Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page My Malware
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
Page 1 of 2 1 2
 
LinkBack Thread Tools
Old 08-09-2007, 09:33 PM   #1 (permalink)
Registered User
 
Join Date: Aug 2007
Posts: 13
OS: xp


My Malware
I have some malware on this computer that cannot be deleted, quarantined, or cleaned with mcafee. I did the 5 steps. here is the report and i will attach extra.txt (oops, cant attach. i'll post extra.txt at bottom with header in caps). thank you from the bottom of my heart.

Deckard's System Scanner v20070809.63
Run by Thomas Barrie on 2007-08-09 at 2227
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
97: 2007-08-10 0331 UTC - RP558 - Deckard's System Scanner Restore Point
96: 2007-08-10 01:10:01 UTC - RP557 - Software Distribution Service 3.0
95: 2007-08-10 00:36:02 UTC - RP556 - Installed Windows Internet Explorer 7.
94: 2007-08-10 00:35:41 UTC - RP555 - Installed Windows IDNMitigationAPIs.
93: 2007-08-10 00:35:20 UTC - RP554 - Installed Windows NLSDownlevelMapping.


-- First Restore Point --
1: 2007-05-03 16:58:58 UTC - RP462 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-08-09 22:08:28
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16473)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\i34yuc387.exe
C:\WINDOWS\g4356cbvy63.exe
C:\WINDOWS\system32\lpdsrngm.exe
C:\WINDOWS\system32\sdadlrow-t2.exe
C:\Program Files\Windows Media Player\horyk22011.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\csrss.exe
C:\Program Files\SecCenter\scprot4.exe
C:\Program Files\Ozqaguwk\mezavkvd.exe
C:\Program Files\McAfee.com\VSO\McVSEscn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\ISM\ISMModule2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\McAfee.com\VSO\mcvsftsn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nwinqmdt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\sihcsdvq.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Thomas Barrie\Local Settings\Temporary Internet Files\Content.IE5\Z36GFMMU\dss[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.si.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: 0 - {0625DAA8-3728-4FC8-A1BA-BCAFE1A50D95} - C:\Program Files\Internet Explorer\lavunabiq356.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0FF078B0-0072-4FCA-AEDC-36C078A563D5} - C:\Program Files\Common Files\hoketoz455101.dll (file missing)
O2 - BHO: (no name) - {2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F} - C:\Program Files\Outerinfo\Outerinfo.dll
O2 - BHO: (no name) - {356EA4B8-0225-4C11-AF5E-B7CEE719E4D2} - \
O2 - BHO: (no name) - {3964D8D6-86D0-493A-B460-A805B5401114} - C:\WINDOWS\system32\tuvvusr.dll
O2 - BHO: (no name) - {3E66438B-D364-DFEF-1A15-F88DB123D49D} - C:\WINDOWS\system32\llbxjem.dll (file missing)
O2 - BHO: (no name) - {420C4981-32CC-AF09-C412-03797A5A3F37} - C:\Program Files\Brytaxrx\axwhrzbz.dll
O2 - BHO: (no name) - {53B5F2B1-94DD-43E5-8187-EB4E31F00701} - C:\WINDOWS\system32\l3acdb.dll (file missing)
O2 - BHO: (no name) - {6888721E-230F-43E7-837C-6DB442557C34} - C:\Program Files\Common Files\hoketoz5555.dll
O2 - BHO: (no name) - {6A43F7E2-7725-4730-97E6-912AAF914EC1} - C:\WINDOWS\system32\pmkhe.dll
O2 - BHO: BndDrive BHO Class - {9815DA81-2E0C-478c-90E4-06E474E704D0} - C:\Program Files\ISM\BndDrive.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: IE Redirector - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\WINDOWS\system32\dnsersnd.dll (file missing)
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\Program Files\McAfee.com\VSO\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar4.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKEY_LOCAL_MACHINE\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKEY_LOCAL_MACHINE\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKEY_LOCAL_MACHINE\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKEY_LOCAL_MACHINE\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKEY_LOCAL_MACHINE\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [i34yuc387] C:\WINDOWS\i34yuc387
O4 - HKEY_LOCAL_MACHINE\..\Run: [g4356cbvy63] C:\WINDOWS\g4356cbvy63
O4 - HKEY_LOCAL_MACHINE\..\Run: [{85-52-22-2E-ZN}] C:\windows\system32\lpdsrngm.exe D4M001
O4 - HKEY_LOCAL_MACHINE\..\Run: [bantool] C:\WINDOWS\system32\sdadlrow-t2.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [horyk] C:\Program Files\Windows Media Player\horyk22011.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [dgtghudc] rundll32.exe "C:\Program Files\dgtghudc\tgfgjgva.dll",Init
O4 - HKEY_LOCAL_MACHINE\..\Run: [csrss] C:\WINDOWS\csrss.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [mezavkvd] C:\Program Files\Ozqaguwk\mezavkvd.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [Ultimate Fixer] "C:\Program Files\Ultimate Fixer\UltimateFixer.exe" hide
O4 - HKEY_LOCAL_MACHINE\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\nwinqmdt.exe D4M001
O4 - HKEY_LOCAL_MACHINE\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\ftocwdxy.dll",forkonce
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Cxqbik] "C:\Documents and Settings\Thomas Barrie\My Documents\??sks\w?crtupd.exe"
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Thomas Barrie\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Thomas Barrie\Application Data\Microsoft\Windows\nxqmbmr.exe
O4 - HKCU\..\Run: [fmuu] C:\PROGRA~1\COMMON~1\fmuu\fmuum.exe
O4 - HKCU\..\Run: [ISMModule2] "C:\Program Files\ISM\ISMModule2.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\lpdsrngm.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\nwinqmdt.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1174669905562
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: pmkhe - C:\WINDOWS\system32\pmkhe.dll
O20 - Winlogon Notify: tuvvusr - C:\WINDOWS\system32\tuvvusr.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VGhvbWFzIEJhcnJpZQ\command.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\sihcsdvq.exe /service
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\Mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\McTskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe service


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 core - c:\windows\system32\drivers\core.sys
R1 MPFIREWL - c:\windows\system32\drivers\mpfirewall.sys <Not Verified; McAfee; McAfee Personal Firewall>
R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>

S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 DomainService - c:\windows\system32\sihcsdvq.exe /service <Not Verified; ; DDC>

S2 cmdService (Command Service) - c:\windows\vghvbwfziejhcnjpzq\command.exe (file missing)
S2 Net Agent - c:\windows\dls0523pmw.exe (file missing)
S2 Network Monitor - c:\program files\network monitor\netmon.exe service (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-08-09 20:20:51 366 --a------ C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (THOMAS-Thomas Barrie).job
2007-07-30 16:12:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-07-09 and 2007-08-09 -----------------------------

2007-08-09 20:43:08 449 --a------ C:\WINDOWS\system32\pfdnnt_actions.sys
2007-08-09 20:43:08 8704 --a------ C:\WINDOWS\system32\pfdnnt.exe <Not Verified; Panda Software International; Panda Anti-malware>
2007-08-09 20:32:18 69184 --a------ C:\WINDOWS\system32\vknmfgfw.dll
2007-08-09 20:29:18 125504 --a------ C:\WINDOWS\system32\ftocwdxy.dll
2007-08-09 20:28:46 75328 --a------ C:\WINDOWS\system32\sihcsdvq.exe <Not Verified; ; DDC>
2007-08-09 20:27:16 1732672 ---hs---- C:\WINDOWS\system32\ehkmp.bak2
2007-08-09 19:22:40 0 d-------- C:\Program Files\SpywareBlaster
2007-08-09 19:11:36 192584 --a------ C:\WINDOWS\system32\nwinqmdt.exe
2007-08-09 19:05:14 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-08-09 17:15:24 0 d-------- C:\Documents and Settings\Thomas Barrie\Application Data\Ultimate Fixer
2007-08-09 16:49:31 135168 --a------ C:\WINDOWS\tk58.exe
2007-08-09 16:34:58 0 d-------- C:\WINDOWS\network diagnostic
2007-08-09 1617 0 d-------- C:\Documents and Settings\Guest\Application Data\Macromedia
2007-08-09 16:00:43 0 d-------- C:\Documents and Settings\Guest\Application Data\Google
2007-08-09 16:00:41 0 d-------- C:\Documents and Settings\Guest\Application Data\GTek
2007-08-09 16:00:38 0 d-------- C:\Documents and Settings\Guest\Application Data\Real
2007-08-09 16:00:38 0 d-------- C:\Documents and Settings\Guest\Application Data\McAfee.com Personal Firewall
2007-08-09 16:00:23 0 dr------- C:\Documents and Settings\Guest\Favorites
2007-08-09 16:00:23 0 d-------- C:\Documents and Settings\Guest\Desktop
2007-08-09 16:00:23 0 d---s---- C:\Documents and Settings\Guest\Cookies
2007-08-09 16:00:23 0 dr-h----- C:\Documents and Settings\Guest\Application Data
2007-08-09 16:00:23 0 d-------- C:\Documents and Settings\Guest\Application Data\Sun
2007-08-09 16:00:23 0 d---s---- C:\Documents and Settings\Guest\Application Data\Microsoft
2007-08-09 16:00:23 0 d-------- C:\Documents and Settings\Guest\Application Data\Identities
2007-08-09 16:00:22 0 d--h----- C:\Documents and Settings\Guest\Templates
2007-08-09 16:00:22 0 dr------- C:\Documents and Settings\Guest\Start Menu
2007-08-09 16:00:22 0 dr-h----- C:\Documents and Settings\Guest\SendTo
2007-08-09 16:00:22 0 dr-h----- C:\Documents and Settings\Guest\Recent
2007-08-09 16:00:22 0 d--h----- C:\Documents and Settings\Guest\PrintHood
2007-08-09 16:00:22 786432 --ah----- C:\Documents and Settings\Guest\NTUSER.DAT
2007-08-09 16:00:22 0 d--h----- C:\Documents and Settings\Guest\NetHood
2007-08-09 16:00:22 0 dr------- C:\Documents and Settings\Guest\My Documents
2007-08-09 16:00:22 0 d--h----- C:\Documents and Settings\Guest\Local Settings
2007-08-09 15:48:43 0 d-------- C:\Program Files\Ultimate Fixer
2007-08-09 12:01:48 18761 --a------ C:\WINDOWS\system32\k.dat
2007-08-09 12:01:40 0 d-------- C:\WINDOWS\system32\hblbdnun
2007-08-09 12:01:40 0 d-------- C:\Program Files\SecCenter
2007-08-09 12:01:40 0 d-------- C:\Program Files\Ozqaguwk
2007-08-09 12:01:39 0 d-------- C:\Program Files\Brytaxrx
2007-08-09 12:01:36 0 d-------- C:\Program Files\dgtghudc
2007-08-09 08:27:07 6421 ---hs---- C:\WINDOWS\system32\ehkmp.bak1
2007-08-09 08:26:55 231520 --a------ C:\WINDOWS\system32\pmkhe.dll
2007-08-09 07:12:08 6421 ---hs---- C:\WINDOWS\system32\bdeeg.bak1
2007-08-09 07:12:01 231520 --a------ C:\WINDOWS\system32\geedb.dll
2007-08-09 07:07:04 57362 --a------ C:\WINDOWS\system32\lpdsrngm.exe <Not Verified; ; Browser Driver>
2007-08-09 07:05:41 69632 --a------ C:\WINDOWS\system32\3.exe <Not Verified; Microsoft; 3>
2007-08-09 07:05:20 169147 --a------ C:\WINDOWS\TTC-5555.exe
2007-08-09 07:05:19 26171 --a------ C:\WINDOWS\system32\wvuspqr.dll
2007-08-09 07:05:05 933 --a------ C:\WINDOWS\system32\winpfz32.sys
2007-08-09 07:05:01 30720 --a------ C:\WINDOWS\csrss.exe <Not Verified; TSoft; csrss>
2007-08-09 07:05:00 0 d-------- C:\WINDOWS\system32\f06WtR
2007-08-09 07:04:58 65536 --a------ C:\WINDOWS\system32\sdadlrow-t2.exe <Not Verified; .j..yljjkjlkjylj.j.yj.jy.jy.jy.jy.jy.jy; Project1>
2007-08-09 07:04:56 57354 --a------ C:\WINDOWS\system32\dwdsrngt.exe <Not Verified; ; Browser Driver>
2007-08-09 07:04:52 0 d-------- C:\Documents and Settings\NetworkService\Desktop
2007-08-09 07:04:52 0 d-------- C:\Documents and Settings\LocalService\Desktop
2007-08-09 07:02:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-08-09 06:46:39 224283 --a------ C:\WINDOWS\Setup167.exe
2007-08-02 08:43:59 282624 --a------ C:\Program Files\Common Files\hoketoz5555.dll
2007-07-31 12:04:27 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2007-07-29 18:45:19 0 d-------- C:\WINDOWS\fmuu
2007-07-29 18:45:19 0 d-------- C:\Program Files\Common Files\fmuu
2007-07-25 06:41:18 446976 --a------ C:\WINDOWS\b135.exe
2007-07-23 22:58:07 0 dr------- C:\Documents and Settings\LocalService\Favorites
2007-07-23 22:58:07 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2007-07-23 17:04:01 0 d-------- C:\Documents and Settings\Thomas Barrie\Application Data\WinTouch
2007-07-23 16:53:59 72832 --a------ C:\WINDOWS\system32\drivers\core.sys
2007-07-23 16:49:03 687592 --a------ C:\WINDOWS\system32\atmtd.dll
2007-07-23 16:48:59 0 d--hs---- C:\WINDOWS\VGhvbWFzIEJhcnJpZQ
2007-07-23 16:48:59 0 d-------- C:\Program Files\Network Monitor
2007-07-23 16:48:59 0 d-------- C:\Documents and Settings\LocalService\Application Data\NetMon
2007-07-21 16:55:22 0 d-------- C:\Program Files\Outerinfo
2007-07-21 16:40:46 0 d-------- C:\Program Files\InetGet2
2007-07-21 15:42:58 0 d-------- C:\Program Files\ISM
2007-07-21 15:42:58 40183 ---hs---- C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
2007-07-21 15:31:56 180224 --a------ C:\WINDOWS\UninstallWSST.exe <Not Verified; ; UninstallEXE Application>
2007-07-21 15:31:56 28672 --a------ C:\WINDOWS\system32\ssconfig.exe <Not Verified; Auralis, Inc.; Auralis SSConfig>
2007-07-19 13:05:42 53248 --a------ C:\WINDOWS\uninst1017.exe <Not Verified; ; uninst1017>
2007-07-19 13:02:42 192512 --a------ C:\WINDOWS\i34yuc387.exe <Not Verified; ; q432gf65>
2007-07-17 10:27:12 56320 --a------ C:\WINDOWS\b122.exe
2007-07-11 05:29:38 28160 --a------ C:\WINDOWS\b103.exe


