Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HiJackThis - Please help me! ty ty ty

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

HiJackThis - Please help me! ty ty ty

Unread postby psygone » October 10th, 2007, 4:39 am

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:38:14 p.m., on 10/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Terry\Desktop\HiJackThis_v2.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] "C:\Program Files\D-Link\DSL-200\dslstat.exe" icon
O4 - HKLM\..\Run: [DSLAGENTEXE] "C:\Program Files\D-Link\DSL-200\dslagent.exe"
O4 - HKLM\..\Run: [EasyTuneV] "C:\Program Files\Gigabyte\ET5\GUI.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [SetDefPrt] "C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe"
O4 - HKLM\..\Run: [ControlCenter2.0] "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PKR Pal] "./\pkrpal.exe" -osboot
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM95\aim.exe" -cnetwait.odl
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: InterCasino $$$ - {909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB} - http://www.intercasino.com (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: InterCasino $$$ - {909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB} - http://www.intercasino.com (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/ ... module.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-U ... E_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1748194013
O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://stream.pussyharem.com/stream/mmp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/A ... gWXMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{37E6FA4B-EC5F-45B0-A1A2-A137860F2EE9}: NameServer = 203.109.129.67 203.109.129.68
O20 - Winlogon Notify: wingby32 - C:\WINDOWS\SYSTEM32\wingby32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: excreted - {b0ded443-5e68-4001-a81b-0a0001621ab8} - C:\WINDOWS\system32\pkgvyg.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9356 bytes
psygone
Active Member
 
Posts: 10
Joined: October 10th, 2007, 4:33 am
Advertisement
Register to Remove

Unread postby random/random » October 10th, 2007, 5:22 pm

First of all, you are using an older version of HijackThis. Please do the following to download and install the latest version of HijackThis v2.0.2:

CLICK HERE to download the HijackThis Installer:
  1. Save HJTInstall.exe to your desktop.
  2. Double-click on HJTInstall.exe to run the program.
  3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
  4. Accept the license agreement by clicking the "I Accept" button.
  5. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
  6. Click "Save log" to save the log file and then the log will open in Notepad.
  7. Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
  8. Come back here to this thread and paste the log in your next reply.
  9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.


You may delete the older version once you have successfully downloaded and installed the latest version of HijackThis v2.0.2.
User avatar
random/random
Developer
Developer
 
Posts: 7731
Joined: December 18th, 2005, 3:30 pm

Unread postby psygone » October 11th, 2007, 2:21 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:20:20 p.m., on 11/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] "C:\Program Files\D-Link\DSL-200\dslstat.exe" icon
O4 - HKLM\..\Run: [DSLAGENTEXE] "C:\Program Files\D-Link\DSL-200\dslagent.exe"
O4 - HKLM\..\Run: [EasyTuneV] "C:\Program Files\Gigabyte\ET5\GUI.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [SetDefPrt] "C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe"
O4 - HKLM\..\Run: [ControlCenter2.0] "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PKR Pal] "./\pkrpal.exe" -osboot
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: InterCasino $$$ - {909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB} - http://www.intercasino.com (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: InterCasino $$$ - {909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB} - http://www.intercasino.com (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/ ... module.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-U ... E_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1748194013
O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://stream.pussyharem.com/stream/mmp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/A ... gWXMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{37E6FA4B-EC5F-45B0-A1A2-A137860F2EE9}: NameServer = 203.109.129.67 203.109.129.68
O20 - Winlogon Notify: wingby32 - C:\WINDOWS\SYSTEM32\wingby32.dll
O22 - SharedTaskScheduler: excreted - {b0ded443-5e68-4001-a81b-0a0001621ab8} - C:\WINDOWS\system32\pkgvyg.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9248 bytes
psygone
Active Member
 
Posts: 10
Joined: October 10th, 2007, 4:33 am

Unread postby random/random » October 11th, 2007, 12:34 pm

Did you install winpcap?

  • Download Pocket Killbox by Option^Explicit from here
  • Double-click on Killbox.exe to start Pocket Killbox
  • Select the Delete on reboot option
  • Click on All Files
  • Select the text in the below codebox and press Ctrl+C to copy it to the clipboard
    Code: Select all
    C:\WINDOWS\SYSTEM32\wingby32.dll
    C:\WINDOWS\system32\pkgvyg.dll
    
  • Go back to Pocket Killbox and click File > Paste from clipboard
  • Click on the button in Pocket Killbox that looks like thisImage
  • You will now get the prompt Files will be removed on reboot, Do you want reboot now?
  • Click Yes, this will restart your pc
  • Note: If your PC does not restart automatically, please restart it manually

Run HijackThis
Click on do a system scan only
Place a checkmark next to these lines(if still present)

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://stream.pussyharem.com/stream/mmp.cab
O20 - Winlogon Notify: wingby32 - C:\WINDOWS\SYSTEM32\wingby32.dll
O22 - SharedTaskScheduler: excreted - {b0ded443-5e68-4001-a81b-0a0001621ab8} - C:\WINDOWS\system32\pkgvyg.dll (file missing)

Then close all windows except HijackThis and click Fix Checked

Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic, along with a new HijackThis log & a description of any remaining problems
User avatar
random/random
Developer
Developer
 
Posts: 7731
Joined: December 18th, 2005, 3:30 pm

Unread postby psygone » October 12th, 2007, 1:48 am

Hi again, ty for this, below are the scans! it appears that popups are starting to occur for programs like "storage protecter" etc. please find logs as requested. ty

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2587 (20071011)
# vers_arch_module=1.058 (20070906)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=c1732e67542998428cfe19d5d5d49380
# end=finished
# remove_checked=false




