Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Possible Threat
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 08-06-2007, 09:59 AM   #1 (permalink)
Register user
 
Join Date: Mar 2007
Location: Tech Support Forum, Online - Otherwise Brighton, United Kingdom
Posts: 2,186
OS: Dual Booting - Windows XP Home Edition SP2 & Vista Home Premium

My System

Send a message via MSN to Jaymie1989
Possible Threat
Hi,

After using the laptop for a few hours i saw this trying to get through the firewall, ("WinXpUpdate32.exe") from "C:\WINDOWS\system32\WinXpUpdate32.exe" its not just once that it comes up its loads, its the same file (the is only one of them) for the time being I have blocked it, but the description on the firewall before it asks me to allow or block.


EDIT - Please Help

Thanks,

Jay

On the picture of the file and where it says blocked the 2 any's are Destination and port.
Attached Images
File Type: jpg 1.JPG (6.8 KB, 4 views)
File Type: jpg 2.JPG (11.7 KB, 8 views)
Last edited by Jaymie1989; 08-06-2007 at 10:09 AM.
Jaymie1989 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 08-06-2007, 09:29 PM   #2 (permalink)
Analyst, Security Team
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,942
OS: Windows 7 Ultimate


Re: Possible Threat
Hello,

Lets try an online virus scan of the file.


Please go to: VirusTotal
  • On the page you'll find a "Browse" button.
  • Next to the browse button you'll see a box to enter text.
  • Please copy/paste the following in BOLD:

    C:\WINDOWS\system32\WinXpUpdate32.exe
  • Then click the "Send File" button just below.
  • This will scan the file. Please be patient.
  • Once scanned, copy and paste the results in your next reply.

If VirusTotal is busy, try the same at Jotti
__________________


Proud Member of ASAP
Proud Member of UNITE

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
forhockey is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-06-2007, 10:10 PM   #3 (permalink)
Register user
 
Join Date: Mar 2007
Location: Tech Support Forum, Online - Otherwise Brighton, United Kingdom
Posts: 2,186
OS: Dual Booting - Windows XP Home Edition SP2 & Vista Home Premium

My System

Send a message via MSN to Jaymie1989
Re: Possible Threat
Hi,

Thanks for this.

Jotti's Results are
Quote:
Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1

File to upload & scan:
Service
Service load: 0% 100%

File: WinXpUpdate32.exe
Status: POSSIBLY INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)
MD5: 82b4b84dfaacd97814f947bf0d1026b7
Packers detected: -
Bit9 reports: File not found

Scanner results
Scan taken on 07 Aug 2007 04:03:03 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found Win32:SdBot-3700
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
Shame i cannot scan my whole computer like that

VirusTotal's Results

Quote:
File WinXpUpdate32.exe received on 08.07.2007 06:02:29 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 4/32 (12.5%)
Loading server information...
Your file is queued in position: 3.
Estimated start time is between 52 and 75 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or do not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 2007.8.3.0 2007.08.07 -
AntiVir 7.4.0.57 2007.08.06 -
Authentium 4.93.8 2007.08.06 -
Avast 4.7.1029.0 2007.08.06 Win32:SdBot-3700
AVG 7.5.0.476 2007.08.06 -
BitDefender 7.2 2007.08.07 -
CAT-QuickHeal 9.00 2007.08.06 -
ClamAV 0.91 2007.08.07 -
DrWeb 4.33 2007.08.07 -
eSafe 7.0.15.0 2007.07.31 -
eTrust-Vet 31.1.5039 2007.08.07 -
Ewido 4.0 2007.08.06 -
FileAdvisor 1 2007.08.07 -
Fortinet 2.91.0.0 2007.08.07 -
F-Prot 4.3.2.48 2007.08.03 -
F-Secure 6.70.13030.0 2007.08.07 -
Ikarus T3.1.1.8 2007.08.06 Backdoor.VB.EV
Kaspersky 4.0.2.24 2007.08.07 -
McAfee 5091 2007.08.06 -
Microsoft 1.2704 2007.08.07 -
NOD32v2 2440 2007.08.06 -
Norman 5.80.02 2007.08.06 -
Panda 9.0.0.4 2007.08.06 -
Prevx1 V2 2007.08.07 -
Rising 19.35.10.00 2007.08.07 -
Sophos 4.19.0 2007.08.01 -
Sunbelt 2.2.907.0 2007.08.04 VIPRE.Suspicious
Symantec 10 2007.08.07 -
TheHacker 6.1.7.163 2007.08.07 -
VBA32 3.12.2.2 2007.08.04 -
VirusBuster 4.3.26:9 2007.08.06 -
Webwasher-Gateway 6.0.1 2007.08.07 Win32.Malware.gen (suspicious)
Additional information
File size: 2194944 bytes
MD5: 82b4b84dfaacd97814f947bf0d1026b7
SHA1: 4f07679c4a901b723333db00045555b145deeb73
packers: Themida
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.
Hope it helps.
Jaymie1989 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-06-2007, 10:35 PM   #4 (permalink)
Analyst, Security Team
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,942
OS: Windows 7 Ultimate


Re: Possible Threat
I want to take a closer look at this file.

Download combofix from here

**Save it directly to your desktop**

Open notepad and copy/paste the text in the quotebox below into it:

Code:
http://www.techsupportforum.com/security-center/general-computer-security/172416-possible-threat.html

Suspect::
C:\WINDOWS\system32\WinXpUpdate32.exe
Save this as CFScript




Refering to the picture above, drag CFScript into ComboFix.exe

Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

Ensure you are connected to the internet and click OK. A browser will open. Simply follow the instructions to copy/paste/send the requested file.
__________________


Proud Member of ASAP
Proud Member of UNITE

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
forhockey is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-07-2007, 04:40 AM   #5 (permalink)
Register user
 
Join Date: Mar 2007
Location: Tech Support Forum, Online - Otherwise Brighton, United Kingdom
Posts: 2,186
OS: Dual Booting - Windows XP Home Edition SP2 & Vista Home Premium

My System

Send a message via MSN to Jaymie1989
Re: Possible Threat
Im guessing that you need the log??

log.txt


Do you need the .Zip file its got the catchme.log?

here is the catchme.log.txt Catchmelog.txt

and winxpupdate32.exe.vir (Which if im right is the virus?)

Hope this helps?

I think its removed.
Jaymie1989 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-07-2007, 07:52 PM   #6 (permalink)
Analyst, Security Team
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,942
OS: Windows 7 Ultimate


Re: Possible Threat
Hi Jaymie1989,

Your thread has been moved here for further analyzing.


You may wish to Subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

--------------------------------------------------------------

Please Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
  5. Please attach extra.txt to your post.
To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\Deckard\System Scanner\extra.txt
  3. Click Upload.
What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

---------------------------------------------------------------------------------------------

Please include the following in your next reply:

C:\Deckard\System Scanner\main.txt
C:\Deckard\System Scanner\extra.txt - Attached please
__________________


Proud Member of ASAP
Proud Member of UNITE

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
forhockey is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-08-2007, 10:46 AM   #7 (permalink)
Register user
 
Join Date: Mar 2007
Location: Tech Support Forum, Online - Otherwise Brighton, United Kingdom
Posts: 2,186
OS: Dual Booting - Windows XP Home Edition SP2 & Vista Home Premium

My System

Send a message via MSN to Jaymie1989
Re: Possible Threat
Hi,

Thanks,

Deckard's System Scanner v20070807.62
Run by Leanne on 2007-08-08 at 17:33:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
17: 2007-08-08 16:33:07 UTC - RP17 - Deckard's System Scanner Restore Point
16: 2007-08-08 00:59:07 UTC - RP16 - Software Distribution Service 3.0
15: 2007-08-07 23:05:09 UTC - RP15 - Installed Eset Smart Security
14: 2007-08-07 21:45:20 UTC - RP14 - Installed J2SE Runtime Environment 5.0 Update 3
13: 2007-08-07 10:21:53 UTC - RP13 - ComboFix created restore point


-- First Restore Point --
1: 2007-08-05 14:50:46 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Leanne.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:35:07, on 08/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Access Remote PC 4.12.2\rpcsetup.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Eset\Eset Smart Security\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Eset\Eset Smart Security\egui.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Leanne\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Leanne.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\Eset\Eset Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\RunServices: [WinXpUpdate32] WinXpUpdate32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1185729113308
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5...ndows-i586.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O20 - Winlogon Notify: winzzc32 - winzzc32.dll (file missing)
O23 - Service: Access Remote PC Service 4.12.2 - Access Remote PC (www.access-remote-pc.com) - C:\Program Files\Access Remote PC 4.12.2\rpcsetup.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Eset Service (ekrn) - Eset - C:\Program Files\Eset\Eset Smart Security\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8727 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 easdrv - c:\windows\system32\drivers\easdrv.sys <Not Verified; Eset; Eset Smart Security>
R1 epfwtdi - c:\windows\system32\drivers\epfwtdi.sys <Not Verified; Eset; Eset Smart Security>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.10.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.10.0>
R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.0.1.1500>
R2 eamon - c:\windows\system32\drivers\eamon.sys <Not Verified; Eset; NOD32 Antivirus System>
R2 epfw - c:\windows\system32\drivers\epfw.sys <Not Verified; Eset; Eset Smart Security>
R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys <Not Verified; Conexant; Diagnostic Interface x86 Driver>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 Epfwndis (Eset Personal Firewall) - c:\windows\system32\drivers\epfwndis.sys
R3 HSF_DPV - c:\windows\system32\drivers\hsf_dpv.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 HSFHWAZL - c:\windows\system32\drivers\hsfhwazl.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>