-- Find3M Report ---------------------------------------------------------------

2007-08-09 21:31:05 0 d-------- C:\Program Files\QuickTime
2007-08-09 21:20:52 0 d-------- C:\Program Files\Messenger
2007-08-09 21:20:18 0 d-------- C:\Program Files\iTunes
2007-08-09 21:18:33 0 d-------- C:\Program Files\Google
2007-08-09 21:07:49 0 d-------- C:\Program Files\DellSupport
2007-08-09 2110 0 d-------- C:\Program Files\Common Files
2007-08-09 18:53:33 0 d-------- C:\Program Files\WildTangent
2007-08-09 18:51:38 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-09 18:51:38 0 d-------- C:\Program Files\CyberLink
2007-08-09 18:31:04 0 d-------- C:\Program Files\PacificPoker
2007-08-09 16:53:42 0 d-------- C:\Program Files\Sonic
2007-08-09 16:53:33 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-08-09 09:52:49 15026 --a------ C:\Documents and Settings\Thomas Barrie\Application Data\wklnhst.dat
2007-08-09 07:07:23 16 --a------ C:\Documents and Settings\Thomas Barrie\Application Data\.rdr.ini
2007-07-31 19:10:10 0 d-------- C:\Program Files\World of Warcraft
2007-07-27 10:31:45 21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll
2007-07-27 10:31:45 17212 --a-----t C:\WINDOWS\system32\SIntf32.dll
2007-07-27 10:31:45 12067 --a-----t C:\WINDOWS\system32\SIntf16.dll
2007-07-08 12:02:35 16 --a------ C:\WINDOWS\popcinfo.dat
2007-07-06 14:40:24 192512 --a------ C:\WINDOWS\g4356cbvy63.exe <Not Verified; ; q432gf65>
2007-06-29 10:32:10 146944 ---hs---- C:\Program Files\Common Files\Yazzle1552OinAdmin.exe
2007-06-29 06:18:04 3350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-06-29 06:18:03 56 -r-hs---- C:\WINDOWS\system32\BDED30B750.sys
2007-06-25 08:53:26 53248 --a------ C:\WINDOWS\uninst1014.exe <Not Verified; ; uninst1016>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0625DAA8-3728-4FC8-A1BA-BCAFE1A50D95}]
08/09/2007 08:22 PM 70144 --------- C:\Program Files\Internet Explorer\lavunabiq356.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0FF078B0-0072-4FCA-AEDC-36C078A563D5}]
C:\Program Files\Common Files\hoketoz455101.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F}]
07/18/2007 03:36 PM 172032 --a------ C:\Program Files\Outerinfo\Outerinfo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{356EA4B8-0225-4C11-AF5E-B7CEE719E4D2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3964D8D6-86D0-493A-B460-A805B5401114}]
08/09/2003 07:05 AM 31254 --------- C:\WINDOWS\system32\tuvvusr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E66438B-D364-DFEF-1A15-F88DB123D49D}]
C:\WINDOWS\system32\llbxjem.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{420C4981-32CC-AF09-C412-03797A5A3F37}]
08/09/2007 12:01 PM 94208 --a------ C:\Program Files\Brytaxrx\axwhrzbz.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53B5F2B1-94DD-43E5-8187-EB4E31F00701}]
C:\WINDOWS\system32\l3acdb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6888721E-230F-43E7-837C-6DB442557C34}]
08/02/2007 08:43 AM 282624 --a------ C:\Program Files\Common Files\hoketoz5555.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A43F7E2-7725-4730-97E6-912AAF914EC1}]
08/09/2007 08:26 AM 231520 --a------ C:\WINDOWS\system32\pmkhe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9815DA81-2E0C-478c-90E4-06E474E704D0}]
07/11/2007 03:02 PM 192512 --------- C:\Program Files\ISM\BndDrive.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF46BFB3-2ACC-441b-B82B-36B9562C7FF1}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 06:48 PM]
"SigmatelSysTrayApp"="stsystra.exe" [03/23/2005 01:20 AM C:\WINDOWS\stsystra.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [06/17/2005 08:56 AM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/05/2005 10:05 PM]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [09/03/2003 09:12 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 05:19 PM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" []
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 11:44 AM]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [01/27/2005 02:02 AM]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [07/08/2005 07:18 PM]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [09/22/2005 07:29 PM]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [01/11/2006 01:05 PM]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [08/10/2005 01:49 PM]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [11/11/2005 06:00 PM]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [08/11/2005 11:02 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/14/2006 03:55 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/24/2006 03:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/25/2006 02:54 PM]
"i34yuc387"="C:\WINDOWS\i34yuc387" []
"g4356cbvy63"="C:\WINDOWS\g4356cbvy63" []
"{85-52-22-2E-ZN}"="C:\windows\system32\lpdsrngm.exe" [08/09/2007 07:07 AM]
"bantool"="C:\WINDOWS\system32\sdadlrow-t2.exe" [08/09/2007 07:04 AM]
"horyk"="C:\Program Files\Windows Media Player\horyk22011.exe" [08/07/2007 03:30 PM]
"dgtghudc"="C:\Program Files\dgtghudc\tgfgjgva.dll" [08/09/2007 12:01 PM]
"csrss"="C:\WINDOWS\csrss.exe" [08/09/2007 12:01 PM]
"SC2"="C:\Program Files\SecCenter\scprot4.exe" [08/09/2007 12:01 PM]
"mezavkvd"="C:\Program Files\Ozqaguwk\mezavkvd.exe" [08/09/2007 12:01 PM]
"Ultimate Fixer"="C:\Program Files\Ultimate Fixer\UltimateFixer.exe" []
"ExploreUpdSched"="C:\WINDOWS\system32\nwinqmdt.exe" [08/09/2007 07:11 PM]
"SystemOptimizer"="C:\WINDOWS\system32\ftocwdxy.dll" [08/09/2007 08:29 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/15/2007 03:12 PM]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
"Cxqbik"="C:\Documents and Settings\Thomas Barrie\My Documents\??sks\w?crtupd.exe" []
"WinTouch"="C:\Documents and Settings\Thomas Barrie\Application Data\WinTouch\WinTouch.exe" []
"SfKg6w"="C:\Documents and Settings\Thomas Barrie\Application Data\Microsoft\Windows\nxqmbmr.exe" []
"fmuu"="C:\PROGRA~1\COMMON~1\fmuu\fmuum.exe" []
"ISMModule2"="C:\Program Files\ISM\ISMModule2.exe" [08/09/2007 12:14 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"WebBuying"=C:\Program Files\Web Buying\v1.8.1\webbuying.exe
"Outerinfo"="C:\Program Files\Outerinfo\Outerinfo.exe"

C:\Documents and Settings\Thomas Barrie\Start Menu\Programs\Startup\
TA_Start.lnk - C:\WINDOWS\system32\lpdsrngm.exe [8/9/2007 7:07:04 AM]
Think-Adz.lnk - C:\WINDOWS\system32\nwinqmdt.exe [8/9/2007 7:11:36 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Internet Explorer\profsycyrtypr.html
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= C:\Program Files\ComPlus Applications\profsycyrtypr.html
FriendlyName=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{3964D8D6-86D0-493A-B460-A805B5401114}"= C:\WINDOWS\system32\tuvvusr.dll [08/09/2003 07:05 AM 31254]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkhe]
C:\WINDOWS\system32\pmkhe.dll 08/09/2007 08:26 AM 231520 C:\WINDOWS\system32\pmkhe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvvusr]
tuvvusr.dll 08/09/2003 07:05 AM 31254 C:\WINDOWS\system32\tuvvusr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= c:\windows\system32\ldcore.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McShield"=2 (0x2)
"McDetect.exe"=2 (0x2)
"McTskshd.exe"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"MpfService"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
AutoRun\command- K:\LaunchU3.exe -a

*Newly Created Service* - DOMAINSERVICE



-- End of Deckard's System Scanner: finished at 2007-08-09 at 22:09:10 ---------










EXTRA.TXT

Deckard's System Scanner v20070809.63
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) D CPU 3.00GHz
CPU 1: Intel(R) Pentium(R) D CPU 3.00GHz
Percentage of Memory in Use: 70%
Physical Memory (total/avail): 1022.09 MiB / 301.7 MiB
Pagefile Memory (total/avail): 2458.45 MiB / 1905.55 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1952.3 MiB

C: is Fixed (NTFS) - 229.15 GiB total, 135.86 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.


