,264 --a------ C:\WINNT\system32\drivers\asapiW2k.sys 2007-08-03 10:49 125,504 --a------ C:\WINNT\system32\cdcuscnb.dll 2007-08-03 09:59 <DIR> d-------- C:\Program Files\SmartSound Software Inc 2007-08-03 08:58 <DIR> d--h-c--- C:\WINNT\$SQLUninstallMDAC28-KB927779-x86-ENU$ 2007-08-02 11:18 1,110,528 --a------ C:\WINNT\system32\msxml3.dll 2007-08-02 11:16 33,340 --a------ C:\WINNT\system32\dbmsqlgc.dll 2007-08-02 11:15 <DIR> d-------- C:\Program Files\Microsoft SQL Server 2007-08-02 11:11 94,208 --a--c--- C:\WINNT\system32\dllcache\odbcint.dll 2007-08-02 11:11 94,208 --a------ C:\WINNT\system32\odbcint.dll 2007-08-02 11:11 90,112 --a--c--- C:\WINNT\system32\dllcache\msjro.dll 2007-08-02 11:11 73,728 --a--c--- C:\WINNT\system32\dllcache\msdaosp.dll 2007-08-02 11:11 73,728 --a------ C:\WINNT\system32\DBnetlib.dll 2007-08-02 11:11 73,728 --a------ C:\WINNT\system32\cliconfg.dll 2007-08-02 11:11 69,632 --a--c--- C:\WINNT\system32\dllcache\oledb32r.dll 2007-08-02 11:11 61,440 --a--c--- C:\WINNT\system32\dllcache\odbccu32.dll 2007-08-02 11:11 61,440 --a--c--- C:\WINNT\system32\dllcache\odbccr32.dll 2007-08-02 11:11 61,440 --a--c--- C:\WINNT\system32\dllcache\msadcf.dll 2007-08-02 11:11 61,440 --a------ C:\WINNT\system32\odbccu32.dll 2007-08-02 11:11 61,440 --a------ C:\WINNT\system32\odbccr32.dll 2007-08-02 11:11 53,248 --a--c--- C:\WINNT\system32\dllcache\msadrh15.dll 2007-08-02 11:11 53,248 --a--c--- C:\WINNT\system32\dllcache\msador15.dll 2007-08-02 11:11 507,904 --a--c--- C:\WINNT\system32\dllcache\msado15.dll 2007-08-02 11:11 49,152 --a--c--- C:\WINNT\system32\dllcache\msadcs.dll 2007-08-02 11:11 442,368 --a--c--- C:\WINNT\system32\dllcache\oledb32.dll 2007-08-02 11:11 44,032 --a--c--- C:\WINNT\system32\dllcache\msxml3r.dll 2007-08-02 11:11 44,032 --a------ C:\WINNT\system32\msxml3r.dll 2007-08-02 11:11 4,656 --a--c--- C:\WINNT\system32\dllcache\ds16gt.dll 2007-08-02 11:11 4,656 --a------ C:\WINNT\system32\ds16gt.dll 2007-08-02 11:11 4,096 --a--c--- C:\WINNT\system32\dllcache\msdaurl.dll 2007-08-02 11:11 4,096 --a--c--- C:\WINNT\system32\dllcache\msdasc.dll 2007-08-02 11:11 4,096 --a--c--- C:\WINNT\system32\dllcache\msdaer.dll 2007-08-02 11:11 4,096 --a--c--- C:\WINNT\system32\dllcache\msdaenum.dll 2007-08-02 11:11 4,096 --a--c--- C:\WINNT\system32\dllcache\msdadc.dll 2007-08-02 11:11 36,864 --a--c--- C:\WINNT\system32\dllcache\mscpxl32.dll 2007-08-02 11:11 36,864 --a------ C:\WINNT\system32\mscpxl32.dll 2007-08-02 11:11 32,768 --a--c--- C:\WINNT\system32\dllcache\odbcad32.exe 2007-08-02 11:11 32,768 --a--c--- C:\WINNT\system32\dllcache\msdfmap.dll 2007-08-02 11:11 32,768 --a------ C:\WINNT\system32\odbcad32.exe 2007-08-02 11:11 315,392 --a--c--- C:\WINNT\system32\dllcache\msadce.dll 2007-08-02 11:11 303,104 --a--c--- C:\WINNT\system32\dllcache\msdasql.dll 2007-08-02 11:11 28,672 --a------ C:\WINNT\system32\DBnmpntw.dll 2007-08-02 11:11 28,672 --a------ C:\WINNT\system32\dbmsgnet.dll 2007-08-02 11:11 26,224 --a--c--- C:\WINNT\system32\dllcache\odbc16gt.dll 2007-08-02 11:11 26,224 --a------ C:\WINNT\system32\odbc16gt.dll 2007-08-02 11:11 24,576 --a--c--- C:\WINNT\system32\dllcache\msxactps.dll 2007-08-02 11:11 24,576 --a--c--- C:\WINNT\system32\dllcache\msader15.dll 2007-08-02 11:11 24,576 --a--c--- C:\WINNT\system32\dllcache\msaddsr.dll 2007-08-02 11:11 24,576 --a------ C:\WINNT\system32\dbmsvinn.dll 2007-08-02 11:11 24,576 --a------ C:\WINNT\system32\dbmsrpcn.dll 2007-08-02 11:11 24,576 --a------ C:\WINNT\system32\dbmsadsn.dll 2007-08-02 11:11 225,280 --a--c--- C:\WINNT\system32\dllcache\msdaora.dll 