Windows BBS The Place for Microsoft Windows Support! Windows, Support, Help Site

Go Back   Windows BBS > Security > Malware and Virus Removal
Reload this Page

[Resolved] Trojan

Register FAQDonate Mark Forums Read

Malware and Virus Removal Problems removing malware/viruses? Get help from our Malware removal experts.

Register your FREE account to unlock additional features at WindowsBBS.com
Register
Welcome to WindowsBBS.com
Microsoft Windows Support

Mission Statement

WindowsBBS is an online community dedicated to easily accessible technical support for those using Microsoft operating systems and other Windows software.

Our goal is to become the leading resource for computer users that require assistance with their day-to-day computer usage, including full support for networking PC's, virus & malware removal, system upgrades and general support questions.

Discussion Forums
Operating Systems
Windows 7 Windows 7
Windows Vista Windows Vista
Windows XP Windows XP
Windows Server System Windows Server System
Windows 2000 Windows 2000
Windows 95/98/Me/NT Windows 95/98/Me/NT
Internet & Networking
Networking
Internet Explorer
Microsoft Mail
Firefox, Thunderbird
      & SeaMonkey
General Internet
Security
General Security
Malware and Virus
     Removal
Other
Other Software
Hardware
Test Posts
Community
Introductions
General Discussions
Comments
      & Suggestions
News @ WindowsBBS

Forum Sponsor
Image

Reply
Page 1 of 3 1 23
 
LinkBack Thread Tools
Old 17th June 2008   #1
Member
 
Profile:
Join Date: Jun 2008
Posts: 33
Computer Experience:
Intermediate
AFan Reputation Level
[Resolved] Trojan
Hi, Im having the same problem as other people, the one about the dangerous Trojan.Heres my HJT logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:23:20, on 2008/06/16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Corel\Suite8\Programs\DAD8.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Corel\Suite8\Programs\DAD8.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: DVA Storm - {97EBE3CC-10A7-4619-B127-9B5D4FA476A8} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: BhoApp Class - {BBEEBE4F-3EDA-40F4-A0AB-87593EE49C56} - C:\WINDOWS\system32\tapdfim.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enumn /alertsn /notificationsn /systrayIconn /fln /frn /appDatan
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [a4f36bd9] rundll32.exe "C:\WINDOWS\system32\uiaeyugu.dll",b
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe] "C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2000478354-764733703-839522115-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Gerrit')
O4 - HKUS\S-1-5-21-2000478354-764733703-839522115-1003\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Gerrit')
O4 - HKUS\S-1-5-21-2000478354-764733703-839522115-1003\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User 'Gerrit')
O4 - HKUS\S-1-5-21-2000478354-764733703-839522115-1003\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S (User 'Gerrit')
O4 - HKUS\S-1-5-21-2000478354-764733703-839522115-1003\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background (User 'Gerrit')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Corel Desktop Application Director 8.LNK = C:\Corel\Suite8\Programs\DAD8.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: iifcbBrr - iifcbBrr.dll (file missing)
O21 - SSODL: KernelWin - {64f2cfe9-9cfe-4899-9b01-caf9f9aaaf8a} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 15288 bytes
Last edited by AFan; 17th June 2008 at 17:27.
AFan is offline   Reply With Quote
Didn't find the information you thought to find?
Check out these Similar Threads
Old 17th June 2008   #2
Member
 
Profile:
Join Date: Jun 2008
Posts: 33
Computer Experience:
Intermediate
AFan Reputation Level
Any Help would be appreciated.
BTW,its the one that says:
"Attention. Some dangerous Trojan horses detected in your system. Microsoft Windows XP files corrupted. This may lead to the destruction of important files in C:\Windows. Download protection software now! Click OK to download the antispyware. (Recommended)"
Last edited by AFan; 17th June 2008 at 17:45.
AFan is offline   Reply With Quote
Old 17th June 2008   #3
Member
 
Profile:
Join Date: Jun 2008
Posts: 33
Computer Experience:
Intermediate
AFan Reputation Level
Exclamation
Can someone please help me?
AFan is offline   Reply With Quote
Old 17th June 2008   #4
Member
 
Profile:
Join Date: Jun 2008
Posts: 33
Computer Experience:
Intermediate
AFan Reputation Level
Smile
nevermind.I did a full system scan with MBAM and everythings ok.ty
AFan is offline   Reply With Quote
Old 18th June 2008   #5
Staff
 
noahdfear's Avatar
 
Profile:
Join Date: Apr 2003
Location: New Bremen, Ohio U.S.A.
Posts: 12,524
Computer Experience:
~@<*+
noahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Level

My System

Welcome to WindowsBBS AFan

I'm happy to hear that MBAM seems to have cured the problem (sorry we couldn't respond sooner ......... timezones ), but from the look of your HijackThis log I recommend you post the MBAM log along with a fresh HijackThis log.
noahdfear is offline   Reply With Quote
Old 18th June 2008   #6
Member
 
Profile:
Join Date: Jun 2008
Posts: 33
Computer Experience:
Intermediate
AFan Reputation Level
Smile
Doing Quickscan...
Last edited by AFan; 18th June 2008 at 07:55.
AFan is offline   Reply With Quote
Old 18th June 2008   #7
Member
 
Profile:
Join Date: Jun 2008
Posts: 33
Computer Experience:
Intermediate
AFan Reputation Level
Smile
Doing Quickscan....
AFan is offline   Reply With Quote
Old 18th June 2008   #8
Member
 
Profile:
Join Date: Jun 2008
Posts: 33
Computer Experience:
Intermediate
AFan Reputation Level
Smile
Latest HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:58:16, on 2008/06/17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Corel\Suite8\Programs\DAD8.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: DVA Storm - {97EBE3CC-10A7-4619-B127-9B5D4FA476A8} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enumn /alertsn /notificationsn /systrayIconn /fln /frn /appDatan
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe] "C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Corel Desktop Application Director 8.LNK = C:\Corel\Suite8\Programs\DAD8.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: iifcbBrr - iifcbBrr.dll (file missing)
O21 - SSODL: KernelWin - {64f2cfe9-9cfe-4899-9b01-caf9f9aaaf8a} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 12001 bytes
AFan is offline   Reply With Quote
Old 18th June 2008   #9
Member
 