S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys (file missing)
S3 catchme - c:\docume~1\leanne\locals~1\temp\catchme.sys (file missing)
S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Access Remote PC Service 4.12.2 - "c:\program files\access remote pc 4.12.2\rpcsetup.exe" /service <Not Verified; Access Remote PC (www.access-remote-pc.com); Access Remote PC>
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>

S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 Symantec Core LC - "c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 440x 10/100 Integrated Controller
Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_00901025&REV_02\4&6B16D5B&0&08F0
Manufacturer: Broadcom
Name: Broadcom 440x 10/100 Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_00901025&REV_02\4&6B16D5B&0&08F0
Service: bcm4sbxp

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI FLASH Memory
Device ID: PCI\VEN_1524&DEV_0530&SUBSYS_00901025&REV_01\4&6B16D5B&0&21F0
Manufacturer:
Name: PCI FLASH Memory
PNP Device ID: PCI\VEN_1524&DEV_0530&SUBSYS_00901025&REV_01\4&6B16D5B&0&21F0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI FLASH Memory
Device ID: PCI\VEN_1524&DEV_0520&SUBSYS_00901025&REV_01\4&6B16D5B&0&23F0
Manufacturer:
Name: PCI FLASH Memory
PNP Device ID: PCI\VEN_1524&DEV_0520&SUBSYS_00901025&REV_01\4&6B16D5B&0&23F0
Service:


-- Scheduled Tasks -------------------------------------------------------------

2007-08-08 17:21:40 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job


-- Files created between 2007-07-08 and 2007-08-08 -----------------------------

2007-08-08 17:34:53 0 d-------- C:\Program Files\Trend Micro
2007-08-08 00:12:52 0 d-------- C:\Documents and Settings\Leanne\Application Data\Eset
2007-08-08 00:07:12 0 d-------- C:\WINDOWS\system32\eScan
2007-08-08 00:01:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Eset
2007-08-07 22:50:23 0 d-------- C:\Documents and Settings\Leanne\.housecall6.6
2007-08-07 22:50:00 0 d-------- C:\WINDOWS\Sun
2007-08-07 22:49:59 0 d-------- C:\Documents and Settings\Leanne\Application Data\Sun
2007-08-07 22:47:53 0 d-------- C:\Program Files\Java
2007-08-07 22:45:22 0 d-------- C:\Program Files\Common Files\Java
2007-08-07 22:41:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-08-07 22:41:18 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-07 22:40:12 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-08-07 04:55:45 0 dr-h----- C:\Documents and Settings\Leanne\Recent
2007-08-06 23:57:52 0 d-------- C:\Documents and Settings\Leanne\Application Data\CyberPatrol Client
2007-08-06 22:32:37 0 d-------- C:\Documents and Settings\Leanne\Application Data\Babylon
2007-08-06 22:32:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Babylon
2007-08-06 19:31:27 0 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2007-08-06 18:10:59 0 d-------- C:\Program Files\Lavalys
2007-08-06 11:55:03 49152 --a------ C:\WINDOWS\system32\Nod32cc.exe <Not Verified; CIN; nod>
2007-08-06 03:32:16 0 d-------- C:\Documents and Settings\Leanne\Application Data\Comodo
2007-08-06 03:32:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-08-06 03:31:40 0 d-------- C:\Program Files\Comodo
2007-08-06 00:09:34 0 d-------- C:\Documents and Settings\Leanne\Application Data\WinWay
2007-08-05 23:23:14 0 d-------- C:\WINDOWS\system32\winsecurityxp
2007-08-05 22:46:47 0 d-------- C:\Program Files\CV Writer
2007-08-05 21:50:59 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-08-05 20:39:41 0 d-------- C:\Program Files\Microsoft Works
2007-08-05 1516 0 d-------- C:\WINDOWS\NU_DATA
2007-08-04 23:05:37 0 d-------- C:\Program Files\Common Files\Download Manager
2007-08-04 20:04:45 0 d-------- C:\Program Files\PC Wizard 2007
2007-08-04 20:01:01 0 d-------- C:\Documents and Settings\Leanne\Application Data\Adobe
2007-08-04 18:21:57 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-08-04 15:40:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2007-08-04 15:38:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-08-04 15:37:21 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-08-04 15:37:21 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-08-04 15:37:21 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-08-04 15:37:21 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-08-04 15:37:21 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-08-04 15:37:19 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-08-04 15:37:19 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-08-04 15:37:19 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-08-04 15:37:19 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-08-04 15:37:19 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-08-04 15:37:18 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-08-04 15:37:18 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-08-04 15:37:17 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-08-04 15:36:58 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-08-04 15:28:26 0 d-------- C:\Documents and Settings\Leanne\Application Data\Grisoft
2007-08-04 1510 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-08-03 23:54:52 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-03 18:21:05 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2007-08-02 19:11:48 0 d-------- C:\Program Files\Microsoft.NET
2007-08-02 14:40:42 0 d-------- C:\CCleaner Backups
2007-08-01 15:05:11 532480 --a------ C:\WINDOWS\system32\The Simpsons Movie - Sleeping Homer.scr <Not Verified; ScreenTime Media; ScreenTime For Flash>
2007-08-01 15:05:10 0 d-------- C:\WINDOWS\system32\The Simpsons Movie - Sleeping Homer dir
2007-07-31 20:20:36 0 d-------- C:\Documents and Settings\Leanne\Application Data\CoreFTP
2007-07-31 20:19:59 0 d-------- C:\Program Files\CoreFTP
2007-07-31 02:46:53 0 d-------- C:\Documents and Settings\Leanne\Application Data\Ahead
2007-07-31 02:43:54 0 d-------- C:\Program Files\Nero
2007-07-31 02:43:54 0 d-------- C:\Program Files\Common Files\Ahead
2007-07-31 02:43:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-07-30 20:24:32 0 d-------- C:\Program Files\Access Remote PC 4.12.2
2007-07-30 18:28:49 0 d-------- C:\Program Files\Windows Defender
2007-07-30 18:15:31 0 d-------- C:\Program Files\Common Files\Macromedia
2007-07-30 18:15:18 0 d-------- C:\Program Files\Macromedia
2007-07-30 18:15:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Macromedia
2007-07-30 16:53:03 0 d-------- C:\Documents and Settings\Leanne\Contacts
2007-07-30 16:40:16 0 d-------- C:\Program Files\Cleaner
2007-07-30 15:14:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-07-30 00:09:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-07-29 23:55:39 0 d-------- C:\Documents and Settings\Leanne\Application Data\DivX
2007-07-29 23:54:55 0 d-------- C:\Program Files\DivX
2007-07-29 23:47:18 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-07-29 23:47:11 0 d-------- C:\Program Files\Webroot
2007-07-29 23:47:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-07-29 23:46:39 0 d-------- C:\Documents and Settings\Leanne\Application Data\Webroot
2007-07-29 23:32:38 0 d-------- C:\Documents and Settings\Leanne\Application Data\Apple Computer
2007-07-29 23:32:24 0 d-------- C:\Program Files\iPod
2007-07-29 23:32:20 0 d-------- C:\Program Files\iTunes
2007-07-29 23:31:34 0 d-------- C:\Program Files\QuickTime
2007-07-29 23:31:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-07-29 23:31:17 0 d-------- C:\Program Files\Apple Software Update
2007-07-29 23:30:54 0 d-------- C:\Program Files\Common Files\Apple
2007-07-29 23:30:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-07-29 23:29:33 0 d-------- C:\Program Files\Windows Live
2007-07-29 23:29:32 0 d-------- C:\Program Files\Messenger Plus! Live
2007-07-29 23:28:01 0 d-------- C:\Program Files\Windows Live Favorites
2007-07-29 23:27:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-07-29 23:27:18 0 d-------- C:\Program Files\Windows Live Toolbar
2007-07-29 23:26:32 0 d-------- C:\Program Files\MSN Messenger
2007-07-29 23:03:48 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-07-29 22:57:30 0 d-------- C:\WINDOWS\system32\URTTEMP
2007-07-29 22:50:37 0 d-------- C:\Program Files\CONEXANT
2007-07-29 22:49:38 176128 --a------ C:\WINDOWS\system32\UCI32M16.dll <Not Verified; Conexant Systems, Inc.; Conexant Unified x86 Device CoInstaller>
2007-07-29 22:49:38 94208 --a------ C:\WINDOWS\system32\mdmxsdk.dll <Not Verified; Conexant; Diagnostic Interface x86 DLL>
2007-07-29 22:49:38 12672 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys <Not Verified; Conexant; Diagnostic Interface x86 Driver>
2007-07-29 22:49:38 209664 --a------ C:\WINDOWS\system32\drivers\HSFHWAZL.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
2007-07-29 22:49:38 988800 --a------ C:\WINDOWS\system32\drivers\HSF_DPV.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
2007-07-29 22:49:38 730112 --a------ C:\WINDOWS\system32\drivers\HSF_CNXT.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
2007-07-29 21:12:49 0 d-------- C:\Program Files\uTorrent
2007-07-29 21:12:45 0 d-------- C:\Documents and Settings\Leanne\Application Data\uTorrent
2007-07-29 21:10:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-07-29 21:10:45 0 d-------- C:\Program Files\Common Files\Adobe
2007-07-29 20:49:23 0 d-------- C:\Program Files\MSXML 6.0
2007-07-29 20:44:09 0 d-------- C:\WINDOWS\network diagnostic
2007-07-29 20:21:39 0 d-------- C:\Program Files\MSXML 4.0
2007-07-29 20:19:57 0 d-------- C:\Program Files\MSBuild
2007-07-29 20:16:39 0 d-------- C:\WINDOWS\system32\XPSViewer
2007-07-29 20:15:37 0 d-------- C:\Program Files\Reference Assemblies
2007-07-29 20:13:04 0 d-------- C:\Program Files\Windows Media Connect 2
2007-07-29 20:11:02 0 d-------- C:\WINDOWS\system32\LogFiles
2007-07-29 20:11:02 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-07-29 19:51:03 0 d-------- C:\WINDOWS\RegisteredPackages
2007-07-29 19:45:02 0 d-------- C:\Documents and Settings\Leanne\Application Data\Macromedia
2007-07-29 19:35:05 4093640704 --ahs---- C:\gobackio.bin
2007-07-29 19:33:57 0 d-------- C:\WINDOWS\Downloaded Installations
2007-07-29 19:23:58 0 d-------- C:\WINDOWS\SHELLNEW
2007-07-29 19:23:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-07-29 19:22:50 0 dr-h----- C:\MSOCache
2007-07-29 19:17:34 0 d-------- C:\Program Files\CCleaner
2007-07-29 19:13:29 0 d-------- C:\Program Files\RegCure
2007-07-29 19:12:42 0 d-------- C:\Documents and Settings\Leanne\Application Data\WinRAR
2007-07-29 19:09:25 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-07-29 18:17:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-07-29 18:13:53 0 d-------- C:\WINDOWS\system32\PreInstall
2007-07-29 18:11:17 0 d--hs---- C:\Documents and Settings\Leanne\UserData
2007-07-29 18:09:16 0 d-------- C:\WINDOWS\nview
2007-07-29 17:55:01 0 d-------- C:\NVIDIA
2007-07-29 17:53:03 0 d-------- C:\Documents and Settings\Leanne\Application Data\Intel
2007-07-29 17:52:51 21275 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.10.0>
2007-07-29 17:52:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Intel
2007-07-29 17:52:14 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-07-29 17:44:47 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-07-29 17:34:04 0 d-------- C:\WINDOWS\system32\Lang
2007-07-29 17:28:29 40960 -ra------ C:\WINDOWS\system32\ChCfg.exe
2007-07-29 17:28:10 0 d-------- C:\WINDOWS\system32\RTCOM
2007-07-29 17:27:24 0 d-------- C:\Program Files\Realtek
2007-07-29 17:27:23 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-29 17:27:18 487424 -ra------ C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2007-07-29 17:25:44 0 d-------- C:\Program Files\WIDCOMM
2007-07-29 17:23:50 0 d--hs---- C:\WINDOWS\Installer
2007-07-29 17:23:49 0 d-------- C:\Program Files\Common Files\ODBC
2007-07-29 17:23:45 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-07-29 17:23:44 0 dr------- C:\Program Files
2007-07-29 17:23:44 0 d-------- C:\Program Files\Common Files
2007-07-29 17:23:09 0 d--h----- C:\Documents and Settings\Default User\Templates
2007-07-29 17:23:09 0 dr------- C:\Documents and Settings\Default User\Start Menu
2007-07-29 17:23:09 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-07-29 17:23:09 0 d--h----- C:\Documents and Settings\Default User\Recent
2007-07-29 17:23:09 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2007-07-29 17:23:09 0 d--h----- C:\Documents and Settings\Default User\NetHood
2007-07-29 17:23:09 0 d-------- C:\Documents and Settings\Default User\My Documents
2007-07-29 17:23:09 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2007-07-29 17:23:09 0 d-------- C:\Documents and Settings\Default User\Favorites
2007-07-29 17:23:09 0 d-------- C:\Documents and Settings\Default User\Desktop
2007-07-29 17:23:09 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-07-29 17:23:09 0 d--h----- C:\Documents and Settings\All Users\Templates
2007-07-29 17:23:09 0 dr------- C:\Documents and Settings\All Users\Start Menu
2007-07-29 17:23:09 0 d-------- C:\Documents and Settings\All Users\Favorites
2007-07-29 17:23:09 0 dr------- C:\Documents and Settings\All Users\Documents
2007-07-29 17:23:09 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-07-29 17:22:52 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-07-29 17:22:52 0 d-------- C:\WINDOWS\system32\CatRoot
2007-07-29 17:22:46 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-07-29 17:22:46 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-07-29 17:22:46 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-07-29 17:22:46 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-07-29 17:22:10 0 d-------- C:\Documents and Settings
2007-07-29 17:22:09 0 d--hs---- C:\System Volume Information
2007-07-29 17:22:00 86016 --a------ C:\WINDOWS\system32\preflib.dll
2007-07-29 17:21:59 33664 --a------ C:\WINDOWS\system32\drivers\BCMWLNPF.SYS <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
2007-07-29 17:21:59 69632 --a------ C:\WINDOWS\system32\bcmwlpkt.dll <Not Verified; CACE Technologies; WinPcap low level packet library>
2007-07-29 17:21:58 18944 --a------ C:\WINDOWS\system32\WLTRYSVC.EXE
2007-07-29 17:21:58 2129920 --a------ C:\WINDOWS\system32\WLBCGCBPRO731.DLL <Not Verified; BCGSoft Ltd; BCGControlBar Professional Dynamic Link Library>
2007-07-29 17:21:58 757760 --a------ C:\WINDOWS\system32\bcm1xsup.dll
2007-07-29 17:21:57 0 d-------- C:\Program Files\Broadcom
2007-07-29 17:21:50 0 d-------- C:\Program Files\Common Files\InstallShield
2007-07-29 17:19:50 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2007-07-29 17:19:48 0 d-------- C:\Program Files\Intel
2007-07-29 17:12:48 0 d-------- C:\WINDOWS
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\WinSxS
2007-07-29 17:12:48 0 dr------- C:\WINDOWS\Web
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\twain_32
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\wins
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\wbem
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\usmt
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\spool
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\ShellExt
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\Setup
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\ras
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\oobe
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\npp
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\mui
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\inetsrv
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\IME
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\icsxml
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\ias
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\export
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\drivers
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-07-29 17:12:48 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\dhcp
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\config
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\3076
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\2052
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\1054
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\1042
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\1041
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\1037
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\1033
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\1031
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\1028
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\1025
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\security
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Resources
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\repair
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Provisioning
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\PeerNet
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\pchealth
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\mui
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\msapps
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\msagent
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Media
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\java
2007-07-29 17:12:48 0 d--h----- C:\WINDOWS\inf
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\ime
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Help
2007-07-29 17:12:48 0 dr--s---- C:\WINDOWS\Fonts
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Driver Cache
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Debug
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Cursors
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Connection Wizard
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Config
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\AppPatch
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\addins
2007-07-29 16:39:17 0 d-------- C:\Documents and Settings\Leanne\Application Data\Identities
2007-07-29 16:39:07 0 d--h----- C:\Documents and Settings\Leanne\Templates
2007-07-29 16:39:07 0 dr------- C:\Documents and Settings\Leanne\Start Menu
2007-07-29 16:39:07 0 dr-h----- C:\Documents and Settings\Leanne\SendTo
2007-07-29 16:39:07 0 d--h----- C:\Documents and Settings\Leanne\PrintHood
2007-07-29 16:39:07 2883584 --a------ C:\Documents and Settings\Leanne\NTUser.dat
2007-07-29 16:39:07 0 d--h----- C:\Documents and Settings\Leanne\NetHood
2007-07-29 16:39:07 0 dr------- C:\Documents and Settings\Leanne\My Documents
2007-07-29 16:39:07 0 d--h----- C:\Documents and Settings\Leanne\Local Settings
2007-07-29 16:39:07 0 dr------- C:\Documents and Settings\Leanne\Favorites
2007-07-29 16:39:07 0 d-------- C:\Documents and Settings\Leanne\Desktop
2007-07-29 16:39:07 0 d--hs---- C:\Documents and Settings\Leanne\Cookies
2007-07-29 16:39:07 0 dr-h----- C:\Documents and Settings\Leanne\Application Data
2007-07-29 16:38:20 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-07-29 16:38:17 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-07-29 16:38:17 0 d-------- C:\WINDOWS\Prefetch
2007-07-29 16:38:16 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-07-29 16:38:16 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2007-07-29 16:38:16 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2007-07-29 16:38:16 0 d-------- C:\Documents and Settings\LocalService\Application Data
2007-07-29 16:38:16 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-07-29 16:37:58 262144 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-07-29 16:37:58 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2007-07-29 16:37:58 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2007-07-29 16:37:58 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-07-29 16:37:58 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-07-29 16:34:40 0 d-------- C:\WINDOWS\system32\xircom
2007-07-29 16:34:40 0 d-------- C:\Program Files\microsoft frontpage
2007-07-29 16:34:36 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-07-29 16:34:33 0 d--h----- C:\WINDOWS\$hf_mig$
2007-07-29 16:34:17 0 -rahs---- C:\MSDOS.SYS
2007-07-29 16:34:17 0 -rahs---- C:\IO.SYS
2007-07-29 16:34:17 0 --a------ C:\CONFIG.SYS
2007-07-29 16:34:17 0 --a------ C:\AUTOEXEC.BAT
2007-07-29 16:33:23 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-07-29 16:33:14 0 dr------- C:\WINDOWS\Offline Web Pages
2007-07-29 16:33:14 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-07-29 16:33:03 0 d--h----- C:\Program Files\WindowsUpdate
2007-07-29 16:32:39 0 d-------- C:\WINDOWS\system32\DirectX
2007-07-29 16:32:01 0 d---s---- C:\WINDOWS\Tasks
2007-07-29 16:32:00 0 d-------- C:\Program Files\Common Files\MSSoap
2007-07-29 16:31:56 0 d-------- C:\WINDOWS\srchasst
2007-07-29 16:31:55 0 d-------- C:\WINDOWS\system32\Macromed
2007-07-29 16:31:46 0 d-------- C:\Program Files\Movie Maker
2007-07-29 16:31:37 0 d-------- C:\WINDOWS\system32\Restore
2007-07-29 16:31:15 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-07-29 16:30:55 0 d-------- C:\WINDOWS\Registration
2007-07-29 16:30:26 0 d-------- C:\Program Files\Online Services
2007-07-29 16:30:19 0 d-------- C:\Program Files\Messenger
2007-07-29 16:30:15 0 d-------- C:\Program Files\MSN Gaming Zone
2007-07-29 16:29:30 0 d-------- C:\Program Files\Windows NT
2007-07-29 16:29:26 0 d-------- C:\WINDOWS\system32\MsDtc
2007-07-29 16:29:25 0 d-------- C:\WINDOWS\system32\Com
2007-07-09 20:07:50 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-09 20:05:58 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-07-09 20:05:58 73728 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-07-09 20:05:54 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-07-09 20:05:54 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-09 20:05:54 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-09 20:05:54 740442 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-09 20:05:28 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Find3M Report ---------------------------------------------------------------