2007-08-02 11:11 221,184 --a--c--- C:\WINNT\system32\dllcache\ODBC32.dll 2007-08-02 11:11 221,184 --a------ C:\WINNT\system32\ODBC32.dll 2007-08-02 11:11 20,480 --a--c--- C:\WINNT\system32\dllcache\msdatt.dll 2007-08-02 11:11 20,480 --a--c--- C:\WINNT\system32\dllcache\msadcer.dll 2007-08-02 11:11 20,480 --a------ C:\WINNT\system32\msorc32r.dll 2007-08-02 11:11 20,480 --a------ C:\WINNT\system32\cliconfg.exe 2007-08-02 11:11 192,512 --a--c--- C:\WINNT\system32\dllcache\msdaprst.dll 2007-08-02 11:11 188,416 --a--c--- C:\WINNT\system32\dllcache\msdaps.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 12/10/06 10:01p 271 ---h----- C:\Program Files\desktop.ini 12/10/06 10:01p 21952 ---h----- C:\Program Files\folder.htt 08/07/07 05:02p --------- d-------- C:\Program Files\Common Files\Symantec Shared 08/06/07 06:31p 504551 --a------ C:\WINNT\system32\Line Rider Theater.scr 08/03/07 12:19p --------- d-------- C:\Program Files\Pinnacle 08/03/07 01:58p --------- d--h----- C:\Program Files\InstallShield Installation Information 08/02/07 09:05p --------- d-------- C:\Program Files\Bethesda Softworks 08/02/07 06:44p --------- d-------- C:\DOCUME~1\X\APPLIC~1\CoreFTP 08/01/07 06:48p 17250 --a------ C:\WINNT\mozver.dat 07/23/07 08:30p --------- d-------- C:\Program Files\Canon 07/18/07 02:25p --------- d-------- C:\Program Files\EA GAMES 07/16/07 06:40p --------- d-------- C:\Program Files\Norton Internet Security 07/10/07 05:57p --------- d-------- C:\Program Files\WMV9_VCM 06/28/07 12:15p --------- d-------- C:\DOCUME~1\X\APPLIC~1\IBP 06/28/07 11:27p 20898 --a------ C:\WINNT\system32\SpoonUninstall-dBpowerAMP Music Converter.dat 06/28/07 11:27p 164352 --a------ C:\WINNT\system32\SpoonUninstall.exe 06/28/07 11:27p --------- d-------- C:\Program Files\Illustrate 06/28/07 11:21p --------- d-------- C:\Program Files\Audacity 06/28/07 11:21p --------- d-------- C:\DOCUME~1\X\APPLIC~1\Audacity 06/28/07 10:45a --------- d-------- C:\Program Files\CamStudio 06/26/07 10:24p --------- d-------- C:\Program Files\POP Peeper 06/25/07 09:05a --------- d-------- C:\Program Files\Real 06/22/07 11:59a --------- d-------- C:\DOCUME~1\X\APPLIC~1\MSNInstaller 06/14/07 11:19a --------- d-------- C:\DOCUME~1\X\APPLIC~1\Atari 06/14/07 09:10a --------- d-------- C:\Program Files\AIM6 06/12/07 10:37a --------- d-------- C:\DOCUME~1\X\APPLIC~1\POP Peeper 06/12/07 09:23p --------- d-------- C:\DOCUME~1\X\APPLIC~1\Netscape 06/12/07 09:22p --------- d-------- C:\Program Files\Netscape 05/20/07 09:58a 65536 --a------ C:\WINNT\IFinst27.exe 05/12/07 09:22p 169 --a------ C:\WINNT\system32\EUSOFT.SYS 01/01/25 06:38p --------- d-------- C:\DOCUME~1\X\APPLIC~1\Symantec 2007-03-16 15:16:46 56 --sha-r C:\WINNT\system32\E8D8992D70.sys 2007-03-20 01:23:33 1,890 --sha-w C:\WINNT\system32\KGyGaAvL.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Synchronization Manager"="mobsync.exe" [06/19/03 02:05p C:\WINNT\system32\mobsync.exe] "Cmaudio"="cmicnfg.cpl" [] "NvCplDaemon"="C:\WINNT\System32\NvCpl.dll" [08/11/06 08:43p] "nwiz"="nwiz.exe" [08/11/06 08:43p C:\WINNT\system32\nwiz.exe] "NvMediaCenter"="C:\WINNT\System32\NvMcTray.dll" [08/11/06 08:43p] "Logitech Utility"="Logi_MwX.Exe" [11/07/03 04:50a C:\WINNT\LOGI_MWX.EXE] "NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [07/09/01 12:50p] "projselector"="C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" [10/16/03 05:25p] "RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [05/01/03 07:44p] "RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [10/16/03 