Profile:
Join Date: Jun 2008
Posts: 33
Computer Experience:
Intermediate
AFan Reputation Level
My MBAM log:
Malwarebytes' Anti-Malware 1.17
Database version: 864

08:13:45 2008/06/17
mbam-log-6-17-2008 (08-13-45).txt

Scan type: Quick Scan
Objects scanned: 46436
Time elapsed: 15 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\run\C:\Document s and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
AFan is offline   Reply With Quote
Old 19th June 2008   #10
Staff
 
noahdfear's Avatar
 
Profile:
Join Date: Apr 2003
Location: New Bremen, Ohio U.S.A.
Posts: 12,524
Computer Experience:
~@<*+
noahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Level

My System

Scan again with HijackThis and place a check next to the following entries.

O4 - HKCU\..\Run: [C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe] "C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" /autorun
O20 - Winlogon Notify: iifcbBrr - iifcbBrr.dll (file missing)
O21 - SSODL: KernelWin - {64f2cfe9-9cfe-4899-9b01-caf9f9aaaf8a} - (no file)


Now click Fix Checked, then close HijackThis.

Download Deckard's System Scanner (dss.exe) and save it to your desktop.
  • Close all applications and windows.
  • Double click on dss.exe to run it and follow the prompts.
  • When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.
Post the contents of main.txt only for now.
noahdfear is offline   Reply With Quote
Old 19th June 2008   #11
Member
 
Profile:
Join Date: Jun 2008
Posts: 33
Computer Experience:
Intermediate
AFan Reputation Level
Smile
Deckard's System Scanner v20071014.68
Run by Kinders on 2008-06-18 09:50:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
101: 2008-06-18 07:50:57 UTC - RP212 - Deckard's System Scanner Restore Point
100: 2008-06-17 20:19:48 UTC - RP211 - System Checkpoint
99: 2008-06-16 19:30:19 UTC - RP210 - Removed SUPERAntiSpyware Free Edition
98: 2008-06-16 19:22:47 UTC - RP209 - Installed AVG Free 8.0
97: 2008-06-16 19:21:17 UTC - RP208 - Removed AVG Free 8.0


-- First Restore Point --
1: 2008-06-14 21:29:56 UTC - RP112 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Kinders.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:52:58, on 2008/06/18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Corel\Suite8\Programs\DAD8.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Kinders\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Kinders.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: DVA Storm - {97EBE3CC-10A7-4619-B127-9B5D4FA476A8} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enumn /alertsn /notificationsn /systrayIconn /fln /frn /appDatan
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Corel Desktop Application Director 8.LNK = C:\Corel\Suite8\Programs\DAD8.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee Application Installer Cleanup (0267871213714296) (0267871213714296mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\026787~1.EXE (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 11825 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080616-151509-734 O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
backup-20080618-094708-244 O20 - Winlogon Notify: iifcbBrr - iifcbBrr.dll (file missing)
backup-20080618-094708-953 O4 - HKCU\..\Run: [C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe] "C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" /autorun
backup-20080618-094709-795 O21 - SSODL: KernelWin - {64f2cfe9-9cfe-4899-9b01-caf9f9aaaf8a} - (no file)

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71
.inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.js - unable to read key
.js - unable to read key
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*
.txt - unable to read key
.txt - unable to read key


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
R1 StarOpen - c:\windows\system32\drivers\staropen.sys
R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft(R) ASPI Shell>
R3 ASAPIW2K - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; VOB Computersysteme GmbH; asapi>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 SMBios (Intel (R) System Management BIOS Service) - c:\windows\system32\drivers\smbios.sys <Not Verified; Intel Corporation; Intel (R) System Management BIOS Driver>

S3 DBKDRVR54 - c:\program files\cheat engine\dbk32.sys (file missing)
S3 SABProcEnum - c:\program files\mozilla firefox\sabprocenum.sys (file missing)
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
R3 ServiceLayer - "c:\program files\common files\pcsuite\services\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

S2 0267871213714296mcinstcleanup (McAfee Application Installer Cleanup (0267871213714296)) - c:\windows\temp\026787~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-14 19:05:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-12-11 17:30:28 352 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2007-12-11 17:30:26 354 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2008-05-18 and 2008-06-18 -----------------------------