2007-08-06 16:45:40 10200 --a------ C:\Documents and Settings\Leanne\Application Data\CleanUp!.log
2007-07-29 18:08:42 1519616 --a------ C:\WINDOWS\system32\nwiz.exe
2007-07-29 18:08:42 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-07-29 18:08:42 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-07-29 18:08:41 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-07-29 18:08:41 1470464 --a------ C:\WINDOWS\system32\nview.dll
2007-07-29 18:08:41 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-07-29 18:08:40 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-07-29 18:08:40 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-07-29 17:58:49 48 --a------ C:\Documents and Settings\Leanne\Application Data\ItDb.enc
2007-07-29 17:23:09 62 --ahs---- C:\Documents and Settings\Leanne\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 19:20]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [29/07/2007 18:08]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 10:25]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [06/08/2007 03:31]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [13/04/2005 03:48]
"egui"="C:\Program Files\Eset\Eset Smart Security\egui.exe" [26/06/2007 00:28]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [28/02/2006 13:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"WinXpUpdate32"=WinXpUpdate32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzzc32]
winzzc32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"




-- End of Deckard's System Scanner: finished at 2007-08-08 at 17:36:47 ---------

extra.txt

P.S As you can see i have done some online scan's like, Eset, Trend, Panda and Kaspersky, but the power was turned off for the laptop so i did not get to see those results.

Also since i restarted the laptop an error called "data executiin prevention" keeps popping up all it says is close message

it says "To help protect your computer, Windows has closed this program
Name: Generic Host Process For Wun32 Services
Publisher: Microsoft Corporation.

Thats it.
Jaymie1989 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-08-2007, 10:08 PM   #8 (permalink)
Analyst, Security Team
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,942
OS: Windows 7 Ultimate


Re: Possible Threat
Hi Jaymie1989,

Please take the time to follow my step-by-step instructions, and copy them into notepad since during parts of this fix you will be unable to have any open windows or access to the internet. If at anytime you are unsure of something, then please come to me with questions before moving on.

--------------------------------------------------------------

Update AVG Anti-Spyware

I see you have AVG Anti-Spyware already. Please update it's definitions, and run a scan where I have placed it in this fix.

Run AVG Anti-Spyware
  • From the main screen, click on update, then click the Start
    update     button.
  • After the update finishes (the status bar at the bottom will display "Update
    successful")
  • select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
  • Select "Do Not Automatically generate report after every scan"
  • Un-Select "Only if threats were found"
  • Exit AVG Anti-Spyware. DO NOT scan yet.

--------------------------------------------------------------

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to C:\SDFix

DO NOT run SDFix yet. We will shortly

--------------------------------------------------------------

We need to disable any real-time anti-spyware programs, as it may hinder in the fix. You will be able to re-enable these softwares once your system is clean.

Disable Windows Defender

Please disable your Windows Defender Real-time Protection, as it may hinder the removal of some entries.
  • Open Windows Defender.
  • Click on Tools>Options.
  • Scroll down and uncheck "Use real-time protection (recommended)".
  • After you uncheck this, click on the Save button and close Windows Defender.


Disable AVG Anti-Spyware
  • Right-click the AVG icon by the system time
  • Left-click on Start with Windows

--------------------------------------------------------------

Enter Safe Mode
  1. Restart your computer
  2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8
  3. Instead of Windows loading as normal, a menu should appear
  4. Use the up arrow key to highlight Safe Mode and press Enter.
  5. Login with your usual account
  6. Once you have logged in, a warning message will appear regarding starting windows in Safe mode, click OK and windows will load your desktop environment

Note: Some systems, this may be the F5 key, so try that if F8 doesn't work.

--------------------------------------------------------------

Run SDFix
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  • Paste the contents of the Report.txt back on the forum

--------------------------------------------------------------

Once SDFix has finished, then reboot in safe mode

--------------------------------------------------------------

Run AVG Anti-Spyware

Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

--------------------------------------------------------------

Restart your computer in Normal Mode

--------------------------------------------------------------

Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click on located at the bottom of the page.
  2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  3. Enter your e-mail address, country, and state & click "Free Online Scan" * The download of the 8 MB Panda's ActiveX control will take place *
Begin the scan by selecting
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on then click
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

--------------------------------------------------------------

Please run DSS.exe again, and post the resulting log - main.txt

--------------------------------------------------------------

Please reply back with the following:

C:\SDFix\report.txt
AVG Anti-Spyware Results
Panda Scan Results
main.txt
__________________


Proud Member of ASAP
Proud Member of UNITE

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
forhockey is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-09-2007, 09:57 AM   #9 (permalink)
Register user
 
Join Date: Mar 2007
Location: Tech Support Forum, Online - Otherwise Brighton, United Kingdom
Posts: 2,186
OS: Dual Booting - Windows XP Home Edition SP2 & Vista Home Premium

My System

Send a message via MSN to Jaymie1989
Re: Possible Threat
main.txt

Report-Scan-20070809-154418.txt

Activescan.txt

report.txt


Thats them

Thanks for this.

P.S Is the HJT Team still busy with other threads?