09:15p] "RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [07/15/03 01:38p] "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [07/03/01 10:11a] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/08/07 06:03p] "SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [11/02/04 12:59p] "Profiler"="C:\Program Files\Saitek\Software\Profiler.exe" [01/28/04 10:19a] "SaiSmart"="C:\Program Files\Saitek\Software\SaiSmart.exe" [01/28/04 10:19a] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/16/07 11:54a] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/07 04:00a] "PPHIDPAD"="C:\WINPENJR\Win32\pphidpad.exe" [10/02/01 11:23a] "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [12/01/03 11:38a] "PinnacleDriverCheck"="C:\WINNT\system32\PSDrvCheck.exe" [03/10/04 04:26p] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [06/02/05 05:03p] "POP Peeper"="C:\Program Files\POP Peeper\POPPeeper.exe" [11/15/06 11:02p] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys] @="Driver" R1 cdudf;cdudf;C:\WINNT\system32\drivers\cdudf.sys R1 DVDVRRdr;DVDVRRdr;C:\WINNT\system32\drivers\DVDVRRdr.sys R1 ppmoucls;ppmoucls;C:\WINNT\system32\DRIVERS\ppmoucls.sys R1 pptchpad;PenPower Touchpad;C:\WINNT\system32\DRIVERS\pptchpd5.sys R1 pwd_2k;pwd_2k;C:\WINNT\system32\drivers\pwd_2k.sys R1 UdfReadr;UdfReadr;C:\WINNT\system32\drivers\UdfReadr.sys R2 enodpl;enodpl;C:\WINNT\system32\drivers\enodpl.sys R2 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR;C:\Program Files\Bethesda Softworks\SV\PI\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR R2 tandpl;tandpl;C:\WINNT\system32\drivers\tandpl.sys R3 Cap7134;TVFM 503 WDM Video Capture;C:\WINNT\system32\DRIVERS\Cap7134.sys R3 cmuda;C-Media WDM Audio Interface;C:\WINNT\system32\drivers\cmuda.sys R3 dvd_2K;dvd_2K;C:\WINNT\system32\drivers\dvd_2K.sys R3 Icam4USB;Intel PC Camera Pro;C:\WINNT\system32\Drivers\Icam4USB.sys R3 itchfltr;iTouch Keyboard Filter;C:\WINNT\system32\DRIVERS\itchfltr.sys R3 LCcfltr;Logitech USB Filter Driver;C:\WINNT\system32\Drivers\LCcFltr.Sys R3 mmc_2K;mmc_2K;C:\WINNT\system32\drivers\mmc_2K.sys R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver;C:\WINNT\system32\drivers\msmpu401.sys R3 openhci;Microsoft USB Open Host Controller Driver;C:\WINNT\system32\DRIVERS\openhci.sys R3 SaiClass;SaiClass;C:\WINNT\system32\drivers\SaiNtBus.sys R3 SaiMini;SaiMini;C:\WINNT\system32\drivers\SaiMini.sys S3 EagleNT;EagleNT;\??\C:\WINNT\system32\drivers\EagleNT.sys S3 MPE;BDA MPE Filter;C:\WINNT\system32\DRIVERS\MPE.sys S3 NCHSSVAD;SoundTap Recorder;C:\WINNT\system32\drivers\nchssvad.sys S3 SaiNtHid;SaiNtHid;C:\WINNT\system32\DRIVERS\SaiNtHid.sys S3 SaiNtSub;SaiNtSub;C:\WINNT\system32\DRIVERS\SaiNtSub.sys S3 scrcap;scrcap;C:\WINNT\system32\DRIVERS\scrcap.sys S3 SiS630;SiS630;C:\WINNT\system32\DRIVERS\sis630p.sys S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR;C:\Program Files\Bethesda Softworks\SV\PI\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR S3 StillCam;Still Serial Digital Camera Driver;C:\WINNT\system32\DRIVERS\serscan.sys Contents of the 'Scheduled Tasks' folder 2006-12-17 12:07:14 C:\WINNT\Tasks\Norton AntiVirus - Scan my computer - Stan Siu.job - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe ************************************************************************ catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-08 07:30:52 Windows 5.0.2195 Service Pack 4 NTFS scanning hidden processes ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ Completion time: 08/08/2007 7:32:18 C:\ComboFix-quarantined-files.txt ... 