2008-06-16 16:04:59 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-16 15:32:53 0 d-------- C:\Documents and Settings\Gerrit\Application Data\AVGTOOLBAR
2008-06-16 15:10:39 0 d-------- C:\Program Files\Trend Micro
2008-06-16 12:42:52 0 d-------- C:\Program Files\RegistrySpy
2008-06-16 12:22:18 0 d--h----- C:\$AVG8.VAULT$
2008-06-16 12:11:38 0 d-------- C:\Documents and Settings\Kinders\Application Data\AVGTOOLBAR
2008-06-16 12:11:09 0 d-------- C:\Program Files\AVG
2008-06-16 10:43:32 0 d-------- C:\Documents and Settings\All Users\Application Data\FaceOnBody
2008-06-16 10:43:31 0 d-------- C:\Program Files\FaceOnBody
2008-06-15 16:57:42 0 d-------- C:\WINDOWS\$regcmp$
2008-06-15 15:32:03 0 d-------- C:\Documents and Settings\Kinders\Application Data\Malwarebytes
2008-06-15 15:31:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-15 12:28:20 0 --a------ C:\Program Files\uninstall.dat
2008-06-15 12:28:17 62910 --a------ C:\Program Files\Uninstall.exe <Not Verified; $PROGRAMNAME; $PROGRAMNAME>
2008-06-14 23:36:53 0 d-------- C:\Documents and Settings\Kinders\Application Data\TmpRecentIcons
2008-06-14 23:29:45 88150 --ahs---- C:\WINDOWS\system32\ghiPYcfe.ini2
2008-06-14 20:11:01 0 d-------- C:\Documents and Settings\Kinders\Application Data\TransRender
2008-06-14 20:11:01 0 d-------- C:\Documents and Settings\Kinders\Application Data\Temporary
2008-06-14 20:07:07 0 d-------- C:\Documents and Settings\Kinders\Application Data\ConvertTemp
2008-06-14 20:05:49 0 d-------- C:\Documents and Settings\Kinders\Application Data\Samsung
2008-06-09 20:54:40 0 d-------- C:\Documents and Settings\Kinders\Application Data\Apple Computer
2008-06-08 13:09:51 0 d-------- C:\Documents and Settings\Kinders\Application Data\Sun
2008-06-07 21:47:33 0 d-------- C:\Program Files\Bonjour
2008-06-07 18:28:02 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-03 14:33:36 0 d-------- C:\Documents and Settings\Kinders\Application Data\SUPERAntiSpyware.com
2008-06-01 20:38:59 0 d-------- C:\Documents and Settings\Kinders\Application Data\Ahead
2008-06-01 20:07:01 1364 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2008-05-30 16:38:27 0 d-------- C:\Documents and Settings\Kinders\Application Data\CyberLink
2008-05-30 15:40:01 0 d-------- C:\WINDOWS\Cache
2008-05-30 15:35:05 0 d-------- C:\Program Files\proDAD
2008-05-30 15:28:56 0 d-------- C:\Program Files\AdorageI-SAL
2008-05-30 15:28:56 0 d-------- C:\Program Files\AdorageI-GfxDatas
2008-05-30 15:17:31 155721 --a------ C:\WINDOWS\system32\RALMain.dll <Not Verified; Pinnacle Systems GmbH; Register Abstraction Layer>
2008-05-30 15:17:31 401408 --a------ C:\WINDOWS\system32\pvmjpg30.dll <Not Verified; Pegasus Imaging Corporation; PICVideo Codec Suite>
2008-05-30 15:17:31 204881 --a------ C:\WINDOWS\system32\DiskIO.dll <Not Verified; Pinnacle Systems GmbH; Media File Sequencer>
2008-05-30 15:17:20 73728 --a------ C:\WINDOWS\system32\MMAviAx.dll <Not Verified; Pinnacle Systems GmbH; miroVIDEO MFP>
2008-05-30 15:17:20 114759 --a------ C:\WINDOWS\system32\Aviprax.dll <Not Verified; Pinnacle Systems GmbH; miroVIDEO AFP>
2008-05-30 15:17:18 32768 --a------ C:\WINDOWS\system32\MLPagAx.dll <Not Verified; Pinnacle Systems GmbH; MLPag DLL>
2008-05-30 15:13:46 0 d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-05-30 15:13:45 0 d-------- C:\Program Files\SmartSound Software
2008-05-30 15:12:14 138752 --a------ C:\WINDOWS\system32\mase32.dll
2008-05-30 15:12:14 57856 --a------ C:\WINDOWS\system32\masd32.dll
2008-05-30 15:12:14 136192 --a------ C:\WINDOWS\system32\mamc32.dll <Not Verified; ; MAMC32 Dynamic Link Library>
2008-05-30 15:12:14 196096 --a------ C:\WINDOWS\system32\macd32.dll <Not Verified; ; MACD32 Dynamic Link Library>
2008-05-30 15:12:14 27648 --a------ C:\WINDOWS\system32\ma32.dll
2008-05-30 15:11:42 0 d-------- C:\Program Files\DivX
2008-05-30 15:11:39 14165 --a------ C:\WINDOWS\system32\drivers\Pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>
2008-05-30 15:11:35 41219 --a------ C:\WINDOWS\RSETPATH.exe <Not Verified; Pinnacle Systems; Pinnacle Systems RSETPATH>
2008-05-30 15:10:04 49152 --a------ C:\WINDOWS\system32\PCLEGetGuid.dll <Not Verified; Pinnacle Systems; Guid_dll>
2008-05-30 15:08:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
2008-05-30 15:08:33 0 d---s---- C:\Documents and Settings\Kinders\UserData
2008-05-30 15:04:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle
2008-05-30 15:04:46 0 d-------- C:\Program Files\Pinnacle
2008-05-28 18:56:05 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-05-27 15:04:24 0 d-------- C:\Documents and Settings\Kinders\Application Data\MAGIX
2008-05-23 10:57:35 0 d-------- C:\Program Files\Telltale Games
2008-05-23 10:43:37 0 d-------- C:\Program Files\Dexster
2008-05-23 10:28:07 162304 --a------ C:\UNWISE.EXE
2008-05-21 21:16:42 69680 --a------ C:\Documents and Settings\Kinders\Application Data\GDIPFONTCACHEV1.DAT
2008-05-21 18:45:40 0 d-------- C:\Documents and Settings\Kinders\Application Data\Datalayer
2008-05-20 22:09:46 0 d-------- C:\Documents and Settings\Kinders\Application Data\MXit
2008-05-20 21:01:55 0 d--hs---- C:\Documents and Settings\Kinders\Application Data\.#
2008-05-18 17:37:26 0 d-------- C:\Program Files\Bridge Building Game
2008-05-18 17:37:07 244066 --a------ C:\bbgsetup.exe
2008-05-18 16:51:59 161280 --a------ C:\WINDOWS\system32\fmod.dll <Not Verified; Firelight Technologies Pty, Ltd; FMOD>
2008-05-18 16:51:46 0 d-------- C:\Documents and Settings\Kinders\Application Data\WinRAR
2008-05-18 16:11:12 0 d-------- C:\Documents and Settings\Kinders\Application Data\Macromedia
2008-05-18 15:51:44 0 d-------- C:\Documents and Settings\Kinders\Application Data\Talkback
2008-05-18 15:42:19 0 d-------- C:\Documents and Settings\Kinders\Application Data\Mozilla
2008-05-18 15:39:17 0 d-------- C:\Documents and Settings\Kinders\Application Data\Google
2008-05-18 15:37:59 0 d-------- C:\Documents and Settings\Kinders\Application Data\Adobe
2008-05-18 15:37:35 0 d-------- C:\Documents and Settings\Kinders\Application Data\HP
2008-05-18 15:37:21 0 d-------- C:\Documents and Settings\Kinders\Phone Browser
2008-05-18 15:37:14 0 d-------- C:\Documents and Settings\Kinders\Application Data\McAfee
2008-05-18 15:36:57 0 d-------- C:\Documents and Settings\Kinders\Application Data\Real
2008-05-18 15:36:54 0 d-------- C:\Documents and Settings\Kinders\Application Data\SiteAdvisor
2008-05-18 15:36:31 0 d-------- C:\Documents and Settings\Kinders\Application Data\Identities
2008-05-18 15:36:11 0 d-------- C:\Documents and Settings\Kinders\Application Data\PC Suite
2008-05-18 15:36:04 0 d--h----- C:\Documents and Settings\Kinders\Templates
2008-05-18 15:36:04 0 dr------- C:\Documents and Settings\Kinders\Start Menu
2008-05-18 15:36:04 0 dr-h----- C:\Documents and Settings\Kinders\SendTo
2008-05-18 15:36:04 0 dr-h----- C:\Documents and Settings\Kinders\Recent
2008-05-18 15:36:04 0 d--h----- C:\Documents and Settings\Kinders\PrintHood
2008-05-18 15:36:04 4718592 --a------ C:\Documents and Settings\Kinders\NTUSER.DAT
2008-05-18 15:36:04 0 d--h----- C:\Documents and Settings\Kinders\NetHood
2008-05-18 15:36:04 0 dr------- C:\Documents and Settings\Kinders\My Documents
2008-05-18 15:36:04 0 d--h----- C:\Documents and Settings\Kinders\Local Settings
2008-05-18 15:36:04 0 dr------- C:\Documents and Settings\Kinders\Favorites
2008-05-18 15:36:04 0 d-------- C:\Documents and Settings\Kinders\Desktop
2008-05-18 15:36:04 0 d---s---- C:\Documents and Settings\Kinders\Cookies
2008-05-18 15:36:04 0 dr-h----- C:\Documents and Settings\Kinders\Application Data