[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
"C:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"="C:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe:*:Enabled:Stronghold 2"
"C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"="C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1155945513\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1155945513\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1155945513\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1155945513\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"="C:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe:*:Enabled:Star Wars: Empire at War"
"C:\\Program Files\\Morpheus\\Morpheus.exe"="C:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:Morpheus"
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"="C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword"
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"="C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\sihcsdvq.exe"="C:\\WINDOWS\\system32\\sih"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Thomas Barrie\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=THOMAS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Thomas Barrie
LOGONSERVER=\\THOMAS
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0404
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\THOMAS~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\THOMAS~1\LOCALS~1\Temp
USERDOMAIN=THOMAS
USERNAME=Thomas Barrie
USERPROFILE=C:\Documents and Settings\Thomas Barrie
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Thomas Barrie (admin)
Administrator (admin)
Guest (new local, guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
AOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Software Update --> MsiExec.exe /I{5B433733-BB31-4B40-BCBA-DDED37626641}
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Battlefield 2(TM) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
Command --> wscript "C:\WINDOWS\VGhvbWFzIEJhcnJpZQ\p31SvqIWKHL1wBLDtk.vbs"
Cossacks II --> C:\Program Files\GSC Game World\Cossacks II\uninstall.exe
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience --> MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Content Portal --> MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Photo Navigator 1.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7EF4BD8-CA13-11D5-AE3D-005004B8E30C}\Setup.exe" -l0x9
Doomsday --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{69464949-AD9C-4C98-933F-C32FFC86F3C8}\setup.exe" -l0x9
Enhanced Ads by Think-Adz removal --> C:\WINDOWS\system32\nwinqmdt.exe -UPop
Europa Universalis 2 --> C:\PROGRA~1\STRATE~1\EUROPA~1\UNWISE.EXE C:\PROGRA~1\STRATE~1\EUROPA~1\INSTALL.LOG
EW : Cossacks --> C:\WINDOWS\uncsetup.exe
GamersGate Downloader --> "C:\WINDOWS\unins000.exe"
GamersGate Downloader --> rundll32.exe dfshim.dll,ShArpMaintain GamersGate Downloader.application, Culture=neutral, PublicKeyToken=9c01b113621c7c67, processorArchitecture=msil
GamersGate Downloader --> rundll32.exe dfshim.dll,ShArpMaintain GGDownloader.application, Culture=neutral, PublicKeyToken=ee58c60ff97e94f1, processorArchitecture=msil
GamersGate Downloader - 1 --> rundll32.exe dfshim.dll,ShArpMaintain GGDownloader.application, Culture=neutral, PublicKeyToken=a9752e1358eb10ea, processorArchitecture=msil
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
Hearts of Iron 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98786147-80E3-41A5-A80C-1F3C028558CF}\setup.exe" -l0x9
Hearts of Iron 2 Doomsday Armageddon Patch 1.1 --> "C:\Program Files\Paradox Interactive\Doomsday\unins000.exe"
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HP Image Zone 4.2 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.2 --> "C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
Intel Matrix Storage Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\setup.exe" -l0409 -INTELUNINST
Intel(R) 537EP V9x DF PCI Modem --> rundll32 IntelCci.dll,iSMUninstallation "Intel(R) 537EP V9x DF PCI Modem"
Intel(R) PRO Network Connections Drivers --> Prounstl.exe
Intel(R) PROSet for Wired Connections --> MsiExec.exe /I{4CEA6811-DFAD-4892-828D-49941FE3B779}
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
Internet Speed Monitor --> C:\Program Files\ISM\Uninstall.exe
iPod for Windows 2005-10-12 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A} /l1033
iPod for Windows 2006-01-10 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033
iTunes --> MsiExec.exe /I{5878FF02-3B8F-4309-B4E5-0D3DB6F2E8E6}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
McAfee Personal Firewall Plus --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=mpf /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\mpfrem.ui::uninstall.htm
McAfee SecurityCenter --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
McAfee VirusScan --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=vso /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\vsoremui.dll::uninstall.htm
MCU --> MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Medieval - Total War (TM) - Viking Invasion (TM) --> C:\PROGRA~1\TOTALW~1\MEDIEV~1\Uninstall\Unwise.exe /u C:\PROGRA~1\TOTALW~1\MEDIEV~1\Uninstall\Install.log
Medieval II Total War --> C:\Program Files\InstallShield Installation Information\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\Setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft Encarta Encyclopedia Standard 2005 --> MsiExec.exe /I{05410044-64A6-4248-A026-9745C1E9E159}
Microsoft Money 2005 --> C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office Access 2003 --> MsiExec.exe /I{90150409-6000-11D3-8CFE-0150048383C9}
Microsoft Picture It! Premium 10 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Rise Of Nations --> "C:\Program Files\Microsoft Games\Rise of Nations\UNINSTAL.EXE" /runtemp /addremove
Microsoft Streets and Trips 2005 --> MsiExec.exe /I{67E4EE98-59F4-4210-89A6-A20AF5BEC689}
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Microsoft Works 2005 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2005\Setup\Launcher.exe /ARP D:\
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}
Modem Event Monitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Modem On Hold --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
MovieShop --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F695596-85E6-4224-BC70-538F9036797A}\Setup.exe" -l0x9 /removeme/removeme
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Network Monitor --> wscript "C:\WINDOWS\uninstall_nmon.vbs"
Ogg Vorbis Redistributable V 1.0b (vorbis1_0_public_release) --> "C:\Program Files\OggVorbis\unins000.exe"
OIN --> "C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe"
Pacific Poker --> C:\PROGRA~1\PACIFI~1\UNWISE.EXE C:\PROGRA~1\PACIFI~1\INSTALL.LOG
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Photo Click --> MsiExec.exe /I{6E179C77-7335-458D-9537-4F4EAC0181ED}
PowerDVD 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PQ DVD to iPod Video Converter (remove only) --> "C:\Program Files\PQDVD\PQ DVD to iPod Video Converter\bt-uninst.exe"
Qualxserve Service Agreement --> MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
QuickTime --> MsiExec.exe /I{55BF0E5F-EA8E-4C13-A8B4-9E4857F5A2DE}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Sid Meier's Civilization 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly
Sid Meier's Civilization 4 - Beyond the Sword --> C:\Program Files\InstallShield Installation Information\{32E4F0D2-C135-475E-A841-1D59A0D22989}\setup.exe -runfromtemp -l0x0009 -removeonly
Sid Meier's Civilization 4 - Warlords --> C:\Program Files\InstallShield Installation Information\{3E4B349F-10B5-4586-9D99-489A90A8B228}\setup.exe -runfromtemp -l0x0009 -removeonly
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Star Wars Empire at War --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}\Setup.exe" -l0x9 -removeonly
Stronghold 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{16D2C649-CBA8-44EE-B730-12584667D487}\setup.exe" -l0x9 -removeonly
Stronghold Crusader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8C3727F2-8E37-49E4-820C-03B1677F53B6}\setup.exe"
TargetSaver --> C:\WINDOWS\system32\tsuninst.exe /u
The Battle for Middle-earth (tm) II --> C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\EAUninstall.exe
The Print Shop --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB26EA24-AE01-4C86-BEBC-424D5B81E66E}\setup.exe" -l0x9 anything
Think-Adz Search Assistant removal --> C:\WINDOWS\system32\nwinqmdt.exe -USearch
Tropico --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{818FB39B-1A57-4F1B-A54D-391C33D6C596}\setup.exe" -l0x9
Tropico 2: Pirate Cove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1A2000AF-79DE-47FB-8411-BA22F981917F}\setup.exe" -l0x9
Victoria --> C:\PROGRA~1\STRATE~1\Victoria\UNWISE.EXE C:\PROGRA~1\STRATE~1\Victoria\INSTALL.LOG
Victoria Revolutions 1.0 --> "C:\PROGRA~1\STRATE~1\Victoria\unins000.exe"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (5)\Uninstall.exe
WWI: The Great War --> C:\Program Files\Buka\WWI\Setup.exe -uninst
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"


-- Application Event Log -------------------------------------------------------

Event ID #16795: Error
Event Submitted/Written: 08/09/2007 09:15:37 PM
Event Source: Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16473, faulting module hoketoz5555.dll, version 0.0.0.0, fault address 0x00006845.
Processing media-specific event for [iexplore.exe!ws!]

Event ID #16780: Warning
Event Submitted/Written: 08/09/2007 08:19:41 PM
Event Source: Userenv
Event Description:
Windows saved user THOMAS\Thomas Barrie registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Event ID #16779: Warning
Event Submitted/Written: 08/09/2007 08:19:38 PM
Event Source: Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event ID #16777: Error
Event Submitted/Written: 08/09/2007 08:17:19 PM
Event Source: MsiInstaller
Event Description:
Product: Microsoft Word 2002 - Update '{DA256408-A2E7-41A5-8AD6-62ACB86A0FD7}' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Event ID #16776: Error
Event Submitted/Written: 08/09/2007 08:17:18 PM
Event Source: MsiInstaller
Event Description:
Product: Microsoft Word 2002 -- Error 1706. Setup cannot find the required files. Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see C:\Program Files\Microsoft Office\Office10\1033\SETUP.HLP.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event ID #12218: Error
Event Submitted/Written: 08/09/2007 08:20:57 PM
Event Source: Service Control Manager
Event Description:
The Network Monitor service failed to start due to the following error:
%%2

Event ID #12217: Error
Event Submitted/Written: 08/09/2007 08:20:57 PM
Event Source: Service Control Manager
Event Description:
The Net Agent service failed to start due to the following error:
%%2

Event ID #12208: Error
Event Submitted/Written: 08/09/2007 08:17:25 PM
Event Source: Windows Update Agent
Event Description:
Installation Failure: Windows failed to install the following update with error 0x8024002d: Office XP Service Pack 3.

Event ID #12179: Error
Event Submitted/Written: 08/09/2007 07:53:09 PM
Event Source: Service Control Manager
Event Description:
The Network Monitor service failed to start due to the following error:
%%2

Event ID #12178: Error
Event Submitted/Written: 08/09/2007 07:53:09 PM
Event Source: Service Control Manager
Event Description:
The Net Agent service failed to start due to the following error:
%%2



-- End of Deckard's System Scanner: finished at 2007-08-09 at 22:09:10 ---------
abthere2 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 08-09-2007, 09:41 PM   #2 (permalink)
Registered User
 
Join Date: Aug 2007
Posts: 13
OS: xp


Re: My Malware
Forgot to include this report from activescan. thanks!