SDFix: Version 1.96

Run by Leanne on 09/08/2007 at 12:11

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\system32\winsecurityxp\mswinup.exe - Deleted
C:\WINDOWS\system32\WinXpUpdate32.exe - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\Documents and Settings\Leanne\NetHood\ftp.work.acer-euro.com\Desktop.ini
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp

Finished

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 15:44:18 09/08/2007

+ Scan result:



C:\Documents and Settings\Leanne\Cookies\leanne@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Leanne\Cookies\leanne@divx.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Leanne\Cookies\leanne@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Leanne\Cookies\leanne@msnportal.112.2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Leanne\Cookies\leanne@pandasoftware.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Leanne\Cookies\leanne@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : No action taken.
C:\Documents and Settings\Leanne\Cookies\leanne@adtech[2].txt -> TrackingCookie.Adtech : No action taken.
C:\Documents and Settings\Leanne\Cookies\leanne@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Leanne\Cookies\leanne@adviva[2].txt -> TrackingCookie.Adviva : No action taken.
C:\Documents and Settings\Leanne\Cookies\leanne@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\Leanne\Cookies\leanne@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Leanne\Cookies\leanne@ehg-eset.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Leanne\Cookies\leanne@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Leanne\Cookies\leanne@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : No action taken.
C:\Documents and Settings\Leanne\Cookies\leanne@ads.pointroll[1].txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\Leanne\Cookies\leanne@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\Leanne\Cookies\leanne@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : No action taken.
C:\Documents and Settings\Leanne\Cookies\leanne@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\System Volume Information\_restore{07680024-A72F-4C64-AF5D-0AB2CA803ABD}\RP9\A0000445.exe -> Trojan.Small.edz : No action taken.


::Report end




Incident Status Location

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Leanne\Cookies\leanne@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Leanne\Cookies\leanne@ad.yieldmanager[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Leanne\Cookies\leanne@ads.pointroll[1].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Leanne\Cookies\leanne@adtech[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Leanne\Cookies\leanne@advertising[1].txt
Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Leanne\Cookies\leanne@adviva[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Leanne\Cookies\leanne@bluestreak[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Leanne\Cookies\leanne@statcounter[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Leanne\Cookies\leanne@statse.webtrendslive[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Leanne\Cookies\leanne@toplist[1].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Leanne\Desktop\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Leanne\Desktop\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\RECYCLER\S-1-5-21-2000478354-1993962763-725345543-1004\Dc15.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe

Deckard's System Scanner v20070807.62
Run by Leanne on 2007-08-09 at 16:47:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Leanne.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:47:26, on 09/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Access Remote PC 4.12.2\rpcsetup.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Leanne\Desktop\Logs & Scans\Old\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Leanne.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1185729113308
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...92/mcfscan.cab
O20 - Winlogon Notify: winzzc32 - winzzc32.dll (file missing)
O23 - Service: Access Remote PC Service 4.12.2 - Access Remote PC (www.access-remote-pc.com) - C:\Program Files\Access Remote PC 4.12.2\rpcsetup.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7523 bytes