08/08/07 07:31a C:\ComboFix2.txt ... 08/07/07 02:40p --- E O F --- Incident Status Location Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\inu8kwtn.default\cookies.txt[.advertising.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\inu8kwtn.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\inu8kwtn.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\inu8kwtn.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\inu8kwtn.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\inu8kwtn.default\cookies.txt[.trafficmp.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\inu8kwtn.default\cookies.txt[.fastclick.net/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\inu8kwtn.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\inu8kwtn.default\cookies.txt[.realmedia.com/] Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\inu8kwtn.default\cookies.txt[.adrevolver.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.go.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.ehg-dig.hitbox.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.com.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.2o7.net/] Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.adrevolver.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.advertising.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.statcounter.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.fastclick.net/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.overture.com/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.zedo.com/] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.atwola.com/] Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.hotlog.ru/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.realmedia.com/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.burstnet.com/] Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.bluestreak.com/] Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.toplist.cz/] Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\X\Application Data\Netscape\Navigator\Profiles\dvk8onsm.default\cookies.txt[.bravenet.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\X\Cookies\X@2o7[2].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\X\Cookies\X@ad.yieldmanager[1].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\X\Cookies\X@ads.pointroll[2].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\X\Cookies\X@advertising[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\X\Cookies\X@atdmt[2].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\X\Cookies\X@atwola[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\X\Cookies\X@doubleclick[1].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\X\Cookies\X@mediaplex[1].txt Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\X\Desktop\ComboFix.exe[nircmd.exe] Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINNT\nircmd.exe Spyware:Spyware/Virtumonde Not disinfected C:\WINNT\system32\cdcuscnb.dll Potentially unwanted tool:Application/Processor Not disinfected C:\WINNT\system32\Process.exe Deckard's System Scanner v20070804.61 Run by X on 2007-08-08 at 11:59:21 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as X.exe) --------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:59:28 AM, on 8/8/2007 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\hidserv.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Bethesda Softworks\SV\PI\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINNT\System32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINNT\system32\stisvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\MsPMSPSv.exe C:\WINNT\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINNT\system32\svchost.