Incident Status Location

Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ftocwdxy.dll
Adware:Adware/Zenosearch Not disinfected c:\windows\system32\nwinqmdt.exe
Virus:Trj/Spamta.ABL Disinfected Operating system
Adware:Adware/Zenosearch Not disinfected c:\windows\system32\lpdsrngm.exe
Virus:Trj/Downloader.PJT Disinfected Operating system
Virus:Trj/Downloader.PCQ Disinfected Operating system
Virus:Generic Malware Disinfected Operating system
Virus:Trj/Downloader.MDW Disinfected Operating system
Adware:Adware/TTC Not disinfected C:\Program Files\Common Files\hoketoz5555.dll
Virus:Generic Malware Disinfected Operating system
Adware:Adware/DigInk Not disinfected C:\WINDOWS\g4356cbvy63.exe
Virus:Trj/Passtealer.ED Disinfected Operating system
Adware:adware/commad Not disinfected c:\windows\system32\atmtd.dll
Adware:adware/sqwire Not disinfected Windows Registry
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Adware:adware/statblaster Not disinfected Windows Registry
Adware:Adware/Yazzle Not disinfected C:\1BF.tmp[¦++\Yazzle1552OinAdmin.exe]
Virus:Trj/Downloader.MDW Not disinfected C:\1C1.tmp[BndDrive.dll]
Virus:Trj/Downloader.PNC Disinfected C:\1C4.tmp
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Guest\Cookies\guest@fastclick[1].txt
Adware:Adware/DigInk Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun1.exe[g4356cbvy63.exe]
Adware:Adware/DigInk Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun1.exe[uni_eh44.exe]
Adware:Adware/DigInk Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun1.exe[uninst1014.exe]
Adware:Adware/NSISMedia Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun1.exe[²îÇ\NSIS.Library.RegTool.v2.²áÇ.exe]
Adware:Adware/Zenosearch Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun2.exe
Possible Virus. Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temp\stdrun8.exe
Adware:Adware/DigInk Not disinfected C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun1.exe[g4356cbvy63.exe]
Adware:Adware/DigInk Not disinfected C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun1.exe[uni_eh44.exe]
Adware:Adware/DigInk Not disinfected C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun1.exe[uninst1014.exe]
Adware:Adware/NSISMedia Not disinfected C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun1.exe[²îÇ\NSIS.Library.RegTool.v2.²áÇ.exe]
Possible Virus. Not disinfected C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun17.exe
Adware:Adware/DigInk Not disinfected C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun2.exe[g4356cbvy63.exe]
Adware:Adware/DigInk Not disinfected C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun2.exe[uni_eh44.exe]
Adware:Adware/DigInk Not disinfected C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun2.exe[uninst1014.exe]
Adware:Adware/NSISMedia Not disinfected C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun2.exe[²îÇ\NSIS.Library.RegTool.v2.²áÇ.exe]
Adware:Adware/Zenosearch Not disinfected C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun3.exe
Adware:Adware/Zenosearch Not disinfected C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun4.exe
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Thomas Barrie\Cookies\thomas_barrie@ad.yieldmanager[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Thomas Barrie\Cookies\thomas_barrie@adrevolver[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Thomas Barrie\Cookies\thomas_barrie@ads.pointroll[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Thomas Barrie\Cookies\thomas_barrie@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Thomas Barrie\Cookies\thomas_barrie@atdmt[2].txt
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\Thomas Barrie\Cookies\thomas_barrie@banners.searchingbooth[1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Thomas Barrie\Cookies\thomas_barrie@bravenet[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Thomas Barrie\Cookies\thomas_barrie@burstnet[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Thomas Barrie\Cookies\thomas_barrie@c5.zedo[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Thomas Barrie\Cookies\thomas_barrie@casalemedia[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Thomas Barrie\Cookies\thomas_barrie@com[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Thomas Barrie\Cookies\thomas_barrie@counter1.sextracker[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Thomas Barrie\Cookies\thomas_barrie@counter13.sextracker[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Thomas Barrie\Cookies\thomas_barrie@counter3.sextracker[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Thomas Barrie\Cookies\thomas_barrie@doubleclick[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Thomas Barrie\Cookies\thomas_barrie@drivecleaner[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Thomas Barrie\Cookies\thomas_barrie@fastclick[2].txt
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Thomas Barrie\Cookies\thomas_barrie@hotlog[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Thomas Barrie\Cookies\thomas_barrie@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Thomas Barrie\Cookies\thomas_barrie@overture[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Thomas Barrie\Cookies\thomas_barrie@searchportal.information[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Thomas Barrie\Cookies\thomas_barrie@server.iad.liveperson[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Thomas Barrie\Cookies\thomas_barrie@sextracker[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Thomas Barrie\Cookies\thomas_barrie@stats.drivecleaner[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Thomas Barrie\Cookies\thomas_barrie@tribalfusion[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Thomas Barrie\Cookies\thomas_barrie@www.drivecleaner[2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Thomas Barrie\Cookies\thomas_barrie@www.myaffiliateprogram[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Thomas Barrie\Cookies\thomas_barrie@yadro[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Thomas Barrie\Cookies\thomas_barrie@zedo[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Thomas Barrie\Local Settings\Temp\Cookies\thomas barrie@adrevolver[3].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Thomas Barrie\Local Settings\Temp\Cookies\thomas barrie@cgi-bin[1].txt
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\Thomas Barrie\Local Settings\Temp\Morpheus532_b1062.exe[mymorpheusToolbar.exe]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\Thomas Barrie\Local Settings\Temp\Morpheus54_b1088.exe[mymorpheusToolbar.exe]
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Thomas Barrie\Local Settings\Temporary Internet Files\Content.IE5\34RG04VQ\nauj_20070726[1]
Virus:Trj/Downloader.PCQ Disinfected C:\Documents and Settings\Thomas Barrie\Local Settings\Temporary Internet Files\Content.IE5\3P0NINLO\adfcook[1]
Hacktool:Exploit/MS06-006 Not disinfected C:\Documents and Settings\Thomas Barrie\Local Settings\Temporary Internet Files\Content.IE5\3P0NINLO\movie[1].qtl
Adware:Adware/CWS Not disinfected C:\Documents and Settings\Thomas Barrie\Local Settings\Temporary Internet Files\Content.IE5\8ABPL67P\83122[1].exe
Adware:Adware/TTC Not disinfected C:\Documents and Settings\Thomas Barrie\Local Settings\Temporary Internet Files\Content.IE5\8ABPL67P\tk58[1].exe
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Thomas Barrie\Local Settings\Temporary Internet Files\Content.IE5\8ABPL67P\_affvm[1]
Virus:Trj/Downloader.PJT Disinfected C:\Documents and Settings\Thomas Barrie\Local Settings\Temporary Internet Files\Content.IE5\IOK6LPNC\kcehc_eicooc20070702[1]
Adware:Adware/Yazzle Not disinfected C:\Program Files\Common Files\Yazzle1552OinAdmin.exe
Adware:Adware/Yazzle Not disinfected C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
Virus:Generic Malware Disinfected C:\Program Files\ComPlus Applications\lavunabiq.dll
Virus:Generic Malware Disinfected C:\Program Files\Internet Explorer\lavunabiq356.dll
Virus:Generic Malware Disinfected C:\Program Files\Internet Explorer\lavunabiq460.dll
Virus:Generic Malware Disinfected C:\Program Files\Internet Explorer\lavunabiq509.dll
Virus:Generic Malware Disinfected C:\Program Files\Internet Explorer\lavunabiq828.dll
Virus:Generic Malware Disinfected C:\Program Files\Internet Explorer\lavunabiq978.dll
Virus:Generic Malware Disinfected C:\Program Files\Internet Explorer\lavunabiq993.dll
Virus:Trj/Downloader.MDW Disinfected C:\Program Files\ISM\BndDrive.dll
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Morpheus\morpheustoolbar.exe
Adware:Adware/OuterInfo Not disinfected C:\Program Files\Outerinfo\OinUninstall.exe
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\RECYCLER\S-1-5-21-359194424-2608733597-1854331037-1005\Dc182.exe
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\RECYCLER\S-1-5-21-359194424-2608733597-1854331037-1005\Dc183.exe
Adware:Adware/Winpopup Not disinfected C:\WINDOWS\b122.exe
Virus:Trj/Downloader.PLQ Disinfected C:\WINDOWS\b138.exe
Adware:Adware/NSISMedia Not disinfected C:\WINDOWS\Setup167.exe[²îÇ\NSIS.Library.RegTool.v2.²áÇ.exe]
Adware:Adware/DollarRevenue Not disinfected C:\WINDOWS\system32\atmtd.dll._
Spyware:Cookie/Humanclick Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\system@hc2.humanclick[1].txt
Adware:Adware/DigInk Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\534B9DT6\Setup155[1].exe[g4356cbvy63.exe]
Adware:Adware/DigInk Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\534B9DT6\Setup155[1].exe[uni_eh44.exe]
Adware:Adware/DigInk Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\534B9DT6\Setup155[1].exe[uninst1014.exe]
Adware:Adware/NSISMedia Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\534B9DT6\Setup155[1].exe[²îÇ\NSIS.Library.RegTool.v2.²áÇ.exe]
Adware:Adware/CWS Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\9GELMECV\83122[1].exe
Virus:Trj/Downloader.PNC Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\9GELMECV\bass[1].exe[w71.exe]
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\9GELMECV\bass[1].exe[rr25.exe]
Adware:Adware/Zenosearch Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\9GELMECV\bass[1].exe[x55.exe]
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\9GELMECV\is67718[1].exe
Adware:Adware/TTC Not disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\9SNRJ2OD\TTC-5555[1].exe
Virus:Trj/Downloader.PNC Disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SKXAQRJH\wr-1-361[1].exe
Virus:Generic Malware Disinfected C:\WINDOWS\system32\drivers\core.sys
Adware:Adware/Zenosearch Not disinfected C:\WINDOWS\system32\dwdsrngt.exe
Virus:Generic Malware Disinfected C:\WINDOWS\system32\hblbdnun\hblbdnun1.exe
Virus:Trj/Clicker.WM Disinfected C:\WINDOWS\system32\hblbdnun\hblbdnun2.exe
Adware:Adware/DigInk Not disinfected C:\WINDOWS\system32\Setup155.exe[g4356cbvy63.exe]
Adware:Adware/DigInk Not disinfected C:\WINDOWS\system32\Setup155.exe[uni_eh44.exe]
Adware:Adware/DigInk Not disinfected C:\WINDOWS\system32\Setup155.exe[uninst1014.exe]
Adware:Adware/NSISMedia Not disinfected C:\WINDOWS\system32\Setup155.exe[²îÇ\NSIS.Library.RegTool.v2.²áÇ.exe]
Virus:Trj/Passtealer.ED Disinfected C:\WINDOWS\system32\tuvvusr.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\vknmfgfw.dll
Virus:Trj/Downloader.PNC Disinfected C:\WINDOWS\system32\waverevenue.exe
Virus:Trj/Downloader.PNC Disinfected C:\WINDOWS\system32\win\w71.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\wvuspqr.dll
Adware:Adware/DigInk Not disinfected C:\WINDOWS\Temp\stdrun1.exe[g4356cbvy63.exe]
Adware:Adware/DigInk Not disinfected C:\WINDOWS\Temp\stdrun1.exe[uni_eh44.exe]
Adware:Adware/DigInk Not disinfected C:\WINDOWS\Temp\stdrun1.exe[uninst1014.exe]
Adware:Adware/NSISMedia Not disinfected C:\WINDOWS\Temp\stdrun1.exe[²îÇ\NSIS.Library.RegTool.v2.²áÇ.exe]
Adware:Adware/Zenosearch Not disinfected C:\WINDOWS\Temp\stdrun2.exe
Possible Virus. Not disinfected C:\WINDOWS\Temp\stdrun9.exe
Adware:Adware/TTC Not disinfected C:\WINDOWS\tk58.exe
Adware:Adware/TTC Not disinfected C:\WINDOWS\TTC-5555.exe
Adware:Adware/DigInk Not disinfected C:\WINDOWS\uninst1014.exe
abthere2 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-10-2007, 06:06 PM   #3 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,335
OS: N/A


Re: My Malware
1. Download this file - http://download.bleepingcomputer.com...a/ComboFix.exe

* IMPORTANT !!! Place combofix.exe on your Desktop







2. Go to → Run → paste in the single line command & click OK
"%userprofile%\desktop\combofix.exe" /killall
3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-11-2007, 07:11 AM   #4 (permalink)
Registered User
 
Join Date: Aug 2007
Posts: 13
OS: xp


Re: My Malware
Deckard's System Scanner v20070809.63
Run by Thomas Barrie on 2007-08-11 at 07:47:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Thomas Barrie.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:45:21 AM, on 8/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\i34yuc387.exe
C:\Program Files\Windows Media Player\horyk22011.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Ozqaguwk\mezavkvd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
c:\windows\system32\dwdsrngt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Thomas Barrie\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Thomas Barrie.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.si.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0FF078B0-0072-4FCA-AEDC-36C078A563D5} - C:\Program Files\Common Files\hoketoz455101.dll (file missing)
O2 - BHO: (no name) - {356EA4B8-0225-4C11-AF5E-B7CEE719E4D2} - \
O2 - BHO: (no name) - {3E66438B-D364-DFEF-1A15-F88DB123D49D} - C:\WINDOWS\system32\llbxjem.dll (file missing)
O2 - BHO: (no name) - {420C4981-32CC-AF09-C412-03797A5A3F37} - C:\Program Files\Brytaxrx\axwhrzbz.dll
O2 - BHO: (no name) - {53B5F2B1-94DD-43E5-8187-EB4E31F00701} - C:\WINDOWS\system32\l3acdb.dll (file missing)
O2 - BHO: 0 - {5DA6F8BC-0758-4541-5F85-7A23AF300F87} - C:\Program Files\Internet Explorer\lavunabiq.dll
O2 - BHO: BndDrive BHO Class - {9815DA81-2E0C-478c-90E4-06E474E704D0} - C:\Program Files\ISM\BndDrive.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [i34yuc387] C:\WINDOWS\i34yuc387
O4 - HKLM\..\Run: [{85-52-22-2E-ZN}] c:\windows\system32\dwdsrngt.exe D4M001
O4 - HKLM\..\Run: [horyk] C:\Program Files\Windows Media Player\horyk22011.exe
O4 - HKLM\..\Run: [dgtghudc] rundll32.exe "C:\Program Files\dgtghudc\tgfgjgva.dll",Init
O4 - HKLM\..\Run: [csrss] C:\WINDOWS\csrss.exe
O4 - HKLM\..\Run: [mezavkvd] C:\Program Files\Ozqaguwk\mezavkvd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Cxqbik] "C:\Documents and Settings\Thomas Barrie\My Documents\??sks\w?crtupd.exe"
O4 - HKCU\..\Run: [fmuu] C:\PROGRA~1\COMMON~1\fmuu\fmuum.exe
O4 - HKCU\..\Run: [ISMModule2] "C:\Program Files\ISM\ISMModule2.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsrngt.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1174669905562
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O20 - Winlogon Notify: tuvvusr - tuvvusr.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Internet Explorer\profsycyrtypr.html
O24 - Desktop Component 1: (no name) - C:\Program Files\ComPlus Applications\profsycyrtypr.html

--
End of file - 9535 bytes

-- Files created between 2007-07-11 and 2007-08-11 -----------------------------

2007-08-11 07:44:25 0 d-------- C:\Program Files\Trend Micro
2007-08-11 07:19:07 135168 --a------ C:\WINDOWS\tk58.exe
2007-08-11 07:03:09 75328 --a------ C:\WINDOWS\system32\uocvbpji.exe <Not Verified; ; DDC>
2007-08-09 20:28:46 75328 --a------ C:\WINDOWS\system32\sihcsdvq.exe <Not Verified; ; DDC>
2007-08-09 19:22:40 0 d-------- C:\Program Files\SpywareBlaster
2007-08-09 19:11:36 192584 --a------ C:\WINDOWS\system32\nwinqmdt.exe
2007-08-09 19:05:14 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-08-09 16:34:58 0 d-------- C:\WINDOWS\network diagnostic
2007-08-09 1617 0 d-------- C:\Documents and Settings\Guest\Application Data\Macromedia
2007-08-09 16:00:43 0 d-------- C:\Documents and Settings\Guest\Application Data\Google
2007-08-09 16:00:41 0 d-------- C:\Documents and Settings\Guest\Application Data\GTek
2007-08-09 16:00:38 0 d-------- C:\Documents and Settings\Guest\Application Data\Real
2007-08-09 16:00:38 0 d-------- C:\Documents and Settings\Guest\Application Data\McAfee.com Personal Firewall
2007-08-09 16:00:23 0 dr------- C:\Documents and Settings\Guest\Favorites
2007-08-09 16:00:23 0 d-------- C:\Documents and Settings\Guest\Desktop
2007-08-09 16:00:23 0 d---s---- C:\Documents and Settings\Guest\Cookies
2007-08-09 16:00:23 0 dr-h----- C:\Documents and Settings\Guest\Application Data
2007-08-09 16:00:23 0 d-------- C:\Documents and Settings\Guest\Application Data\Sun
2007-08-09 16:00:23 0 d---s---- C:\Documents and Settings\Guest\Application Data\Microsoft
2007-08-09 16:00:23 0 d-------- C:\Documents and Settings\Guest\Application Data\Identities
2007-08-09 16:00:22 0 d--h----- C:\Documents and Settings\Guest\Templates
2007-08-09 16:00:22 0 dr------- C:\Documents and Settings\Guest\Start Menu
2007-08-09 16:00:22 0 dr-h----- C:\Documents and Settings\Guest\SendTo
2007-08-09 16:00:22 0 dr-h----- C:\Documents and Settings\Guest\Recent
2007-08-09 16:00:22 0 d--h----- C:\Documents and Settings\Guest\PrintHood
2007-08-09 16:00:22 786432 --ah----- C:\Documents and Settings\Guest\NTUSER.DAT
2007-08-09 16:00:22 0 d--h----- C:\Documents and Settings\Guest\NetHood
2007-08-09 16:00:22 0 dr------- C:\Documents and Settings\Guest\My Documents
2007-08-09 16:00:22 0 d--h----- C:\Documents and Settings\Guest\Local Settings
2007-08-09 12:01:48 18761 --a------ C:\WINDOWS\system32\k.dat
2007-08-09 12:01:40 0 d-------- C:\WINDOWS\system32\hblbdnun
2007-08-09 12:01:40 0 d-------- C:\Program Files\SecCenter
2007-08-09 12:01:40 0 d-------- C:\Program Files\Ozqaguwk
2007-08-09 12:01:39 0 d-------- C:\Program Files\Brytaxrx
2007-08-09 12:01:36 0 d-------- C:\Program Files\dgtghudc
2007-08-09 07:07:04 57362 --a------ C:\WINDOWS\system32\lpdsrngm.exe <Not Verified; ; Browser Driver>
2007-08-09 07:04:58 65536 --a------ C:\WINDOWS\system32\sdadlrow-t2.exe <Not Verified; .j..yljjkjlkjylj.j.yj.jy.jy.jy.jy.jy.jy; Project1>
2007-08-09 07:04:56 57354 --a------ C:\WINDOWS\system32\dwdsrngt.exe <Not Verified; ; Browser Driver>
2007-08-09 07:04:52 0 d-------- C:\Documents and Settings\NetworkService\Desktop
2007-08-09 07:04:52 0 d-------- C:\Documents and Settings\LocalService\Desktop
2007-08-09 07:02:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-08-09 06:46:39 224283 --a------ C:\WINDOWS\Setup167.exe
2007-07-31 12:04:27 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2007-07-29 18:45:19 0 d-------- C:\WINDOWS\fmuu
2007-07-29 18:45:19 0 d-------- C:\Program Files\Common Files\fmuu
2007-07-23 22:58:07 0 dr------- C:\Documents and Settings\LocalService\Favorites
2007-07-23 22:58:07 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2007-07-23 16:48:59 0 d--hs---- C:\WINDOWS\VGhvbWFzIEJhcnJpZQ
2007-07-23 16:48:59 0 d-------- C:\Documents and Settings\LocalService\Application Data\NetMon
2007-07-21 15:31:56 180224 --a------ C:\WINDOWS\UninstallWSST.exe <Not Verified; ; UninstallEXE Application>
2007-07-21 15:31:56 28672 --a------ C:\WINDOWS\system32\ssconfig.exe <Not Verified; Auralis, Inc.; Auralis SSConfig>
2007-07-19 13:05:42 53248 --a------ C:\WINDOWS\uninst1017.exe <Not Verified; ; uninst1017>
2007-07-19 13:02:42 192512 --a------ C:\WINDOWS\i34yuc387.exe <Not Verified; ; q432gf65>