-- Files created between 2007-07-09 and 2007-08-09 -----------------------------

2007-08-09 15:50:30 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-08-09 15:50:26 0 d-------- C:\WINDOWS\LastGood
2007-08-09 12:10:30 0 d-------- C:\WINDOWS\ERUNT
2007-08-08 23:26:44 298104 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2007-08-08 21:44:48 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-08-08 19:54:05 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-08-08 19:17:55 0 d-------- C:\WINDOWS\McAfee.com
2007-08-08 19:07:44 0 d-------- C:\WINDOWS\BDOSCAN8
2007-08-08 17:34:53 0 d-------- C:\Program Files\Trend Micro
2007-08-08 00:12:52 0 d-------- C:\Documents and Settings\Leanne\Application Data\Eset
2007-08-08 00:07:12 0 d-------- C:\WINDOWS\system32\eScan
2007-08-08 00:01:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Eset
2007-08-07 22:50:23 0 d-------- C:\Documents and Settings\Leanne\.housecall6.6
2007-08-07 22:50:00 0 d-------- C:\WINDOWS\Sun
2007-08-07 22:49:59 0 d-------- C:\Documents and Settings\Leanne\Application Data\Sun
2007-08-07 22:47:53 0 d-------- C:\Program Files\Java
2007-08-07 22:45:22 0 d-------- C:\Program Files\Common Files\Java
2007-08-07 22:41:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-08-07 22:41:18 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-07 04:55:45 0 dr-h----- C:\Documents and Settings\Leanne\Recent
2007-08-06 23:57:52 0 d-------- C:\Documents and Settings\Leanne\Application Data\CyberPatrol Client
2007-08-06 22:32:37 0 d-------- C:\Documents and Settings\Leanne\Application Data\Babylon
2007-08-06 22:32:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Babylon
2007-08-06 19:31:27 0 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2007-08-06 18:10:59 0 d-------- C:\Program Files\Lavalys
2007-08-06 11:55:03 49152 --a------ C:\WINDOWS\system32\Nod32cc.exe <Not Verified; CIN; nod>
2007-08-06 05:58:24 0 d-------- C:\Program Files\eMule
2007-08-06 03:32:16 0 d-------- C:\Documents and Settings\Leanne\Application Data\Comodo
2007-08-06 03:32:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-08-06 03:31:40 0 d-------- C:\Program Files\Comodo
2007-08-06 00:09:34 0 d-------- C:\Documents and Settings\Leanne\Application Data\WinWay
2007-08-05 23:23:14 0 d-------- C:\WINDOWS\system32\winsecurityxp
2007-08-05 22:46:47 0 d-------- C:\Program Files\CV Writer
2007-08-05 21:50:59 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-08-05 20:39:41 0 d-------- C:\Program Files\Microsoft Works
2007-08-05 1516 0 d-------- C:\WINDOWS\NU_DATA
2007-08-04 23:05:37 0 d-------- C:\Program Files\Common Files\Download Manager
2007-08-04 20:04:45 0 d-------- C:\Program Files\PC Wizard 2007
2007-08-04 20:01:01 0 d-------- C:\Documents and Settings\Leanne\Application Data\Adobe
2007-08-04 18:21:57 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-08-04 15:40:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2007-08-04 15:38:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-08-04 15:37:21 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-08-04 15:37:21 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-08-04 15:37:21 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-08-04 15:37:21 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-08-04 15:37:21 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-08-04 15:37:19 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-08-04 15:37:19 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-08-04 15:37:19 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-08-04 15:37:19 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-08-04 15:37:19 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-08-04 15:37:18 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-08-04 15:37:18 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-08-04 15:37:17 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-08-04 15:36:58 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-08-04 15:28:26 0 d-------- C:\Documents and Settings\Leanne\Application Data\Grisoft
2007-08-04 1510 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-08-03 23:54:52 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-03 18:21:05 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2007-08-02 19:11:48 0 d-------- C:\Program Files\Microsoft.NET
2007-08-02 14:40:42 0 d-------- C:\CCleaner Backups
2007-07-31 20:20:36 0 d-------- C:\Documents and Settings\Leanne\Application Data\CoreFTP
2007-07-31 20:19:59 0 d-------- C:\Program Files\CoreFTP
2007-07-31 02:46:53 0 d-------- C:\Documents and Settings\Leanne\Application Data\Ahead
2007-07-31 02:43:54 0 d-------- C:\Program Files\Nero
2007-07-31 02:43:54 0 d-------- C:\Program Files\Common Files\Ahead
2007-07-31 02:43:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-07-30 20:24:32 0 d-------- C:\Program Files\Access Remote PC 4.12.2
2007-07-30 18:28:49 0 d-------- C:\Program Files\Windows Defender
2007-07-30 18:15:31 0 d-------- C:\Program Files\Common Files\Macromedia
2007-07-30 18:15:18 0 d-------- C:\Program Files\Macromedia
2007-07-30 18:15:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Macromedia
2007-07-30 16:53:03 0 d-------- C:\Documents and Settings\Leanne\Contacts
2007-07-30 16:40:16 0 d-------- C:\Program Files\Cleaner
2007-07-30 15:14:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-07-30 00:09:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-07-29 23:55:39 0 d-------- C:\Documents and Settings\Leanne\Application Data\DivX
2007-07-29 23:54:55 0 d-------- C:\Program Files\DivX
2007-07-29 23:47:18 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-07-29 23:47:11 0 d-------- C:\Program Files\Webroot
2007-07-29 23:47:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-07-29 23:46:39 0 d-------- C:\Documents and Settings\Leanne\Application Data\Webroot
2007-07-29 23:32:38 0 d-------- C:\Documents and Settings\Leanne\Application Data\Apple Computer
2007-07-29 23:32:24 0 d-------- C:\Program Files\iPod
2007-07-29 23:32:20 0 d-------- C:\Program Files\iTunes
2007-07-29 23:31:34 0 d-------- C:\Program Files\QuickTime
2007-07-29 23:31:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-07-29 23:31:17 0 d-------- C:\Program Files\Apple Software Update
2007-07-29 23:30:54 0 d-------- C:\Program Files\Common Files\Apple
2007-07-29 23:30:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-07-29 23:29:33 0 d-------- C:\Program Files\Windows Live
2007-07-29 23:29:32 0 d-------- C:\Program Files\Messenger Plus! Live
2007-07-29 23:28:01 0 d-------- C:\Program Files\Windows Live Favorites
2007-07-29 23:27:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-07-29 23:27:18 0 d-------- C:\Program Files\Windows Live Toolbar
2007-07-29 23:26:32 0 d-------- C:\Program Files\MSN Messenger
2007-07-29 23:03:48 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-07-29 22:57:30 0 d-------- C:\WINDOWS\system32\URTTEMP
2007-07-29 22:50:37 0 d-------- C:\Program Files\CONEXANT
2007-07-29 22:49:38 176128 --a------ C:\WINDOWS\system32\UCI32M16.dll <Not Verified; Conexant Systems, Inc.; Conexant Unified x86 Device CoInstaller>
2007-07-29 22:49:38 94208 --a------ C:\WINDOWS\system32\mdmxsdk.dll <Not Verified; Conexant; Diagnostic Interface x86 DLL>
2007-07-29 22:49:38 12672 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys <Not Verified; Conexant; Diagnostic Interface x86 Driver>
2007-07-29 22:49:38 209664 --a------ C:\WINDOWS\system32\drivers\HSFHWAZL.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
2007-07-29 22:49:38 988800 --a------ C:\WINDOWS\system32\drivers\HSF_DPV.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
2007-07-29 22:49:38 730112 --a------ C:\WINDOWS\system32\drivers\HSF_CNXT.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
2007-07-29 21:10:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-07-29 21:10:45 0 d-------- C:\Program Files\Common Files\Adobe
2007-07-29 20:49:23 0 d-------- C:\Program Files\MSXML 6.0
2007-07-29 20:44:09 0 d-------- C:\WINDOWS\network diagnostic
2007-07-29 20:21:39 0 d-------- C:\Program Files\MSXML 4.0
2007-07-29 20:19:57 0 d-------- C:\Program Files\MSBuild
2007-07-29 20:16:39 0 d-------- C:\WINDOWS\system32\XPSViewer
2007-07-29 20:15:37 0 d-------- C:\Program Files\Reference Assemblies
2007-07-29 20:13:04 0 d-------- C:\Program Files\Windows Media Connect 2
2007-07-29 20:11:02 0 d-------- C:\WINDOWS\system32\LogFiles
2007-07-29 20:11:02 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-07-29 19:51:03 0 d-------- C:\WINDOWS\RegisteredPackages
2007-07-29 19:45:02 0 d-------- C:\Documents and Settings\Leanne\Application Data\Macromedia
2007-07-29 19:35:05 4093640704 --ahs---- C:\gobackio.bin
2007-07-29 19:33:57 0 d-------- C:\WINDOWS\Downloaded Installations
2007-07-29 19:23:58 0 d-------- C:\WINDOWS\SHELLNEW
2007-07-29 19:23:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-07-29 19:22:50 0 dr-h----- C:\MSOCache
2007-07-29 19:17:34 0 d-------- C:\Program Files\CCleaner
2007-07-29 19:13:29 0 d-------- C:\Program Files\RegCure
2007-07-29 19:12:42 0 d-------- C:\Documents and Settings\Leanne\Application Data\WinRAR
2007-07-29 19:09:25 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-07-29 18:17:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-07-29 18:13:53 0 d-------- C:\WINDOWS\system32\PreInstall
2007-07-29 18:11:17 0 d--hs---- C:\Documents and Settings\Leanne\UserData
2007-07-29 18:09:16 0 d-------- C:\WINDOWS\nview
2007-07-29 17:55:01 0 d-------- C:\NVIDIA
2007-07-29 17:53:03 0 d-------- C:\Documents and Settings\Leanne\Application Data\Intel
2007-07-29 17:52:51 21275 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.10.0>
2007-07-29 17:52:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Intel
2007-07-29 17:52:14 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-07-29 17:44:47 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-07-29 17:34:04 0 d-------- C:\WINDOWS\system32\Lang
2007-07-29 17:28:29 40960 -ra------ C:\WINDOWS\system32\ChCfg.exe
2007-07-29 17:28:10 0 d-------- C:\WINDOWS\system32\RTCOM
2007-07-29 17:27:24 0 d-------- C:\Program Files\Realtek
2007-07-29 17:27:23 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-29 17:27:18 487424 -ra------ C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2007-07-29 17:25:44 0 d-------- C:\Program Files\WIDCOMM
2007-07-29 17:23:50 0 d--hs---- C:\WINDOWS\Installer
2007-07-29 17:23:49 0 d-------- C:\Program Files\Common Files\ODBC
2007-07-29 17:23:45 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-07-29 17:23:44 0 dr------- C:\Program Files
2007-07-29 17:23:44 0 d-------- C:\Program Files\Common Files
2007-07-29 17:23:09 0 d--h----- C:\Documents and Settings\Default User\Templates
2007-07-29 17:23:09 0 dr------- C:\Documents and Settings\Default User\Start Menu
2007-07-29 17:23:09 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-07-29 17:23:09 0 d--h----- C:\Documents and Settings\Default User\Recent
2007-07-29 17:23:09 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2007-07-29 17:23:09 0 d--h----- C:\Documents and Settings\Default User\NetHood
2007-07-29 17:23:09 0 d-------- C:\Documents and Settings\Default User\My Documents
2007-07-29 17:23:09 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2007-07-29 17:23:09 0 d-------- C:\Documents and Settings\Default User\Favorites
2007-07-29 17:23:09 0 d-------- C:\Documents and Settings\Default User\Desktop
2007-07-29 17:23:09 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-07-29 17:23:09 0 d--h----- C:\Documents and Settings\All Users\Templates
2007-07-29 17:23:09 0 dr------- C:\Documents and Settings\All Users\Start Menu
2007-07-29 17:23:09 0 d-------- C:\Documents and Settings\All Users\Favorites
2007-07-29 17:23:09 0 dr------- C:\Documents and Settings\All Users\Documents
2007-07-29 17:23:09 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-07-29 17:22:52 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-07-29 17:22:52 0 d-------- C:\WINDOWS\system32\CatRoot
2007-07-29 17:22:46 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-07-29 17:22:46 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-07-29 17:22:46 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-07-29 17:22:46 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-07-29 17:22:10 0 d-------- C:\Documents and Settings
2007-07-29 17:22:09 0 d--hs---- C:\System Volume Information
2007-07-29 17:22:00 86016 --a------ C:\WINDOWS\system32\preflib.dll
2007-07-29 17:21:59 33664 --a------ C:\WINDOWS\system32\drivers\BCMWLNPF.SYS <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
2007-07-29 17:21:59 69632 --a------ C:\WINDOWS\system32\bcmwlpkt.dll <Not Verified; CACE Technologies; WinPcap low level packet library>
2007-07-29 17:21:58 18944 --a------ C:\WINDOWS\system32\WLTRYSVC.EXE
2007-07-29 17:21:58 2129920 --a------ C:\WINDOWS\system32\WLBCGCBPRO731.DLL <Not Verified; BCGSoft Ltd; BCGControlBar Professional Dynamic Link Library>
2007-07-29 17:21:58 757760 --a------ C:\WINDOWS\system32\bcm1xsup.dll
2007-07-29 17:21:57 0 d-------- C:\Program Files\Broadcom
2007-07-29 17:21:50 0 d-------- C:\Program Files\Common Files\InstallShield
2007-07-29 17:19:50 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2007-07-29 17:19:48 0 d-------- C:\Program Files\Intel
2007-07-29 17:12:48 0 d-------- C:\WINDOWS
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\WinSxS
2007-07-29 17:12:48 0 dr------- C:\WINDOWS\Web
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\twain_32
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\wins
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\wbem
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\usmt
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\spool
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\ShellExt
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\Setup
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\ras
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\oobe
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\npp
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\mui
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\inetsrv
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\IME
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\icsxml
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\ias
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\export
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\drivers
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-07-29 17:12:48 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\dhcp
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\config
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\3076
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\2052
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\1054
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\1042
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\1041
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\1037
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\1033
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\1031
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\1028
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system32\1025
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\system
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\security
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Resources
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\repair
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Provisioning
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\PeerNet
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\pchealth
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\mui
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\msapps
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\msagent
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Media
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\java
2007-07-29 17:12:48 0 d--h----- C:\WINDOWS\inf
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\ime
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Help
2007-07-29 17:12:48 0 dr--s---- C:\WINDOWS\Fonts
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Driver Cache
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Debug
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Cursors
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Connection Wizard
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\Config
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\AppPatch
2007-07-29 17:12:48 0 d-------- C:\WINDOWS\addins
2007-07-29 16:39:17 0 d-------- C:\Documents and Settings\Leanne\Application Data\Identities
2007-07-29 16:39:07 0 d--h----- C:\Documents and Settings\Leanne\Templates
2007-07-29 16:39:07 0 dr------- C:\Documents and Settings\Leanne\Start Menu
2007-07-29 16:39:07 0 dr-h----- C:\Documents and Settings\Leanne\SendTo
2007-07-29 16:39:07 0 d--h----- C:\Documents and Settings\Leanne\PrintHood
2007-07-29 16:39:07 2883584 --a------ C:\Documents and Settings\Leanne\NTUser.dat
2007-07-29 16:39:07 0 d--h----- C:\Documents and Settings\Leanne\NetHood
2007-07-29 16:39:07 0 dr------- C:\Documents and Settings\Leanne\My Documents
2007-07-29 16:39:07 0 d--h----- C:\Documents and Settings\Leanne\Local Settings
2007-07-29 16:39:07 0 dr------- C:\Documents and Settings\Leanne\Favorites
2007-07-29 16:39:07 0 d-------- C:\Documents and Settings\Leanne\Desktop
2007-07-29 16:39:07 0 d--hs---- C:\Documents and Settings\Leanne\Cookies
2007-07-29 16:39:07 0 dr-h----- C:\Documents and Settings\Leanne\Application Data
2007-07-29 16:38:20 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-07-29 16:38:17 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-07-29 16:38:17 0 d-------- C:\WINDOWS\Prefetch
2007-07-29 16:38:16 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-07-29 16:38:16 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2007-07-29 16:38:16 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2007-07-29 16:38:16 0 d-------- C:\Documents and Settings\LocalService\Application Data
2007-07-29 16:38:16 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-07-29 16:37:58 262144 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-07-29 16:37:58 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2007-07-29 16:37:58 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2007-07-29 16:37:58 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-07-29 16:37:58 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-07-29 16:34:40 0 d-------- C:\WINDOWS\system32\xircom
2007-07-29 16:34:40 0 d-------- C:\Program Files\microsoft frontpage
2007-07-29 16:34:36 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-07-29 16:34:33 0 d--h----- C:\WINDOWS\$hf_mig$
2007-07-29 16:34:17 0 -rahs---- C:\MSDOS.SYS
2007-07-29 16:34:17 0 -rahs---- C:\IO.SYS
2007-07-29 16:34:17 0 --a------ C:\CONFIG.SYS
2007-07-29 16:34:17 0 --a------ C:\AUTOEXEC.BAT
2007-07-29 16:33:23 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-07-29 16:33:14 0 dr------- C:\WINDOWS\Offline Web Pages
2007-07-29 16:33:14 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-07-29 16:33:03 0 d--h----- C:\Program Files\WindowsUpdate
2007-07-29 16:32:39 0 d-------- C:\WINDOWS\system32\DirectX
2007-07-29 16:32:01 0 d---s---- C:\WINDOWS\Tasks
2007-07-29 16:32:00 0 d-------- C:\Program Files\Common Files\MSSoap
2007-07-29 16:31:56 0 d-------- C:\WINDOWS\srchasst
2007-07-29 16:31:55 0 d-------- C:\WINDOWS\system32\Macromed
2007-07-29 16:31:46 0 d-------- C:\Program Files\Movie Maker
2007-07-29 16:31:37 0 d-------- C:\WINDOWS\system32\Restore
2007-07-29 16:31:15 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-07-29 16:30:55 0 d-------- C:\WINDOWS\Registration
2007-07-29 16:30:26 0 d-------- C:\Program Files\Online Services
2007-07-29 16:30:19 0 d-------- C:\Program Files\Messenger
2007-07-29 16:30:15 0 d-------- C:\Program Files\MSN Gaming Zone
2007-07-29 16:29:30 0 d-------- C:\Program Files\Windows NT
2007-07-29 16:29:26 0 d-------- C:\WINDOWS\system32\MsDtc
2007-07-29 16:29:25 0 d-------- C:\WINDOWS\system32\Com
2007-07-09 20:07:50 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-09 20:05:58 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-07-09 20:05:58 73728 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-07-09 20:05:54 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-07-09 20:05:54 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-09 20:05:54 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-09 20:05:54 740442 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-09 20:05:28 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Find3M Report ---------------------------------------------------------------