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe C:\Program Files\Saitek\Software\Profiler.exe C:\Program Files\Saitek\Software\SaiSmart.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINPENJR\Win32\pphidpad.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\POP Peeper\POPPeeper.exe C:\WINNT\explorer.exe C:\Program Files\Netscape\Navigator 9\navigator.exe C:\Internet download\Other\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\X.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\system32\PSDrvCheck.exe -CheckReg O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} - http://plug-in.reallusion.com/CrazyTalk4.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1176860841987 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/game...lugin10USA.cab O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 9547 bytes -- Files created between 2007-07-08 and 2007-08-08 ----------------------------- 2025-01-01 18:38:16 0 d-------- C:\Documents and Settings\X\Application Data\Symantec 2007-08-08 07:39:14 0 d-------- C:\WINNT\system32\ActiveScan 2007-08-08 07:25:50 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_468.dat 2007-08-08 07:14:38 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_2cc.dat 2007-08-07 17:17:49 0 d-------- C:\Program Files\HC 2007-08-07 08:30:33 0 d-------- C:\Documents and Settings\X\Application Data\fretsonfire 2007-08-06 11:47:00 4470 --a------ C:\WINNT\system32\tmp.reg 2007-08-06 11:46:34 288417 --a------ C:\WINNT\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS> 2007-08-06 11:46:34 53248 --a------ C:\WINNT\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility> 2007-08-06 11:46:34 51200 --a------ C:\WINNT\system32\dumphive.exe 2007-08-06 11:22:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-08-06 10:53:37 0 d-------- C:\Program Files\Trend Micro 2007-08-03 1514 0 d-------- C:\Program Files\Pinnacle Systems 2007-08-03 13:58:10 0 d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc 2007-08-03 13:58:09 0 d-------- C:\Program Files\SmartSound Software 2007-08-03 13:19:36 155721 --a------ C:\WINNT\system32\RALMain.dll <Not Verified; Pinnacle Systems GmbH; Register Abstraction Layer> 2007-08-03 13:19:36 204881 --a------ C:\WINNT\system32\DiskIO.dll <Not Verified; Pinnacle Systems GmbH; Media File Sequencer> 2007-08-03 13:19:35 81920 --a------ C:\WINNT\system32\vdrmux.dll <Not Verified; Pinnacle Systems; Pinnacle Systems vdrmux> 2007-08-03 13:19:35 46592 --a------ C:\WINNT\system32\vdrcodec.dll <Not Verified; Pinnacle Systems; Studio 600> 2007-08-03 13:19:35 294912 --a------ C:\WINNT\system32\pvmjpg21.dll <Not Verified; Pegasus Imaging Corporation; PICVideo> 2007-08-03 13:19:34 44544 --a------ C:\WINNT\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1> 2007-08-03 13:19:34 73728 --a------ C:\WINNT\system32\MMAviAx.dll <Not Verified; Pinnacle Systems GmbH; miroVIDEO MFP> 2007-08-03 13:19:34 32768 --a------ C:\WINNT\system32\MLPagAx.dll <Not Verified; Pinnacle Systems GmbH; MLPag DLL> 2007-08-03 13:19:34 40960 --a------ C:\WINNT\system32\langserv.dll <Not Verified; Pinnacle Systems GmbH; miroVIDEO LangServ> 2007-08-03 13:19:34 18432 --a------ C:\WINNT\system32\Cachex.dll <Not Verified; Pinnacle Systems GmbH; Cache DLL> 2007-08-03 13:19:34 114759 --a------ C:\WINNT\system32\Aviprax.dll <Not Verified; Pinnacle Systems GmbH; miroVIDEO AFP> 2007-08-03 13:12:56 11264 --a------ C:\WINNT\system32\drivers\asapiW2k.sys <Not Verified; Pinnacle Systems GmbH; asapi> 2007-08-03 13:12:54 406016 --a------ C:\WINNT\system32\PSDrvCheck.exe 2007-08-03 13:12:53 19456 --a------ C:\WINNT\system32\asapi.dll <Not Verified; VoB Computersysteme GmbH; > 2007-08-03 13:12:12 61440 --a------ C:\WINNT\system32\pclepim1.dll <Not Verified; Pinnacle Systems; Microsoft Windows> 2007-08-03 13:12:09 49152 --a------ C:\WINNT\system32\PCLEGetGuid.dll <Not Verified; Pinnacle Systems; Guid_dll> 2007-08-03 10:49:09 125504 --a------ C:\WINNT\system32\cdcuscnb.dll 2007-08-03 09:59:13 0 d-------- C:\Program Files\SmartSound Software Inc 2007-08-03 08:58:47 0 d--h---c- C:\WINNT\$SQLUninstallMDAC28-KB927779-x86-ENU$ 2007-08-02 11:45:41 0 --a------ C:\WINNT\2 2007-08-02 11:42:16 18 --a------ C:\WINNT\? 2007-08-02 11:15:29 0 d-------- C:\Program Files\Microsoft SQL Server 2007-07-27 09:35:33 0 d-------- C:\Program Files\notepad2 2007-07-24 16:26:17 0 d-------- C:\Program Files\Qualcomm 2007-07-22 16:57:47 0 d-------- C:\Program Files\Virtools 2007-07-21 22:17:38 0 d-------- C:\WINNT\Simpson Backround 2007-07-18 18:38:16 0 d-------- C:\Program Files\Mozilla Thunderbird 2007-07-18 14:36:00 595 --a------ C:\WINNT\eReg.dat 2007-07-15 2324 0 d-------- C:\Program Files\Three Rings Design 2007-07-15 23:00:02 0 d-------- C:\Documents and Settings\X\Application Data\yoclient 2007-07-13 20:22:13 0 d-------- C:\Program Files\DivX 2007-07-12 10:01:55 83968 --a------ C:\WINNT\UnGins.exe 2007-07-11 09:19:22 0 d-------- C:\Program Files\Toolkit3 2007-07-11 08:38:47 283862 --a------ C:\WINNT\system32\smpeg.dll 2007-07-11 08:38:47 310849 --a------ C:\WINNT\system32\SDL_ttf.dll 2007-07-11 08:38:47 396903 --a------ C:\WINNT\system32\SDL_mixer.dll 2007-07-11 08:38:47 211033 --a------ C:\WINNT\system32\SDL_image.dll 2007-07-11 08:38:47 335629 --a------ C:\WINNT\system32\SDL.dll 2007-07-10 17:51:18 53248 --a------ C:\WINNT\system32\zlib.dll <Not Verified; ; ZLib.DLL> 2007-07-10 17:51:18 356352 --a------ C:\WINNT\system32\SciLexer.dll <Not Verified; Neil Hodgson neilh@scintilla.org; Scintilla> 2007-07-10 17:51:18 352256 --a------ C:\WINNT\system32\libmng.dll 2007-07-10 17:51:18 368640 --a------ C:\WINNT\system32\js32.dll 2007-07-10 17:51:18 233472 --a------ C:\WINNT\system32\corona.dll 2007-07-10 17:51:18 618496 --a------ C:\WINNT\system32\audiere.dll <Not Verified; http://aegisknight.org/; audiere> 2007-07-10 17:17:43 0 --a------ C:\WINNT\a 2007-07-10 17:17:23 317952 -ra------ C:\WINNT\system32\Roboex32.dll <Not Verified; Blue Sky Software Corporation.; RoboHELP Classic> 2007-07-10 17:17:23 48640 -ra------ C:\WINNT\system32\INETWH32.DLL <Not Verified; Blue Sky Software; Blue Sky Software - INETWH32> -- Find3M Report --------------------------------------------------------------- 2007-08-08 10:18:14 0 d-------- C:\Program Files\QuickTime 2007-08-08 10:11:41 0 d-------- C:\Program Files\Norton Internet Security 2007-08-08 09:53:34 0 d-------- C:\Program Files\inXile entertainment 2007-08-08 09:53:33 504551 --a------ C:\WINNT\system32\Line Rider Theater.scr <Not Verified; Axialis Software; Axialis Screen Saver Producer> 2007-08-08 09:36:05 0 d-------- C:\Program Files\Common Files\Symantec Shared 2007-08-07 21:15:08 1100842 ---h----- C:\WINNT\ShellIconCache 2007-08-03 13:58:22 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-08-03 12:19:17 0 d-------- C:\Program Files\Pinnacle 2007-08-02 22:28:47 18 --a------ C:\WINNT\? 