Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Weird Hanging Problem
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 11-24-2007, 06:46 AM   #1 (permalink)
Registered User
 
Join Date: Nov 2007
Posts: 9
OS: xp


Weird Hanging Problem
Hi Guys, I am normally pretty ok at fixing computer problems but this one has really gt my head spinning.

Every now and then the comp just hangs. Funny thing though is mouse can still move around but i cant select or click or highlight anything.

If i ctr alt del and bring up the task menu, it comes up but still cant select anything with the mouse. Everything else just hangs.

Weird also is the num lock light on the keyboard will gon or off when pushing the num lock button. (I have tried everyhting.

Hope someone out there can offer some assistance here.

The problem seemed to have started when i installed medal of honor.

I have run registery mechanic, adaware and mcafee antivirus. The mcafee picked up something in a hidden system folder. Managed to own that and delete the file, also safe booted and deleted old restore points a couple of times. The macafee didnt pick up anything agin

Am running Win Xp wth SP2.
Intel board with P4. 1Gb RAM
A NVIDA 3d card.


Logfile of HijackThis v1.99.1
Scan saved at 7:40:45 PM, on 24/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
D:\Nero 8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Intel\AMT\atchk.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\WINDOWS\system32\svehost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Jetico\BESTCR~1\BCResident.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files\FlashGet\FlashGet.exe
D:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Ina\Local Settings\Temp\wz2bc7\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\d219c5aa727ee8fc0f9eb775006e580a\update\update.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - d:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\Nero 8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
O4 - HKLM\..\Run: [RegistryMechanic] D:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BestCrypt Auto Open.lnk = C:\Program Files\Jetico\BestCrypt\BestCrypt.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O8 - Extra context menu item: &Download All with FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - d:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - d:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: hplun.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Intel(R) AMT System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: DataSvr - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Intel(R) Active Management Technology LMS Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Nero 8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: NTRU Hybrid TSS v1.05 TCSD (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v1.05\bin\tcsd_win32.exe (file missing)
SmgSam is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 11-24-2007, 08:13 PM   #2 (permalink)
Registered User
 
Join Date: Nov 2007
Posts: 9
OS: xp


Re: Weird Hanging Problem
was anyone able to make sense out of the hjt log please.

thanks in advance
SmgSam is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-24-2007, 11:00 PM   #3 (permalink)
Registered User
 
Join Date: Nov 2007
Posts: 9
OS: xp


Re: Weird Hanging Problem
here si the online scan report - funny adaware and mcafee didnt catch this ???

Incident Status Location

Virus:W32/Sdbot.LCS.worm Disinfected Operating system
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\r2szizcu.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\r2szizcu.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\r2szizcu.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\r2szizcu.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\r2szizcu.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\r2szizcu.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\r2szizcu.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\r2szizcu.default\cookies.txt[.com.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Ina\Application Data\Mozilla\Firefox\Profiles\4fcbgou4.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Ina\Application Data\Mozilla\Firefox\Profiles\4fcbgou4.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Ina\Application Data\Mozilla\Firefox\Profiles\4fcbgou4.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Ina\Application Data\Mozilla\Firefox\Profiles\4fcbgou4.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Ina\Application Data\Mozilla\Firefox\Profiles\4fcbgou4.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Ina\Application Data\Mozilla\Firefox\Profiles\4fcbgou4.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Ina\Application Data\Mozilla\Firefox\Profiles\4fcbgou4.default\cookies.txt[.adtech.de/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Ina\Application Data\Mozilla\Firefox\Profiles\4fcbgou4.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Ina\Application Data\Mozilla\Firefox\Profiles\4fcbgou4.default\cookies.txt[.zedo.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Ina\Application Data\Mozilla\Firefox\Profiles\4fcbgou4.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Ina\Application Data\Mozilla\Firefox\Profiles\4fcbgou4.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Ina\Application Data\Mozilla\Firefox\Profiles\4fcbgou4.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Ina\Application Data\Mozilla\Firefox\Profiles\4fcbgou4.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Ina\Application Data\Mozilla\Firefox\Profiles\4fcbgou4.default\cookies.txt[.xiti.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Ina\Application Data\Mozilla\Firefox\Profiles\4fcbgou4.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Ina\Application Data\Mozilla\Firefox\Profiles\4fcbgou4.default\cookies.txt[.com.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Ina\Application Data\Mozilla\Firefox\Profiles\4fcbgou4.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Ina\Application Data\Mozilla\Firefox\Profiles\4fcbgou4.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Ina\Application Data\Mozilla\Firefox\Profiles\4fcbgou4.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Ina\Application Data\Mozilla\Firefox\Profiles\4fcbgou4.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Ina\Application Data\Mozilla\Firefox\Profiles\4fcbgou4.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Ina\Application Data\Mozilla\Firefox\Profiles\4fcbgou4.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Ina\Application Data\Mozilla\Firefox\Profiles\4fcbgou4.default\cookies.txt[.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Ina\Application Data\Mozilla\Firefox\Profiles\4fcbgou4.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Ina\Application Data\Mozilla\Firefox\Profiles\4fcbgou4.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Ina\Application Data\Mozilla\Firefox\Profiles\4fcbgou4.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Ina\Application Data\Mozilla\Firefox\Profiles\4fcbgou4.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Ina\Application Data\Mozilla\Firefox\Profiles\4fcbgou4.default\cookies.txt[counter.hitslink.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Ina\Application Data\Mozilla\Firefox\Profiles\4fcbgou4.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Ina\Application Data\Mozilla\Firefox\Profiles\4fcbgou4.default\cookies.txt[.spylog.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Ina\Application Data\Mozilla\Firefox\Profiles\4fcbgou4.default\cookies.txt[adserver.filefront.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Ina\Cookies\ina@ads.pointroll[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Ina\Cookies\ina@com[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Ina\Cookies\ina@doubleclick[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Ina\Cookies\ina@server.iad.liveperson[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Ina\Cookies\ina@statse.webtrendslive[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Ina\Cookies\ina@tribalfusion[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\2118wesn.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\2118wesn.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\2118wesn.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\2118wesn.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\2118wesn.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\2118wesn.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\2118wesn.default\cookies.txt[.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\2118wesn.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\2118wesn.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\2118wesn.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\2118wesn.default\cookies.txt[.zedo.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\2118wesn.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\2118wesn.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\2118wesn.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\2118wesn.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\2118wesn.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\2118wesn.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\2118wesn.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\2118wesn.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\2118wesn.default\cookies.txt[adserver.filefront.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\2118wesn.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\2118wesn.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\2118wesn.default\cookies.txt[.com.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\2118wesn.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\2118wesn.default\cookies.txt[.overture.com/]
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\2118wesn.default\cookies.txt[.weborama.fr/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\2118wesn.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\2118wesn.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\2118wesn.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\2118wesn.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\2118wesn.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\2118wesn.default\cookies.txt[.club.cdfreaks.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\2118wesn.default\cookies.txt[.cdfreaks.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\2118wesn.default\cookies.txt[.go.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Shane\Application Data\Mozilla\Firefox\Profiles\2118wesn.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Shane\Cookies\shane@xiti[1].txt
Virus:W32/Sdbot.LDK.worm Disinfected C:\Exec.exe
Virus:W32/Sdbot.LDK.worm Disinfected C:\WINDOWS\vchost.exe
SmgSam is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-25-2007, 12:17 AM   #4 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 27,043
OS: WinXP and Vista


Re: Weird Hanging Problem
Hello SmgSam,

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

Also be sure to carry out the instructions in the sequence listed below.

***************************************************

Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% -(Drive that contains the Windows Directory, typically C:\SDFix)

--------------------------------------------------------------------

Please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------

Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt I'll need that in your next reply.
--------------------------------------------------------------------

Download Deckard's System Scanner (DSS) to your Desktop.

What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review.
  • DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.


Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.
  5. Please attach extra.txt to your post.
To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\Deckard\System Scanner\extra.txt
  3. Click Upload.

Please include the following in your next reply:

C:\SDFix\Report.txt
main.txt
an attached extra.txt
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-25-2007, 01:20 AM   #5 (permalink)
Registered User
 
Join Date: Nov 2007
Posts: 9
OS: xp


Re: Weird Hanging Problem
Ok Many Thanks Ried,

Have followed your instructions to the letter.

Extra is attached amd here i copy main.txt and also the report.txt from the SDFix file is attached.

Thanks again in advance.

SDFix: Version 1.115

Run by Ina on Sun 25/11/2007 at 02:44 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found





Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-25 15:01:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\Activision\\True Crime\\TrueCrime.exe"="D:\\Program Files\\Activision\\True Crime\\TrueCrime.exe:*:Enabled:TrueCrime"
"D:\\Program Files\\FlashGet\\flashget.exe"="D:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"D:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"="D:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"D:\\Program Files\\Call of Duty Game of the Year Edition\\CoDUOMP.exe"="D:\\Program Files\\Call of Duty Game of the Year Edition\\CoDUOMP.exe:*:Enabled:CoDUOMP"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"D:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe"="D:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe:*:Enabled:CoDMP"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"D:\\Program Files\\Eidos\\Pyro Studios\\Commandos 3 - Destination Berlin\\Commandos3.exe"="D:\\Program Files\\Eidos\\Pyro Studios\\Commandos 3 - Destination Berlin\\Commandos3.exe:*:Enabled:Commandos3"
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"="C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"F:\\Autorun.exe"="F:\\Autorun.exe:*:Enabled:Installer"
"C:\\Program Files\\Sygate\\SON\\SyGate.exe"="C:\\Program Files\\Sygate\\SON\\SyGate.exe:*:Enabled:Sygate - Internet Sharing Software"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"D:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"="D:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe:*:Disabled:Medal of Honor Allied Assault"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Documents and Settings\\Ina\\Desktop\\Skype.exe"="C:\\Documents and Settings\\Ina\\Desktop\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files:
---------------


Files with Hidden Attributes:

Sun 28 Oct 2007 48 ..SH. --- "C:\WINDOWS\SAACA3103.tmp"
Thu 22 Nov 2007 20,487 A.SHR --- "C:\Program Files\McAfee\MQC\MRU.bak"
Thu 22 Nov 2007 211 A.SHR --- "C:\Program Files\McAfee\MQC\qcconf.bak"
Fri 27 Jul 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4bff3a39d84c79b75274c24d8341568c\download\BIT34.tmp"
Fri 27 Jul 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cd41db5c2bdd95605f53e6da96f2b182\download\BIT37.tmp"

Finished!




Deckard's System Scanner v20071014.68
Run by Ina on 2007-11-25 15:09:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; System Restore is disabled (service is not running).


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 4.02 GiB (less than 15%) free.


-- HijackThis (run as Ina.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:11:57 PM, on 25/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
D:\Nero 8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\PROGRA~1\Jetico\BESTCR~1\BCResident.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Documents and Settings\Ina\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Ina.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - d:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\Nero 8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [RegistryMechanic] D:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BestCrypt Auto Open.lnk = C:\Program Files\Jetico\BestCrypt\BestCrypt.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O8 - Extra context menu item: &Download All with FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - d:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - d:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: hplun.dll
O23 - Service: McAfee Application Installer Cleanup (0256171195912982) (0256171195912982mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\025617~1.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Intel(R) AMT System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: DataSvr - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Intel(R) Active Management Technology LMS Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Nero 8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: NTRU Hybrid TSS v1.05 TCSD (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v1.05\bin\tcsd_win32.exe (file missing)

--
End of file - 11297 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Wsdrv (SyGate for NT, Wsdrv) - c:\windows\\systemroot\system32\drivers\wsdrv.sys (file missing)
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.5.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.5.0>
R2 Wg1n (SyGate for NT, Wg1n) - c:\windows\system32\drivers\wg1n.sys <Not Verified; Sygate Technologies, Inc.; SyberGen WGXN>
R2 Wg2n (SyGate for NT, Wg2n) - c:\windows\system32\drivers\wg2n.sys <Not Verified; Sygate Technologies, Inc.; SyberGen WGXN>
R2 wg4n (SyGate for NT, wg4n) - c:\windows\system32\drivers\wg4n.sys <Not Verified; Sygate Technologies, Inc.; SyberGen WGXN>
R2 wg5n (SyGate for NT, wg5n) - c:\windows\system32\drivers\wg5n.sys <Not Verified; Sygate Technologies, Inc.; SyberGen WGXN>
R2 wg6n (SyGate for NT, wg6n) - c:\windows\system32\drivers\wg6n.sys <Not Verified; Sygate Technologies, Inc.; SyberGen WGXN>
R2 wg8n (SyGate for NT, wg8n) - c:\windows\system32\drivers\wg8n.sys <Not Verified; Sygate Technologies, Inc.; SyberGen WGXN>
R2 wg9n (SyGate for NT, wg9n) - c:\windows\system32\drivers\wg9n.sys <Not Verified; Sygate Technologies, Inc.; SyberGen WGXN>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 aawservice (Ad-Aware 2007 Service) - "d:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>
R2 DataSvr - "c:\program files\wave systems corp\common\dataserver.exe" <Not Verified; Wave Systems Corp.; Authentication Manager>
R2 LMS (Intel(R) Active Management Technology LMS Service) - c:\program files\intel\amt\lms.exe <Not Verified; Intel; Intel(R) Active Management Technology Local Manageability Service>
R2 Nero BackItUp Scheduler 3 - d:\nero 8\nero backitup\nbservice.exe
R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

S2 0256171195912982mcinstcleanup (McAfee Application Installer Cleanup (0256171195912982)) - c:\windows\temp\025617~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service (file missing)
S2 tcsd_win32.exe (NTRU Hybrid TSS v1.05 TCSD) - "c:\program files\ntru cryptosystems\ntru hybrid tss v1.05\bin\tcsd_win32.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-11-16 21:27:19 336 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2007-11-16 21:27:18 328 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2007-10-25 and 2007-11-25 -----------------------------

2007-11-25 15:11:43 0 d-------- C:\Program Files\Trend Micro
2007-11-25 14:43:24 0 d-------- C:\WINDOWS\ERUNT
2007-11-25 10:27:40 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-11-24 20:39:03 0 d-------- C:\WINDOWS\network diagnostic
2007-11-24 19:41:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-11-24 19:27:12 262144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2007-11-24 19:27:12 395776 --a------ C:\WINDOWS\system32\libmplayer.dll
2007-11-24 19:27:12 112640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2007-11-24 19:27:11 2255360 --a------ C:\WINDOWS\system32\libavcodec.dll
2007-11-24 19:27:09 0 d-------- C:\Program Files\Cucusoft
2007-11-24 19:11:58 0 d-------- C:\Documents and Settings\Ina\Application Data\Help
2007-11-22 08:59:58 0 d-------- C:\Program Files\Lonely Cat Games
2007-11-17 13:13:04 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-17 10:16:17 0 d-------- C:\Documents and Settings\Shane\Application Data\Talkback
2007-11-17 01:56:51 0 d-------- C:\Documents and Settings\Shane\Application Data\Nero
2007-11-17 01:56:44 0 d-------- C:\Documents and Settings\Shane\Application Data\Sonic
2007-11-17 01:56:34 0 d-------- C:\Documents and Settings\Shane\Application Data\SiteAdvisor
2007-11-16 21:45:14 0 d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2007-11-16 21:38:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-16 21:37:38 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-16 21:29:29 0 d-------- C:\Documents and Settings\LocalService\Desktop
2007-11-16 21:29:29 0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-11-16 21:29:21 0 d-------- C:\Program Files\SiteAdvisor
2007-11-16 21:29:21 0 d-------- C:\Documents and Settings\Ina\Application Data\SiteAdvisor
2007-11-16 21:29:21 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-11-16 21:28:47 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2007-11-16 21:27:08 0 d-------- C:\Program Files\McAfee.com
2007-11-16 21:27:04 0 d-------- C:\Program Files\Common Files\McAfee
2007-11-16 21:26:54 0 d-------- C:\Program Files\McAfee
2007-11-16 20:48:02 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-11-16 19:53:09 0 d-------- C:\WINDOWS\system32\appmgmt
2007-11-16 10:16:15 0 d-------- C:\Documents and Settings\Ina\Application Data\Sonic
2007-11-16 10:16:11 0 d-------- C:\Program Files\Common Files\Sonic
2007-11-16 10:16:05 0 d-------- C:\WINDOWS\system32\dla
2007-11-16 10:15:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-16 10:14:51 0 d-------- C:\Documents and Settings\Ina\Application Data\Leadertech
2007-11-16 10:12:49 1581056 --a------ C:\WINDOWS\system32\mplvw7.dll <Not Verified; Ligos Corporation; MPL Video Library>
2007-11-16 10:12:49 1122304 --a------ C:\WINDOWS\system32\mplvpx.dll <Not Verified; Ligos Corporation; MPL Video Library>
2007-11-16 10:12:49 1552384 --a------ C:\WINDOWS\system32\mplvm6.dll <Not Verified; Ligos Corporation; MPL Video Library>
2007-11-16 10:12:48 1650688 --a------ C:\WINDOWS\system32\mplva6.dll <Not Verified; Ligos Corporation; MPL Video Library>
2007-11-16 10:12:48 77824 --a------ C:\WINDOWS\system32\mplaw7.dll <Not Verified; Ligos Corporation; MPL Audio Library>
2007-11-16 10:12:48 65536 --a------ C:\WINDOWS\system32\mplapx.dll <Not Verified; Ligos Corporation; MPL Audio Library>
2007-11-16 10:12:48 65536 --a------ C:\WINDOWS\system32\mplam6.dll <Not Verified; Ligos Corporation; MPL Audio Library>
2007-11-16 10:12:48 77824 --a------ C:\WINDOWS\system32\mplaa6.dll <Not Verified; Ligos Corporation; MPL Audio Library>
2007-11-16 10:12:48 19968 --a------ C:\WINDOWS\system32\cpuinf32.dll
2007-11-16 10:12:47 212480 --a------ C:\WINDOWS\PCDLIB32.DLL <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit>
2007-11-16 10:11:17 0 d-------- C:\WINDOWS\system32\Fonts
2007-11-16 10:09:28 0 d-------- C:\Program Files\Sonic
2007-11-16 08:50:50 32768 --a------ C:\WINDOWS\system32\FrogASPI.dll <Not Verified; Frog ASPI / Millenod; frogaspi.dll>
2007-11-16 08:50:48 86016 --a------ C:\WINDOWS\system32\WNASPINT.DLL <Not Verified; NexiTech, Inc.; NexiTech ASPI for Win32>
2007-11-16 08:01:30 0 d-------- C:\Documents and Settings\Ina\Application Data\Nero
2007-11-16 07:56:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-11-16 07:56:19 0 d-------- C:\Program Files\Common Files\Nero
2007-11-16 07:27:41 0 d-------- C:\WINDOWS\DISNEY
2007-11-16 07:26:40 0 d-------- C:\Program Files\Disney Interactive
2007-11-16 07:25:10 0 d-------- C:\Documents and Settings\Shane\WINDOWS
2007-11-13 21:16:29 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-11-13 21:16:23 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-11-13 21:16:16 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2007-11-13 21:15:50 0 d-------- C:\WINDOWS\system32\ZoneLabs
2007-11-13 20:00:14 0 d-------- C:\WINDOWS\Internet Logs
2007-11-13 19:20:31 0 d-------- C:\Program Files\EA GAMES
2007-11-05 07:55:05 0 d-------- C:\Documents and Settings\Ina\Application Data\Talkback
2007-11-05 07:30:44 0 d---s---- C:\Documents and Settings\Ina\UserData
2007-10-31 07:52:06 0 d-------- C:\Documents and Settings\Ina\Application Data\AdobeUM
2007-10-30 08:34:52 2505 --a------ C:\WINDOWS\checkip.dat
2007-10-28 09:53:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2007-10-28 09:49:46 0 d-------- C:\Documents and Settings\Ina\Application Data\SlySoft
2007-10-28 09:48:28 0 d-------- C:\Program Files\Elaborate Bytes
2007-10-28 09:48:09 0 d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2007-10-28 09:47:32 0 d-------- C:\Program Files\SlySoft
2007-10-28 00:19:46 0 d-------- C:\Documents and Settings\Shane\Application Data\GetRight Pro
2007-10-27 21:54:22 0 d-------- C:\Documents and Settings\Ina\Application Data\CyberLink
2007-10-27 20:01:06 45056 --a------ C:\WINDOWS\system32\WNASPI32.DLL <Not Verified; Adaptec; Adaptec's ASPI Layer>
2007-10-27 20:01:06 16512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS <Not Verified; Adaptec; Adaptec's ASPI Layer>
2007-10-27 20:01:06 0 d-------- C:\Program Files\QuickTime
2007-10-27 19:28:36 0 d-------- C:\Documents and Settings\Ina\Application Data\Nokia Multimedia Player
2007-10-27 17:42:46 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2007-10-27 14:43:06 368345 --a------ C:\WINDOWS\vchost
2007-10-27 14:39:56 0 d-------- C:\Program Files\GetRight


-- Find3M Report ---------------------------------------------------------------

2007-11-25 1407 0 d-------- C:\Documents and Settings\Ina\Application Data\Skype
2007-11-25 11:57:59 0 d-------- C:\Program Files\PC Connectivity Solution
2007-11-25 11:55:12 0 d-------- C:\Program Files\Messenger
2007-11-25 10:09:44 0 d-------- C:\Documents and Settings\Ina\Application Data\uTorrent
2007-11-17 00:10:00 0 d-------- C:\Program Files\GameSpy Arcade
2007-11-16 21:37:38 0 d-------- C:\Program Files\Common Files
2007-11-16 10:11:37 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-16 07:46:51 0 d-------- C:\Program Files\Common Files\Ahead
2007-11-16 07:35:11 0 d-------- C:\Program Files\Nero
2007-11-14 18:05:29 0 d-------- C:\Program Files\WinCopyDVD 3.5 Standard Edition
2007-11-14 17:52:45 0 d-------- C:\Program Files\MagicISO
2007-11-14 17:50:41 0 d-------- C:\Documents and Settings\Ina\Application Data\Ahead
2007-11-07 02:59:41 0 d-------- C:\Program Files\uTorrent
2007-10-27 20:00:59 0 d-------- C:\Program Files\ImTOO
2007-10-24 07:55:28 0 d-------- C:\Documents and Settings\Ina\Application Data\WinRAR
2007-10-23 07:30:21 0 d-------- C:\Documents and Settings\Ina\Application Data\Media Player Classic
2007-10-23 07:30:21 0 d-------- C:\Documents and Settings\Ina\Application Data\DivX
2007-10-21 11:07:57 0 d-------- C:\Program Files\Sygate
2007-10-21 08:49:07 13224 --a------ C:\WINDOWS\DhcpClient.dat
2007-10-20 15:03:02 0 d-------- C:\Program Files\NETGEAR
2007-10-20 12:42:54 0 d-------- C:\Program Files\Java
2007-10-07 00:09:05 0 d-------- C:\Program Files\CyberLink
2007-10-04 23:52:34 0 d-------- C:\Program Files\Google
2007-09-28 09:51:04 0 d-------- C:\Program Files\Yahoo!


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
19/09/2007 06:15 AM 329032 --a------ C:\Program Files\McAfee\MSK\mcapbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="sttray.exe" []
"IntelAudioStudio"="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" [21/09/2006 10:36 AM]
"atchk"="C:\Program Files\Intel\AMT\atchk.exe" [05/01/2007 07:20 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [22/10/2006 12:22 PM]
"nwiz"="nwiz.exe" [22/10/2006 12:22 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [22/10/2006 12:22 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11 AM]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [18/06/2007 03:10 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [07/02/2007 04:24 PM]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [07/02/2007 04:21 PM]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [29/09/2006 02:21 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [01/03/2007 03:57 PM]
"NBKeyScan"="D:\Nero 8\Nero BackItUp\NBKeyScan.exe" [20/09/2007 09:51 AM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [07/02/2003 01:03 AM]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [13/02/2003 01:01 AM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [03/08/2007 10:33 PM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [25/08/2007 04:57 AM]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [22/07/2007 08:29 PM]
"RegistryMechanic"="D:\Program Files\Registry Mechanic\RegMech.exe" [20/08/2007 11:58 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 07:00 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 11:24 PM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [30/08/2007 05:43 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [15/05/2003 1:19:50 AM]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [10/09/2007 9:57:17 PM]
BestCrypt Auto Open.lnk - C:\Program Files\Jetico\BestCrypt\BestCrypt.exe [14/02/2007 7:58:33 PM]
NETGEAR WG111v2 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v2\WG111v2.exe [17/05/2006 4:05:52 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=hplun.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3bc0e7c-456e-11dc-994f-0019d1790d55}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL ctfmon.exe
×Ô¶¯²¥·Å\command- ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3bc0e7d-456e-11dc-994f-0019d1790d55}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL
×Ô¶¯²¥·Å\command- ctfmon.exe

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{06FAFF59-A4D6-198C-0003-050508020107}]
C:\WINDOWS\vchost.exe



-- End of Deckard's System Scanner: finished at 2007-11-25 15:13:39 ------------
Attached Files
File Type: txt extra.txt (19.9 KB, 1 views)
File Type: txt Report.txt (5.0 KB, 1 views)
Last edited by Ried; 11-25-2007 at 08:59 AM.
SmgSam is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-25-2007, 09:14 AM   #6 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 27,043
OS: WinXP and Vista


Re: Weird Hanging Problem
You're welcome, SmgSam.

Let's continue...

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.

***************************************************

Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Open notepad and copy/paste the text in the code box below into it:

Code:
File::
C:\WINDOWS\vchost.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3bc0e7d-456e-11dc-994f-0019d1790d55}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3bc0e7c-456e-11dc-994f-0019d1790d55}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{06FAFF59-A4D6-198C-0003-050508020107}]
Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

--------------------------------------------------------------------

Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.



  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

-------------------------------------------------------------------

Run a new scan with HijackThis and save the log.

-------------------------------------------------------------------

Please include the following in your next reply:

C:\ComboFix.txt
Kaspersky report
New HijackThis log
Update on system behavior
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-25-2007, 07:43 PM   #7 (permalink)
Registered User
 
Join Date: Nov 2007
Posts: 9
OS: xp


Re: Weird Hanging Problem
Thanks again Reid for going out of your way.

Followed the instructions and have attached
Combofix.txt
The kaspersky log file as attached (virus2.txt)
hijack this log as paste below.

This all looks like mumbo jumbo to me, can you see if there is a problem ? What do you think the problem is and where might i have gotten it from ?

Thanks again !
SmgSam


ComboFix 07-11-19.3 - Ina 2007-11-25 23:23:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.574 [GMT 7:00]
Running from: C:\Documents and Settings\Ina\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ina\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\vchost.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NPF
-------\nm
-------\NPF


((((((((((((((((((((((((( Files Created from 2007-10-25 to 2007-11-25 )))))))))))))))))))))))))))))))
.

2007-11-25 15:11 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-25 10:27 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-11-25 10:27 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-11-25 10:27 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-11-24 19:27 <DIR> d-------- C:\Program Files\Cucusoft
2007-11-24 19:27 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2007-11-22 08:59 <DIR> d-------- C:\Program Files\Lonely Cat Games
2007-11-17 13:13 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-17 10:16 <DIR> d-------- C:\Documents and Settings\Shane\Application Data\Talkback
2007-11-17 01:56 <DIR> d-------- C:\Documents and Settings\Shane\Application Data\Sonic
2007-11-17 01:56 <DIR> d-------- C:\Documents and Settings\Shane\Application Data\SiteAdvisor
2007-11-17 01:56 <DIR> d-------- C:\Documents and Settings\Shane\Application Data\Nero
2007-11-16 21:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2007-11-16 21:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-16 21:37 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-16 21:29 <DIR> d-------- C:\Program Files\SiteAdvisor
2007-11-16 21:29 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-11-16 21:29 <DIR> d-------- C:\Documents and Settings\Ina\Application Data\SiteAdvisor
2007-11-16 21:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-11-16 21:27 <DIR> d-------- C:\Program Files\McAfee.com
2007-11-16 21:27 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-11-16 21:27 201,288 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-11-16 21:27 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-11-16 21:27 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-11-16 21:27 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-11-16 21:27 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-11-16 21:27 33,800 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-11-16 21:26 <DIR> d-------- C:\Program Files\McAfee
2007-11-16 20:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-11-16 10:16 <DIR> d-------- C:\WINDOWS\system32\dla
2007-11-16 10:16 <DIR> d-------- C:\Program Files\Common Files\Sonic
2007-11-16 10:16 <DIR> d-------- C:\Documents and Settings\Ina\Application Data\Sonic
2007-11-16 10:16 98,352 --a------ C:\WINDOWS\dla.exe
2007-11-16 10:16 61,492 --a------ C:\WINDOWS\system32\tfswapi.dll
2007-11-16 10:16 40,416 --a------ C:\WINDOWS\system32\drivers\drvnddm.sys
2007-11-16 10:16 23,059 --a------ C:\WINDOWS\system32\drivers\ssrtln.sys
2007-11-16 10:16 5,589 --a------ C:\WINDOWS\system32\drivers\sscdbhk5.sys
2007-11-16 10:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-16 10:14 <DIR> d-------- C:\Documents and Settings\Ina\Application Data\Leadertech
2007-11-16 10:12 1,650,688 --a------ C:\WINDOWS\system32\mplva6.dll
2007-11-16 10:12 1,581,056 --a------ C:\WINDOWS\system32\mplvw7.dll
2007-11-16 10:12 1,552,384 --a------ C:\WINDOWS\system32\mplvm6.dll
2007-11-16 10:12 1,122,304 --a------ C:\WINDOWS\system32\mplvpx.dll
2007-11-16 10:12 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-11-16 10:12 106,496 --a------ C:\WINDOWS\system32\lmpgspl.ax
2007-11-16 10:12 94,208 --a------ C:\WINDOWS\system32\lmpgvd.ax
2007-11-16 10:12 77,824 --a------ C:\WINDOWS\system32\mplaw7.dll
2007-11-16 10:12 77,824 --a------ C:\WINDOWS\system32\mplaa6.dll
2007-11-16 10:12 65,536 --a------ C:\WINDOWS\system32\mplapx.dll
2007-11-16 10:12 65,536 --a------ C:\WINDOWS\system32\mplam6.dll
2007-11-16 10:12 48,640 --a------ C:\WINDOWS\system32\lmpgad.ax
2007-11-16 10:09 <DIR> d-------- C:\Program Files\Sonic
2007-11-16 08:50 86,016 --a------ C:\WINDOWS\system32\WNASPINT.DLL
2007-11-16 08:01 <DIR> d-------- C:\Documents and Settings\Ina\Application Data\Nero
2007-11-16 08:00 188 --a------ C:\WINDOWS\system32\MsiExec.exe.log
2007-11-16 07:56 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-11-16 07:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-11-16 07:26 <DIR> d-------- C:\Program Files\Disney Interactive
2007-11-16 07:25 <DIR> d-------- C:\Documents and Settings\Shane\WINDOWS
2007-11-13 21:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-11-13 21:16 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-11-13 21:16 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-11-13 20:00 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-11-13 19:20 <DIR> d-------- C:\Program Files\EA GAMES
2007-11-05 07:55 <DIR> d-------- C:\Documents and Settings\Ina\Application Data\Talkback
2007-11-05 07:30 <DIR> d---s---- C:\Documents and Settings\Ina\UserData
2007-10-31 07:52 <DIR> d-------- C:\Documents and Settings\Ina\Application Data\AdobeUM
2007-10-30 08:34 2,505 --a------ C:\WINDOWS\checkip.dat
2007-10-28 09:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2007-10-28 09:49 <DIR> d-------- C:\Documents and Settings\Ina\Application Data\SlySoft
2007-10-28 09:48 <DIR> d-------- C:\Program Files\Elaborate Bytes
2007-10-28 09:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2007-10-28 09:47 <DIR> d-------- C:\Program Files\SlySoft
2007-10-28 00:19 <DIR> d-------- C:\Documents and Settings\Shane\Application Data\GetRight Pro
2007-10-27 21:54 <DIR> d-------- C:\Documents and Settings\Ina\Application Data\CyberLink
2007-10-27 20:01 <DIR> d-------- C:\Program Files\QuickTime
2007-10-27 20:01 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2007-10-27 20:01 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2007-10-27 19:28 <DIR> d-------- C:\Documents and Settings\Ina\Application Data\Nokia Multimedia Player
2007-10-27 17:42 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2007-10-27 14:39 <DIR> d-------- C:\Program Files\GetRight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-25 16:11 --------- d-----w C:\Documents and Settings\Ina\Application Data\uTorrent
2007-11-25 07:06 --------- d-----w C:\Documents and Settings\Ina\Application Data\Skype
2007-11-25 04:57 --------- d-----w C:\Program Files\PC Connectivity Solution
2007-11-17 03:17 --------- d-----w C:\Documents and Settings\Shane\Application Data\uTorrent
2007-11-16 17:10 --------- d-----w C:\Program Files\GameSpy Arcade
2007-11-16 03:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-16 00:46 --------- d-----w C:\Program Files\Common Files\Ahead
2007-11-16 00:35 --------- d-----w C:\Program Files\Nero
2007-11-14 11:05 --------- d-----w C:\Program Files\WinCopyDVD 3.5 Standard Edition
2007-11-14 10:52 --------- d-----w C:\Program Files\MagicISO
2007-11-14 10:50 --------- d-----w C:\Documents and Settings\Ina\Application Data\Ahead
2007-11-06 19:59 --------- d-----w C:\Program Files\uTorrent
2007-10-27 13:00 --------- d-----w C:\Program Files\ImTOO
2007-10-23 00:30 --------- d-----w C:\Documents and Settings\Ina\Application Data\Media Player Classic
2007-10-23 00:30 --------- d-----w C:\Documents and Settings\Ina\Application Data\DivX
2007-10-22 00:29 --------- d-----w C:\Documents and Settings\Guest\Application Data\PC Suite
2007-10-21 10:49 --------- d-----w C:\Documents and Settings\Shane\Application Data\Skype
2007-10-21 04:07 --------- d-----w C:\Program Files\Sygate
2007-10-20 08:03 --------- d-----w C:\Program Files\NETGEAR
2007-10-20 05:42 --------- d-----w C:\Program Files\Java
2007-10-20 05:30 21,035 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2007-10-06 17:11 --------- d-----w C:\Documents and Settings\Shane\Application Data\CyberLink
2007-10-06 17:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2007-10-06 17:09 --------- d-----w C:\Program Files\CyberLink
2007-10-04 16:52 --------- d-----w C:\Program Files\Google
2007-09-29 15:10 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-09-28 03:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-09-28 02:51 --------- d-----w C:\Program Files\Yahoo!
2007-09-20 02:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-09-20 02:55 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 19:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 23:24]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="sttray.exe" []
"IntelAudioStudio"="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" [2006-09-21 10:36]
"atchk"="C:\Program Files\Intel\AMT\atchk.exe" [2007-01-05 19:20]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 19:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 19:00 C:\WINDOWS\system32\rundll32.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 16:24]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 16:21]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-29 02:21]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57]
"NBKeyScan"="D:\Nero 8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-02-07 01:03]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 01:01]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-08-25 04:57]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-07-22 20:29]
"RegistryMechanic"="D:\Program Files\Registry Mechanic\RegMech.exe" [2007-08-20 11:58]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 19:00]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-09-10 21:57:17]
BestCrypt Auto Open.lnk - C:\Program Files\Jetico\BestCrypt\BestCrypt.exe [2007-02-14 19:58:33]
NETGEAR WG111v2 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v2\WG111v2.exe [2006-05-17 16:05:52]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R0 stmtpm;STM TPM Service;C:\WINDOWS\system32\DRIVERS\stm_tpm.sys
R1 BC_3DES;BC_3DES;C:\WINDOWS\system32\drivers\BC_3DES.sys
R1 BC_BF128;BC_BF128;C:\WINDOWS\system32\drivers\BC_BF128.sys
R1 BC_BF448;BC_BF448;C:\WINDOWS\system32\drivers\BC_BF448.sys
R1 BC_BFish;BC_BFish;C:\WINDOWS\system32\drivers\BC_BFish.sys
R1 BC_CAST;BC_CAST;C:\WINDOWS\system32\drivers\BC_CAST.sys
R1 BC_DES;BC_DES;C:\WINDOWS\system32\drivers\BC_DES.sys
R1 BC_Gost;BC_Gost;C:\WINDOWS\system32\drivers\BC_Gost.sys
R1 BC_RC6;BC_RC6;C:\WINDOWS\system32\drivers\BC_RC6.sys
R1 BC_RIJN;BC_RIJN;C:\WINDOWS\system32\drivers\BC_RIJN.sys
R1 BC_SERP;BC_SERP;C:\WINDOWS\system32\drivers\BC_SERP.sys
R1 BC_TFISH;BC_TFISH;C:\WINDOWS\system32\drivers\BC_TFISH.sys
R1 bcbus;BestCrypt bus driver;C:\WINDOWS\system32\DRIVERS\bcbus.sys
R1 fsh;fsh;C:\WINDOWS\system32\drivers\fsh.sys
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\C:\Program Files\CyberLink\PowerDVD\000.fcl
R2 atchksrv;Intel(R) AMT System Status Service;C:\Program Files\Intel\AMT\atchksrv.exe
R2 LMS;Intel(R) Active Management Technology LMS Service;C:\Program Files\Intel\AMT\LMS.exe
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;D:\Nero 8\Nero BackItUp\NBService.exe
R2 Wg1n;SyGate for NT, Wg1n;C:\WINDOWS\system32\Drivers\Wg1n.sys
R2 Wg2n;SyGate for NT, Wg2n;C:\WINDOWS\system32\Drivers\Wg2n.sys
R2 wg8n;SyGate for NT, wg8n;C:\WINDOWS\system32\Drivers\wg8n.sys
R2 wg9n;SyGate for NT, wg9n;C:\WINDOWS\system32\Drivers\wg9n.sys
R3 mhk;mhk;C:\WINDOWS\system32\drivers\mhk.sys
R3 moh;moh;C:\WINDOWS\system32\drivers\moh.sys
S2 0256171195912982mcinstcleanup;McAfee Application Installer Cleanup (0256171195912982);C:\WINDOWS\TEMP\025617~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-16 14:27:19 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2007-11-16 14:27:18 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-25 23:28:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-25 23:30:18 - machine was rebooted
.
--- E O F ---


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, November 26, 2007 4:37:52 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 25/11/2007
Kaspersky Anti-Virus database records: 465468
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 76483
Number of viruses found: 3
Number of infected objects: 18
Number of suspicious objects: 0
Duration of the scan process: 01:10:37

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\EasyNet\MHNData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\settingsdb.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped
C:\Documents and Settings\Ina\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Ina\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Ina\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Ina\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ina\Local Settings\History\History.IE5\MSHist012007112520071126\index.dat Object is locked skipped
C:\Documents and Settings\Ina\Local Settings\Temp\sqlite_7Y7jVByA9ARsN1R Object is locked skipped
C:\Documents and Settings\Ina\Local Settings\Temp\~DFCB23.tmp Object is locked skipped
C:\Documents and Settings\Ina\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Ina\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ina\My Documents\Downloads\GetRight.Pro.v6.3.rar/GetRight.Pro.v6.3/getright_pro_setup.exe/C:\Dokumente und Einstellungen\DG-Base\Desktop\Toolz.exe Infected: Backdoor.Win32.Bifrose.bew skipped
C:\Documents and Settings\Ina\My Documents\Downloads\GetRight.Pro.v6.3.rar/GetRight.Pro.v6.3/getright_pro_setup.exe Infected: Backdoor.Win32.Bifrose.bew skipped
C:\Documents and Settings\Ina\My Documents\Downloads\GetRight.Pro.v6.3.rar RAR: infected - 2 skipped
C:\Documents and Settings\Ina\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Ina\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Shane\My Documents\My Music\new music\novotel muziek\02 Track 2 (grace).wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Documents and Settings\Shane\My Documents\My Music\new music\novotel muziek\02 Track 2.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Documents and Settings\Shane\My Documents\My Music\new music\novotel muziek\03 Track 3.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Documents and Settings\Shane\My Documents\My Music\new music\novotel muziek\06 Track 6.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Documents and Settings\Shane\My Documents\My Music\new music\novotel muziek\07 Track 7.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Documents and Settings\Shane\My Documents\My Music\new music\novotel muziek\Eighties classic (pumpkins).wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Documents and Settings\Shane\My Documents\My Music\new music\novotel muziek\Top of Charts - 2003.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Documents and Settings\Shane\My Documents\My Music\new music\novotel muziek\Top of Charts - 2004.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Documents and Settings\Shane\My Documents\My Music\new music\novotel muziek\TOTALLY HIP TRACK (pumpkins).wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Documents and Settings\Shane\My Documents\My Music\new music\novotel muziek\Wicked Remix.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
C:\Program Files\Internet Explorer\1.exe Infected: Trojan.Win32.Delf.akr skipped
C:\Program Files\Yahoo!\Messenger\logs\billing_Ina.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\client_Ina.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\network_Ina.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{BC9C2CAF-D241-402F-84F0-E1A452340A79}\RP2\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\RTacDbg.txt Object is locked skipped
C:\WINDOWS\SAACA3103.tmp Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\atchk.log Object is locked skipped
C:\WINDOWS\Temp\atchksrv.log Object is locked skipped
C:\WINDOWS\Temp\mcmsc_lzbFMA0TXNWLpYG Object is locked skipped
C:\WINDOWS\Temp\mcmsc_sbZsYHUjP2B4Kff Object is locked skipped
C:\WINDOWS\Temp\sqlite_2oUvL8tXgWJV2p4 Object is locked skipped
C:\WINDOWS\Temp\sqlite_af7Q1qBxWY19xae Object is locked skipped
C:\WINDOWS\Temp\sqlite_xlc4klqUNgx6Lnt Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Nero 8\Nero BackItUp\BIU1.txt Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{BC9C2CAF-D241-402F-84F0-E1A452340A79}\RP2\change.log Object is locked skipped
E:\Shane Stuff\afl07.jhtml.htm Object is locked skipped
E:\Shane Stuff\afl07.jhtml_files\decor_community.jpg Object is locked skipped
E:\Shane Stuff\afl07.jhtml_files\global.css Object is locked skipped
E:\Shane Stuff\afl07.jhtml_files\gthdbannertall.jpg Object is locked skipped
E:\Shane Stuff\afl07.jhtml_files\header.png Object is locked skipped
E:\Shane Stuff\afl07.jhtml_files\heading.swf Object is locked skipped
E:\Shane Stuff\afl07.jhtml_files\icon_ps2_large.gif Object is locked skipped
E:\Shane Stuff\afl07.jhtml_files\icon_ps3.gif Object is locked skipped
E:\Shane Stuff\afl07.jhtml_files\icon_rss_withtext.gif Object is locked skipped
E:\Shane Stuff\afl07.jhtml_files\large1thumb.jpg Object is locked skipped
E:\Shane Stuff\afl07.jhtml_files\large2thumb.jpg Object is locked skipped
E:\Shane Stuff\afl07.jhtml_files\large3thumb.jpg Object is locked skipped
E:\Shane Stuff\afl07.jhtml_files\large4thumb.jpg Object is locked skipped
E:\Shane Stuff\afl07.jhtml_files\large5thumb.jpg Object is locked skipped
E:\Shane Stuff\afl07.jhtml_files\large6thumb.jpg Object is locked skipped
E:\Shane Stuff\afl07.jhtml_files\large7thumb.jpg Object is locked skipped
E:\Shane Stuff\afl07.jhtml_files\large8thumb.jpg Object is locked skipped
E:\Shane Stuff\afl07.jhtml_files\logo_ps.png Object is locked skipped
E:\Shane Stuff\afl07.jhtml_files\logo_rating_g.gif Object is locked skipped
E:\Shane Stuff\afl07.jhtml_files\magnifyingglass.jpg Object is locked skipped
E:\Shane Stuff\afl07.jhtml_files\mikr.js Object is locked skipped
E:\Shane Stuff\afl07.jhtml_files\mikr_sections.js Object is locked skipped
E:\Shane Stuff\afl07.jhtml_files\modules.css Object is locked skipped
E:\Shane Stuff\afl07.jhtml_files\module_top_stories.gif Object is locked skipped
E:\Shane Stuff\afl07.jhtml_files\navigation.css Object is locked skipped
E:\Shane Stuff\afl07.jhtml_files\packshot.jpg Object is locked skipped
E:\Shane Stuff\afl07.jhtml_files\prototype-1.js Object is locked skipped
E:\Shane Stuff\afl07.jhtml_files\pslogo.gif Object is locked skipped
E:\Shane Stuff\afl07.jhtml_files\psplogo.gif Object is locked skipped
E:\Shane Stuff\afl07.jhtml_files\search.gif Object is locked skipped
E:\Shane Stuff\afl07.jhtml_files\swfobject.js Object is locked skipped
E:\Shane Stuff\afl07.jhtml_files\tasks.js Object is locked skipped
E:\Shane Stuff\afl07.jhtml_files\Thumbs.db Object is locked skipped
E:\Shane Stuff\afl07.jhtml_files\v51.class Object is locked skipped
E:\Shane Stuff\afl07.jhtml_files\v51.js Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{BC9C2CAF-D241-402F-84F0-E1A452340A79}\RP2\change.log Object is locked skipped
E:\Torrents\GetRight.Pro.v6.3\GetRight.Pro.v6.3\getright_pro_setup.exe/C:\Dokumente und Einstellungen\DG-Base\Desktop\Toolz.exe Infected: Backdoor.Win32.Bifrose.bew skipped
E:\Torrents\GetRight.Pro.v6.3\GetRight.Pro.v6.3\getright_pro_setup.exe AutoIt: infected - 1 skipped
E:\Torrents\GetRight.Pro.v6.3\GetRight.Pro.v6.3\getright_pro_setup.exe UPX: infected - 1 skipped
E:\Torrents\GetRight.Pro.v6.3\GetRight.Pro.v6.3\getright_pro_setup.exe PE_Patch.UPX: infected - 1 skipped

Scan process completed.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:29:56 AM, on 26/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
D:\Nero 8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\PROGRA~1\Jetico\BESTCR~1\BCResident.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - d:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\Nero 8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [RegistryMechanic] D:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BestCrypt Auto Open.lnk = C:\Program Files\Jetico\BestCrypt\BestCrypt.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O8 - Extra context menu item: &Download All with FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - d:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - d:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0256171195912982) (0256171195912982mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\025617~1.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Intel(R) AMT System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: DataSvr - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Intel(R) Active Management Technology LMS Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Nero 8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: NTRU Hybrid TSS v1.05 TCSD (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v1.05\bin\tcsd_win32.exe (file missing)

--
End of file - 11439 bytes

ps - system does seem to be more stable. Often too if i left the computer on at night to download torrents or whatever, in the morning i would find it hanging. Also if the monitor blacked out when i went to use again would hang like in my first post.

This last few days however seems to have stabled out.

Thanks !!!
Attached Files
File Type: txt ComboFix.txt (14.8 KB, 1 views)
File Type: txt virus2.txt (25.1 KB, 1 views)
Last edited by Ried; 11-25-2007 at 09:04 PM.
SmgSam is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-25-2007, 09:19 PM   #8 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 27,043
OS: WinXP and Vista


Re: Weird Hanging Problem
You're welcome, SmgSam.


One or more of the identified infections is a backdoor trojan. This type of infection allows hackers to remotely control your computer, steal critical system information and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords and login info where applicable. It would be wise to contact those same financial institutions to apprise them of your situation.

Do not use this PC to access those sites until after the BitDefender online scan.


As you've probably seen by now, all these downloads is where the infections came from:

Quote:
C:\Documents and Settings\Ina\My Documents\Downloads\GetRight.Pro.v6.3.rar/GetRight.Pro.v6.3/getright_pro_setup.exe/C:\Dokumente und Einstellungen\DG-Base\Desktop\Toolz.exe ------> Backdoor.Win32.Bifrose.bew
C:\Documents and Settings\Ina\My Documents\Downloads\GetRight.Pro.v6.3.rar/GetRight.Pro.v6.3/getright_pro_setup.exe ------>Backdoor.Win32.Bifrose.bew
C:\Documents and Settings\Ina\My Documents\Downloads\GetRight.Pro.v6.3.rar RAR: infected - 2
C:\Documents and Settings\Shane\My Documents\My Music\new music\novotel muziek\02 Track 2 (grace).wma ------> Trojan-Downloader.WMA.Wimad.lC:\Documents and Settings\Shane\My Documents\My Music\new music\novotel muziek\02 Track 2.wma ------>Trojan-Downloader.WMA.Wimad.l
C:\Documents and Settings\Shane\My Documents\My Music\new music\novotel muziek\03 Track 3.wma ------>Trojan-Downloader.WMA.Wimad.l
C:\Documents and Settings\Shane\My Documents\My Music\new music\novotel muziek\06 Track 6.wma ------>Trojan-Downloader.WMA.Wimad.l
C:\Documents and Settings\Shane\My Documents\My Music\new music\novotel muziek\07 Track 7.wma ------>Trojan-Downloader.WMA.Wimad.l
C:\Documents and Settings\Shane\My Documents\My Music\new music\novotel muziek\Eighties classic (pumpkins).wma ------>Trojan-Downloader.WMA.Wimad.l
C:\Documents and Settings\Shane\My Documents\My Music\new music\novotel muziek\Top of Charts - 2003.wma ------>Trojan-Downloader.WMA.Wimad.l
C:\Documents and Settings\Shane\My Documents\My Music\new music\novotel muziek\Top of Charts - 2004.wma ------>Trojan-Downloader.WMA.Wimad.l
C:\Documents and Settings\Shane\My Documents\My Music\new music\novotel muziek\TOTALLY HIP TRACK (pumpkins).wma ------>Trojan-Downloader.WMA.Wimad.l
C:\Documents and Settings\Shane\My Documents\My Music\new music\novotel muziek\Wicked Remix.wma ------>Trojan-Downloader.WMA.Wimad.l
C:\Program Files\Internet Explorer\1.exe ------>Trojan.Win32.Delf.akr
E:\Torrents\GetRight.Pro.v6.3\GetRight.Pro.v6.3\getright_pro_setup.exe/C:\Dokumente und Einstellungen\DG-Base\Desktop\Toolz.exe ------>Backdoor.Win32.Bifrose.bew
E:\Torrents\GetRight.Pro.v6.3\GetRight.Pro.v6.3\getright_pro_setup.exe AutoIt: infected - 1
E:\Torrents\GetRight.Pro.v6.3\GetRight.Pro.v6.3\getright_pro_setup.exe UPX: infected - 1
E:\Torrents\GetRight.Pro.v6.3\GetRight.Pro.v6.3\getright_pro_setup.exe PE_Patch.UPX: infected - 1
Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares. Cracksites are also another sure fire way to get the nastiest of infections.

One more run should do it.


Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.

***************************************************

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

---------------------------------------------------------------------

Open notepad and copy/paste the text in the code box below into it:

Code:
File::
C:\Documents and Settings\Ina\My Documents\Downloads\GetRight.Pro.v6.3.rar
C:\Documents and Settings\Shane\My Documents\My Music\new music\novotel muziek\02 Track 2 (grace).wma
C:\Documents and Settings\Shane\My Documents\My Music\new music\novotel muziek\02 Track 2.wma
C:\Documents and Settings\Shane\My Documents\My Music\new music\novotel muziek\03 Track 3.wma
C:\Documents and Settings\Shane\My Documents\My Music\new music\novotel muziek\06 Track 6.wma
C:\Documents and Settings\Shane\My Documents\My Music\new music\novotel muziek\07 Track 7.wma
C:\Documents and Settings\Shane\My Documents\My Music\new music\novotel muziek\Eighties classic (pumpkins).wma
C:\Documents and Settings\Shane\My Documents\My Music\new music\novotel muziek\Top of Charts - 2003.wma
C:\Documents and Settings\Shane\My Documents\My Music\new music\novotel muziek\Top of Charts - 2004.wma
C:\Documents and Settings\Shane\My Documents\My Music\new music\novotel muziek\TOTALLY HIP TRACK (pumpkins).wma
C:\Documents and Settings\Shane\My Documents\My Music\new music\novotel muziek\Wicked Remix.wma
C:\Program Files\Internet Explorer\1.exe
E:\Torrents\GetRight.Pro.v6.3\GetRight.Pro.v6.3\getright_pro_setup.exe
Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

--------------------------------------------------------------------

Due to the level of infection, I feel it prudent to use one more online scanner and see if it detects anything further.

Go here and perform the BitDefender online virus scan.
  • Click "I Agree" to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Leave the scanning options at default and press "Click here to scan" to begin the scan.
  • Please refrain from using the computer until the scan is finished.
  • Once finished, click on the Details button to view the results.
  • To the upper right of the results you will see an option saying "Click here to export the scan results" Post the log of the scan results in your next reply
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-26-2007, 07:42 AM   #9 (permalink)
Registered User
 
Join Date: Nov 2007
Posts: 9
OS: xp


Re: Weird Hanging Problem
Ok i think we might be getting somewhere.

Combofix report atached and paste below is from bitdefender.

You have me really worried now, on this machine i just muck around, is there any chance these bugs have jumped over to my laptop as i use wifi in the house ?

Thanks yet again

ComboFix 07-11-19.3 - Ina 2007-11-26 19:55:33.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.593 [GMT 7:00]
Running from: C:\Documents and Settings\Ina\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ina\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Documents and Settings\Ina\My Documents\Downloads\GetRight.Pro.v6.3.rar
C:\Documents and Settings\Shane\My Documents\My Music\new music\novotel muziek\02 Track 2 (grace).wma
C:\Documents and Settings\Shane\My Documents\My Music\new music\novotel muziek\02 Track 2.wma
C:\Documents and Settings\Shane\My Documents\My Music\new music\novotel muziek\03 Track 3.wma
C:\Documents and Settings\Shane\My Documents\My Music\new music\novotel muziek\06 Track 6.wma
C:\Documents and Settings\Shane\My Documents\My Music\new music\novotel muziek\07 Track 7.wma
C:\Documents and Settings\Shane\My Documents\My Music\new music\novotel muziek\Eighties classic (pumpkins).wma
C:\Documents and Settings\Shane\My Documents\My Music\new music\novotel muziek\Top of Charts - 2003.wma
C:\Documents and Settings\Shane\My Documents\My Music\new music\novotel muziek\Top of Charts - 2004.wma
C:\Documents and Settings\Shane\My Documents\My Music\new music\novotel muziek\TOTALLY HIP TRACK (pumpkins).wma
C:\Documents and Settings\Shane\My Documents\My Music\new music\novotel muziek\Wicked Remix.wma
C:\Program Files\Internet Explorer\1.exe
E:\Torrents\GetRight.Pro.v6.3\GetRight.Pro.v6.3\getright_pro_setup.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Ina\My Documents\Downloads\GetRight.Pro.v6.3.rar
C:\Documents and Settings\Shane\My Documents\My Music\new music\novotel muziek\02 Track 2 (grace).wma
C:\Documents and Settings\Shane\My Documents\My Music\new music\novotel muziek\02 Track 2.wma
C:\Documents and Settings\Shane\My Documents\My Music\new music\novotel muziek\03 Track 3.wma
C:\Documents and Settings\Shane\My Documents\My Music\new music\novotel muziek\06 Track 6.wma
C:\Documents and Settings\Shane\My Documents\My Music\new music\novotel muziek\07 Track 7.wma
C:\Documents and Settings\Shane\My Documents\My Music\new music\novotel muziek\Eighties classic (pumpkins).wma
C:\Documents and Settings\Shane\My Documents\My Music\new music\novotel muziek\Top of Charts - 2003.wma
C:\Documents and Settings\Shane\My Documents\My Music\new music\novotel muziek\Top of Charts - 2004.wma
C:\Documents and Settings\Shane\My Documents\My Music\new music\novotel muziek\TOTALLY HIP TRACK (pumpkins).wma
C:\Documents and Settings\Shane\My Documents\My Music\new music\novotel muziek\Wicked Remix.wma
C:\Program Files\Internet Explorer\1.exe
E:\Torrents\GetRight.Pro.v6.3\GetRight.Pro.v6.3\getright_pro_setup.exe

.
((((((((((((((((((((((((( Files Created from 2007-10-26 to 2007-11-26 )))))))))))))))))))))))))))))))
.

2007-11-25 23:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-25 15:11 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-25 10:27 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-11-25 10:27 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-11-25 10:27 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-11-24 19:27 <DIR> d-------- C:\Program Files\Cucusoft
2007-11-24 19:27 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2007-11-22 08:59 <DIR> d-------- C:\Program Files\Lonely Cat Games
2007-11-17 13:13 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-17 10:16 <DIR> d-------- C:\Documents and Settings\Shane\Application Data\Talkback
2007-11-17 01:56 <DIR> d-------- C:\Documents and Settings\Shane\Application Data\Sonic
2007-11-17 01:56 <DIR> d-------- C:\Documents and Settings\Shane\Application Data\SiteAdvisor
2007-11-17 01:56 <DIR> d-------- C:\Documents and Settings\Shane\Application Data\Nero
2007-11-16 21:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2007-11-16 21:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-16 21:37 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-16 21:29 <DIR> d-------- C:\Program Files\SiteAdvisor
2007-11-16 21:29 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-11-16 21:29 <DIR> d-------- C:\Documents and Settings\Ina\Application Data\SiteAdvisor
2007-11-16 21:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-11-16 21:27 <DIR> d-------- C:\Program Files\McAfee.com
2007-11-16 21:27 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-11-16 21:27 201,288 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-11-16 21:27 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-11-16 21:27 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-11-16 21:27 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-11-16 21:27 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-11-16 21:27 33,800 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-11-16 21:26 <DIR> d-------- C:\Program Files\McAfee
2007-11-16 20:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-11-16 10:16 <DIR> d-------- C:\WINDOWS\system32\dla
2007-11-16 10:16 <DIR> d-------- C:\Program Files\Common Files\Sonic
2007-11-16 10:16 <DIR> d-------- C:\Documents and Settings\Ina\Application Data\Sonic
2007-11-16 10:16 98,352 --a------ C:\WINDOWS\dla.exe
2007-11-16 10:16 61,492 --a------ C:\WINDOWS\system32\tfswapi.dll
2007-11-16 10:16 40,416 --a------ C:\WINDOWS\system32\drivers\drvnddm.sys
2007-11-16 10:16 23,059 --a------ C:\WINDOWS\system32\drivers\ssrtln.sys
2007-11-16 10:16 5,589 --a------ C:\WINDOWS\system32\drivers\sscdbhk5.sys
2007-11-16 10:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-16 10:14 <DIR> d-------- C:\Documents and Settings\Ina\Application Data\Leadertech
2007-11-16 10:12 1,650,688 --a------ C:\WINDOWS\system32\mplva6.dll
2007-11-16 10:12 1,581,056 --a------ C:\WINDOWS\system32\mplvw7.dll
2007-11-16 10:12 1,552,384 --a------ C:\WINDOWS\system32\mplvm6.dll
2007-11-16 10:12 1,122,304 --a------ C:\WINDOWS\system32\mplvpx.dll
2007-11-16 10:12 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-11-16 10:12 106,496 --a------ C:\WINDOWS\system32\lmpgspl.ax
2007-11-16 10:12 94,208 --a------ C:\WINDOWS\system32\lmpgvd.ax
2007-11-16 10:12 77,824 --a------ C:\WINDOWS\system32\mplaw7.dll
2007-11-16 10:12 77,824 --a------ C:\WINDOWS\system32\mplaa6.dll
2007-11-16 10:12 65,536 --a------ C:\WINDOWS\system32\mplapx.dll
2007-11-16 10:12 65,536 --a------ C:\WINDOWS\system32\mplam6.dll
2007-11-16 10:12 48,640 --a------ C:\WINDOWS\system32\lmpgad.ax
2007-11-16 10:09 <DIR> d-------- C:\Program Files\Sonic
2007-11-16 08:50 86,016 --a------ C:\WINDOWS\system32\WNASPINT.DLL
2007-11-16 08:01 <DIR> d-------- C:\Documents and Settings\Ina\Application Data\Nero
2007-11-16 08:00 188 --a------ C:\WINDOWS\system32\MsiExec.exe.log
2007-11-16 07:56 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-11-16 07:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-11-16 07:26 <DIR> d-------- C:\Program Files\Disney Interactive
2007-11-16 07:25 <DIR> d-------- C:\Documents and Settings\Shane\WINDOWS
2007-11-13 21:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-11-13 21:16 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-11-13 21:16 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-11-13 20:00 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-11-13 19:20 <DIR> d-------- C:\Program Files\EA GAMES
2007-11-05 07:55 <DIR> d-------- C:\Documents and Settings\Ina\Application Data\Talkback
2007-11-05 07:30 <DIR> d--hs---- C:\Documents and Settings\Ina\UserData
2007-10-31 07:52 <DIR> d-------- C:\Documents and Settings\Ina\Application Data\AdobeUM
2007-10-30 08:34 2,505 --a------ C:\WINDOWS\checkip.dat
2007-10-28 09:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2007-10-28 09:49 <DIR> d-------- C:\Documents and Settings\Ina\Application Data\SlySoft
2007-10-28 09:48 <DIR> d-------- C:\Program Files\Elaborate Bytes
2007-10-28 09:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2007-10-28 09:47 <DIR> d-------- C:\Program Files\SlySoft
2007-10-28 00:19 <DIR> d-------- C:\Documents and Settings\Shane\Application Data\GetRight Pro
2007-10-27 21:54 <DIR> d-------- C:\Documents and Settings\Ina\Application Data\CyberLink
2007-10-27 20:01 <DIR> d-------- C:\Program Files\QuickTime
2007-10-27 20:01 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2007-10-27 20:01 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2007-10-27 19:28 <DIR> d-------- C:\Documents and Settings\Ina\Application Data\Nokia Multimedia Player
2007-10-27 17:42 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-26 12:44 --------- d-----w C:\Documents and Settings\Ina\Application Data\uTorrent
2007-11-25 07:06 --------- d-----w C:\Documents and Settings\Ina\Application Data\Skype
2007-11-25 04:57 --------- d-----w C:\Program Files\PC Connectivity Solution
2007-11-17 03:17 --------- d-----w C:\Documents and Settings\Shane\Application Data\uTorrent
2007-11-16 17:10 --------- d-----w C:\Program Files\GameSpy Arcade
2007-11-16 03:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-16 00:46 --------- d-----w C:\Program Files\Common Files\Ahead
2007-11-16 00:35 --------- d-----w C:\Program Files\Nero
2007-11-14 11:05 --------- d-----w C:\Program Files\WinCopyDVD 3.5 Standard Edition
2007-11-14 10:52 --------- d-----w C:\Program Files\MagicISO
2007-11-14 10:50 --------- d-----w C:\Documents and Settings\Ina\Application Data\Ahead
2007-11-06 19:59 --------- d-----w C:\Program Files\uTorrent
2007-10-27 13:00 --------- d-----w C:\Program Files\ImTOO
2007-10-23 00:30 --------- d-----w C:\Documents and Settings\Ina\Application Data\Media Player Classic
2007-10-23 00:30 --------- d-----w C:\Documents and Settings\Ina\Application Data\DivX
2007-10-22 00:29 --------- d-----w C:\Documents and Settings\Guest\Application Data\PC Suite
2007-10-21 10:49 --------- d-----w C:\Documents and Settings\Shane\Application Data\Skype
2007-10-21 04:07 --------- d-----w C:\Program Files\Sygate
2007-10-20 08:03 --------- d-----w C:\Program Files\NETGEAR
2007-10-20 05:42 --------- d-----w C:\Program Files\Java
2007-10-20 05:30 21,035 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2007-10-06 17:11 --------- d-----w C:\Documents and Settings\Shane\Application Data\CyberLink
2007-10-06 17:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2007-10-06 17:09 --------- d-----w C:\Program Files\CyberLink
2007-10-04 16:52 --------- d-----w C:\Program Files\Google
2007-09-29 15:10 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-09-29 15:09 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-09-28 03:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-09-28 02:51 --------- d-----w C:\Program Files\Yahoo!
2007-09-27 12:27 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-09-20 02:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-09-20 02:55 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-09-20 02:55 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
.

((((((((((((((((((((((((((((( snapshot@2007-11-25_23.29.08.90 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-25 15:31:11 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-11-26 11:45:12 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-11-25 15:31:11 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-11-26 11:45:12 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-11-25 15:31:11 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-11-26 11:45:12 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-05-24 05:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 08:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 08:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 19:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 23:24]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="sttray.exe" []
"IntelAudioStudio"="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" [2006-09-21 10:36]
"atchk"="C:\Program Files\Intel\AMT\atchk.exe" [2007-01-05 19:20]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 19:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 19:00 C:\WINDOWS\system32\rundll32.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 16:24]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 16:21]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-29 02:21]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57]
"NBKeyScan"="D:\Nero 8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-02-07 01:03]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 01:01]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-08-25 04:57]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-07-22 20:29]
"RegistryMechanic"="D:\Program Files\Registry Mechanic\RegMech.exe" [2007-08-20 11:58]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 19:00]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-09-10 21:57:17]
BestCrypt Auto Open.lnk - C:\Program Files\Jetico\BestCrypt\BestCrypt.exe [2007-02-14 19:58:33]
NETGEAR WG111v2 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v2\WG111v2.exe [2006-05-17 16:05:52]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R0 stmtpm;STM TPM Service;C:\WINDOWS\system32\DRIVERS\stm_tpm.sys
R1 BC_3DES;BC_3DES;C:\WINDOWS\system32\drivers\BC_3DES.sys
R1 BC_BF128;BC_BF128;C:\WINDOWS\system32\drivers\BC_BF128.sys
R1 BC_BF448;BC_BF448;C:\WINDOWS\system32\drivers\BC_BF448.sys
R1 BC_BFish;BC_BFish;C:\WINDOWS\system32\drivers\BC_BFish.sys
R1 BC_CAST;BC_CAST;C:\WINDOWS\system32\drivers\BC_CAST.sys
R1 BC_DES;BC_DES;C:\WINDOWS\system32\drivers\BC_DES.sys
R1 BC_Gost;BC_Gost;C:\WINDOWS\system32\drivers\BC_Gost.sys
R1 BC_RC6;BC_RC6;C:\WINDOWS\system32\drivers\BC_RC6.sys
R1 BC_RIJN;BC_RIJN;C:\WINDOWS\system32\drivers\BC_RIJN.sys
R1 BC_SERP;BC_SERP;C:\WINDOWS\system32\drivers\BC_SERP.sys
R1 BC_TFISH;BC_TFISH;C:\WINDOWS\system32\drivers\BC_TFISH.sys
R1 bcbus;BestCrypt bus driver;C:\WINDOWS\system32\DRIVERS\bcbus.sys
R1 fsh;fsh;C:\WINDOWS\system32\drivers\fsh.sys
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\C:\Program Files\CyberLink\PowerDVD\000.fcl
R2 atchksrv;Intel(R) AMT System Status Service;C:\Program Files\Intel\AMT\atchksrv.exe
R2 LMS;Intel(R) Active Management Technology LMS Service;C:\Program Files\Intel\AMT\LMS.exe
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;D:\Nero 8\Nero BackItUp\NBService.exe
R2 Wg1n;SyGate for NT, Wg1n;C:\WINDOWS\system32\Drivers\Wg1n.sys
R2 Wg2n;SyGate for NT, Wg2n;C:\WINDOWS\system32\Drivers\Wg2n.sys
R2 wg8n;SyGate for NT, wg8n;C:\WINDOWS\system32\Drivers\wg8n.sys
R2 wg9n;SyGate for NT, wg9n;C:\WINDOWS\system32\Drivers\wg9n.sys
R3 mhk;mhk;C:\WINDOWS\system32\drivers\mhk.sys
R3 moh;moh;C:\WINDOWS\system32\drivers\moh.sys
S2 0256171195912982mcinstcleanup;McAfee Application Installer Cleanup (0256171195912982);C:\WINDOWS\TEMP\025617~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-16 14:27:19 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2007-11-16 14:27:18 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-26 19:57:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-26 19:58:08
C:\ComboFix2.txt ... 2007-11-25 23:30
.
--- E O F ---




<HTML>
<HEAD>
<TITLE>BitDefender Online Scanner -Scan Report</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<meta name="generator" content="Namo WebEditor v5.0(Trial)">
</HEAD>
<BODY BGCOLOR=#FFFFFF leftmargin="10" marginwidth="0" topmargin="20" marginheight="0" >


<table align="center" border="0" cellpadding="0" cellspacing="0" width="90%">
<tr>
<td width="458">
<p><font face="Arial" color=red><span style="font-size:14pt;"><b>BitDefender
Online Scanner</b></span></font></p>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>
<tr>
<td colspan="3" width="912">
<p><font face="Arial"><span style="font-size:11pt;"><B>Scan report generated
at: Mon, Nov 26, 2007 - 21:26:57</b></span></font></p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B>&nbsp;</b></span></font></p>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B>Scan
path: </b></span><span style="font-size:10pt;">C:\;D:\;E:\;F:\;</span></font></p>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B>&nbsp;</b></span></font></p>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Statistics</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Time</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">01:13:22</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">314436</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Folders</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6644</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Boot Sectors</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">4</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">4757</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Packed Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">9864</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>



<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Results</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Identified Viruses </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">1</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Infected Files </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">1</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Suspect&nbsp;Files </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Warnings</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Disinfected</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Deleted Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">1</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Engines Info</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Virus Definitions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">878894</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Engine build</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">14</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archive plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">38</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Unpack plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">7</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">E-mail plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">System&nbsp;plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">1</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Scan Settings</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">First Action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Disinfect</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Second Action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Delete</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Heuristics</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Enable Warnings</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scanned Extensions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">*;</font></p>
</td>
</tr>

<tr>
<td width="57%">
<p><font face="Arial" size="2">Exclude Extensions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">&nbsp;</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Emails</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Packed</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Boot</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td colspan=2> &nbsp;
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="252" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Scanned File</b></font></p>
</td>
<td width="195" bgcolor="#CCCCCC" align="right">
<p align="left"><b><font size="2" face="Arial">&nbsp;Status</font></b></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">E:\Torrents\usenext_client.rar=>usenext_client.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Trojan.Generic.78875</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">E:\Torrents\usenext_client.rar=>usenext_client.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">E:\Torrents\usenext_client.rar=>usenext_client.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">E:\Torrents\usenext_client.rar</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr>
</table>
</td>

<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B>&nbsp;</b></span></font></p>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B>&nbsp;</b></span></font></p>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

</table>
<p>&nbsp;</p>

</body>
</html>
Attached Files
File Type: txt ComboFix.txt (18.3 KB, 2 views)
Last edited by Ried; 11-26-2007 at 06:38 PM.
SmgSam is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-26-2007, 07:01 PM   #10 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 27,043
OS: WinXP and Vista


Re: Weird Hanging Problem
Hello SmgSam,

No worries about it transferring over WiFi. The only way it would transfer to your laptop is if you were to share those files with that other machine. Why don't you begin a new thread for the laptop and I'll be happy to check that out for you as well. I'll give you the instructions I'd like you to follow at the end of this post.

**************************************************

BitDefender found 1 more infected file, and that's it. From my perspective, these logs are clean. How is the system behaving now?

If there aren't any more problems, please continue with these final instructions and helpful links:

The following procedure will clear out ComboFix.exe as well as the backups and quarantines created by the fix. Your system files and folders will also be re-hidden at this stage. System Restore will be reset by flushing out previous restore points (which contain the infections) and create a new restore point.

Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK:

ComboFix /u

--------------------------------------------------------------------


To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.
  • It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page.

IESpyAD Zoned Out to block access to malicious websites so you cannot be redirected to them from an infected site or email. This severely impairs attempts to infect your system as it basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.


Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released.


In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?

HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein
THE ANTI-SPYWARE TUTORIAL
MAKING INTERNET EXPLORER SAFER
Understanding and Using Firewalls

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

-----------------------------------------------------

Follow the list above and the potential for infection will reduce dramatically.

**Kindly respond one more time and let me know if we may consider this thread resolved.

For your laptop, run a scan with dss.exe and post the main.txt and the extra.txt in a new thread. I'll also want an online scan on that system but not until I review the main.txt. Entitle your new thread something like Ried--laptop so I notice it and no one mistakes it for a duplicate thread by you.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-26-2007, 07:18 PM   #11 (permalink)
Registered User
 
Join Date: Nov 2007
Posts: 9
OS: xp


Re: Weird Hanging Problem
Many thanks Ried !

All seems to be working well now and i feel happy that its resolved.

I have installed now McAfee that has the antivirus, firewall and site adviser and will be more cautious about what sites i visit and what torrents i download.

This morning (I am located in Indonesia) I shall check out the laptop and make another thread with the info. Thats the worry as the laptop is my work pc.

I wish i had just done it the right way and installed mcafee suite in the first place.

Where do you lean this stuff Ried ? Is there a course or something to be able to understand this or is it from just playing around with computers ? Is fixing these problems your full time job ?

Thanks Heaps !!!
SmgSam is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 08:41 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85