2007-08-06 16:45:40 10200 --a------ C:\Documents and Settings\Leanne\Application Data\CleanUp!.log
2007-07-29 18:08:42 1519616 --a------ C:\WINDOWS\system32\nwiz.exe
2007-07-29 18:08:42 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-07-29 18:08:42 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-07-29 18:08:41 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-07-29 18:08:41 1470464 --a------ C:\WINDOWS\system32\nview.dll
2007-07-29 18:08:41 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-07-29 18:08:40 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-07-29 18:08:40 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-07-29 17:58:49 48 --a------ C:\Documents and Settings\Leanne\Application Data\ItDb.enc
2007-07-29 17:23:09 62 --ahs---- C:\Documents and Settings\Leanne\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 19:20]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [29/07/2007 18:08]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [06/08/2007 03:31]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12/07/2007 04:00]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [08/08/2007 23:26]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [28/02/2006 13:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzzc32]
winzzc32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"




-- End of Deckard's System Scanner: finished at 2007-08-09 at 16:48:22 ---------



**Mod's Note** Please do not attach logs unless requested.
Last edited by Ried; 08-09-2007 at 10:26 AM.
Jaymie1989 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-09-2007, 04:48 PM   #10 (permalink)
Analyst, Security Team
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,942
OS: Windows 7 Ultimate


Re: Possible Threat
Please read the instruction carefully, and make sure you don't miss a step. If there any any questions, then please ask before moving on through the instructions

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

--------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any)

O20 - Winlogon Notify: winzzc32 - winzzc32.dll (file missing)

Please remember to close all other windows, including browsers then click Fix checked.

--------------------------------------------------------------

How is your system behaving?

--------------------------------------------------------------

Please reply back with the following:

Kaspersky Scan Results
How is your system behaving?
__________________


Proud Member of ASAP
Proud Member of UNITE

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
forhockey is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-10-2007, 11:54 AM   #11 (permalink)
Register user
 
Join Date: Mar 2007
Location: Tech Support Forum, Online - Otherwise Brighton, United Kingdom
Posts: 2,186
OS: Dual Booting - Windows XP Home Edition SP2 & Vista Home Premium

My System

Send a message via MSN to Jaymie1989
Re: Possible Threat
Hi,

Here is The Kaspersky Scan Results

KASPERSKY ONLINE SCANNER REPORTKASPERSKY ONLINE SCANNER REPORT
Friday, August 10, 2007 3:39:56 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build
2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 10/08/2007
Kaspersky Anti-Virus database records: 377930


Scan Settings
Scan using the following antivirus databaseextended
Scan Archivestrue
Scan Mail Basestrue

Scan TargetMy Computer
C:\
D:\

Scan Statistics
Total number of scanned objects67502
Number of viruses found7
Number of infected objects39
Number of suspicious objects0
Duration of the scan process02:24:40

Infected Object NameVirus NameLast Action
C:\Documents and Settings\Leanne\Application
Data\Microsoft\MSNLiveFav\LiveFavorites.xml Object is locked skipped

C:\Documents and Settings\Leanne\Cookies\index.dat Object is locked
skipped

C:\Documents and Settings\Leanne\Desktop\Ex HDD\Jay\FILES
Drive\Programs\Programs\cs_mary.exe/Realtime.dll Infected:
Trojan-Spy.Win32.Delf.fk skipped

C:\Documents and Settings\Leanne\Desktop\Ex HDD\Jay\FILES
Drive\Programs\Programs\cs_mary.exe CreateInstall: infected - 1 skipped

C:\Documents and Settings\Leanne\Desktop\Ex HDD\Jay\Jayz Primary\Website
Stuff\Programs\Programs\cs_mary.exe/Realtime.dll Infected:
Trojan-Spy.Win32.Delf.fk skipped

C:\Documents and Settings\Leanne\Desktop\Ex HDD\Jay\Jayz Primary\Website
Stuff\Programs\Programs\cs_mary.exe CreateInstall: infected - 1 skipped

C:\Documents and Settings\Leanne\Desktop\Ex
HDD\Programs\cs_mary.exe/Realtime.dll Infected: Trojan-Spy.Win32.Delf.fk
skipped

C:\Documents and Settings\Leanne\Desktop\Ex HDD\Programs\cs_mary.exe
CreateInstall: infected - 1 skipped

C:\Documents and Settings\Leanne\Desktop\Ex HDD\Programs\Nero 7
Premium\Nero-7.8.5.0_eng_update.exe/Toolbar.exe Infected:
not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\Documents and Settings\Leanne\Desktop\Ex HDD\Programs\Nero 7
Premium\Nero-7.8.5.0_eng_update.exe RAR: infected - 1 skipped