-- Find3M Report ---------------------------------------------------------------

2008-06-18 09:39:46 0 d-------- C:\Program Files\lg_fwupdate
2008-06-17 16:51:27 0 d-------- C:\Program Files\McAfee
2008-06-16 21:30:25 0 d-------- C:\Program Files\Common Files
2008-06-16 18:38:41 0 d-------- C:\Program Files\Common Files\Stardock
2008-06-15 18:09:21 0 d-------- C:\Program Files\Nokia
2008-06-14 21:41:21 0 d-------- C:\Program Files\Winamp
2008-06-10 16:21:32 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-30 15:20:16 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-30 15:12:15 95 --a------ C:\AUTOEXEC.BAT
2008-05-23 07:23:17 0 d-------- C:\Program Files\SiteAdvisor
2008-05-17 19:06:54 0 d-------- C:\Program Files\Smallvideosoft
2008-05-17 18:40:55 1362 --a------ C:\WINDOWS\mozver.dat
2008-05-16 12:36:43 0 d-------- C:\Program Files\Pcsx2_0.9.4
2008-05-12 21:46:04 0 d-------- C:\Program Files\MXit
2008-05-12 21:24:00 0 d-------- C:\Program Files\Samsung
2008-05-11 14:55:53 0 d-------- C:\Program Files\Free Window Registry Repair
2008-05-11 14:55:38 0 d-------- C:\Program Files\Cheat Engine
2008-05-11 14:54:19 0 d-------- C:\Program Files\Canon
2008-05-10 18:17:38 0 d-------- C:\Program Files\Apple Software Update
2008-05-04 20:18:17 0 d-------- C:\Program Files\Common Files\ArcSoft
2008-05-04 20:16:45 0 d-------- C:\Program Files\ArcSoft
2008-05-04 15:58:33 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-04 15:43:23 0 d-------- C:\Program Files\CyberLink
2008-04-28 07:10:34 0 d-------- C:\Program Files\Java
2008-04-25 21:51:59 46128 --a------ C:\WINDOWS\system32\DLLPRF32.DAT
2008-04-19 09:21:34 0 d-------- C:\Program Files\Stardock
2008-04-18 20:19:42 114 --a------ C:\WINDOWS\system32\das.bat
2008-04-18 15:04:16 0 d-------- C:\Program Files\SUPERAntiSpyware


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
2007/11/26 10:46 324936 --a------ c:\PROGRA~1\mcafee\msk\mcapbho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97EBE3CC-10A7-4619-B127-9B5D4FA476A8}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003/05/29 16:28]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2003/05/30 09:42]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003/04/07 09:19]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003/04/07 09:07]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001/07/09 11:50]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007/05/10 22:46]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007/06/22 01:12]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007/11/30 05:42]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007/11/14 23:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007/11/15 13:11]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006/06/15 12:36]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007/08/03 22:33]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008/01/12 12:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008/02/22 04:25]
"ToolBoxFX"="C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2006/06/15 08:43]
"@"="" []
"HPUsageTracking"="C:\Program Files\HP\HP UT\bin\hppusg.exe" [2006/06/14 14:20]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007/01/08 11:22]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006/11/23 15:10]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006/12/05 22:55]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2008/05/04 15:51]
"PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2004/03/11 00:26]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004/08/22 17:05]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004/08/04 14:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004/10/13 18:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008/06/17 09:38]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008/01/05 17:03:08]
Corel Desktop Application Director 8.LNK - C:\Corel\Suite8\Programs\DAD8.EXE [2007/12/11 16:57:17]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006/02/19 04:21:22]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001/02/13 01:01:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"NoDispCPL"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explor er]
"NoToolbarCustomize"=0 (0x0)
"NoSetFolders"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell ExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006/12/20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007/04/19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 2005/01/31 15:13 49152 C:\PROGRA~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\efcYPihg