-- Find3M Report ---------------------------------------------------------------

2007-08-11 07:16:31 0 d-------- C:\Program Files\Common Files
2007-08-09 21:31:05 0 d-------- C:\Program Files\QuickTime
2007-08-09 21:20:52 0 d-------- C:\Program Files\Messenger
2007-08-09 21:20:18 0 d-------- C:\Program Files\iTunes
2007-08-09 21:18:33 0 d-------- C:\Program Files\Google
2007-08-09 21:07:49 0 d-------- C:\Program Files\DellSupport
2007-08-09 18:53:33 0 d-------- C:\Program Files\WildTangent
2007-08-09 18:51:38 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-09 18:51:38 0 d-------- C:\Program Files\CyberLink
2007-08-09 18:31:04 0 d-------- C:\Program Files\PacificPoker
2007-08-09 16:53:42 0 d-------- C:\Program Files\Sonic
2007-08-09 16:53:33 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-08-09 09:52:49 15026 --a------ C:\Documents and Settings\Thomas Barrie\Application Data\wklnhst.dat
2007-07-31 19:10:10 0 d-------- C:\Program Files\World of Warcraft
2007-07-27 10:31:45 21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll
2007-07-27 10:31:45 17212 --a-----t C:\WINDOWS\system32\SIntf32.dll
2007-07-27 10:31:45 12067 --a-----t C:\WINDOWS\system32\SIntf16.dll
2007-07-08 12:02:35 16 --a------ C:\WINDOWS\popcinfo.dat
2007-06-29 06:18:04 3350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-06-29 06:18:03 56 -r-hs---- C:\WINDOWS\system32\BDED30B750.sys


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0FF078B0-0072-4FCA-AEDC-36C078A563D5}]
C:\Program Files\Common Files\hoketoz455101.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{356EA4B8-0225-4C11-AF5E-B7CEE719E4D2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E66438B-D364-DFEF-1A15-F88DB123D49D}]
C:\WINDOWS\system32\llbxjem.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{420C4981-32CC-AF09-C412-03797A5A3F37}]
08/09/2007 12:01 PM 94208 --a------ C:\Program Files\Brytaxrx\axwhrzbz.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53B5F2B1-94DD-43E5-8187-EB4E31F00701}]
C:\WINDOWS\system32\l3acdb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5DA6F8BC-0758-4541-5F85-7A23AF300F87}]
08/11/2007 07:19 AM 70144 --a------ C:\Program Files\Internet Explorer\lavunabiq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9815DA81-2E0C-478c-90E4-06E474E704D0}]
C:\Program Files\ISM\BndDrive.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 06:48 PM]
"SigmatelSysTrayApp"="stsystra.exe" [03/23/2005 01:20 AM C:\WINDOWS\stsystra.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [06/17/2005 08:56 AM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/05/2005 10:05 PM]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [09/03/2003 09:12 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 05:19 PM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" []
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 11:44 AM]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [01/27/2005 02:02 AM]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [07/08/2005 07:18 PM]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [09/22/2005 07:29 PM]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [01/11/2006 01:05 PM]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [08/10/2005 01:49 PM]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [11/11/2005 06:00 PM]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [08/11/2005 11:02 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/14/2006 03:55 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/24/2006 03:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/25/2006 02:54 PM]
"i34yuc387"="C:\WINDOWS\i34yuc387" []
"{85-52-22-2E-ZN}"="c:\windows\system32\dwdsrngt.exe" [08/09/2007 07:04 AM]
"horyk"="C:\Program Files\Windows Media Player\horyk22011.exe" [08/07/2007 03:30 PM]
"dgtghudc"="C:\Program Files\dgtghudc\tgfgjgva.dll" [08/09/2007 12:01 PM]
"csrss"="C:\WINDOWS\csrss.exe" []
"mezavkvd"="C:\Program Files\Ozqaguwk\mezavkvd.exe" [08/09/2007 12:01 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/15/2007 03:12 PM]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]
"Cxqbik"="C:\Documents and Settings\Thomas Barrie\My Documents\??sks\w?crtupd.exe" []
"fmuu"="C:\PROGRA~1\COMMON~1\fmuu\fmuum.exe" []
"ISMModule2"="C:\Program Files\ISM\ISMModule2.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\Thomas Barrie\Start Menu\Programs\Startup\
TA_Start.lnk - C:\WINDOWS\system32\dwdsrngt.exe [8/9/2007 7:04:56 AM]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Internet Explorer\profsycyrtypr.html
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= C:\Program Files\ComPlus Applications\profsycyrtypr.html
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvvusr]
tuvvusr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McShield"=2 (0x2)
"McDetect.exe"=2 (0x2)
"McTskshd.exe"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"MpfService"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
AutoRun\command- K:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2007-08-11 at 07:47:45 ---------
abthere2 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-11-2007, 07:17 AM   #5 (permalink)
Registered User
 
Join Date: Aug 2007
Posts: 13
OS: xp


Re: My Malware
I hope this is the correct combofix log file. I wasn't sure which one combofix created. Thank you again from the bottom of my heart. I sent new HJ file in previous reply.



ComboFix 07-08-11 - "Thomas Barrie" 2007-08-11 7:12:35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.608 [GMT -5:00]
Command switches used :: /killall
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\LOCALS~1\APPLIC~1\.rdr.ini
C:\DOCUME~1\THOMAS~1\APPLIC~1.\Ultimate Fixer
C:\DOCUME~1\THOMAS~1\APPLIC~1\.rdr.ini
C:\DOCUME~1\THOMAS~1\APPLIC~1\WinTouch
C:\DOCUME~1\THOMAS~1\APPLIC~1\WinTouch\wintouch.cfg
C:\DOCUME~1\THOMAS~1\MYDOCU~1.\fnts~1
C:\DOCUME~1\THOMAS~1\MYDOCU~1.\fnts~1\F?nts\
C:\DOCUME~1\THOMAS~1\MYDOCU~1.\sks~1
C:\DOCUME~1\THOMAS~1\STARTM~1\Programs.\Outerinfo
C:\DOCUME~1\THOMAS~1\STARTM~1\Programs.\Outerinfo\Terms.lnk
C:\DOCUME~1\THOMAS~1\STARTM~1\Programs.\Outerinfo\Uninstall.lnk
C:\Program Files\Common Files\hoketoz5555.dll
C:\Program Files\Common Files\Yazzle1552OinAdmin.exe
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
C:\Program Files\ComPlus Applications\profsycyrtypr.html
C:\Program Files\inetget2
C:\Program Files\Internet Explorer\lavunabiq.dll
C:\Program Files\Internet Explorer\lavunabiq4.dll
C:\Program Files\Internet Explorer\profsycyrtypr.html
C:\Program Files\ISM
C:\Program Files\ISM\anticaupd.exe
C:\Program Files\ISM\bndloader.exe
C:\Program Files\ISM\dictionary.gz
C:\Program Files\ISM\ism.exe
C:\Program Files\ISM\ISMModule2.exe
C:\Program Files\ISM\targets.gz
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\network monitor
C:\Program Files\outerinfo
C:\Program Files\outerinfo\OinUninstall.exe
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\Outerinfo.dll
C:\Program Files\outerinfo\Outerinfo.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\Ultimate Fixer
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\temp\tn3
C:\WINDOWS\b103.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\b135.exe
C:\WINDOWS\csrss.exe
C:\WINDOWS\g4356cbvy63.exe
C:\WINDOWS\setup.exe
C:\WINDOWS\system32\3.exe
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\B1
C:\WINDOWS\system32\B1\chkq22011.exe
C:\WINDOWS\system32\bdeeg.bak1
C:\WINDOWS\system32\bdeeg.ini
C:\WINDOWS\system32\config\systemprofile\application data\.rdr.ini
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\drivers\sfsync02.sys
C:\WINDOWS\system32\ehkmp.bak1
C:\WINDOWS\system32\ehkmp.bak2
C:\WINDOWS\system32\ehkmp.ini
C:\WINDOWS\system32\f06WtR
C:\WINDOWS\system32\f06WtR\f06WtR1083.exe
C:\WINDOWS\system32\ftocwdxy.dll
C:\WINDOWS\system32\G1
C:\WINDOWS\system32\geedb.dll
C:\WINDOWS\system32\hvbqgeid.exe
C:\WINDOWS\system32\jrxoosvf.dll
C:\WINDOWS\system32\ldinfo.ldr
C:\WINDOWS\system32\lhrtfmih.exe
C:\WINDOWS\system32\msbind32.exe
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\Outerinfo-1440.exe
C:\WINDOWS\system32\pmkhe.dll
C:\WINDOWS\system32\ruvrjwpu.ini
C:\WINDOWS\system32\setup155.exe
C:\WINDOWS\system32\upwjrvur.dll
C:\WINDOWS\system32\vknmfgfw.dll
C:\WINDOWS\system32\win
C:\WINDOWS\system32\winpfz32.sys
C:\WINDOWS\system32\wvuspqr.dll
C:\WINDOWS\system32\Y1
C:\WINDOWS\system32\Y2
C:\WINDOWS\system32\yxdwcotf.ini
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\tk58.exe
C:\WINDOWS\TTC-5555.exe
C:\WINDOWS\uninst1014.exe
C:\WINDOWS\uninst2.htm
C:\WINDOWS\unist1.htm
C:\WINDOWS\wr.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CMDSERVICE
-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_NET_AGENT
-------\cmdService
-------\core
-------\DomainService
-------\Net Agent
-------\Network Monitor


((((((((((((((((((((((((( Files Created from 2007-07-11 to 2007-08-11 )))))))))))))))))))))))))))))))