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:47:43 p.m., on 12/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] "C:\Program Files\D-Link\DSL-200\dslstat.exe" icon
O4 - HKLM\..\Run: [DSLAGENTEXE] "C:\Program Files\D-Link\DSL-200\dslagent.exe"
O4 - HKLM\..\Run: [EasyTuneV] "C:\Program Files\Gigabyte\ET5\GUI.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [SetDefPrt] "C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe"
O4 - HKLM\..\Run: [ControlCenter2.0] "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PKR Pal] "./\pkrpal.exe" -osboot
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\mtmxtkjg.dll",sitypnow
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM95\aim.exe" -cnetwait.odl
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: InterCasino $$$ - {909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB} - http://www.intercasino.com (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: InterCasino $$$ - {909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB} - http://www.intercasino.com (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/ ... module.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-U ... E_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1748194013
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/A ... gWXMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{37E6FA4B-EC5F-45B0-A1A2-A137860F2EE9}: NameServer = 203.109.129.67 203.109.129.68
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 8624 bytes

# unwanted_checked=true
# utc_time=2007-10-12 05:33:18
# local_time=2007-10-12 06:33:18 (+1200, New Zealand Daylight Time)
# country="New Zealand"
# osver=5.1.2600 NT Service Pack 2
# scanned=335449
# found=28
# scan_time=3058
# nod_component=NOD32MOD_WINNT_ENGLISH_BASE Build:0x11081620 (NOD32 For Windows NT/2000/XP/2003/Vista/x64 - Base)
# nod_component=NOD32MOD_WINNT_ENGLISH_INET Build:0x11081620 (NOD32 For Windows NT/2000/XP/2003/Vista/x64 - Internet support)
# nod_component=NOD32MOD_WINNT_ENGLISH_STANDARD Build:0x11081620 (NOD32 for Windows NT/2000/XP/2003/Vista/x64 - Standard component)
C:\Documents and Settings\Terry\Local Settings\Temp\ac8zt2.dat multiple infiltrations EE58B350A4158DF4A7F71DF486A45BFE
C:\Documents and Settings\Terry\Local Settings\Temp\ac8zt2.dat »ZIP »ac8zt2/main_uninstaller.exe Win32/Adware.Agent.NFX application 00000000000000000000000000000000
C:\Documents and Settings\Terry\Local Settings\Temp\ac8zt2.dat »ZIP »ac8zt2/msmdev.dll Win32/Adware.Agent.NFK application 00000000000000000000000000000000
C:\Documents and Settings\Terry\Local Settings\Temp\ac8zt2.dat »ZIP »ac8zt2/msmhost.dll Win32/Adware.Agent.NFJ application 00000000000000000000000000000000
C:\Documents and Settings\Terry\Local Settings\Temp\ac8zt2.dat »ZIP »ac8zt2/nsduo.dll Win32/Adware.Agent.NFK application 00000000000000000000000000000000
C:\Documents and Settings\Terry\Local Settings\Temp\ac8zt2.dat »ZIP »ac8zt2/rmv.exe Win32/Adware.Agent.NFX application 00000000000000000000000000000000
C:\Documents and Settings\Terry\Local Settings\Temp\BIT3793.tmp Win32/Adware.Agent.NFX application ED34B81CC1EA49830A4F92FD602806EA
C:\Documents and Settings\Terry\Local Settings\Temp\BIT3793.tmp »ZIP »ac8zt2/main_uninstaller.exe Win32/Adware.Agent.NFX application 00000000000000000000000000000000
C:\Documents and Settings\Terry\Local Settings\Temp\BIT4227.tmp Win32/Adware.Agent.NFX application 1F0A689C37F66C40A20110DC1C928CA5
C:\Documents and Settings\Terry\Local Settings\Temp\BIT4227.tmp »ZIP »ac8zt2/main_uninstaller.exe Win32/Adware.Agent.NFX application 00000000000000000000000000000000
C:\Documents and Settings\Terry\Local Settings\Temp\BITDE40.tmp Win32/Adware.Agent.NFX application A1DC38EFB489C6284984D781A9F553E1
C:\Documents and Settings\Terry\Local Settings\Temp\BITDE40.tmp »ZIP »ac8zt2/main_uninstaller.exe Win32/Adware.Agent.NFX application 00000000000000000000000000000000
C:\Documents and Settings\Terry\Local Settings\Temp\BITDE46.tmp Win32/Adware.Agent.NFX application DC98DA46E60B4F73DFEB9C666D49DD87
C:\Documents and Settings\Terry\Local Settings\Temp\BITDE46.tmp »ZIP »ac8zt2/main_uninstaller.exe Win32/Adware.Agent.NFX application 00000000000000000000000000000000
C:\Documents and Settings\Terry\Local Settings\Temp\BITDE4D.tmp Win32/Adware.Agent.NFX application F71068709C39D5A5832A5A054995DDDD
C:\Documents and Settings\Terry\Local Settings\Temp\BITDE4D.tmp »ZIP »ac8zt2/main_uninstaller.exe Win32/Adware.Agent.NFX application 00000000000000000000000000000000
C:\Documents and Settings\Terry\Local Settings\Temp\BITDEF2.tmp Win32/Adware.Agent.NFX application 845509C9FF8F339F97D19566BC2A74D1
C:\Documents and Settings\Terry\Local Settings\Temp\BITDEF2.tmp »ZIP »ac8zt2/main_uninstaller.exe Win32/Adware.Agent.NFX application 00000000000000000000000000000000
C:\Documents and Settings\Terry\Local Settings\Temp\BITE3D5.tmp Win32/Adware.Agent.NFX application 228DD4593BF787908B1D60EC2F5FF12C
C:\Documents and Settings\Terry\Local Settings\Temp\BITE3D5.tmp »ZIP »ac8zt2/main_uninstaller.exe Win32/Adware.Agent.NFX application 00000000000000000000000000000000
C:\Documents and Settings\Terry\Local Settings\Temp\BITE4F1.tmp Win32/Adware.Agent.NFX application 846AC3D613E6261A8F4315D2A7E3D581
C:\Documents and Settings\Terry\Local Settings\Temp\BITE4F1.tmp »ZIP »ac8zt2/main_uninstaller.exe Win32/Adware.Agent.NFX application 00000000000000000000000000000000
C:\Documents and Settings\Terry\Local Settings\Temp\BITE5CD.tmp Win32/Adware.Agent.NFX application DAA6CEA92D278BF49E1749B6D090BC38
C:\Documents and Settings\Terry\Local Settings\Temp\BITE5CD.tmp »ZIP »ac8zt2/main_uninstaller.exe Win32/Adware.Agent.NFX application 00000000000000000000000000000000
D:\BitComet\Downloads\192 Game Keygens\Unreal Tournament 2004\dev-ut4k.rar probably a variant of Win32/TrojanDownloader.Obfuscated trojan 7330E4EFD816A8B04EC44D70E06C8A7D
D:\BitComet\Downloads\192 Game Keygens\Unreal Tournament 2004\dev-ut4k.rar »RAR »Keygen.exe probably a variant of Win32/TrojanDownloader.Obfuscated trojan 00000000000000000000000000000000
D:\BitComet\Downloads\192 Game Keygens\Unreal Tournament 2004\unrealtournament2004keygendeviance.zip probably a variant of Win32/TrojanDownloader.Obfuscated trojan FEBA3BCFAFB38DA1C5A709B996EFC393
D:\BitComet\Downloads\192 Game Keygens\Unreal Tournament 2004\unrealtournament2004keygendeviance.zip »ZIP »UNREAL TOURNAMENT 2004 KEYGEN.exe probably a variant of Win32/TrojanDownloader.Obfuscated trojan 00000000000000000000000000000000
psygone
Active Member
 