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscs vc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

*Newly Created Service* - 0267871213714296MCINSTCLEANUP



-- End of Deckard's System Scanner: finished at 2008-06-18 09:54:38 ------------
AFan is offline   Reply With Quote
Old 19th June 2008   #12
Staff
 
noahdfear's Avatar
 
Profile:
Join Date: Apr 2003
Location: New Bremen, Ohio U.S.A.
Posts: 12,524
Computer Experience:
~@<*+
noahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Level

My System

You've got some broken file associations. We'll use dss to fix those. Highlight and copy the bolded command below.

"%userprofile%\desktop\dss.exe" /daft
  • Click Start>Run and paste the command in, then hit enter.
  • An interface of Deckards file association fix will open.
  • Click Scan.
  • Check the box next to the following entries, then click Fix.
    • .bat
    • .inf
    • .ini
    • .js
    • .js
    • .reg
    • .scr
    • .txt
    • .txt
  • Exit when complete.


Now, we're going to use another tool to clean up some other malware remnants. Download ComboFix by sUBs from here, saving the file to your desktop.


Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.
  • Close all open programs and windows
  • Double click combofix.exe and follow the prompts.
  • It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
noahdfear is offline   Reply With Quote
Old 20th June 2008   #13
Member
 
Profile:
Join Date: Jun 2008
Posts: 33
Computer Experience:
Intermediate
AFan Reputation Level
Smile
ComboFix 08-06-19.2 - Kinders 2008-06-19 7:28:59.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.600 [GMT 2:00]
Running from: C:\Documents and Settings\Kinders\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Gerrit\Application Data\.#
C:\Documents and Settings\Gerrit\Application Data\.#\MBX@19C@A141C8.###
C:\Documents and Settings\Gerrit\Application Data\.#\MBX@19C@A141E8.###
C:\Documents and Settings\Gerrit\Application Data\.#\MBX@19C@A141F8.###
C:\Documents and Settings\Gerrit\Application Data\.#\MBX@19C@A14218.###
C:\Documents and Settings\Gerrit\Application Data\.#\MBX@19C@A14228.###
C:\Documents and Settings\Gerrit\Application Data\.#\MBX@558@A141C8.###
C:\Documents and Settings\Gerrit\Application Data\.#\MBX@558@A141F8.###
C:\Documents and Settings\Gerrit\Application Data\.#\MBX@558@A14228.###
C:\Documents and Settings\Gerrit\Application Data\.#\MBX@CB8@A141C8.###
C:\Documents and Settings\Gerrit\Application Data\.#\MBX@CB8@A141F8.###
C:\Documents and Settings\Gerrit\Application Data\.#\MBX@CB8@A14228.###
C:\Documents and Settings\Gerrit\Application Data\.#\MBX@DC0@A141C8.###
C:\Documents and Settings\Gerrit\Application Data\.#\MBX@DC0@A141F8.###
C:\Documents and Settings\Gerrit\Application Data\.#\MBX@DC0@A14218.###
C:\Documents and Settings\Gerrit\Application Data\.#\MBX@DC0@A14228.###
C:\Documents and Settings\Kinders\Application Data\.#
C:\Documents and Settings\Kinders\Application Data\.#\MBX@150C@A141C8.###
C:\Documents and Settings\Kinders\Application Data\.#\MBX@150C@A141F8.###
C:\Documents and Settings\Kinders\Application Data\.#\MBX@150C@A14228.###
C:\Documents and Settings\Kinders\Application Data\.#\MBX@468@A141C8.###
C:\Documents and Settings\Kinders\Application Data\.#\MBX@468@A141F8.###
C:\Documents and Settings\Kinders\Application Data\.#\MBX@468@A14218.###
C:\Documents and Settings\Kinders\Application Data\.#\MBX@468@A14228.###
C:\Documents and Settings\Kinders\Application Data\.#\MBX@4C4@A141C8.###
C:\Documents and Settings\Kinders\Application Data\.#\MBX@4C4@A141F8.###
C:\Documents and Settings\Kinders\Application Data\.#\MBX@4C4@A14218.###
C:\Documents and Settings\Kinders\Application Data\.#\MBX@4C4@A14228.###
C:\Documents and Settings\Kinders\Application Data\.#\MBX@8CC@A141C8.###
C:\Documents and Settings\Kinders\Application Data\.#\MBX@8CC@A141F8.###
C:\Documents and Settings\Kinders\Application Data\.#\MBX@8CC@A14228.###
C:\Documents and Settings\Kinders\Application Data\.#\MBX@B98@A141C8.###
C:\Documents and Settings\Kinders\Application Data\.#\MBX@B98@A141F8.###
C:\Documents and Settings\Kinders\Application Data\.#\MBX@B98@A14228.###
C:\Documents and Settings\Kinders\Application Data\.#\MBX@C6C@A141C8.###
C:\Documents and Settings\Kinders\Application Data\.#\MBX@C6C@A141F8.###
C:\Documents and Settings\Kinders\Application Data\.#\MBX@C6C@A14228.###
C:\Documents and Settings\Kinders\Application Data\.#\MBX@C74@A141C8.###
C:\Documents and Settings\Kinders\Application Data\.#\MBX@C74@A141F8.###
C:\Documents and Settings\Kinders\Application Data\.#\MBX@C74@A14218.###
C:\Documents and Settings\Kinders\Application Data\.#\MBX@C74@A14228.###
C:\WINDOWS\system32\das.bat
C:\WINDOWS\system32\eeylcslk.ini
C:\WINDOWS\system32\ghiPYcfe.ini
C:\WINDOWS\system32\ghiPYcfe.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\Web\def.htm
C:\WINDOWS\winhelp.ini

.
((((((((((((((((((((((((( Files Created from 2008-05-19 to 2008-06-19 )))))))))))))))))))))))))))))))
.