2007-08-11 07:11 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-11 07:03 75,328 --a------ C:\WINDOWS\system32\uocvbpji.exe
2007-08-09 22:06 <DIR> d-------- C:\Deckard
2007-08-09 20:28 75,328 --a------ C:\WINDOWS\system32\sihcsdvq.exe
2007-08-09 19:22 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-08-09 19:11 192,584 --a------ C:\WINDOWS\system32\nwinqmdt.exe
2007-08-09 19:05 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-08-09 16:34 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-08-09 16:00 786,432 --ah----- C:\DOCUME~1\Guest\NTUSER.DAT
2007-08-09 16:00 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\Real
2007-08-09 16:00 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\McAfee.com Personal Firewall
2007-08-09 16:00 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\GTek
2007-08-09 16:00 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\Google
2007-08-09 12:01 18,761 --a------ C:\WINDOWS\system32\k.dat
2007-08-09 12:01 <DIR> d-------- C:\WINDOWS\system32\hblbdnun
2007-08-09 12:01 <DIR> d-------- C:\Program Files\SecCenter
2007-08-09 12:01 <DIR> d-------- C:\Program Files\Ozqaguwk
2007-08-09 12:01 <DIR> d-------- C:\Program Files\dgtghudc
2007-08-09 12:01 <DIR> d-------- C:\Program Files\Brytaxrx
2007-08-09 07:07 57,362 --a------ C:\WINDOWS\system32\lpdsrngm.exe
2007-08-09 07:04 65,536 --a------ C:\WINDOWS\system32\sdadlrow-t2.exe
2007-08-09 07:04 57,354 --a------ C:\WINDOWS\system32\dwdsrngt.exe
2007-08-09 06:46 224,283 --a------ C:\WINDOWS\Setup167.exe
2007-07-29 18:45 <DIR> d-------- C:\WINDOWS\fmuu
2007-07-29 18:45 <DIR> d-------- C:\Program Files\Common Files\fmuu
2007-07-28 14:46 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-07-28 14:46 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-07-28 14:46 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-07-28 14:46 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-07-28 14:46 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-07-28 14:46 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-07-28 14:46 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-07-28 14:46 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-07-28 14:46 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-07-28 14:46 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-07-28 14:46 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-07-28 14:46 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-07-28 14:46 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-07-23 22:58 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
2007-07-23 16:48 <DIR> d--hs---- C:\WINDOWS\VGhvbWFzIEJhcnJpZQ
2007-07-23 16:48 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon
2007-07-21 15:31 28,672 --a------ C:\WINDOWS\system32\ssconfig.exe
2007-07-21 15:31 180,224 --a------ C:\WINDOWS\UninstallWSST.exe
2007-07-19 13:05 53,248 --a------ C:\WINDOWS\uninst1017.exe
2007-07-19 13:02 192,512 --a------ C:\WINDOWS\i34yuc387.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-09 21:31 --------- d-------- C:\Program Files\QuickTime
2007-08-09 21:20 --------- d-------- C:\Program Files\Messenger
2007-08-09 21:20 --------- d-------- C:\Program Files\iTunes
2007-08-09 21:18 --------- d-------- C:\Program Files\Google
2007-08-09 21:07 --------- d-------- C:\Program Files\DellSupport
2007-08-09 18:53 --------- d-------- C:\Program Files\WildTangent
2007-08-09 18:51 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-09 18:51 --------- d-------- C:\Program Files\CyberLink
2007-08-09 18:31 --------- d-------- C:\Program Files\PacificPoker
2007-08-09 16:53 --------- d-------- C:\Program Files\Sonic
2007-08-09 16:53 --------- d-------- C:\Program Files\Common Files\Sonic Shared
2007-07-31 19:10 --------- d-------- C:\Program Files\World of Warcraft
2007-07-27 10:31 21840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2007-07-27 10:31 17212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2007-07-27 10:31 12067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2007-06-29 06:18 56 -r-hs---- C:\WINDOWS\system32\BDED30B750.sys
2007-06-29 06:18 3350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-05-16 10:12 86528 --------- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 10:12 85504 --------- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 10:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 10:12 683520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 10:12 510976 --------- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 10:12 1314816 --------- C:\WINDOWS\system32\dllcache\msoe.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0FF078B0-0072-4FCA-AEDC-36C078A563D5}]
C:\Program Files\Common Files\hoketoz455101.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{356EA4B8-0225-4C11-AF5E-B7CEE719E4D2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E66438B-D364-DFEF-1A15-F88DB123D49D}]
C:\WINDOWS\system32\llbxjem.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{420C4981-32CC-AF09-C412-03797A5A3F37}]
2007-08-09 12:01 94208 --a------ C:\Program Files\Brytaxrx\axwhrzbz.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53B5F2B1-94DD-43E5-8187-EB4E31F00701}]
C:\WINDOWS\system32\l3acdb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9815DA81-2E0C-478c-90E4-06E474E704D0}]
C:\Program Files\ISM\BndDrive.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 01:20 C:\WINDOWS\stsystra.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 08:56]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" []
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 02:02]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 19:18]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 19:29]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 13:05]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 13:49]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 18:00]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 23:02]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-14 15:55]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-24 03:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-25 14:54]
"i34yuc387"="C:\WINDOWS\i34yuc387" []
"{85-52-22-2E-ZN}"="c:\windows\system32\dwdsrngt.exe" [2007-08-09 07:04]
"horyk"="C:\Program Files\Windows Media Player\horyk22011.exe" [2007-08-07 15:30]
"dgtghudc"="C:\Program Files\dgtghudc\tgfgjgva.dll" [2007-08-09 12:01]
"csrss"="C:\WINDOWS\csrss.exe" []
"mezavkvd"="C:\Program Files\Ozqaguwk\mezavkvd.exe" [2007-08-09 12:01]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-15 15:12]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"Cxqbik"="C:\Documents and Settings\Thomas Barrie\My Documents\??sks\w?crtupd.exe" []
"fmuu"="C:\PROGRA~1\COMMON~1\fmuu\fmuum.exe" []
"ISMModule2"="C:\Program Files\ISM\ISMModule2.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\Thomas Barrie\Start Menu\Programs\Startup\
TA_Start.lnk - C:\WINDOWS\system32\dwdsrngt.exe [2007-08-09 07:04:56]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Internet Explorer\profsycyrtypr.html
FriendlyName=

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= C:\Program Files\ComPlus Applications\profsycyrtypr.html
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvvusr]
tuvvusr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McShield"=2 (0x2)
"McDetect.exe"=2 (0x2)
"McTskshd.exe"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"MpfService"=2 (0x2)

R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver;C:\WINDOWS\system32\DRIVERS\e1e5132.sys
R3 IntelC51;IntelC51;C:\WINDOWS\system32\DRIVERS\IntelC51.sys
R3 IntelC52;IntelC52;C:\WINDOWS\system32\DRIVERS\IntelC52.sys
R3 IntelC53;IntelC53;C:\WINDOWS\system32\DRIVERS\IntelC53.sys
R3 mohfilt;mohfilt;C:\WINDOWS\system32\DRIVERS\mohfilt.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
AutoRun\command- K:\LaunchU3.exe -a


Contents of the 'Scheduled Tasks' folder
2007-07-30 21:12:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-11 12:18:26 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (THOMAS-Thomas Barrie).job - c:\program files\mcafee.com\vso\mcmnhdlr.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-11 07:18:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-11 7:19:26 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-11 07:19

--- E O F ---
abthere2 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-11-2007, 09:55 AM   #6 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,335
OS: N/A


Re: My Malware
Do a HijackThis scan (Not DSS) & place a check next to these items and select "Fix checked":

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {0FF078B0-0072-4FCA-AEDC-36C078A563D5} - C:\Program Files\Common Files\hoketoz455101.dll (file missing)
O2 - BHO: (no name) - {356EA4B8-0225-4C11-AF5E-B7CEE719E4D2} - \
O2 - BHO: (no name) - {3E66438B-D364-DFEF-1A15-F88DB123D49D} - C:\WINDOWS\system32\llbxjem.dll (file missing)
O2 - BHO: (no name) - {420C4981-32CC-AF09-C412-03797A5A3F37} - C:\Program Files\Brytaxrx\axwhrzbz.dll
O2 - BHO: (no name) - {53B5F2B1-94DD-43E5-8187-EB4E31F00701} - C:\WINDOWS\system32\l3acdb.dll (file missing)
O2 - BHO: 0 - {5DA6F8BC-0758-4541-5F85-7A23AF300F87} - C:\Program Files\Internet Explorer\lavunabiq.dll
O2 - BHO: BndDrive BHO Class - {9815DA81-2E0C-478c-90E4-06E474E704D0} - C:\Program Files\ISM\BndDrive.dll (file missing)
O4 - HKLM\..\Run: [i34yuc387] C:\WINDOWS\i34yuc387
O4 - HKLM\..\Run: [{85-52-22-2E-ZN}] c:\windows\system32\dwdsrngt.exe D4M001
O4 - HKLM\..\Run: [horyk] C:\Program Files\Windows Media Player\horyk22011.exe
O4 - HKLM\..\Run: [dgtghudc] rundll32.exe "C:\Program Files\dgtghudc\tgfgjgva.dll",Init
O4 - HKLM\..\Run: [csrss] C:\WINDOWS\csrss.exe
O4 - HKLM\..\Run: [mezavkvd] C:\Program Files\Ozqaguwk\mezavkvd.exe
O4 - HKCU\..\Run: [Cxqbik] "C:\Documents and Settings\Thomas Barrie\My Documents\??sks\w?crtupd.exe"
O4 - HKCU\..\Run: [fmuu] C:\PROGRA~1\COMMON~1\fmuu\fmuum.exe
O4 - HKCU\..\Run: [ISMModule2] "C:\Program Files\ISM\ISMModule2.exe"
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsrngt.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O20 - Winlogon Notify: tuvvusr - tuvvusr.dll (file missing)
O24 - Desktop Component 0: (no name) - C:\Program Files\Internet Explorer\profsycyrtypr.html
O24 - Desktop Component 1: (no name) - C:\Program Files\ComPlus Applications\profsycyrtypr.html


---------------


Open notepad and copy/paste the text in the quotebox below into it:

Code:
http://www.techsupportforum.com/security-center/hijackthis-log-help/173327-my-malware.html
Collect::
C:\WINDOWS\system32\uocvbpji.exe
C:\WINDOWS\system32\sihcsdvq.exe
C:\WINDOWS\system32\nwinqmdt.exe
C:\WINDOWS\system32\k.dat
C:\WINDOWS\system32\lpdsrngm.exe
C:\WINDOWS\i34yuc387.exe
C:\WINDOWS\system32\sdadlrow-t2.exe
C:\WINDOWS\system32\dwdsrngt.exe
Suspect::
C:\WINDOWS\uninst1017.exe
File::
C:\Program Files\Windows Media Player\horyk22011.exe
C:\Documents and Settings\Thomas Barrie\Start Menu\Programs\Startup\TA_Start.lnk
Folder::
C:\Program Files\SecCenter
C:\WINDOWS\system32\hblbdnun
C:\Program Files\Ozqaguwk
C:\Program Files\dgtghudc
C:\Program Files\Brytaxrx
C:\WINDOWS\fmuu
C:\Program Files\Common Files\fmuu
C:\WINDOWS\VGhvbWFzIEJhcnJpZQ
C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon
C:\Program Files\ISM
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0FF078B0-0072-4FCA-AEDC-36C078A563D5}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{356EA4B8-0225-4C11-AF5E-B7CEE719E4D2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E66438B-D364-DFEF-1A15-F88DB123D49D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{420C4981-32CC-AF09-C412-03797A5A3F37}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53B5F2B1-94DD-43E5-8187-EB4E31F00701}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9815DA81-2E0C-478c-90E4-06E474E704D0}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"i34yuc387"=-
"{85-52-22-2E-ZN}"=-
"horyk"=-
"dgtghudc"=-
"csrss"=-
"mezavkvd"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cxqbik"=-
"fmuu"=-
"ISMModule2"=-
[-HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
[-HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvvusr]
Save this as "CFScript"




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Additonally, ComboFix will generate a zipped file on your Desktop, called Submit [Date Time].zip
Please submit this file before proceeding to the next step.


---------------


Click here perform an online scan >> Online Scanner


---------------


In your next post, please include fresh logs from:
  1. Fresh Hijackthis log (not DSS) taken just before replying
  2. Online scan
  3. ComboFix's log
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-11-2007, 09:55 AM   #7 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,335
OS: N/A


Re: My Malware
This is to be performed after you have posted the required logs.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u1 - http://java.sun.com/javase/downloads/index.jsp
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u2-windowsi586-p.exe to install the newest version.
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-11-2007, 10:56 AM   #8 (permalink)
Registered User
 
Join Date: Aug 2007
Posts: 13
OS: xp


Re: My Malware
ok, here is my combofix log and i have attached the zip file. i was a little uncertain as to how i should send you the zip file. hope this works. many many many many thanks.