Posts: 10
Joined: October 10th, 2007, 4:33 am

Unread postby psygone » October 12th, 2007, 1:59 am

Hope u can see i made a little pasting error above! and also i didnt install the stated program.
psygone
Active Member
 
Posts: 10
Joined: October 10th, 2007, 4:33 am

Unread postby random/random » October 12th, 2007, 1:25 pm

You are running a P2P filesharing programme.
  • Many of these programmes come with unwanted components bundled with them.
  • If you wish to find out whether the one you're using does click here.
Please note: Even if you are using a "safe" P2P programme, it is only the programme that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.


My recommendation is you uninstall it.

I see some keygens present on your system - this is almost certainly where you got your infections from

Using pirated software is not only illegal, but also an open invitation to getting infected

As such, please remove all pirated programs from your system before you continue

You've picked up more infections since your last post

Download the latest version of ComboFix from Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall
User avatar
random/random
Developer
Developer
 
Posts: 7731
Joined: December 18th, 2005, 3:30 pm

Unread postby psygone » October 13th, 2007, 5:24 pm

Hi again,

thanks for the help, its much appreciated. i have uninstalled the p2p's. but they have been on my machine for over a year without being used now! i have tried running combo fix many times and it never finishes, it stops at stage 7. then i try to restart it and it says the file cannot be accessed as it is being used by another program. i have included another hijack this log.

thanks
Mike

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21, on 2007-10-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\ComboFix\regt.cfexe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] "C:\Program Files\D-Link\DSL-200\dslstat.exe" icon
O4 - HKLM\..\Run: [DSLAGENTEXE] "C:\Program Files\D-Link\DSL-200\dslagent.exe"
O4 - HKLM\..\Run: [EasyTuneV] "C:\Program Files\Gigabyte\ET5\GUI.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [SetDefPrt] "C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe"
O4 - HKLM\..\Run: [ControlCenter2.0] "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PKR Pal] "./\pkrpal.exe" -osboot
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM95\aim.exe" -cnetwait.odl
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/ ... module.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-U ... E_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1748194013
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/A ... gWXMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{37E6FA4B-EC5F-45B0-A1A2-A137860F2EE9}: NameServer = 203.109.129.67 203.109.129.68
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 8053 bytes
psygone
Active Member
 
Posts: 10
Joined: October 10th, 2007, 4:33 am

Unread postby random/random » October 13th, 2007, 5:49 pm

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply
User avatar
random/random
Developer
Developer
 
Posts: 7731
Joined: December 18th, 2005, 3:30 pm

Unread postby psygone » October 14th, 2007, 12:14 am

Hi

Here is the scans as requested. just thought u should know that it took about 3 hours to complete!

Deckard's System Scanner v20070905.67
Run by Terry on 2007-10-14 13:56:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
66: 2007-10-14 00:56:53 UTC - RP536 - Deckard's System Scanner Restore Point
65: 2007-10-14 00:51:38 UTC - RP535 - Last known good configuration
64: 2007-10-14 00:51:18 UTC - RP534 - Last known good configuration
63: 2007-10-14 00:51:17 UTC - RP533 - Last known good configuration
62: 2007-10-14 00:51:17 UTC - RP532 - ComboFix created restore point


-- First Restore Point --
1: 2007-10-14 00:50:54 UTC - RP471 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 2.93 GiB (less than 15%) free.


-- HijackThis (run as Terry.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:49, on 2007-10-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Terry\Desktop\dss.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\PROGRA~1\TRENDM~1\HIJACK~1\Terry.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {BACEB7AF-8D88-456E-82D0-7BEB9A4410FE} - C:\WINDOWS\system32\qomjkii.dll
O2 - BHO: (no name) - {DA50CF68-25F1-438F-8C27-30FF6F86DBC9} - C:\WINDOWS\system32\ddcyw.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] "C:\Program Files\D-Link\DSL-200\dslstat.exe" icon
O4 - HKLM\..\Run: [DSLAGENTEXE] "C:\Program Files\D-Link\DSL-200\dslagent.exe"
O4 - HKLM\..\Run: [EasyTuneV] "C:\Program Files\Gigabyte\ET5\GUI.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [SetDefPrt] "C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe"
O4 - HKLM\..\Run: [ControlCenter2.0] "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PKR Pal] "./\pkrpal.exe" -osboot
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM95\aim.exe" -cnetwait.odl
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/ ... module.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-U ... E_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1748194013
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/A ... gWXMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O20 - Winlogon Notify: qomjkii - C:\WINDOWS\SYSTEM32\qomjkii.dll
O20 - Winlogon Notify: wingby32 - wingby32.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 8454 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20071012-173705-237 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
backup-20071012-173705-341 O16 - DPF: {861FDA2A-2B57-4BDA-8B8B-305C9D5D8604} (_Multimedia Player) - http://stream.pussyharem.com/stream/mmp.cab
backup-20071012-173706-441 O22 - SharedTaskScheduler: excreted - {b0ded443-5e68-4001-a81b-0a0001621ab8} - C:\WINDOWS\system32\pkgvyg.dll (file missing)
backup-20071013-001921-480 O9 - Extra 'Tools' menuitem: InterCasino $$$ - {909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB} - http://www.intercasino.com (file missing) (HKCU)
backup-20071013-001921-722 O9 - Extra button: InterCasino $$$ - {909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB} - http://www.intercasino.com (file missing) (HKCU)
backup-20071013-001921-942 O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 ET5Drv - c:\windows\system32\drivers\et5drv.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
R3 wanusb (D-Link DSL-200 USB ADSL Modem(WAN)) - c:\windows\system32\drivers\gwausb.sys <Not Verified; GlobespanVirata Inc.; GlobespanVirata WAN ADSL USB Modem>