2007-08-02 21:05:24 0 d-------- C:\Program Files\Bethesda Softworks 2007-08-02 18:44:57 0 d-------- C:\Documents and Settings\X\Application Data\CoreFTP 2007-08-01 18:48:23 17250 --a------ C:\WINNT\mozver.dat 2007-07-25 13:34:21 0 d-------- C:\Program Files\Java 2007-07-23 20:30:27 0 d-------- C:\Program Files\Canon 2007-07-18 14:25:48 0 d-------- C:\Program Files\EA GAMES 2007-07-10 17:57:12 0 d-------- C:\Program Files\WMV9_VCM 2007-06-28 23:27:59 20898 --a------ C:\WINNT\system32\SpoonUninstall-dBpowerAMP Music Converter.dat 2007-06-28 23:27:59 164352 --a------ C:\WINNT\system32\SpoonUninstall.exe 2007-06-28 23:27:51 0 d-------- C:\Program Files\Illustrate 2007-06-28 23:21:15 0 d-------- C:\Program Files\Audacity 2007-06-28 23:21:15 0 d-------- C:\Documents and Settings\X\Application Data\Audacity 2007-06-28 12:15:32 0 d-------- C:\Documents and Settings\X\Application Data\IBP 2007-06-28 10:45:24 0 d-------- C:\Program Files\CamStudio 2007-06-26 22:24:59 0 d-------- C:\Program Files\POP Peeper 2007-06-25 09:05:58 0 d-------- C:\Program Files\Real 2007-06-22 11:59:16 0 d-------- C:\Documents and Settings\X\Application Data\MSNInstaller 2007-06-14 11:19:15 0 d-------- C:\Documents and Settings\X\Application Data\Atari 2007-06-14 09:10:52 0 d-------- C:\Program Files\AIM6 2007-06-12 21:23:26 0 d-a------ C:\Program Files\Common Files 2007-06-12 21:23:26 0 d-------- C:\Documents and Settings\X\Application Data\Netscape 2007-06-12 21:22:17 0 d-------- C:\Program Files\Netscape 2007-06-12 10:37:57 0 d-------- C:\Documents and Settings\X\Application Data\POP Peeper 2007-05-20 09:58:30 65536 --a------ C:\WINNT\IFinst27.exe 2007-05-12 21:22:33 169 --a------ C:\WINNT\system32\EUSOFT.SYS -- Registry Dump --------------------------------------------------------------- Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Synchronization Manager"="mobsync.exe" [06/19/03 02:05p C:\WINNT\system32\mobsync.exe] "Cmaudio"="cmicnfg.cpl" [] "NvCplDaemon"="C:\WINNT\System32\NvCpl.dll" [08/11/06 08:43p] "nwiz"="nwiz.exe" [08/11/06 08:43p C:\WINNT\system32\nwiz.exe] "NvMediaCenter"="C:\WINNT\System32\NvMcTray.dll" [08/11/06 08:43p] "Logitech Utility"="Logi_MwX.Exe" [11/07/03 04:50a C:\WINNT\LOGI_MWX.EXE] "NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [07/09/01 12:50p] "projselector"="C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" [10/16/03 05:25p] "RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [05/01/03 07:44p] "RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [10/16/03 09:15p] "RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [07/15/03 01:38p] "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [07/03/01 10:11a] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/08/07 06:03p] "SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [11/02/04 12:59p] "Profiler"="C:\Program Files\Saitek\Software\Profiler.exe" [01/28/04 10:19a] "SaiSmart"="C:\Program Files\Saitek\Software\SaiSmart.exe" [01/28/04 10:19a] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/16/07 11:54a] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/07 04:00a] "PPHIDPAD"="C:\WINPENJR\Win32\pphidpad.exe" [10/02/01 11:23a] "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [12/01/03 11:38a] "PinnacleDriverCheck"="C:\WINNT\system32\PSDrvCheck.exe" [03/10/04 04:26p] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [06/02/05 05:03p] "POP Peeper"="C:\Program Files\POP Peeper\POPPeeper.exe" [11/15/06 11:02p] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys] @="Driver" -- End of Deckard's System Scanner: finished at 2007-08-08 at 12:00:32 ---------