ComboFix 07-08-11 - "Thomas Barrie" 2007-08-11 11:32:36.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.498 [GMT -5:00]
Command switches used :: C:\Documents and Settings\Thomas Barrie\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\Program Files\Windows Media Player\horyk22011.exe
C:\Documents and Settings\Thomas Barrie\Start Menu\Programs\Startup\TA_Start.lnk


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon
C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon\domains.txt
C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon\log.txt
C:\Program Files\Brytaxrx
C:\Program Files\Common Files\fmuu
C:\Program Files\Common Files\fmuu\fmuua.lck
C:\Program Files\Common Files\fmuu\fmuud\class-barrel
C:\Program Files\Common Files\fmuu\fmuuh
C:\Program Files\Common Files\fmuu\fmuul.lck
C:\Program Files\Common Files\fmuu\fmuum.lck
C:\Program Files\dgtghudc
C:\Program Files\dgtghudc\tgfgjgva.dll
C:\Program Files\Internet Explorer\lavunabiq.dll
C:\Program Files\Ozqaguwk
C:\Program Files\Ozqaguwk\mezavkvd.exe
C:\Program Files\SecCenter
C:\Program Files\SecCenter\scprot4.exe
C:\Program Files\Trend Micro\HijackThis\backups\backup-20070811-112337-592.dll
C:\Program Files\Windows Media Player\horyk22011.exe
C:\WINDOWS\fmuu
C:\WINDOWS\fmuu\fmuu.dat
C:\WINDOWS\fmuu\wu
C:\WINDOWS\i34yuc387.exe
C:\WINDOWS\system32\dwdsrngt.exe
C:\WINDOWS\system32\hblbdnun
C:\WINDOWS\system32\hblbdnun\bg1.gif
C:\WINDOWS\system32\hblbdnun\bgtop.gif
C:\WINDOWS\system32\hblbdnun\bottom1.gif
C:\WINDOWS\system32\hblbdnun\essentials.gif
C:\WINDOWS\system32\hblbdnun\hblbdnun1.exe
C:\WINDOWS\system32\hblbdnun\hblbdnun2.exe
C:\WINDOWS\system32\hblbdnun\hblbdnun3.exe
C:\WINDOWS\system32\hblbdnun\icon1.ico
C:\WINDOWS\system32\hblbdnun\install1.gif
C:\WINDOWS\system32\hblbdnun\left1.gif
C:\WINDOWS\system32\hblbdnun\li.gif
C:\WINDOWS\system32\hblbdnun\logo.gif
C:\WINDOWS\system32\hblbdnun\main.htm
C:\WINDOWS\system32\hblbdnun\mainframe.htm
C:\WINDOWS\system32\hblbdnun\reinstall1.gif
C:\WINDOWS\system32\hblbdnun\right1.gif
C:\WINDOWS\system32\hblbdnun\s1.htm
C:\WINDOWS\system32\hblbdnun\s2.htm
C:\WINDOWS\system32\hblbdnun\s3.htm
C:\WINDOWS\system32\hblbdnun\SMTop1.gif
C:\WINDOWS\system32\hblbdnun\SMTop2.gif
C:\WINDOWS\system32\hblbdnun\SMTop3.gif
C:\WINDOWS\system32\hblbdnun\SMTop4.gif
C:\WINDOWS\system32\hblbdnun\soft1_off.gif
C:\WINDOWS\system32\hblbdnun\soft1_off_ext.gif
C:\WINDOWS\system32\hblbdnun\soft1_on.gif
C:\WINDOWS\system32\hblbdnun\soft1_on_ext.gif
C:\WINDOWS\system32\hblbdnun\soft2_off.gif
C:\WINDOWS\system32\hblbdnun\soft2_off_ext.gif
C:\WINDOWS\system32\hblbdnun\soft2_on.gif
C:\WINDOWS\system32\hblbdnun\soft2_on_ext.gif
C:\WINDOWS\system32\hblbdnun\soft3_off.gif
C:\WINDOWS\system32\hblbdnun\soft3_off_ext.gif
C:\WINDOWS\system32\hblbdnun\soft3_on.gif
C:\WINDOWS\system32\hblbdnun\soft3_on_ext.gif
C:\WINDOWS\system32\hblbdnun\softbottom_off.gif
C:\WINDOWS\system32\hblbdnun\softbottom_on.gif
C:\WINDOWS\system32\hblbdnun\softleft_off.gif
C:\WINDOWS\system32\hblbdnun\softleft_on.gif
C:\WINDOWS\system32\hblbdnun\top1.gif
C:\WINDOWS\system32\hblbdnun\top2.gif
C:\WINDOWS\system32\hblbdnun\turnoff1.gif
C:\WINDOWS\system32\hblbdnun\turnon1.gif
C:\WINDOWS\system32\k.dat
C:\WINDOWS\system32\lpdsrngm.exe
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\nwinqmdt.exe
C:\WINDOWS\system32\sdadlrow-t2.exe
C:\WINDOWS\system32\sihcsdvq.exe
C:\WINDOWS\system32\uocvbpji.exe
C:\WINDOWS\tk58.exe
C:\WINDOWS\VGhvbWFzIEJhcnJpZQ


((((((((((((((((((((((((( Files Created from 2007-07-11 to 2007-08-11 )))))))))))))))))))))))))))))))


2007-08-11 07:44 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-11 07:11 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-09 22:06 <DIR> d-------- C:\Deckard
2007-08-09 19:22 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-08-09 19:05 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-08-09 16:34 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-08-09 16:00 786,432 --ah----- C:\DOCUME~1\Guest\NTUSER.DAT
2007-08-09 16:00 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\Real
2007-08-09 16:00 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\McAfee.com Personal Firewall
2007-08-09 16:00 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\GTek
2007-08-09 16:00 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\Google
2007-08-09 06:46 224,283 --a------ C:\WINDOWS\Setup167.exe
2007-07-28 14:46 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-07-28 14:46 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-07-28 14:46 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-07-28 14:46 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-07-28 14:46 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-07-28 14:46 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-07-28 14:46 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-07-28 14:46 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-07-28 14:46 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-07-28 14:46 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-07-28 14:46 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-07-28 14:46 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-07-28 14:46 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-07-23 22:58 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
2007-07-21 15:31 28,672 --a------ C:\WINDOWS\system32\ssconfig.exe
2007-07-21 15:31 180,224 --a------ C:\WINDOWS\UninstallWSST.exe
2007-07-19 13:05 53,248 --a------ C:\WINDOWS\uninst1017.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-09 21:31 --------- d-------- C:\Program Files\QuickTime
2007-08-09 21:20 --------- d-------- C:\Program Files\Messenger
2007-08-09 21:20 --------- d-------- C:\Program Files\iTunes
2007-08-09 21:18 --------- d-------- C:\Program Files\Google
2007-08-09 21:07 --------- d-------- C:\Program Files\DellSupport
2007-08-09 18:53 --------- d-------- C:\Program Files\WildTangent
2007-08-09 18:51 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-09 18:51 --------- d-------- C:\Program Files\CyberLink
2007-08-09 18:31 --------- d-------- C:\Program Files\PacificPoker
2007-08-09 16:53 --------- d-------- C:\Program Files\Sonic
2007-08-09 16:53 --------- d-------- C:\Program Files\Common Files\Sonic Shared
2007-07-31 19:10 --------- d-------- C:\Program Files\World of Warcraft
2007-07-27 10:31 21840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2007-07-27 10:31 17212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2007-07-27 10:31 12067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2007-06-29 06:18 56 -r-hs---- C:\WINDOWS\system32\BDED30B750.sys
2007-06-29 06:18 3350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-05-16 10:12 86528 --------- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 10:12 85504 --------- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 10:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 10:12 683520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 10:12 510976 --------- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 10:12 1314816 --------- C:\WINDOWS\system32\dllcache\msoe.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 01:20 C:\WINDOWS\stsystra.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 08:56]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" []
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 02:02]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 19:18]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 19:29]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 13:05]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 13:49]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 18:00]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 23:02]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-14 15:55]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-24 03:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-25 14:54]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-15 15:12]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McShield"=2 (0x2)
"McDetect.exe"=2 (0x2)
"McTskshd.exe"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"MpfService"=2 (0x2)

R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver;C:\WINDOWS\system32\DRIVERS\e1e5132.sys
R3 IntelC51;IntelC51;C:\WINDOWS\system32\DRIVERS\IntelC51.sys
R3 IntelC52;IntelC52;C:\WINDOWS\system32\DRIVERS\IntelC52.sys
R3 IntelC53;IntelC53;C:\WINDOWS\system32\DRIVERS\IntelC53.sys
R3 mohfilt;mohfilt;C:\WINDOWS\system32\DRIVERS\mohfilt.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
AutoRun\command- K:\LaunchU3.exe -a


Contents of the 'Scheduled Tasks' folder
2007-07-30 21:12:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-11 16:35:02 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (THOMAS-Thomas Barrie).job - c:\program files\mcafee.com\vso\mcmnhdlr.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-11 11:34:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-11 11:35:35 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-11 11:35
C:\ComboFix2.txt ... 2007-08-11 07:19

--- E O F ---
Last edited by sUBs; 08-11-2007 at 11:17 AM.
abthere2 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-11-2007, 11:20 AM   #9 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,335
OS: N/A


Re: My Malware
Thomas,

Does McAfee still work or has it expired?
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-11-2007, 11:25 AM   #10 (permalink)
Registered User
 
Join Date: Aug 2007
Posts: 13
OS: xp


Re: My Malware
The "virusscan" service has expired.
abthere2 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-11-2007, 11:28 AM   #11 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,335
OS: N/A


Re: My Malware
LOL ...remind me to get you a freeware antivirus scanner after this
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-11-2007, 11:32 AM   #12 (permalink)
Registered User
 
Join Date: Aug 2007
Posts: 13
OS: xp


Re: My Malware
This is sort of like when you go in for your yearly physical at the dr. and hang your head in shame at everything you have been doing wrong for your health. It's totally embarassing to have all your shortcomings (be it personal or computer-oriented) out to be scrutinized. I say all of this with a laugh, hopefully a lesson learned, and again, complete thanks for all your patience with people like me...

signed 'thomas's mom'...thomas is my 16yearold who is going to get a lesson in computer security before this machine is handed back to him
abthere2 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-11-2007, 11:41 AM   #13 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,335
OS: N/A


Re: My Malware
LOL ....I wish my mom was like you. Then again, she didn't have a computer at this age :)
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-11-2007, 11:52 AM   #14 (permalink)
Registered User
 
Join Date: Aug 2007
Posts: 13
OS: xp


Re: My Malware
just to be sure i'm on the right track ...

i'm running the online scanner right now. so next i'm supposed to post the scan log, a new hj log, and the combofix log again? all before i hear anything else from you are you going to reply with more stuff to do before i should post this stuff? thank you.
abthere2 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-11-2007, 11:56 AM   #15 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,335
OS: N/A


Re: My Malware
I'll have fresh instructs after receiving those logs. We should be nearing the end of the tunnel.
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-11-2007, 12:54 PM   #16 (permalink)
Registered User
 
Join Date: Aug 2007
Posts: 13
OS: xp


Re: My Malware
Ok, here is 1)hijack log, 2)online scan log (Kaspersky), and 3) a new combofix log (I wasn't really sure if I needed to run it again, but I did). Thank you so much. (btw, have you considered the medical field?, you'd be a great diagnostician leading to being a great dr. something to consider.)



HIJACK LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:40:06 PM, on 8/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\mcafee.com\agent\McDash.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.si.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1174669905562
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 7603 bytes







ONLINE SCAN

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, August 11, 2007 1:37:34 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 11/08/2007
Kaspersky Anti-Virus database records: 378789
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 209919
Number of viruses found: 31
Number of infected objects: 126
Number of suspicious objects: 0
Duration of the scan process: 01:13:29