C:\Documents and Settings\Leanne\Local Settings\Application
Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\Leanne\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Leanne\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Leanne\Local
Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Leanne\Local
Settings\History\History.IE5\MSHist012007081020070811\index.dat Object is
locked skipped

C:\Documents and Settings\Leanne\Local Settings\Temporary Internet
Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is
locked skipped

C:\Documents and Settings\Leanne\Local Settings\Temporary Internet
Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Leanne\NTUser.dat Object is locked skipped

C:\Documents and Settings\Leanne\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy
Sweeper\Data\settings.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked
skipped

C:\Documents and Settings\LocalService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local
Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet
Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped


C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked
skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is
locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local
Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet
Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked
skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked
skipped

C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked
skipped

C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is
locked skipped

C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked
skipped

C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped


C:\RECYCLER\S-1-5-21-2000478354-1993962763-725345543-1004\Dc123.zip ZIP:
infected - 1 skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is
locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{37B1FDA7-5122-4785-A761-AB734A9BB88C}.bin
Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked
skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped

C:\WINDOWS\system32\config\OSession.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked
skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked
skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked
skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked
skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked
skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


Here Is The HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:47:19, on 10/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Access Remote PC 4.12.2\rpcsetup.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1185729113308
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...92/mcfscan.cab
O20 - Winlogon Notify: winzzc32 - winzzc32.dll (file missing)
O23 - Service: Access Remote PC Service 4.12.2 - Access Remote PC (www.access-remote-pc.com) - C:\Program Files\Access Remote PC 4.12.2\rpcsetup.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7294 bytes
Jaymie1989 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-10-2007, 04:52 PM   #12 (permalink)
Analyst, Security Team
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,942
OS: Windows 7 Ultimate


Re: Possible Threat
Hi,

Did you miss my instructions for getting rid of the entry in HiJackThis? Please read my thought out instructions carefully, and make sure you do not miss anything. Perhaps Windows Defender got in the way again, so we will make sure its disabled.
--------------------------------------------------------------

Please go to: VirusTotal
  • On the page you'll find a "Browse" button.
  • Next to the browse button you'll see a box to enter text.
  • Please copy/paste the following in BOLD:

    C:\Documents and Settings\Leanne\Desktop\Ex HDD\Jay\Jayz Primary\Website
    Stuff\Programs\Programs\cs_mary.exe
  • Then click the "Send File" button just below.
  • This will scan the file. Please be patient.
  • Once scanned, copy and paste the results in your next reply.

--------------------------------------------------------------

Disable Windows Defender

Please disable your Windows Defender Real-time Protection, as it may hinder the removal of some entries.
  • Open Windows Defender.
  • Click on Tools>Options.
  • Scroll down and uncheck "Use real-time protection (recommended)".
  • After you uncheck this, click on the Save button and close Windows Defender.

--------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any)

O20 - Winlogon Notify: winzzc32 - winzzc32.dll (file missing)

Please remember to close all other windows, including browsers then click Fix checked.

--------------------------------------------------------------

Enable your Anti-Virus now

--------------------------------------------------------------

Please run HiJackThis again, and post a fresh HiJackThis Log

--------------------------------------------------------------

How is your system behaving????

--------------------------------------------------------------

Please reply back with the following:

Virus Total results
Fresh HiJackThis Log
How is your system behaving????
__________________


Proud Member of ASAP
Proud Member of UNITE

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
forhockey is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-10-2007, 06:02 PM   #13 (permalink)
Register user
 
Join Date: Mar 2007
Location: Tech Support Forum, Online - Otherwise Brighton, United Kingdom
Posts: 2,186
OS: Dual Booting - Windows XP Home Edition SP2 & Vista Home Premium

My System

Send a message via MSN to Jaymie1989
Re: Possible Threat
Hi,

The computer well..... Sometimes the icons do not work and the start menu sometimes take a while to start up even though there isnt much there. So i have to restart the computer.

The file with the CS_Mary has gone, it was only a temp folder while i sorted out the external HDD.

Here is the HJT Log before AV Enabled

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:44:05, on 11/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 2462 bytes


AFTER AV IS ENABLED

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:56:55, on 11/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
c:\program files\softwin\bitdefender10\bdmcon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 3722 bytes
Jaymie1989 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-11-2007, 10:20 PM   #14 (permalink)
Analyst, Security Team
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,942
OS: Windows 7 Ultimate


Re: Possible Threat
Hello,

Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

C:\Documents and Settings\Leanne\Desktop\Ex HDD\Jay\FILES Drive\Programs\Programs\ cs_mary.exe
C:\Documents and Settings\Leanne\Desktop\Ex HDD\Jay\Jayz Primary\Website Stuff\Programs\Programs\ cs_mary.exe
C:\ ComboFix
C:\ QooBox
C:\ Deckard
C:\ SDFix


--------------------------------------------------------------

Well done, your logs are clean! There are just a few more things I would like you to do.

Reset Hidden/System Files and Folders
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Advanced settings box option select the following:
    - Hide extensions for known file types
    - Hide protected operating system files
    - Do not show hidden files and folders .
  • Click OK.

Reset System Restore

To turn off System Restore click Start > Right Click My Computer > Properties. Click the System Restore tab and Check "Turn off System Restore" or "Turn off System Restore on all drives" Click Apply. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this then Click OK.

Turn on System Restore by Clicking Start. Right-click My Computer, and then click Properties. Click the System Restore tab. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives." Click Apply, and then OK.

This will create a new Restore Point.

Clear Firefox Cookies
  • Click Tools -> Options
  • Click Privacy Tab
  • Click the "Show Cookies" button
  • Click the "Remove All Cookies" button, which is at the bottom of the window.
  • Click Close

Clear IE7 cookies
  • On the Internet Explorer 6 Tools menu, click Internet Options. The Internet Options box should open to the General tab.
  • Double-click Internet Options to open Internet Properties.
  • Click Delete Files button.
  • Click Delete button across from Temporary Internet Files.
  • Click Yes.
  • Click Close.
  • Click Ok.

Re-Enable Windows Defender

Please re-enable your Windows Defender Real-time Protection.
  • Open Windows Defender.
  • Click on Tools>Options.
  • Scroll down and check "Use real-time protection (recommended)".
  • Then, click on the Save button and close Windows Defender.

Re-Enable AVG Anti-spyware Shield
  • Double-click the icon on Desktop to launch AVG
  • On the top of the main screen click Shield
  • Click the word inactive to change it to active

Microsoft Updates

It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

Malware Prevention Tools

These programs configure your computer to prevent known malware-related changes. You can have more than one of these at a time and they take up minimal resources.
  • SpywareBlaster - Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items. Check regularly for updates.
  • IE-Spyad - Extract to your desktop and double-click install.bat. Install options #2 and #4. IE-Spyad places more than 4,000 dubious domains in the IE Restricted list, which impairs attempts to infect your system. It prevents any downloads from the sites although you will still be able to connect to them. You can read more about it on it's homepage.
  • MVPS Hosts File - extract and double-click the mvps.bat file. This will replace your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements, preventing your computer from connecting to those sites.
  • McAfee SiteAdvisor - helps to warn you before you interact with a dangerous Web site. Works with both IE and Firefox.
  • SpywareGuard - real-time protection that detects and blocks spyware before it can execute.

Alternative Web Browsers

Using an alternative browser can help prevent malware from being installed without your knowledge, but may not work on all websites.

Firewalls

If you do not have a firewall, here are a few free ones available for personal use:

Understanding and Using Firewalls


Informational Reading

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles:
--------------------------------------------------------------

As your remaining issues do not appear to be malware related, you would be better served discussing these issues in the Windows XP section of this forum. Be sure to let the helpers in the Windows XP Section know your system has been cleaned of malware and provide a link to this thread.

--------------------------------------------------------------

Please respond to this thread one more time so we can mark this thread as resolved.
__________________


Proud Member of ASAP
Proud Member of UNITE

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
forhockey is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-12-2007, 12:26 PM   #15 (permalink)
Register user
 
Join Date: Mar 2007
Location: Tech Support Forum, Online - Otherwise Brighton, United Kingdom
Posts: 2,186
OS: Dual Booting - Windows XP Home Edition SP2 & Vista Home Premium

My System

Send a message via MSN to Jaymie1989
Re: Possible Threat
Thank You, Hopefully its fully resolved, just have to wait and see.

Thanks.
Jaymie1989 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-12-2007, 12:30 PM   #16 (permalink)
Analyst, Security Team
 
forhockey's Avatar
 
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,942
OS: Windows 7 Ultimate


Re: Possible Threat
You're welcome. Safe surfin
__________________


Proud Member of ASAP
Proud Member of UNITE

Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support.

Donation link for Tech Support Forum
forhockey is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 04:51 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85