08-08-2007, 11:06 PM	#7 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,606 OS: WinXP and Vista	Re: Viruses and Trojans, Oh My! One more file left (this is why we run online scans as well. ) Please ensure Hidden files and folders are viewable: Go to My Computer->Tools->Folder Options->View tab: * Under the Hidden files and folders heading: * select Show hidden files and folders. * Uncheck Hide protected operating system files (recommended) option. Also, make sure there is no checkmark beside Hide file extensions for known file types. Click OK. -------------------------------------------------------------------- Using 'My Computer', navigate to and delete the following File C:\WINNT\system32\ cdcuscnb.dll -------------------------------------------------------------------- You have a lot of undesirable cookis in FireFox, Netscape and IE. Run AVG A-S--it should take care of those for you. If not, clear them yourself via each browsers' Tools>Internet Options You're good to go. If there aren't any more problems, please continue with these final instructions and helpful links: Reset hidden/system files and folders =============== Click Start. * Open My Computer. * Select the Tools menu and click Folder Options. * Select the View tab. * Deselect the Show hidden files and folders option. * Select the Hide file extensions for known types option. * Select the Hide protected operating system files option. Click Yes to confirm. Click OK. Ensure Windows Auto Update is Enabled Go to Start>Run* - type wuaucpl.cpl Tick on the checkbox - "Automatically download the updates, and install them on the schedule that I specify". Click on "OK". *********************************************************************************** To help protect your computer in the future I recommend that you get the following free programs if you do not already have them: McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad. IE-SPYAD.EXE to block access to malicious websites so you cannot be redirected to them from an infected site or email. IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. This is a self-extracting .ZIP file, save it to your desktop. Once downloaded, double-click on it to extract the files inside (default dir is C:\IE-SPYAD) Now navigate to C:\ie-spyad. Double click to open it. From within the folder, double-click install.bat Select Option #2 - Install the new IE-SPYAD list, by typing 2 Then return to the main menu. Select option #4 - Add the old porn sites domain, by typing 4 Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released. In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles: PC Safety and Security--What Do I Need? HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein THE ANTI-SPYWARE TUTORIAL MAKING INTERNET EXPLORER SAFER Understanding and Using Firewalls Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them. ----------------------------------------------------- Follow the list above and the potential for infection will reduce dramatically. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

08-09-2007, 07:53 AM	#8 (permalink)
AWSOME Registered User Join Date: Oct 2006 Posts: 12 OS: Win2000	Re: Viruses and Trojans, Oh My! Teehee, when I was about to delete that file, my nortan anti-virus popped in and deleted it for me! Thank you so much! You have been a great help!

08-09-2007, 07:57 AM	#9 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,606 OS: WinXP and Vista	Re: Viruses and Trojans, Oh My! You're quite welcome. Take care, AWSOME. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."