S2 ALIEHCD (ULi PCI to USB Enhanced Host Controller) - c:\windows\system32\drivers\aliehci.sys <Not Verified; ULi Corporation; ULi Ehci Host Controller Driver>
S3 aliroothub (USB 2.0 Root Hub) - c:\windows\system32\drivers\alirthub.sys <Not Verified; ULi Corporation; ULi Roothub Driver for USB2.0>
S3 catchme - c:\docume~1\terry\locals~1\temp\catchme.sys (file missing)
S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 GVCplDrv - c:\windows\system32\drivers\gvcpldrv.sys
S3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-10-08 02:00:02 1516 --a------ C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job
2007-10-03 10:38:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-09-14 and 2007-10-14 -----------------------------

2007-10-14 13:51:39 175927 ---hs---- C:\WINDOWS\system32\wycdd.ini2
2007-10-14 11:26:31 78400 --a------ C:\WINDOWS\system32\qqgqscpr.dll
2007-10-13 09:49:34 78400 --a------ C:\WINDOWS\system32\viloaitf.dll
2007-10-13 09:46:22 84032 --a------ C:\WINDOWS\system32\cnckkduq.dll
2007-10-12 23:39:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2007-10-12 23:35:36 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-10-12 23:35:36 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-10-12 23:35:36 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-10-12 23:35:36 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-10-12 23:35:36 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-10-12 23:35:36 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-10-12 23:35:36 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-10-12 23:35:36 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-10-12 23:35:36 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-10-12 23:35:36 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-10-12 23:35:36 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-10-12 23:35:36 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-10-12 23:35:36 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-10-12 23:35:35 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-10-12 23:35:31 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-10-12 18:07:04 78400 --a------ C:\WINDOWS\system32\qxtlcvab.dll
2007-10-12 17:59:45 174432 ---hs---- C:\WINDOWS\system32\wycdd.bak2
2007-10-12 17:39:31 0 d-------- C:\Program Files\EsetOnlineScanner
2007-10-12 14:13:46 0 d-------- C:\WINDOWS\system32\Lang
2007-10-12 05:59:31 6505 ---hs---- C:\WINDOWS\system32\wycdd.bak1
2007-10-12 05:58:51 309856 --a------ C:\WINDOWS\system32\ddcyw.dll
2007-10-12 05:53:47 34304 --a------ C:\WINDOWS\system32\qomjkii.dll
2007-10-11 19:18:39 0 d-------- C:\Program Files\Trend Micro
2007-10-10 20:34:51 0 d-------- C:\Documents and Settings\Terry\Application Data\TrojanHunter
2007-10-10 20:14:01 0 d-------- C:\Documents and Settings\Terry\.housecall6.6
2007-10-10 19:20:48 0 d-------- C:\Program Files\TrojanHunter 5.0
2007-10-07 13:48:37 118784 --a------ C:\WINDOWS\system32\DWSPYVB6.DLL <Not Verified; Desaware Inc.; SpyWorks 6.0>
2007-10-07 13:48:37 0 d-------- C:\Program Files\Nodtronics
2007-10-04 20:01:32 0 d-------- C:\Documents and Settings\Terry\Application Data\UseNeXT
2007-09-28 19:15:55 0 d-------- C:\Program Files\Common Files\Apple
2007-09-28 19:08:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-09-19 22:26:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-09-19 19:55:32 81920 --a------ C:\WINDOWS\system32\viscomwave.dll <Not Verified; Viscom Software; >
2007-09-19 19:55:32 139264 --a------ C:\WINDOWS\system32\viscomqtde.dll <Not Verified; Viscom Software http://www.viscomsoft.com; >
2007-09-19 19:55:32 475136 --a------ C:\WINDOWS\system32\SkinCrafter.dll <Not Verified; DMSoft Technologies; SkinCrafter Module>
2007-09-19 19:55:29 0 d-------- C:\Program Files\Plato Video To iPod Converter
2007-09-16 02:30:42 0 d-------- C:\Program Files\BitComet