Infected Object Name / Virus Name / Last Action
C:\1BF.tmp/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\1BF.tmp NSIS: infected - 1 skipped
C:\1C1.tmp/stream/data0003 Infected: not-a-virus:AdWare.Win32.Agent.ay skipped
C:\1C1.tmp/stream Infected: not-a-virus:AdWare.Win32.Agent.ay skipped
C:\1C1.tmp NSIS: infected - 2 skipped
C:\Deckard\System Scanner\20070811074356\backup\DOCUME~1\THOMAS~1\LOCALS~1\Temp\ismupd1.exe/data0002 Infected: not-a-virus:AdWare.Win32.Agent.br skipped
C:\Deckard\System Scanner\20070811074356\backup\DOCUME~1\THOMAS~1\LOCALS~1\Temp\ismupd1.exe NSIS: infected - 1 skipped
C:\Deckard\System Scanner\20070811074356\backup\WINDOWS\temp\ASHeuristic\stdrun17_exe.vir Infected: not-virus:Hoax.Win32.Renos.dk skipped
C:\Deckard\System Scanner\20070811074356\backup\WINDOWS\temp\ASHeuristic\stdrun8_exe.vir Infected: not-virus:Hoax.Win32.Renos.dk skipped
C:\Deckard\System Scanner\20070811074356\backup\WINDOWS\temp\ASHeuristic\stdrun9_exe.vir Infected: not-virus:Hoax.Win32.Renos.dk skipped
C:\Deckard\System Scanner\20070811074356\backup\WINDOWS\temp\stdrun11.exe Infected: Email-Worm.Win32.Zhelatin.gp skipped
C:\Deckard\System Scanner\20070811074356\backup\WINDOWS\temp\stdrun5.exe Infected: Trojan-Downloader.Win32.VB.bao skipped
C:\Deckard\System Scanner\20070811074356\backup\WINDOWS\temp\stdrun7.exe/data0005 Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\Deckard\System Scanner\20070811074356\backup\WINDOWS\temp\stdrun7.exe NSIS: infected - 1 skipped
C:\Deckard\System Scanner\20070811074356\backup\WINDOWS\temp\stdrun9.exe Infected: not-virus:Hoax.Win32.Renos.dk skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Thomas Barrie\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Thomas Barrie\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
C:\Documents and Settings\Thomas Barrie\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped
C:\Documents and Settings\Thomas Barrie\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Documents and Settings\Thomas Barrie\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Thomas Barrie\Desktop\[4]-Submit_2007-08-11_113235.20.zip/nwinqmdt.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.r skipped
C:\Documents and Settings\Thomas Barrie\Desktop\[4]-Submit_2007-08-11_113235.20.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Thomas Barrie\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Thomas Barrie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Thomas Barrie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Thomas Barrie\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Thomas Barrie\Local Settings\History\History.IE5\MSHist012007081120070812\index.dat Object is locked skipped
C:\Documents and Settings\Thomas Barrie\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Thomas Barrie\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Thomas Barrie\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Thomas Barrie\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Morpheus\morpheustoolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20070811-112337-440.dll Infected: Trojan.Win32.Obfuscated.gx skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\hoketoz5555.dll.vir Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1552OinAdmin.exe.vir Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\QooBox\Quarantine\C\Program Files\dgtghudc\tgfgjgva.dll.vir Infected: Trojan.Win32.Agent.atq skipped
C:\QooBox\Quarantine\C\Program Files\Internet Explorer\lavunabiq.dll.vir Infected: Trojan.Win32.BHO.ab skipped
C:\QooBox\Quarantine\C\Program Files\Internet Explorer\lavunabiq4.dll.vir Infected: Trojan.Win32.BHO.ab skipped
C:\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir NSIS: infected - 1 skipped
C:\QooBox\Quarantine\C\Program Files\Ozqaguwk\mezavkvd.exe.vir Infected: Trojan.Win32.Obfuscated.ha skipped
C:\QooBox\Quarantine\C\Program Files\SecCenter\scprot4.exe.vir Infected: Trojan-Downloader.Win32.Agent.cbp skipped
C:\QooBox\Quarantine\C\Program Files\Trend Micro\HijackThis\backups\backup-20070811-112337-592.dll.vir Infected: Trojan.Win32.BHO.ab skipped
C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir Infected: not-a-virus:AdWare.Win32.Rond.c skipped
C:\QooBox\Quarantine\C\WINDOWS\csrss.exe.vir Infected: Trojan.Win32.Agent.app skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\f06WtR\f06WtR1083.exe.vir Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hblbdnun\hblbdnun1.exe.vir Infected: not-a-virus:FraudTool.Win32.UltimateDefender.c skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hblbdnun\hblbdnun2.exe.vir Infected: not-a-virus:FraudTool.Win32.UltimateDefender.c skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hblbdnun\hblbdnun3.exe.vir Infected: not-a-virus:FraudTool.Win32.UltimateDefender.c skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hvbqgeid.exe.vir Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\lhrtfmih.exe.vir Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\msbind32.exe.vir Infected: not-virus:Hoax.Win32.Renos.fn skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\Outerinfo-1440.exe.vir/data0004/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\Outerinfo-1440.exe.vir/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\Outerinfo-1440.exe.vir NSIS: infected - 2 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wvuspqr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\QooBox\Quarantine\C\WINDOWS\tk58.exe.vir Infected: Trojan.Win32.BHO.ab skipped
C:\QooBox\Quarantine\C\WINDOWS\TTC-5555.exe.vir/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\QooBox\Quarantine\C\WINDOWS\TTC-5555.exe.vir NSIS: infected - 1 skipped
C:\QooBox\Quarantine\catchme2007-08-11_ 71819.85.zip/core.sys Infected: Rootkit.Win32.Agent.eq skipped
C:\QooBox\Quarantine\catchme2007-08-11_ 71819.85.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP523\A0049078.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP535\A0050478.exe Infected: not-a-virus:AdWare.Win32.Agent.br skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP535\A0050497.exe Infected: Trojan-Downloader.Win32.VB.ang skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP535\A0050512.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP535\A0050512.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP535\A0050513.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP535\A0050516.exe/data0004 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP535\A0050516.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP536\A0053925.exe Infected: not-a-virus:FraudTool.Win32.UltimateDefender.c skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP550\A0055570.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.r skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP552\A0056085.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP552\A0056086.exe Infected: Trojan.Win32.Small.oa skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP552\A0056130.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP552\A0056145.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP556\A0056336.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP556\A0057351.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP556\A0057366.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP557\A0057445.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP557\A0057449.exe Infected: Trojan-Downloader.Win32.Agent.cbn skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP557\A0057450.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP557\A0057451.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP557\A0057452.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP557\A0057453.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP557\A0057454.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP557\A0057456.exe Infected: not-a-virus:FraudTool.Win32.UltimateDefender.c skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP557\A0057457.exe Infected: not-a-virus:FraudTool.Win32.UltimateDefender.c skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP557\A0057458.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP557\A0057459.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP558\A0057474.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP558\A0057475.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP558\A0057505.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP558\A0057506.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP558\A0057507.dll Infected: not-a-virus:AdWare.Win32.Agent.ay skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP558\A0057508.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP558\A0057525.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP559\A0058519.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP560\A0058543.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP560\A0058547.exe/data0004/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP560\A0058547.exe/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP560\A0058547.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP560\A0058549.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP560\A0058551.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP560\A0058552.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP560\A0058553.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP560\A0058559.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP560\A0058560.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP560\A0058561.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP560\A0058573.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP560\A0058573.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP560\A0058578.exe Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP560\A0058582.exe Infected: Trojan.Win32.Agent.app skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP560\A0058586.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP560\A0058590.exe Infected: not-virus:Hoax.Win32.Renos.fn skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP560\A0058591.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP560\A0058591.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP560\A0058698.dll Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP561\A0058723.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP561\A0058724.dll Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP561\A0058725.exe Infected: Trojan-Downloader.Win32.Agent.cbp skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP561\A0058726.exe Infected: not-a-virus:FraudTool.Win32.UltimateDefender.c skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP561\A0058727.exe Infected: not-a-virus:FraudTool.Win32.UltimateDefender.c skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP561\A0058728.exe Infected: not-a-virus:FraudTool.Win32.UltimateDefender.c skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP561\A0058730.exe Infected: Trojan.Win32.Obfuscated.ha skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP561\A0058731.dll Infected: Trojan.Win32.Agent.atq skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP561\A0058736.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP561\A0058739.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.r skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP561\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\9GELMECV\83122[1].exe/data0004 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\9GELMECV\83122[1].exe NSIS: infected - 1 skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\9GELMECV\bass[1].exe/data0006 Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\9GELMECV\bass[1].exe/data0007 Infected: not-a-virus:AdWare.Win32.Agent.co skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\9GELMECV\bass[1].exe/data0008 Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\9GELMECV\bass[1].exe/data0009 Infected: Trojan-Dropper.Win32.Agent.mu skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\9GELMECV\bass[1].exe NSIS: infected - 4 skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\9GELMECV\is67718[1].exe Infected: not-a-virus:AdWare.Win32.Virtumonde.ks skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\9SNRJ2OD\Outerinfo-1440[1].exe/data0004/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\9SNRJ2OD\Outerinfo-1440[1].exe/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\9SNRJ2OD\Outerinfo-1440[1].exe NSIS: infected - 2 skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\9SNRJ2OD\TTC-5555[1].exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\9SNRJ2OD\TTC-5555[1].exe NSIS: infected - 1 skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


COMBOFIX LOG


ComboFix 07-08-11 - "Thomas Barrie" 2007-08-11 13:41:03.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.532 [GMT -5:00]


((((((((((((((((((((((((( Files Created from 2007-07-11 to 2007-08-11 )))))))))))))))))))))))))))))))


2007-08-11 11:58 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-11 11:58 <DIR> d-------- C:\WINDOWS\LastGood
2007-08-11 11:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-08-11 07:44 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-11 07:11 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-09 22:06 <DIR> d-------- C:\Deckard
2007-08-09 19:22 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-08-09 19:05 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-08-09 16:34 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-08-09 16:00 786,432 --ah----- C:\DOCUME~1\Guest\NTUSER.DAT
2007-08-09 16:00 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\Real
2007-08-09 16:00 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\McAfee.com Personal Firewall
2007-08-09 16:00 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\GTek
2007-08-09 16:00 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\Google
2007-08-09 06:46 224,283 --a------ C:\WINDOWS\Setup167.exe
2007-07-28 14:46 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-07-28 14:46 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-07-28 14:46 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-07-28 14:46 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-07-28 14:46 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-07-28 14:46 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-07-28 14:46 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-07-28 14:46 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-07-28 14:46 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-07-28 14:46 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-07-28 14:46 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-07-28 14:46 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-07-28 14:46 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-07-23 22:58 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
2007-07-21 15:31 28,672 --a------ C:\WINDOWS\system32\ssconfig.exe
2007-07-21 15:31 180,224 --a------ C:\WINDOWS\UninstallWSST.exe
2007-07-19 13:05 53,248 --a------ C:\WINDOWS\uninst1017.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-09 21:31 --------- d-------- C:\Program Files\QuickTime
2007-08-09 21:20 --------- d-------- C:\Program Files\Messenger
2007-08-09 21:20 --------- d-------- C:\Program Files\iTunes
2007-08-09 21:18 --------- d-------- C:\Program Files\Google
2007-08-09 21:07 --------- d-------- C:\Program Files\DellSupport
2007-08-09 18:53 --------- d-------- C:\Program Files\WildTangent
2007-08-09 18:51 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-09 18:51 --------- d-------- C:\Program Files\CyberLink
2007-08-09 18:31 --------- d-------- C:\Program Files\PacificPoker
2007-08-09 16:53 --------- d-------- C:\Program Files\Sonic
2007-08-09 16:53 --------- d-------- C:\Program Files\Common Files\Sonic Shared
2007-07-31 19:10 --------- d-------- C:\Program Files\World of Warcraft
2007-07-27 10:31 21840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2007-07-27 10:31 17212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2007-07-27 10:31 12067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2007-06-29 06:18 56 -r-hs---- C:\WINDOWS\system32\BDED30B750.sys
2007-06-29 06:18 3350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-05-16 10:12 86528 --------- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 10:12 85504 --------- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 10:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 10:12 683520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 10:12 510976 --------- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 10:12 1314816 --------- C:\WINDOWS\system32\dllcache\msoe.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 01:20 C:\WINDOWS\stsystra.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 08:56]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" []
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 02:02]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 19:18]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 19:29]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 13:05]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 13:49]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 18:00]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 23:02]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-14 15:55]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-24 03:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-25 14:54]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-15 15:12]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McShield"=2 (0x2)
"McDetect.exe"=2 (0x2)
"McTskshd.exe"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"MpfService"=2 (0x2)

R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver;C:\WINDOWS\system32\DRIVERS\e1e5132.sys
R3 IntelC51;IntelC51;C:\WINDOWS\system32\DRIVERS\IntelC51.sys
R3 IntelC52;IntelC52;C:\WINDOWS\system32\DRIVERS\IntelC52.sys
R3 IntelC53;IntelC53;C:\WINDOWS\system32\DRIVERS\IntelC53.sys
R3 mohfilt;mohfilt;C:\WINDOWS\system32\DRIVERS\mohfilt.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
AutoRun\command- K:\LaunchU3.exe -a


Contents of the 'Scheduled Tasks' folder
2007-07-30 21:12:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-11 16:35:02 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (THOMAS-Thomas Barrie).job - c:\program files\mcafee.com\vso\mcmnhdlr.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-11 13:44:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-11 13:44:35
C:\ComboFix-quarantined-files.txt ... 2007-08-11 13:44
C:\ComboFix2.txt ... 2007-08-11 11:35
C:\ComboFix3.txt ... 2007-08-11 07:19

--- E O F ---
abthere2 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-11-2007, 01:05 PM   #17 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,335
OS: N/A


Re: My Malware
Open NOTEPAD.exe and copy/paste the text in the quotebox below into it:

Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (
C:\1BF.tmp
C:\1C1.tmp
C:\WINDOWS\Setup167.exe
"C:\Documents and Settings\Thomas Barrie\Desktop\[4]-Submit_2007-08-11_113235.20.zip"
"C:\Program Files\Morpheus\morpheustoolbar.exe"
) do (
del /a/f %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)

for %%g in (
"C:\Program Files\Trend Micro\HijackThis\backups"
"C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5"
%systemdrive%\VundoFix Backups
%systemdrive%\Deckard
%systemdrive%\Qoobox
) do (
rd /s/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)
if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

echo.GetObject("winmgmts:" ^& "{impersonationLevel=impersonate}!\\" ^& "." ^& "\root\default").Get("SystemRestore").Disable("")>SR.vbs
echo.GetObject("winmgmts:" ^& "{impersonationLevel=impersonate}!\\" ^& "." ^& "\root\default").Get("SystemRestore").Enable("")>>SR.vbs
wscript SR.vbs

(
echo.REGEDIT4&echo.
echo.[hkey_current_user\software\microsoft\windows\currentversion\explorer\advanced]
echo."hidden"=dword:00000002
echo."hidefileext"=dword:00000001
echo."showsuperhidden"=dword:00000000
)>rehide.reg

regedit /s rehide.reg
del rehide.reg SR.vbs
nircmd wait 7000
del %0
Save this as fix.bat Choose to "Save type as - All Files"
It should look like this:
Double click on fix.bat & allow it to run

Post back to tell me what it says
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-11-2007, 01:09 PM   #18 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,335
OS: N/A


Re: My Malware
After you have done that, uninstall McAfee from Add/remove programs & then reboot the machine.

Then visit this website to get your new antivirus ->http://www.download.com/Avira-AntiVi...=dl&tag=button

Please post a fresh Hijackthis log when you're done
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-11-2007, 01:11 PM   #19 (permalink)
Registered User
 
Join Date: Aug 2007
Posts: 13
OS: xp


Re: My Malware
it was one line in DOS(does anybody call it that anymore) that said

Deleted successfully !! (note the TWO exclamation marks...could this be good?)
abthere2 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-11-2007, 01:18 PM   #20 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,335
OS: N/A


Re: My Malware
Quote:
note the TWO exclamation marks...could this be good?
It's great
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 10:28 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85