2008-06-18 09:50 . 2008-06-18 09:50 <DIR> d-------- C:\Deckard
2008-06-16 16:05 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-16 16:05 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-16 16:04 . 2008-06-16 16:05 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-16 15:32 . 2008-06-16 15:32 <DIR> d-------- C:\Documents and Settings\Gerrit\Application Data\AVGTOOLBAR
2008-06-16 15:10 . 2008-06-16 15:10 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-16 12:42 . 2008-06-16 19:00 <DIR> d-------- C:\Program Files\RegistrySpy
2008-06-16 12:22 . 2008-06-16 17:55 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-16 12:11 . 2008-06-16 12:11 <DIR> d-------- C:\Program Files\AVG
2008-06-16 12:11 . 2008-06-16 12:11 <DIR> d-------- C:\Documents and Settings\Kinders\Application Data\AVGTOOLBAR
2008-06-16 10:43 . 2008-06-16 11:01 <DIR> d-------- C:\Program Files\FaceOnBody
2008-06-16 10:43 . 2008-06-16 10:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FaceOnBody
2008-06-15 16:57 . 2008-06-15 17:52 <DIR> d-------- C:\WINDOWS\$regcmp$
2008-06-15 16:41 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-06-15 16:41 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-06-15 15:32 . 2008-06-15 15:32 <DIR> d-------- C:\Documents and Settings\Kinders\Application Data\Malwarebytes
2008-06-15 15:31 . 2008-06-15 15:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-15 12:28 . 2008-06-15 12:28 62,910 --a------ C:\Program Files\Uninstall.exe
2008-06-15 12:28 . 2008-06-15 12:28 0 --a------ C:\Program Files\uninstall.dat
2008-06-14 20:11 . 2008-06-14 20:11 <DIR> d-------- C:\Documents and Settings\Kinders\Application Data\TransRender
2008-06-14 20:11 . 2008-06-14 20:11 <DIR> d-------- C:\Documents and Settings\Kinders\Application Data\Temporary
2008-06-14 20:07 . 2008-06-14 20:07 <DIR> d-------- C:\Documents and Settings\Kinders\Application Data\ConvertTemp
2008-06-14 20:05 . 2008-06-14 20:05 <DIR> d-------- C:\Documents and Settings\Kinders\Application Data\Samsung
2008-06-10 14:33 . 2008-04-14 13:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 14:33 . 2008-04-14 13:01 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-09 20:54 . 2008-06-09 20:54 <DIR> d-------- C:\Documents and Settings\Kinders\Application Data\Apple Computer
2008-06-08 10:15 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-06-08 10:15 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-06-07 21:47 . 2008-06-07 21:47 <DIR> d-------- C:\Program Files\Bonjour
2008-06-07 18:28 . 2008-06-07 18:28 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-06-03 14:33 . 2008-06-16 21:30 <DIR> d-------- C:\Documents and Settings\Kinders\Application Data\SUPERAntiSpyware.com
2008-06-01 20:38 . 2008-06-01 20:38 <DIR> d-------- C:\Documents and Settings\Kinders\Application Data\Ahead
2008-06-01 20:11 . 2008-06-01 20:11 4,263,620 --a------ C:\F4AA33D0.wav
2008-06-01 20:11 . 2008-06-01 20:11 243,660 --a------ C:\51D2FD1C.wav
2008-05-30 16:46 . 2004-08-03 23:10 49,024 --a------ C:\WINDOWS\system32\drivers\mstape.sys
2008-05-30 16:46 . 2004-08-03 23:10 49,024 --a--c--- C:\WINDOWS\system32\dllcache\mstape.sys
2008-05-30 16:46 . 2004-08-03 23:10 13,696 --a------ C:\WINDOWS\system32\drivers\avcstrm.sys
2008-05-30 16:46 . 2004-08-03 23:10 13,696 --a--c--- C:\WINDOWS\system32\dllcache\avcstrm.sys
2008-05-30 16:40 . 2008-06-08 14:19 17 --a------ C:\WINDOWS\MovingPicture.ini
2008-05-30 16:39 . 2008-05-30 16:42 455 --a------ C:\WINDOWS\VFO.VST
2008-05-30 16:39 . 2008-05-30 16:39 40 --a------ C:\WINDOWS\system32\blue.SITENAME
2008-05-30 16:38 . 2008-05-30 16:38 <DIR> d-------- C:\Documents and Settings\Kinders\Application Data\CyberLink
2008-05-30 15:40 . 2008-05-30 15:40 <DIR> d-------- C:\WINDOWS\Cache
2008-05-30 15:35 . 2008-05-30 15:35 <DIR> d-------- C:\Program Files\proDAD
2008-05-30 15:28 . 2008-05-30 15:28 <DIR> d-------- C:\Program Files\AdorageI-SAL
2008-05-30 15:28 . 2008-05-30 15:29 <DIR> d-------- C:\Program Files\AdorageI-GfxDatas
2008-05-30 15:13 . 2008-05-30 15:13 <DIR> d-------- C:\Program Files\SmartSound Software
2008-05-30 15:13 . 2008-06-01 20:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2008-05-30 15:12 . 2003-11-25 05:02 196,096 --a------ C:\WINDOWS\system32\macd32.dll
2008-05-30 15:12 . 2003-11-25 05:02 138,752 --a------ C:\WINDOWS\system32\mase32.dll
2008-05-30 15:12 . 2003-11-25 05:02 136,192 --a------ C:\WINDOWS\system32\mamc32.dll
2008-05-30 15:12 . 2004-07-02 16:28 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL
2008-05-30 15:12 . 2003-11-25 05:02 57,856 --a------ C:\WINDOWS\system32\masd32.dll
2008-05-30 15:12 . 2003-11-25 05:02 27,648 --a------ C:\WINDOWS\system32\ma32.dll
2008-05-30 15:12 . 2008-06-10 19:47 1,208 --a------ C:\WINDOWS\VFO.INI
2008-05-30 15:11 . 2008-05-30 15:11 <DIR> d-------- C:\Program Files\DivX
2008-05-30 15:11 . 2004-02-24 12:04 41,219 --a------ C:\WINDOWS\RSETPATH.exe
2008-05-30 15:11 . 2005-02-09 11:59 14,165 --a------ C:\WINDOWS\system32\drivers\Pclepci.sys
2008-05-30 15:08 . 2008-05-30 15:08 <DIR> d---s---- C:\Documents and Settings\Kinders\UserData
2008-05-30 15:08 . 2008-05-30 16:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
2008-05-30 15:04 . 2008-05-30 15:14 <DIR> d-------- C:\Program Files\Pinnacle
2008-05-30 15:04 . 2008-05-30 16:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle
2008-05-30 15:02 . 2004-08-03 23:10 61,056 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys
2008-05-30 15:02 . 2004-08-03 23:10 61,056 --a--c--- C:\WINDOWS\system32\dllcache\ohci1394.sys
2008-05-30 15:02 . 2004-08-03 23:10 53,248 --a------ C:\WINDOWS\system32\drivers\1394bus.sys
2008-05-30 15:02 . 2004-08-03 23:10 53,248 --a--c--- C:\WINDOWS\system32\dllcache\1394bus.sys
2008-05-30 15:02 . 2001-08-17 13:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2008-05-30 15:02 . 2001-08-17 13:46 6,400 --a--c--- C:\WINDOWS\system32\dllcache\enum1394.sys
2008-05-28 18:56 . 2008-05-28 18:56 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-05-27 15:04 . 2008-05-27 15:04 <DIR> d-------- C:\Documents and Settings\Kinders\Application Data\MAGIX
2008-05-23 12:08 . 2008-06-07 19:48 225 --a------ C:\WINDOWS\MyProg.INI
2008-05-23 10:57 . 2008-05-23 10:57 <DIR> d-------- C:\Program Files\Telltale Games
2008-05-23 10:43 . 2008-06-15 18:01 <DIR> d-------- C:\Program Files\Dexster
2008-05-23 10:28 . 2001-09-30 19:10 246,784 --a------ C:\WINDOWS\system32\ActiveSkin.ocx
2008-05-23 10:28 . 2001-05-24 12:59 162,304 --a------ C:\UNWISE.EXE
2008-05-23 10:28 . 2002-01-18 18:12 112 --a------ C:\WINDOWS\ActiveSkin.INI
2008-05-21 21:16 . 2008-05-30 23:01 69,680 --a------ C:\Documents and Settings\Kinders\Application Data\GDIPFONTCACHEV1.DAT
2008-05-21 18:45 . 2008-05-21 18:45 <DIR> d-------- C:\Documents and Settings\Kinders\Application Data\Datalayer
2008-05-20 22:09 . 2008-05-20 22:09 <DIR> d-------- C:\Documents and Settings\Kinders\Application Data\MXit
2008-05-20 21:43 . 2008-06-19 07:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-20 21:43 . 2008-05-20 21:43 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-19 05:13 --------- d-----w C:\Program Files\lg_fwupdate
2008-06-19 04:46 --------- d-----w C:\Program Files\McAfee
2008-06-16 16:58 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-16 16:38 --------- d-----w C:\Program Files\Common Files\Stardock
2008-06-15 16:09 --------- d-----w C:\Program Files\Nokia
2008-06-15 16:00 --------- d-----w C:\Program Files\Bridge Building Game
2008-06-14 19:41 --------- d-----w C:\Program Files\Winamp
2008-06-10 14:21 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-31 18:14 69,680 ----a-w C:\Documents and Settings\Gerrit\Application Data\GDIPFONTCACHEV1.DAT
2008-05-30 13:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-23 05:23 --------- d-----w C:\Program Files\SiteAdvisor
2008-05-18 15:37 244,066 ----a-w C:\bbgsetup.exe
2008-05-18 14:51 161,280 ----a-w C:\WINDOWS\system32\fmod.dll
2008-05-18 13:51 --------- d-----w C:\Documents and Settings\Kinders\Application Data\Talkback
2008-05-18 13:37 --------- d-----w C:\Documents and Settings\Kinders\Application Data\McAfee
2008-05-18 13:37 --------- d-----w C:\Documents and Settings\Kinders\Application Data\HP
2008-05-18 13:36 --------- d-----w C:\Documents and Settings\Kinders\Application Data\SiteAdvisor
2008-05-18 13:36 --------- d-----w C:\Documents and Settings\Kinders\Application Data\PC Suite
2008-05-17 17:06 --------- d-----w C:\Program Files\Smallvideosoft
2008-05-16 10:36 --------- d-----w C:\Program Files\Pcsx2_0.9.4
2008-05-15 15:34 --------- d-----w C:\Documents and Settings\Gerrit\Application Data\Winamp
2008-05-12 19:46 --------- d-----w C:\Program Files\MXit
2008-05-12 19:46 --------- d-----w C:\Documents and Settings\Gerrit\Application Data\MXit
2008-05-12 19:36 --------- d-----w C:\Documents and Settings\Gerrit\Application Data\Temporary
2008-05-12 19:31 --------- d-----w C:\Documents and Settings\Gerrit\Application Data\TransRender
2008-05-12 19:31 --------- d-----w C:\Documents and Settings\Gerrit\Application Data\ConvertTemp
2008-05-12 19:28 --------- d-----w C:\Documents and Settings\Gerrit\Application Data\Samsung
2008-05-12 19:24 --------- d-----w C:\Program Files\Samsung
2008-05-11 13:01 --------- d-----w C:\Documents and Settings\Gerrit\Application Data\Panasonic
2008-05-11 12:55 --------- d-----w C:\Program Files\Free Window Registry Repair
2008-05-11 12:55 --------- d-----w C:\Program Files\Cheat Engine
2008-05-11 12:54 --------- d-----w C:\Program Files\Canon
2008-05-10 16:17 --------- d-----w C:\Program Files\Apple Software Update
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 11:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-04 18:41 --------- d-----w C:\Documents and Settings\Gerrit\Application Data\ArcSoft
2008-05-04 18:18 --------- d-----w C:\Program Files\Common Files\ArcSoft
2008-05-04 18:16 --------- d-----w C:\Program Files\ArcSoft
2008-05-04 16:02 --------- d-----w C:\Documents and Settings\LocalService\Application Data\CyberLink
2008-05-04 14:56 --------- d-----w C:\Documents and Settings\Gerrit\Application Data\Sony Corporation
2008-05-04 14:28 --------- d-----w C:\Documents and Settings\Gerrit\Application Data\CyberLink
2008-05-04 14:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-05-04 13:58 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-04 13:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Corporation
2008-05-04 13:43 --------- d-----w C:\Program Files\CyberLink
2008-04-28 05:10 --------- d-----w C:\Program Files\Java
2008-04-23 14:10 --------- d-----w C:\Documents and Settings\Gerrit\Application Data\GetRightToGo
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-19 07:21 --------- d-----w C:\Program Files\Stardock
2008-04-19 07:02 --------- d-----w C:\Documents and Settings\Gerrit\Application Data\Uniblue
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97EBE3CC-10A7-4619-B127-9B5D4FA476A8}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-17 09:38 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 16:28 790528]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-04-07 09:19 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-04-07 09:07 114688]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-06-22 01:12 36640]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 05:42 1164576]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 12:36 229376]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-12 12:42 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ToolBoxFX"="C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2006-06-15 08:43 49152]
"HPUsageTracking"="C:\Program Files\HP\HP UT\bin\hppusg.exe" [2006-06-14 14:20 36864]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10 56928]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55 54832]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2008-05-04 15:51 249856]
"PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2004-03-11 00:26 406016]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-01-05 17:03:08 113664]
Corel Desktop Application Director 8.LNK - C:\Corel\Suite8\Programs\DAD8.EXE [2007-12-11 16:57:17 202240]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shell executehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 2005-01-31 15:13 49152 C:\PROGRA~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

S3 AVCSTRM;AVC Streaming Filter Driver;C:\WINDOWS\system32\DRIVERS\avcstrm.sys [2004-08-03 23:10]
S3 DBKDRVR54;DBKDRVR54;C:\Program Files\Cheat Engine\dbk32.sys []
S3 HPFXBULK;HPFXBULK;C:\WINDOWS\system32\drivers\hpfxbulk.sys [2006-04-04 23:20]
S3 MSTAPE;Microsoft AV/C Tape Subunit Device;C:\WINDOWS\system32\DRIVERS\mstape.sys [2004-08-03 23:10]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-14 17:05:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-11 15:30:28 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2007-12-11 15:30:26 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-19 07:32:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\SiteAdvisor\6261\saHook.dll
.
Completion time: 2008-06-19 7:35:20
ComboFix-quarantined-files.txt 2008-06-19 05:34:14

Pre-Run: 25,796,431,872 bytes free
Post-Run: 25,784,721,408 bytes free

295 --- E O F --- 2008-06-15 16:06:37
AFan is offline   Reply With Quote
Old 20th June 2008   #14
Member
 
Profile:
Join Date: Jun 2008
Posts: 33
Computer Experience:
Intermediate
AFan Reputation Level
Smile
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:37:20, on 2008/06/19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\CF22035.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\regedit.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: DVA Storm - {97EBE3CC-10A7-4619-B127-9B5D4FA476A8} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enumn /alertsn /notificationsn /systrayIconn /fln /frn /appDatan
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Corel Desktop Application Director 8.LNK = C:\Corel\Suite8\Programs\DAD8.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 11571 bytes
AFan is offline   Reply With Quote
Old 20th June 2008   #15
Staff
 
noahdfear's Avatar
 
Profile:
Join Date: Apr 2003
Location: New Bremen, Ohio U.S.A.
Posts: 12,524
Computer Experience:
~@<*+
noahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Levelnoahdfear Reputation Level

My System

I'll analyze your logs tomorrow evening (guess that's actually tonight) ....... I need sleep.
noahdfear is offline   Reply With Quote
Reply
Page 1 of 3 1 23

« Trojan - Win32.Agent.gvu - trying to remove it | Trouble removing spools.exe »
Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
[Resolved]Trojan problem, please help, thanks! zepheryn Malware and Virus Removal 26 19th April 2008 02:28
[Resolved] Trojan of BHO (no name) removal... satria Malware and Virus Removal 11 8th April 2008 04:17
[Resolved] Trojan removal help shazalam Malware and Virus Removal 16 30th March 2008 15:39
[Resolved]Unkown trojan judgmentmonkey Malware and Virus Removal 19 10th March 2008 02:19
[Resolved] Trojan Troubles TinyTuba822 Malware and Virus Removal 17 28th February 2008 05:52


All times are GMT +1. The time now is 03:29.




Advertise - Contact Us - Windows BBS - Archive - Privacy Statement - Top

Advertisements do not imply our endorsement of the product or service advertised.
Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.3.2
Copyright © 2002 - 2009 WindowsBBS.com. All rights reserved.
Terms of Use, Legal Information & Privacy Policy
[]

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32