-- Find3M Report ---------------------------------------------------------------

2007-10-13 09:35:39 0 d-------- C:\Program Files\Common Files
2007-10-12 22:39:36 0 d-------- C:\Program Files\Java
2007-10-07 13:48:35 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-04 23:03:46 0 d-------- C:\Documents and Settings\Terry\Application Data\RipIt4Me
2007-09-28 20:27:11 0 d-------- C:\Documents and Settings\Terry\Application Data\CamfrogWEB
2007-09-28 19:08:52 0 d-------- C:\Program Files\Apple Software Update
2007-09-19 17:17:55 0 d-------- C:\Program Files\PKR
2007-09-10 21:09:28 0 d-------- C:\Documents and Settings\Terry\Application Data\Aim
2007-08-27 12:42:16 0 d-------- C:\Program Files\CFWebAdvancedU
2007-08-22 20:48:57 0 d-------- C:\Program Files\Windows Media Components
2007-08-08 16:30:12 19456 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll <Not Verified; ; OnlineScanner Language Library>
2007-08-02 18:11:28 253952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2007-08-02 18:11:14 241664 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2007-07-27 15:49:02 225355 --a------ C:\WINDOWS\system32\lnod32apiW.dll
2007-07-27 15:49:02 196683 --a------ C:\WINDOWS\system32\lnod32apiA.dll
2007-07-18 22:09:35 164 --a------ C:\install.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BACEB7AF-8D88-456E-82D0-7BEB9A4410FE}]
2007-10-12 05:53 34304 --a------ C:\WINDOWS\system32\qomjkii.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA50CF68-25F1-438F-8C27-30FF6F86DBC9}]
2007-10-12 05:58 309856 --a------ C:\WINDOWS\system32\ddcyw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-12-20 21:54]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-01 22:28]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 22:09 C:\WINDOWS\SOUNDMAN.EXE]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2005-08-18 16:52]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 20:42]
"DSLSTATEXE"="C:\Program Files\D-Link\DSL-200\dslstat.exe" [2005-01-21 21:04]
"DSLAGENTEXE"="C:\Program Files\D-Link\DSL-200\dslagent.exe" [2005-01-21 21:04]
"EasyTuneV"="C:\Program Files\Gigabyte\ET5\GUI.exe" [2004-06-14 12:54]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-07-31 12:49]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 11:22]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 15:25]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 15:45]
"SetDefPrt"="C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 19:02]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 18:42]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-03-14 15:38]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06]
"PKR Pal"="./\pkrpal.exe" []
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2007-09-09 09:31]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-06-21 19:57]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:56]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 16:22]
"AIM"="C:\Program Files\AIM95\aim.exe" [2002-11-14 12:50]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2006-09-17 13:41:53]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BACEB7AF-8D88-456E-82D0-7BEB9A4410FE}"= C:\WINDOWS\system32\qomjkii.dll [2007-10-12 05:53 34304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomjkii]
qomjkii.dll 2007-10-12 05:53 34304 C:\WINDOWS\system32\qomjkii.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wingby32]
wingby32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddcyw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2007-10-14 17:06:20 ------------




Deckard's System Scanner v20070905.67
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 Processor 3500+
Percentage of Memory in Use: 50%
Physical Memory (total/avail): 1023.48 MiB / 505.36 MiB
Pagefile Memory (total/avail): 2461.91 MiB / 2048.42 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1943.45 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 48.83 GiB total, 2.93 GiB free.
D: is Fixed (NTFS) - 68.36 GiB total, 68 GiB free.
E: is Fixed (NTFS) - 48.25 GiB total, 43.35 GiB free.
F: is Removable (No Media)
G: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3200822A - 165.44 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 48.83 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 116.61 GiB - D: - E:

\\.\PHYSICALDRIVE1 - Brother DCP-115C USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: ESET NOD32 antivirus system 2.70 v2.70 (ESET, spol. s r.o.)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"D:\\LimeWire\\LimeWire.exe"="D:\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"D:\\mIRC\\mirc.exe"="D:\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"="C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\Documents and Settings\\Terry\\Local Settings\\Temporary Internet Files\\Content.IE5\\M3SVFS18\\wowclient-downloader[1].exe"="C:\\Documents and Settings\\Terry\\Local Settings\\Temporary Internet Files\\Content.IE5\\M3SVFS18\\wowclient-downloader[1].exe:*:Enabled:Blizzard Downloader"
"D:\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"="D:\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\AIM95\\aim.exe"="C:\\Program Files\\AIM95\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Terry\Application Data
CLASSPATH=C:\Program Files\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TELAINE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Terry
LOGONSERVER=\\TELAINE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\ATI Technologies\ATI.ACE\;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 7 Stepping 10, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=070a
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Terry\LOCALS~1\Temp
TMP=C:\DOCUME~1\Terry\LOCALS~1\Temp
USERDOMAIN=TELAINE
USERNAME=Terry
USERPROFILE=C:\Documents and Settings\Terry
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Terry (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
--> MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
1000 Solitaire Games --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A3913CAB-1406-46F2-BB62-1CB96DDAF460}\SETUP.EXE" -l0x9
101 Puzzle & Logic Games --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05108C14-956B-4723-8346-7EA8982CD2FC}\setup.exe" -l0x9
3DMark06 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}\setup.exe" -l0x9 -removeonly
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AOL Instant Messenger --> C:\Program Files\AIM95\uninstll.exe -LOG= C:\Program Files\AIM95\install.log -OEM=
Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{63D45D17-7A9E-41DF-96EF-699B285AC459}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Parental Control & Encoder --> MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
AVIVO Codecs --> MsiExec.exe /X{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}
Brother MFL-Pro Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}\Setup.exe" -l0x9 Brunin03.dllBrunin03.dll
CamfrogWEB Advanced ActiveX Plugin (remove only) --> "C:\Program Files\CFWebAdvancedU\Uninstall.exe"
D-Link DSL-200 ADSL Modem --> C:\Program Files\D-Link\DSL-200\uninstall.exe
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EasyTune5 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Gigabyte\ET5\Uninst.isu" -c"C:\Program Files\Gigabyte\ET5\uninstdrv.dll"
ESET Online Scanner --> C:\WINDOWS\system32\OnlineScannerUninstaller.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
iPod for Windows 2005-10-12 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A} /l1033
iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{501BADCD-F8F7-44CB-AC3F-6ED25C1A28B5} /l1033
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Jarte --> "C:\Program Files\Jarte\unins000.exe"
K-Lite Codec Pack 2.77 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
mIRC --> "D:\mIRC\mirc.exe" -uninstall
Mozilla Firefox (2.0.0.7) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NOD32 Antivirus System --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NVIDIA Drivers --> C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI
PaperPort --> MsiExec.exe /I{A17EABB6-D0C6-44E5-820C-72DC7F495064}
PKR --> "C:\Program Files\PKR\uninstall-pkr.exe"
Plato Video To iPod Converter 3.73 --> "C:\Program Files\Plato Video To iPod Converter\unins000.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
SuperMegaSpoof 2.0 --> "C:\Program Files\MegaSpoof\unins000.exe"
TrojanHunter 5.0 --> "C:\Program Files\TrojanHunter 5.0\unins000.exe"
VideoCAM NB --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9CA01B9A-FB39-4E17-8CA9-A8D485CBE7DD}\setup.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type140887 / Error
Event Submitted/Written: 10/14/2007 11:33:37 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application sed.cfexe, version 0.0.0.0, faulting module sed.cfexe, version 0.0.0.0, fault address 0x000106ac.
Processing media-specific event for [sed.cfexe!ws!]

Event Record #/Type140880 / Error
Event Submitted/Written: 10/14/2007 10:37:26 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type140879 / Error
Event Submitted/Written: 10/14/2007 10:37:15 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type140878 / Error
Event Submitted/Written: 10/14/2007 10:37:13 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type140877 / Error
Event Submitted/Written: 10/14/2007 10:37:10 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type29877 / Error
Event Submitted/Written: 10/14/2007 04:50:11 PM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The BrSplService service has reported an invalid current state 0.

Event Record #/Type29849 / Error
Event Submitted/Written: 10/14/2007 01:50:28 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The ULi PCI to USB Enhanced Host Controller service failed to start due to the following error:
%%1058

Event Record #/Type29845 / Error
Event Submitted/Written: 10/14/2007 11:32:24 AM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The BrSplService service has reported an invalid current state 0.

Event Record #/Type29822 / Error
Event Submitted/Written: 10/14/2007 10:57:50 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The ULi PCI to USB Enhanced Host Controller service failed to start due to the following error:
%%1058

Event Record #/Type29797 / Error
Event Submitted/Written: 10/14/2007 10:48:35 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The ULi PCI to USB Enhanced Host Controller service failed to start due to the following error:
%%1058



-- End of Deckard's System Scanner: finished at 2007-10-14 17:06:20 ------------
psygone
Active Member
 
Posts: 10
Joined: October 10th, 2007, 4:33 am

Unread postby random/random » October 14th, 2007, 5:53 am

  • Go to Start > My Computer
  • Go to Tools > Folder Options
  • Click on the View tab
  • Untick the following:
    • Hide extensions for known file types
    • Hide protected operating system files (Recommended)
  • You will get a message warning you about showing protected operating system files, click Yes
  • Make sure this option is selected:
    • Show hidden files and folders
  • Click Apply and then click OK

Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

Copy the contents of the following codebox to a notepad window

Code: Select all
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BACEB7AF-8D88-456E-82D0-7BEB9A4410FE}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA50CF68-25F1-438F-8C27-30FF6F86DBC9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BACEB7AF-8D88-456E-82D0-7BEB9A4410FE}"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomjkii]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wingby32]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

[-HKEY_CLASSES_ROOT\CLSID\{BACEB7AF-8D88-456E-82D0-7BEB9A4410FE}]

[-HKEY_CLASSES_ROOT\CLSID\{DA50CF68-25F1-438F-8C27-30FF6F86DBC9}]
 


Save it to the desktop as fix.reg, making sure save as type is set to all files

  • Download UnDLL by ESET from here
  • Unzip/extact it to a folder on the desktop
  • Double click on UNDLL.EXE to start UnDLL
  • Click on Select infected DLL
  • Locate and select this file:
    C:\WINDOWS\system32\qomjkii.dll
  • Click Open
  • UnDLL will now attempt to delete the DLL file
  • If asked to restart your PC, click No
  • Repeat the above steps for the following file:
    Code: Select all
    C:\WINDOWS\system32\ddcyw.dll
  • Locate Fix.reg on your desktop and double-click it. When asked if you want to merge with the registry, click YES. Wait for the merged successfully prompt
  • Once you have used UnDLL on all the files, restart your PC manually


Locate Fix.reg on your desktop and double-click it. When asked if you want to merge with the registry, click YES. Wait for the merged successfully prompt

Use windows explorer to find and delete these files:

C:\WINDOWS\system32\cnckkduq.dll
C:\WINDOWS\system32\ddcyw.dll
C:\WINDOWS\system32\qomjkii.dll
C:\WINDOWS\system32\qqgqscpr.dll
C:\WINDOWS\system32\qxtlcvab.dll
C:\WINDOWS\system32\viloaitf.dll
C:\WINDOWS\system32\wycdd.bak1
C:\WINDOWS\system32\wycdd.bak2
C:\WINDOWS\system32\wycdd.ini2

As an example:
To delete C:\WINDOWS\system32\filetogo.bye
Double click the My Computer icon on your Desktop.
Double click on Local Disc (C:\)
Double click on the Windows folder,
Double click on the System 32 folder,
Right click on filetogo.bye and from the menu that appears, click on 'Delete'


Then run Deckard's system scanner (dss.exe) again and post the log it produces
User avatar
random/random
Developer
Developer
 
Posts: 7731
Joined: December 18th, 2005, 3:30 pm

Unread postby psygone » October 14th, 2007, 8:41 pm

Hi, This took only a matter of seconds this time to run, not the 3 hours it took last time. Thanks

Deckard's System Scanner v20070905.67
Run by Terry on 2007-10-15 13:39:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 2.75 GiB (less than 15%) free.


-- HijackThis (run as Terry.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:39, on 2007-10-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Terry\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Terry.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] "C:\Program Files\D-Link\DSL-200\dslstat.exe" icon
O4 - HKLM\..\Run: [DSLAGENTEXE] "C:\Program Files\D-Link\DSL-200\dslagent.exe"
O4 - HKLM\..\Run: [EasyTuneV] "C:\Program Files\Gigabyte\ET5\GUI.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [SetDefPrt] "C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe"
O4 - HKLM\..\Run: [ControlCenter2.0] "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PKR Pal] "./\pkrpal.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\hsyugwus.dll",sitypnow
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/ ... module.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-U ... E_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1748194013
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/A ... gWXMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 8120 bytes

-- Files created between 2007-09-15 and 2007-10-15 -----------------------------

2007-10-15 07:43:13 85056 --a------ C:\WINDOWS\system32\hsyugwus.dll
2007-10-15 07:40:29 78400 --a------ C:\WINDOWS\system32\hmybcoqk.dll
2007-10-14 22:09:41 78400 --a------ C:\WINDOWS\system32\norlkajp.dll
2007-10-14 22:06:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2007-10-14 22:05:50 0 d------c- C:\Temp
2007-10-14 21:47:52 0 d------c- C:\!KillBox
2007-10-12 23:39:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2007-10-12 23:35:36 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-10-12 23:35:36 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-10-12 23:35:36 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-10-12 23:35:36 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-10-12 23:35:36 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-10-12 23:35:36 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-10-12 23:35:36 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-10-12 23:35:36 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-10-12 23:35:36 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-10-12 23:35:36 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-10-12 23:35:36 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-10-12 23:35:36 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-10-12 23:35:36 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-10-12 23:35:35 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-10-12 23:35:31 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-10-12 17:39:31 0 d-------- C:\Program Files\EsetOnlineScanner
2007-10-12 14:13:46 0 d-------- C:\WINDOWS\system32\Lang
2007-10-11 19:18:39 0 d-------- C:\Program Files\Trend Micro
2007-10-10 20:34:51 0 d-------- C:\Documents and Settings\Terry\Application Data\TrojanHunter
2007-10-10 20:14:01 0 d-------- C:\Documents and Settings\Terry\.housecall6.6
2007-10-07 13:48:37 118784 --a------ C:\WINDOWS\system32\DWSPYVB6.DLL <Not Verified; Desaware Inc.; SpyWorks 6.0>
2007-10-07 13:48:37 0 d-------- C:\Program Files\Nodtronics
2007-10-04 20:01:32 0 d-------- C:\Documents and Settings\Terry\Application Data\UseNeXT
2007-09-28 19:15:55 0 d-------- C:\Program Files\Common Files\Apple
2007-09-28 19:08:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-09-19 22:26:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-09-19 19:55:32 81920 --a------ C:\WINDOWS\system32\viscomwave.dll <Not Verified; Viscom Software; >
2007-09-19 19:55:32 139264 --a------ C:\WINDOWS\system32\viscomqtde.dll <Not Verified; Viscom Software http://www.viscomsoft.com; >
2007-09-19 19:55:32 475136 --a------ C:\WINDOWS\system32\SkinCrafter.dll <Not Verified; DMSoft Technologies; SkinCrafter Module>
2007-09-19 19:55:29 0 d-------- C:\Program Files\Plato Video To iPod Converter


-- Find3M Report ---------------------------------------------------------------

2007-10-13 09:35:39 0 d-------- C:\Program Files\Common Files
2007-10-12 22:39:36 0 d-------- C:\Program Files\Java
2007-10-07 13:48:35 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-04 23:03:46 0 d-------- C:\Documents and Settings\Terry\Application Data\RipIt4Me
2007-09-28 20:27:11 0 d-------- C:\Documents and Settings\Terry\Application Data\CamfrogWEB
2007-09-28 19:08:52 0 d-------- C:\Program Files\Apple Software Update
2007-09-19 17:17:55 0 d-------- C:\Program Files\PKR
2007-09-10 21:09:28 0 d-------- C:\Documents and Settings\Terry\Application Data\Aim
2007-08-27 12:42:16 0 d-------- C:\Program Files\CFWebAdvancedU
2007-08-22 20:48:57 0 d-------- C:\Program Files\Windows Media Components
2007-08-08 16:30:12 19456 --a------ C:\WINDOWS\system32\OnlineScannerLang.dll <Not Verified; ; OnlineScanner Language Library>
2007-08-02 18:11:28 253952 --a------ C:\WINDOWS\system32\OnlineScannerDLLA.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2007-08-02 18:11:14 241664 --a------ C:\WINDOWS\system32\OnlineScannerDLLW.dll <Not Verified; ; OnlineScanner Dynamic Link Library>
2007-07-27 15:49:02 225355 --a------ C:\WINDOWS\system32\lnod32apiW.dll
2007-07-27 15:49:02 196683 --a------ C:\WINDOWS\system32\lnod32apiA.dll
2007-07-18 22:09:35 164 --a------ C:\install.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-12-20 21:54]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-01 22:28]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 22:09 C:\WINDOWS\SOUNDMAN.EXE]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2005-08-18 16:52]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 20:42]
"DSLSTATEXE"="C:\Program Files\D-Link\DSL-200\dslstat.exe" [2005-01-21 21:04]
"DSLAGENTEXE"="C:\Program Files\D-Link\DSL-200\dslagent.exe" [2005-01-21 21:04]
"EasyTuneV"="C:\Program Files\Gigabyte\ET5\GUI.exe" [2004-06-14 12:54]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-07-31 12:49]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 11:22]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 15:25]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 15:45]
"SetDefPrt"="C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 19:02]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 18:42]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-03-14 15:38]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06]
"PKR Pal"="./\pkrpal.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23]
"SearchIndexer"="C:\WINDOWS\system32\hsyugwus.dll" [2007-10-15 07:43]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-06-21 19:57]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:56]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 16:22]
"AIM"="C:\Program Files\AIM95\aim.exe" [2002-11-14 12:50]

C:\Documents and Settings\Terry\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2006-09-17 13:41:53]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2007-10-15 13:39:28 ------------
psygone
Active Member
 
Posts: 10
Joined: October 10th, 2007, 4:33 am

Unread postby random/random » October 15th, 2007, 1:37 pm

Download ATF Cleaner by Atribune
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Main at the top and choose Select All from the list.
  • Click the Empty Selected button.
If you use Firefox browser:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser:
  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Run HijackThis
Click on do a system scan only
Place a checkmark next to these lines(if still present)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\hsyugwus.dll",sitypnow

Then close all windows except HijackThis and click Fix Checked

Restart

Use windows explorer to find and delete these files:

C:\WINDOWS\system32\hsyugwus.dll
C:\WINDOWS\system32\hmybcoqk.dll
C:\WINDOWS\system32\norlkajp.dll

As an example:
To delete C:\WINDOWS\system32\filetogo.bye
Double click the My Computer icon on your Desktop.
Double click on Local Disc (C:\)
Double click on the Windows folder,
Double click on the System 32 folder,
Right click on filetogo.bye and from the menu that appears, click on 'Delete'


Go here to run an online scannner from Kaspersky.
  • Note: You will need to use Internet explorer for this scan
  • Click on "Kaspersky Online Scanner"
  • A new smaller window will pop up. Press on "Accept". After reading the contents.
  • Now Kaspersky will update the anti-virus database. Let it run.
  • Click on "Next">"Scan Settings", and make sure the database is set to "extended". And check both the scan options. Then click OK.
  • Then click on "My Computer", and the scan will start.
  • Once finished, save the log as "KAV.txt" to the desktop.


Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Post back with the Kaspersky log,a new HijackThis log & a description of any remaining problems
User avatar
random/random
Developer
Developer
 
Posts: 7731
Joined: December 18th, 2005, 3:30 pm

Unread postby psygone » October 17th, 2007, 1:36 am

Hi again

i have tried 6 times to run kaspersky and it freezes on drwatson32.log everytime. i left it over night and it still was at the point! i have included a hijack this log alone. Sometimes when i reboot spysweeper doesnt load properly.

Cheers
Mike

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:34, on 2007-10-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] "C:\Program Files\D-Link\DSL-200\dslstat.exe" icon
O4 - HKLM\..\Run: [DSLAGENTEXE] "C:\Program Files\D-Link\DSL-200\dslagent.exe"
O4 - HKLM\..\Run: [EasyTuneV] "C:\Program Files\Gigabyte\ET5\GUI.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [SetDefPrt] "C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe"
O4 - HKLM\..\Run: [ControlCenter2.0] "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PKR Pal] "./\pkrpal.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/ ... module.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-U ... E_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1748194013
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/A ... gWXMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{37E6FA4B-EC5F-45B0-A1A2-A137860F2EE9}: NameServer = 203.109.129.67 203.109.129.68
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 8419 bytes
psygone
Active Member
 
Posts: 10
Joined: October 10th, 2007, 4:33 am

Unread postby psygone » October 17th, 2007, 1:45 am

I manually stopped the scan before the point that it freezes at and that log is below. thanks

KASPERSKY ONLINE SCANNER REPORT
Wednesday, October 17, 2007 6:44:37 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 17/10/2007
Kaspersky Anti-Virus database records: 437114
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 11796
Number of viruses found: 7
Number of infected objects: 139
Number of suspicious objects: 0
Duration of the scan process: 00:05:05

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\ac8zt2.dat/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\ac8zt2.dat/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\ac8zt2.dat/ac8zt2/msmdev.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\ac8zt2.dat/ac8zt2/msmhost.dll Infected: not-a-virus:AdWare.Win32.Agent.jw skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\ac8zt2.dat/ac8zt2/nsduo.dll Infected: not-a-virus:AdWare.Win32.Agent.kc skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\ac8zt2.dat/ac8zt2/rmv.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\ac8zt2.dat ZIP: infected - 6 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BIT167.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BIT167.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BIT3793.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BIT3793.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BIT3793.tmp ZIP: infected - 2 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BIT4227.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BIT4227.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BIT4227.tmp ZIP: infected - 2 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BIT4B20.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BIT4B20.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BIT582F.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BIT582F.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITB252.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITB252.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITC35F.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITC35F.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITDC9A.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITDC9A.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITDDBC.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITDDBC.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITDDD1.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITDDD1.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITDDF5.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITDDF5.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITDE40.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITDE40.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITDE40.tmp ZIP: infected - 2 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITDE46.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITDE46.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITDE46.tmp ZIP: infected - 2 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITDE4D.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITDE4D.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITDE4D.tmp ZIP: infected - 2 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITDE60.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITDE60.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITDE99.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITDE99.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITDEA1.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITDEA1.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITDEB5.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITDEB5.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITDED0.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITDED0.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITDED7.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITDED7.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITDEDF.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITDEDF.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITDEF2.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITDEF2.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITDEF2.tmp ZIP: infected - 2 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITDEFA.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITDEFA.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITDF39.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITDF39.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITDF42.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITDF42.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITDF4A.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITDF4A.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITDF85.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITDF85.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITDF8F.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITDF8F.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITDFDC.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITDFDC.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE000.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE000.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE00A.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE00A.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE056.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE056.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE06B.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE06B.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE075.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE075.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE25E.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE25E.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE268.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE268.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE380.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE380.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE388.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE388.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE39C.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE39C.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE3A9.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE3A9.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE3C7.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE3C7.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE3CF.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE3CF.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE3D5.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE3D5.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE3D5.tmp ZIP: infected - 2 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE3E5.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE3E5.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE405.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE405.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE49B.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE49B.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE4F1.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE4F1.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE4F1.tmp ZIP: infected - 2 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE519.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE519.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE560.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE560.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE567.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE567.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE575.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE575.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE5CD.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE5CD.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE5CD.tmp ZIP: infected - 2 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE5D5.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE5D5.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE5E9.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE5E9.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE626.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE626.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE6D7.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE6D7.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE6FB.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE6FB.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE788.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE788.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE798.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE798.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE7A5.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\BITE7A5.tmp ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\Office%202007%20Enterprise%20Edition.zip/run.exe Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\Office%202007%20Enterprise%20Edition.zip ZIP: infected - 1 skipped
C:\Deckard\System Scanner\20071015133858\backup\DOCUME~1\Terry\LOCALS~1\Temp\sw_ins.exe Infected: Trojan-Downloader.Win32.Adload.ma skipped

Scan was interrupted by user!
psygone
Active Member
 
Posts: 10
Joined: October 10th, 2007, 4:33 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 67 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware