Solved Dangerous trojan horse detected

Nikoloff · 2008/06/21

[Resolved] Dangerous trojan horse detected

Can you help please

I've been recieving a System error saying the following

Sytem error
Attention (my name). Some dangerous trojan horse detected in your system. Microsoft XP files corrupted. Click ok to download antispyware.

Here is my Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:15:51, on 22.6.2008 г.
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Datecs\FlexType 2K\FType2K.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\killer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IE ext - {2FF811E6-8925-4084-A649-C159955E67E8} - C:\WINDOWS\system32\dani.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [antispy] C:\Program Files\IEAntiVirus\ANTIVIR.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: FlexType 2K.lnk = C:\Program Files\Datecs\FlexType 2K\FType2K.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

--
End of file - 3277 bytes

This is my first log from Malwarebytes' Anti-Malware

Malwarebytes' Anti-Malware 1.18
Database version: 876

23:38:21 21.6.2008 г.
mbam-log-6-21-2008 (23-38-21).txt

Scan type: Quick Scan
Objects scanned: 36136
Time elapsed: 2 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\IEAntiVirus (Rogue.IEAntiVirus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bhonew.bhoapp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bhonew.bhoapp.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\admin\Start Menu\Programs\IE AntiVirus 3.3.lnk (Rogue.IEAntiVirus) -> Quarantined and deleted successfully.

After i fixed the threads i did a second scan an this is the log

Malwarebytes' Anti-Malware 1.18
Database version: 876

00:12:44 22.6.2008 г.
mbam-log-6-22-2008 (00-12-44).txt

Scan type: Full Scan (C:\|)
Objects scanned: 56259
Time elapsed: 6 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

It seems that nothing is infected anymore but the error message still pops up when i try opening something in my hard disk
Can u please help me fix this
And sorry if my english isn't very good

noahdfear · 2008/06/22

Welcome to WindowsBBS Nikoloff

Download Deckard's System Scanner (dss.exe) and save it to your desktop.

Close all applications and windows.

Double click on dss.exe to run it and follow the prompts.

When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post the contents of main.txt only for now.

Nikoloff · 2008/06/22

Ok.Did this.Here is the log

Deckard's System Scanner v20071014.68
Run by admin on 2008-06-22 13:26:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

-- Last 2 Restore Point(s) --
2: 2008-06-21 20:53:58 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-06-21 20:52:22 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 503 MiB (512 MiB recommended).

-- HijackThis (run as admin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:26:41, on 22.6.2008 г.
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Datecs\FlexType 2K\FType2K.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\admin\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IE ext - {2FF811E6-8925-4084-A649-C159955E67E8} - C:\WINDOWS\system32\dani.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [antispy] C:\Program Files\IEAntiVirus\ANTIVIR.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: FlexType 2K.lnk = C:\Program Files\Datecs\FlexType 2K\FType2K.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

--
End of file - 3302 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.

-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: Video Controller (VGA Compatible)
Device ID: PCI\VEN_8086&DEV_2572&SUBSYS_25721849&REV_02\3&267A616A&0&10
Manufacturer:
Name: Video Controller (VGA Compatible)
PNP Device ID: PCI\VEN_8086&DEV_2572&SUBSYS_25721849&REV_02\3&267A616A&0&10
Service:

Class GUID:
Description: USB Device
Device ID: USB\VID_0489&PID_E001\001E4C072A8A
Manufacturer:
Name: USB Device
PNP Device ID: USB\VID_0489&PID_E001\001E4C072A8A
Service:

-- Files created between 2008-05-22 and 2008-06-22 -----------------------------

2008-06-21 23:44:32 0 d-------- C:\Program Files\Trend Micro
2008-06-21 23:35:06 0 d-------- C:\Documents and Settings\admin\Application Data\Malwarebytes
2008-06-21 23:35:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-21 23:35:03 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-21 23:11:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-06-21 22:47:33 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-06-21 22:26:06 13824 --a------ C:\WINDOWS\system32\dani.dll
2008-06-21 21:27:26 6416 --a------ C:\WINDOWS\system32\kbdinkan.Dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-06-21 21:27:26 6416 --a------ C:\WINDOWS\system32\kbdinhin.Dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-06-21 21:27:26 6416 --a------ C:\WINDOWS\system32\kbdinguj.Dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-06-21 21:27:26 6416 --a------ C:\WINDOWS\system32\kbdindev.Dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-06-21 21:27:25 6416 --a------ C:\WINDOWS\system32\kbdintel.Dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-06-21 21:27:25 6416 --a------ C:\WINDOWS\system32\kbdintam.Dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-06-21 21:27:25 6416 --a------ C:\WINDOWS\system32\kbdinpun.Dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-06-21 21:27:25 6416 --a------ C:\WINDOWS\system32\kbdinori.Dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-06-21 21:27:25 6416 --a------ C:\WINDOWS\system32\kbdinmar.Dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-06-21 21:27:24 7440 --a------ C:\WINDOWS\system32\kbdlk41j.Dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-06-21 21:27:24 7440 --a------ C:\WINDOWS\system32\kbdlk41a.Dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-06-21 21:27:23 8464 --a------ C:\WINDOWS\system32\kbdnecnt.Dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-06-21 21:27:23 10000 --a------ C:\WINDOWS\system32\kbdnecat.Dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-06-21 21:27:23 7952 --a------ C:\WINDOWS\system32\kbdnec95.Dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-06-21 21:27:21 6416 --a------ C:\WINDOWS\system32\kbdinasa.Dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-06-21 21:27:21 6928 --a------ C:\WINDOWS\system32\kbdhebx.Dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-06-21 21:27:20 7440 --a------ C:\WINDOWS\system32\Kbddll.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2008-06-21 21:27:19 8992 --a------ C:\WINDOWS\system32\kbdbphz.dLL <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2008-06-21 21:27:19 8992 --a------ C:\WINDOWS\system32\KBDBPH.dLL <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2008-06-21 21:27:19 6416 --a------ C:\WINDOWS\system32\kbdbp.Dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-06-21 21:27:19 6416 --a------ C:\WINDOWS\system32\kbdbds.Dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-06-21 21:27:09 45056 --a------ C:\WINDOWS\system32\newdll.dll
2008-06-21 21:27:05 0 d-------- C:\Program Files\Datecs
2008-06-21 19:57:14 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-21 19:47:22 0 d-------- C:\Program Files\EA SPORTS
2008-06-21 19:02:14 0 d-------- C:\Program Files\Counter-Strike
2008-06-21 18:41:14 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-06-21 18:41:13 0 d-------- C:\Documents and Settings\admin\Application Data\skypePM
2008-06-21 18:41:01 0 d-------- C:\Program Files\Common Files\Skype
2008-06-21 18:36:59 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-06-21 18:33:59 0 d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-06-21 18:06:26 0 d-------- C:\Download
2008-06-21 18:00:42 0 d-------- C:\Program Files\Winamp
2008-06-21 17:59:05 0 d-------- C:\Program Files\uTorrent
2008-06-21 17:58:59 0 d-------- C:\Documents and Settings\admin\Application Data\uTorrent
2008-06-21 17:52:50 0 d-------- C:\Documents and Settings\admin\Application Data\Macromedia
2008-06-21 17:52:49 0 d-------- C:\Documents and Settings\admin\Application Data\Adobe
2008-06-21 17:52:45 1160 --a------ C:\WINDOWS\mozver.dat
2008-06-20 17:57:01 0 d--hs---- C:\WINDOWS\Installer
2008-06-20 17:57:00 0 d-------- C:\Program Files\Common Files\ODBC
2008-06-20 17:56:56 0 dr------- C:\Program Files
2008-06-20 17:56:56 0 d-------- C:\Program Files\Common Files
2008-06-20 17:56:56 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-06-20 17:56:23 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-06-20 17:56:23 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-06-20 17:56:23 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-06-20 17:56:23 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-06-20 17:56:23 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-06-20 17:56:23 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-06-20 17:56:23 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-06-20 17:56:23 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-06-20 17:56:23 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-06-20 17:56:23 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-06-20 17:56:23 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-06-20 17:56:23 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-06-20 17:56:23 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-06-20 17:56:23 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-06-20 17:56:23 0 dr------- C:\Documents and Settings\All Users\Documents
2008-06-20 17:56:23 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-06-20 17:56:10 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-06-20 17:56:10 0 d-------- C:\WINDOWS\system32\CatRoot
2008-06-20 17:56:05 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-06-20 17:56:05 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-06-20 17:56:05 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-06-20 17:56:05 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-06-20 17:55:37 0 d--hs---- C:\System Volume Information
2008-06-20 17:55:37 0 d-------- C:\Documents and Settings
2008-06-20 17:49:27 0 d-------- C:\WINDOWS
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\WinSxS
2008-06-20 17:49:27 0 dr------- C:\WINDOWS\Web
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\twain_32
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\wins
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\wbem
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\usmt
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\spool
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\ShellExt
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\Setup
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\ras
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\oobe
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\npp
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\mui
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\inetsrv
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\IME
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\icsxml
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\ias
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\export
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\drivers
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-06-20 17:49:27 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\dhcp
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\config
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\3076
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\2052
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\1054
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\1042
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\1041
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\1037
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\1033
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\1031
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\1028
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\1025
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\security
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\Resources
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\repair
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\Provisioning
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\PeerNet
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\pchealth
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\mui
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\msapps
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\msagent
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\Media
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\java
2008-06-20 17:49:27 0 d--h----- C:\WINDOWS\inf
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\ime
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\Help
2008-06-20 17:49:27 0 dr--s---- C:\WINDOWS\Fonts
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\ehome
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\Driver Cache
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\Debug
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\Cursors
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\Connection Wizard
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\Config
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\AppPatch
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\addins
2008-06-20 15:31:21 0 d-------- C:\WINDOWS\pss
2008-06-20 15:31:10 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-06-20 15:30:37 0 d-------- C:\Documents and Settings\admin\Application Data\Help
2008-06-20 15:29:33 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-20 15:29:33 0 d-------- C:\Documents and Settings\admin\Application Data\DAEMON Tools
2008-06-20 15:29:14 0 d-------- C:\Documents and Settings\admin\Application Data\Sun
2008-06-20 15:29:05 0 d-------- C:\Documents and Settings\admin\Application Data\Skype
2008-06-20 15:28:57 0 d-------- C:\Program Files\Java
2008-06-20 15:28:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-06-20 15:28:31 0 d-------- C:\Program Files\Skype
2008-06-20 15:28:17 0 d-------- C:\Program Files\Common Files\Java
2008-06-20 15:28:17 0 d-------- C:\j2sdk1.4.2_06
2008-06-20 15:27:38 94636 --a------ C:\WINDOWS\dropcpyr.dll
2008-06-20 15:27:38 73728 --a------ C:\WINDOWS\copyfstq.exe
2008-06-20 15:27:24 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-06-20 15:27:24 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-06-20 15:27:24 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-06-20 15:27:23 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-06-20 15:27:23 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-06-20 15:27:23 73728 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-06-20 15:27:22 639066 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-20 15:27:21 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-06-20 15:27:19 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-06-20 15:27:11 0 d-------- C:\Program Files\ICQLite
2008-06-20 15:27:11 0 d-------- C:\Documents and Settings\admin\Application Data\ICQLite
2008-06-20 15:26:56 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-20 15:26:54 0 d-------- C:\Documents and Settings\admin\Application Data\Mozilla
2008-06-20 15:26:36 516096 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-06-20 15:26:08 0 d-------- C:\Program Files\ATI Technologies
2008-06-20 15:26:03 0 d-------- C:\ATI
2008-06-20 15:25:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-06-20 15:25:09 0 d-------- C:\WINDOWS\Cache
2008-06-20 15:24:50 5632 --a------ C:\WINDOWS\system32\kbdbupho.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-20 15:23:59 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-06-20 15:23:56 97792 --a------ C:\WINDOWS\system32\LGUICOM.DLL <Not Verified; Logitech Inc.; MouseWare>
2008-06-20 15:23:56 155648 --a------ C:\WINDOWS\system32\ifc21.dll <Not Verified; Immersion Corporation; Immersion Foundation Classes>
2008-06-20 15:23:56 94208 --a------ C:\WINDOWS\system32\FEELIT.DLL <Not Verified; Immersion Corporation; Immersion's FEELit Software>
2008-06-20 15:23:56 104960 --a------ C:\WINDOWS\system32\COMNCTR.DLL <Not Verified; Logitech Inc.; MouseWare>
2008-06-20 15:23:56 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-20 15:23:56 0 d-------- C:\Program Files\Common Files\Logitech
2008-06-20 15:23:55 20992 -----n--- C:\WINDOWS\LOGI_MWX.EXE <Not Verified; Logitech Inc.; MouseWare>
2008-06-20 15:23:55 0 d-------- C:\Program Files\Logitech
2008-06-20 15:23:48 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-20 15:23:40 1581056 --a------ C:\WINDOWS\mixer.exe <Not Verified; C-Media Electronic Inc. (www.cmedia.com.tw); Mixer>
2008-06-20 15:23:40 139264 --a------ C:\WINDOWS\cmuninst.exe <Not Verified; C-Media Electronics Inc.; CMIUninst Application>
2008-06-20 15:23:40 0 d-------- C:\Program Files\C-Media
2008-06-20 15:23:31 0 d-------- C:\Program Files\Webteh
2008-06-20 15:22:29 0 d-------- C:\install
2008-06-20 15:17:12 0 d-------- C:\Documents and Settings\admin\Application Data\Identities
2008-06-20 15:17:03 0 d--h----- C:\Documents and Settings\admin\Templates
2008-06-20 15:17:03 0 dr------- C:\Documents and Settings\admin\Start Menu
2008-06-20 15:17:03 0 dr-h----- C:\Documents and Settings\admin\SendTo
2008-06-20 15:17:03 0 dr-h----- C:\Documents and Settings\admin\Recent
2008-06-20 15:17:03 0 d--h----- C:\Documents and Settings\admin\PrintHood
2008-06-20 15:17:03 0 d--h----- C:\Documents and Settings\admin\NetHood
2008-06-20 15:17:03 0 dr------- C:\Documents and Settings\admin\My Documents
2008-06-20 15:17:03 0 d--h----- C:\Documents and Settings\admin\Local Settings
2008-06-20 15:17:03 0 dr------- C:\Documents and Settings\admin\Favorites
2008-06-20 15:17:03 0 d-------- C:\Documents and Settings\admin\Desktop
2008-06-20 15:17:03 0 d---s---- C:\Documents and Settings\admin\Cookies
2008-06-20 15:17:03 0 dr-h----- C:\Documents and Settings\admin\Application Data
2008-06-20 15:17:02 1048576 --ah----- C:\Documents and Settings\admin\NTUSER.DAT
2008-06-20 15:16:24 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-06-20 15:16:12 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-06-20 15:16:12 0 d-------- C:\WINDOWS\Prefetch
2008-06-20 15:16:11 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-06-20 15:16:11 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-06-20 15:16:11 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-06-20 15:16:11 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-06-20 15:16:11 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-06-20 15:16:02 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-06-20 15:16:02 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-06-20 15:16:02 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-06-20 15:16:02 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-06-20 15:16:02 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-06-20 15:11:49 0 d-------- C:\WINDOWS\system32\xircom
2008-06-20 15:11:49 0 d-------- C:\Program Files\microsoft frontpage
2008-06-20 15:11:37 225280 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-06-20 15:11:31 0 -rahs---- C:\MSDOS.SYS
2008-06-20 15:11:31 0 -rahs---- C:\IO.SYS
2008-06-20 15:11:31 0 --a------ C:\CONFIG.SYS
2008-06-20 15:11:31 0 --a------ C:\AUTOEXEC.BAT
2008-06-20 15:10:25 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-06-20 15:10:13 0 dr------- C:\WINDOWS\Offline Web Pages
2008-06-20 15:10:13 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-06-20 15:10:02 0 d--h----- C:\Program Files\WindowsUpdate
2008-06-20 15:09:40 0 d-------- C:\WINDOWS\system32\DirectX
2008-06-20 15:08:53 0 d---s---- C:\WINDOWS\Tasks
2008-06-20 15:08:52 0 d-------- C:\Program Files\Common Files\MSSoap
2008-06-20 15:08:46 0 d-------- C:\WINDOWS\srchasst
2008-06-20 15:08:45 0 d-------- C:\WINDOWS\system32\Macromed
2008-06-20 15:08:35 0 d-------- C:\Program Files\Movie Maker
2008-06-20 15:08:24 0 d-------- C:\WINDOWS\system32\Restore
2008-06-20 15:07:43 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-06-20 15:07:28 0 d-------- C:\WINDOWS\Registration
2008-06-20 15:07:21 0 d-------- C:\Program Files\Online Services
2008-06-20 15:07:14 0 d-------- C:\Program Files\Messenger
2008-06-20 15:07:08 0 d-------- C:\Program Files\MSN Gaming Zone
2008-06-20 15:06:02 0 d-------- C:\Program Files\Windows NT
2008-06-20 15:05:57 0 d-------- C:\WINDOWS\system32\MsDtc
2008-06-20 15:05:54 0 d-------- C:\WINDOWS\system32\Com

-- Find3M Report ---------------------------------------------------------------

2008-06-20 17:56:23 62 --ahs---- C:\Documents and Settings\admin\Application Data\desktop.ini

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2FF811E6-8925-4084-A649-C159955E67E8}]
21.06.2008 Ј. 22:26 13824 --a------ C:\WINDOWS\system32\dani.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer "= "Mixer.exe" [03.05.2004 Ј. 17:58 C:\WINDOWS\mixer.exe]
"Resume copy "= "copyfstq.exe" [20.06.2008 Ј. 15:27 C:\WINDOWS\copyfstq.exe]
"WinampAgent "= "C:\Program Files\Winamp\winampa.exe" [20.12.2004 Ј. 21:41]
"egui "= "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [21.12.2007 Ј. 08:21]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 Ј. 03:56]
"antispy "= "C:\Program Files\IEAntiVirus\ANTIVIR.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
FlexType 2K.lnk - C:\Program Files\Datecs\FlexType 2K\FType2K.exe [21.6.2008 Ј. 21:27:10]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"C:\Program Files\ICQLite\ICQLite.exe" -minimize

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
Logi_MwX.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\Winampa.exe "

-- End of Deckard's System Scanner: finished at 2008-06-22 13:27:30 ------------

noahdfear · 2008/06/22

Highlight and copy the bolded command below.

"%userprofile%\desktop\dss.exe" /daft

Click Start>Run and paste the command in, then hit enter.

An interface of Deckards file association fix will open.

Click Scan.

Check the box next to the following entries, then click Fix.

.reg

.scr

Exit when complete.

Next, download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Now reboot into Safe Mode and logon to your user account.

Open the extracted SDFix folder and double click RunThis.cmd to start the script.

Type Y to begin the cleanup process.

It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.

Press any Key and it will restart the PC.

When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.

Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).

Post the contents of the Report.txt along with a new dss log.

Nikoloff · 2008/06/22

Here are the report and the new dss log

SDFix: Version 1.195
Run by Administrator on 22.06.2008 Ј. at 19:46

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-22 19:54:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1 "=dword:2df9c43f
"s2 "=dword:110480d0
"h0 "=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0 "= "C:\Program Files\DAEMON Tools Lite\ "
"h0 "=dword:00000000
"khjeh "=hex:f7,bd,e2,81,c6,75,99,f2,d1,33,17,11,0c,73,1c,ee,38,4c,df,4f,56,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0 "=hex:20,01,00,00,fa,ab,51,91,22,3d,79,8d,c6,de,cd,a7,4a,87,e5,7b,3c,..
"khjeh "=hex:bf,55,f6,95,5b,bd,51,a3,ba,ba,d1,6e,4b,48,49,7f,c0,79,a7,81,06,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh "=hex:3a,a3,22,db,d3,65,a1,b0,68,26,a8,c7,fd,d3,13,f5,ff,8b,25,54,56,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0 "= "C:\Program Files\DAEMON Tools Lite\ "
"h0 "=dword:00000000
"khjeh "=hex:f7,bd,e2,81,c6,75,99,f2,d1,33,17,11,0c,73,1c,ee,38,4c,df,4f,56,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0 "=hex:20,01,00,00,fa,ab,51,91,22,3d,79,8d,c6,de,cd,a7,4a,87,e5,7b,3c,..
"khjeh "=hex:bf,55,f6,95,5b,bd,51,a3,ba,ba,d1,6e,4b,48,49,7f,c0,79,a7,81,06,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh "=hex:3a,a3,22,db,d3,65,a1,b0,68,26,a8,c7,fd,d3,13,f5,ff,8b,25,54,56,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\Program Files\\uTorrent\\uTorrent.exe "= "C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:·Torrent "
"C:\\Program Files\\Counter-Strike\\hl.exe "= "C:\\Program Files\\Counter-Strike\\hl.exe:*:Enabled:Half-Life Launcher "
"C:\\Program Files\\Skype\\Phone\\Skype.exe "= "C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "

Remaining Files :

Files with Hidden Attributes :

Mon 7 Jan 2008 352 A..H. --- "C:\WINDOWS\nod32fixtemdono.reg "

Finished!

dss log

Deckard's System Scanner v20071014.68
Run by admin on 2008-06-22 19:58:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 503 MiB (512 MiB recommended).

-- HijackThis (run as admin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:58:48, on 22.6.2008 г.
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Datecs\FlexType 2K\FType2K.exe
C:\Documents and Settings\admin\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IE ext - {2FF811E6-8925-4084-A649-C159955E67E8} - C:\WINDOWS\system32\dani.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: FlexType 2K.lnk = C:\Program Files\Datecs\FlexType 2K\FType2K.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

--
End of file - 3265 bytes

-- Files created between 2008-05-22 and 2008-06-22 -----------------------------

2008-06-22 19:44:15 0 d-------- C:\WINDOWS\ERUNT
2008-06-22 19:43:29 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-06-22 19:43:29 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-06-22 19:43:29 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-06-22 19:43:29 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-06-22 19:43:29 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-06-22 19:43:29 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-06-22 19:43:29 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-06-22 19:43:29 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-06-22 19:43:29 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-06-22 19:43:29 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-06-22 19:43:29 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-06-22 19:43:29 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-06-22 19:43:29 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-06-22 19:43:29 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-21 23:44:32 0 d-------- C:\Program Files\Trend Micro
2008-06-21 23:35:06 0 d-------- C:\Documents and Settings\admin\Application Data\Malwarebytes
2008-06-21 23:35:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-21 23:35:03 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-21 23:11:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-06-21 22:47:33 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-06-21 22:26:06 13824 --a------ C:\WINDOWS\system32\dani.dll
2008-06-21 21:27:26 6416 --a------ C:\WINDOWS\system32\kbdinkan.Dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-06-21 21:27:26 6416 --a------ C:\WINDOWS\system32\kbdinhin.Dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-06-21 21:27:26 6416 --a------ C:\WINDOWS\system32\kbdinguj.Dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-06-21 21:27:26 6416 --a------ C:\WINDOWS\system32\kbdindev.Dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-06-21 21:27:25 6416 --a------ C:\WINDOWS\system32\kbdintel.Dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-06-21 21:27:25 6416 --a------ C:\WINDOWS\system32\kbdintam.Dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-06-21 21:27:25 6416 --a------ C:\WINDOWS\system32\kbdinpun.Dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-06-21 21:27:25 6416 --a------ C:\WINDOWS\system32\kbdinori.Dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-06-21 21:27:25 6416 --a------ C:\WINDOWS\system32\kbdinmar.Dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-06-21 21:27:24 7440 --a------ C:\WINDOWS\system32\kbdlk41j.Dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-06-21 21:27:24 7440 --a------ C:\WINDOWS\system32\kbdlk41a.Dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-06-21 21:27:23 8464 --a------ C:\WINDOWS\system32\kbdnecnt.Dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-06-21 21:27:23 10000 --a------ C:\WINDOWS\system32\kbdnecat.Dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-06-21 21:27:23 7952 --a------ C:\WINDOWS\system32\kbdnec95.Dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-06-21 21:27:21 6416 --a------ C:\WINDOWS\system32\kbdinasa.Dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-06-21 21:27:21 6928 --a------ C:\WINDOWS\system32\kbdhebx.Dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-06-21 21:27:20 7440 --a------ C:\WINDOWS\system32\Kbddll.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2008-06-21 21:27:19 8992 --a------ C:\WINDOWS\system32\kbdbphz.dLL <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2008-06-21 21:27:19 8992 --a------ C:\WINDOWS\system32\KBDBPH.dLL <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2008-06-21 21:27:19 6416 --a------ C:\WINDOWS\system32\kbdbp.Dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-06-21 21:27:19 6416 --a------ C:\WINDOWS\system32\kbdbds.Dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-06-21 21:27:09 45056 --a------ C:\WINDOWS\system32\newdll.dll
2008-06-21 21:27:05 0 d-------- C:\Program Files\Datecs
2008-06-21 19:57:14 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-21 19:47:22 0 d-------- C:\Program Files\EA SPORTS
2008-06-21 19:02:14 0 d-------- C:\Program Files\Counter-Strike
2008-06-21 18:41:14 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-06-21 18:41:13 0 d-------- C:\Documents and Settings\admin\Application Data\skypePM
2008-06-21 18:41:01 0 d-------- C:\Program Files\Common Files\Skype
2008-06-21 18:36:59 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-06-21 18:33:59 0 d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-06-21 18:06:26 0 d-------- C:\Download
2008-06-21 18:00:42 0 d-------- C:\Program Files\Winamp
2008-06-21 17:59:05 0 d-------- C:\Program Files\uTorrent
2008-06-21 17:58:59 0 d-------- C:\Documents and Settings\admin\Application Data\uTorrent
2008-06-21 17:52:50 0 d-------- C:\Documents and Settings\admin\Application Data\Macromedia
2008-06-21 17:52:49 0 d-------- C:\Documents and Settings\admin\Application Data\Adobe
2008-06-21 17:52:45 1160 --a------ C:\WINDOWS\mozver.dat
2008-06-20 17:57:01 0 d--hs---- C:\WINDOWS\Installer
2008-06-20 17:57:00 0 d-------- C:\Program Files\Common Files\ODBC
2008-06-20 17:56:56 0 dr------- C:\Program Files
2008-06-20 17:56:56 0 d-------- C:\Program Files\Common Files
2008-06-20 17:56:56 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-06-20 17:56:23 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-06-20 17:56:23 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-06-20 17:56:23 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-06-20 17:56:23 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-06-20 17:56:23 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-06-20 17:56:23 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-06-20 17:56:23 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-06-20 17:56:23 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-06-20 17:56:23 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-06-20 17:56:23 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-06-20 17:56:23 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-06-20 17:56:23 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-06-20 17:56:23 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-06-20 17:56:23 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-06-20 17:56:23 0 dr------- C:\Documents and Settings\All Users\Documents
2008-06-20 17:56:23 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-06-20 17:56:10 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-06-20 17:56:10 0 d-------- C:\WINDOWS\system32\CatRoot
2008-06-20 17:56:05 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-06-20 17:56:05 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-06-20 17:56:05 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-06-20 17:56:05 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-06-20 17:55:37 0 d--hs---- C:\System Volume Information
2008-06-20 17:55:37 0 d-------- C:\Documents and Settings
2008-06-20 17:49:27 0 d-------- C:\WINDOWS
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\WinSxS
2008-06-20 17:49:27 0 dr------- C:\WINDOWS\Web
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\twain_32
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\wins
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\wbem
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\usmt
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\spool
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\ShellExt
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\Setup
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\ras
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\oobe
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\npp
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\mui
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\inetsrv
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\IME
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\icsxml
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\ias
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\export
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\drivers
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-06-20 17:49:27 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\dhcp
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\config
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\3076
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\2052
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\1054
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\1042
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\1041
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\1037
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\1033
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\1031
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\1028
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system32\1025
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\system
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\security
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\Resources
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\repair
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\Provisioning
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\PeerNet
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\pchealth
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\mui
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\msapps
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\msagent
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\Media
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\java
2008-06-20 17:49:27 0 d--h----- C:\WINDOWS\inf
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\ime
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\Help
2008-06-20 17:49:27 0 dr--s---- C:\WINDOWS\Fonts
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\ehome
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\Driver Cache
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\Debug
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\Cursors
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\Connection Wizard
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\Config
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\AppPatch
2008-06-20 17:49:27 0 d-------- C:\WINDOWS\addins
2008-06-20 15:31:21 0 d-------- C:\WINDOWS\pss
2008-06-20 15:31:10 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-06-20 15:30:37 0 d-------- C:\Documents and Settings\admin\Application Data\Help
2008-06-20 15:29:33 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-20 15:29:33 0 d-------- C:\Documents and Settings\admin\Application Data\DAEMON Tools
2008-06-20 15:29:14 0 d-------- C:\Documents and Settings\admin\Application Data\Sun
2008-06-20 15:29:05 0 d-------- C:\Documents and Settings\admin\Application Data\Skype
2008-06-20 15:28:57 0 d-------- C:\Program Files\Java
2008-06-20 15:28:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-06-20 15:28:31 0 d-------- C:\Program Files\Skype
2008-06-20 15:28:17 0 d-------- C:\Program Files\Common Files\Java
2008-06-20 15:28:17 0 d-------- C:\j2sdk1.4.2_06
2008-06-20 15:27:38 94636 --a------ C:\WINDOWS\dropcpyr.dll
2008-06-20 15:27:38 73728 --a------ C:\WINDOWS\copyfstq.exe
2008-06-20 15:27:24 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-06-20 15:27:24 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-06-20 15:27:24 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-06-20 15:27:23 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-06-20 15:27:23 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-06-20 15:27:23 73728 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-06-20 15:27:22 639066 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-20 15:27:21 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-06-20 15:27:19 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-06-20 15:27:11 0 d-------- C:\Program Files\ICQLite
2008-06-20 15:27:11 0 d-------- C:\Documents and Settings\admin\Application Data\ICQLite
2008-06-20 15:26:56 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-20 15:26:54 0 d-------- C:\Documents and Settings\admin\Application Data\Mozilla
2008-06-20 15:26:36 516096 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-06-20 15:26:08 0 d-------- C:\Program Files\ATI Technologies
2008-06-20 15:26:03 0 d-------- C:\ATI
2008-06-20 15:25:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-06-20 15:25:09 0 d-------- C:\WINDOWS\Cache
2008-06-20 15:24:50 5632 --a------ C:\WINDOWS\system32\kbdbupho.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-20 15:23:59 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-06-20 15:23:56 97792 --a------ C:\WINDOWS\system32\LGUICOM.DLL <Not Verified; Logitech Inc.; MouseWare>
2008-06-20 15:23:56 155648 --a------ C:\WINDOWS\system32\ifc21.dll <Not Verified; Immersion Corporation; Immersion Foundation Classes>
2008-06-20 15:23:56 94208 --a------ C:\WINDOWS\system32\FEELIT.DLL <Not Verified; Immersion Corporation; Immersion's FEELit Software>
2008-06-20 15:23:56 104960 --a------ C:\WINDOWS\system32\COMNCTR.DLL <Not Verified; Logitech Inc.; MouseWare>
2008-06-20 15:23:56 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-20 15:23:56 0 d-------- C:\Program Files\Common Files\Logitech
2008-06-20 15:23:55 20992 -----n--- C:\WINDOWS\LOGI_MWX.EXE <Not Verified; Logitech Inc.; MouseWare>
2008-06-20 15:23:55 0 d-------- C:\Program Files\Logitech
2008-06-20 15:23:48 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-20 15:23:40 1581056 --a------ C:\WINDOWS\mixer.exe <Not Verified; C-Media Electronic Inc. (www.cmedia.com.tw); Mixer>
2008-06-20 15:23:40 139264 --a------ C:\WINDOWS\cmuninst.exe <Not Verified; C-Media Electronics Inc.; CMIUninst Application>
2008-06-20 15:23:40 0 d-------- C:\Program Files\C-Media
2008-06-20 15:23:31 0 d-------- C:\Program Files\Webteh
2008-06-20 15:22:29 0 d-------- C:\install
2008-06-20 15:17:12 0 d-------- C:\Documents and Settings\admin\Application Data\Identities
2008-06-20 15:17:03 0 d--h----- C:\Documents and Settings\admin\Templates
2008-06-20 15:17:03 0 dr------- C:\Documents and Settings\admin\Start Menu
2008-06-20 15:17:03 0 dr-h----- C:\Documents and Settings\admin\SendTo
2008-06-20 15:17:03 0 dr-h----- C:\Documents and Settings\admin\Recent
2008-06-20 15:17:03 0 d--h----- C:\Documents and Settings\admin\PrintHood
2008-06-20 15:17:03 0 d--h----- C:\Documents and Settings\admin\NetHood
2008-06-20 15:17:03 0 dr------- C:\Documents and Settings\admin\My Documents
2008-06-20 15:17:03 0 d--h----- C:\Documents and Settings\admin\Local Settings
2008-06-20 15:17:03 0 dr------- C:\Documents and Settings\admin\Favorites
2008-06-20 15:17:03 0 d-------- C:\Documents and Settings\admin\Desktop
2008-06-20 15:17:03 0 d---s---- C:\Documents and Settings\admin\Cookies
2008-06-20 15:17:03 0 dr-h----- C:\Documents and Settings\admin\Application Data
2008-06-20 15:17:02 1048576 --ah----- C:\Documents and Settings\admin\NTUSER.DAT
2008-06-20 15:16:24 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-06-20 15:16:12 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-06-20 15:16:12 0 d-------- C:\WINDOWS\Prefetch
2008-06-20 15:16:11 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-06-20 15:16:11 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-06-20 15:16:11 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-06-20 15:16:11 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-06-20 15:16:11 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-06-20 15:16:02 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-06-20 15:16:02 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-06-20 15:16:02 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-06-20 15:16:02 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-06-20 15:16:02 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-06-20 15:11:49 0 d-------- C:\WINDOWS\system32\xircom
2008-06-20 15:11:49 0 d-------- C:\Program Files\microsoft frontpage
2008-06-20 15:11:37 225280 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-06-20 15:11:31 0 -rahs---- C:\MSDOS.SYS
2008-06-20 15:11:31 0 -rahs---- C:\IO.SYS
2008-06-20 15:11:31 0 --a------ C:\CONFIG.SYS
2008-06-20 15:11:31 0 --a------ C:\AUTOEXEC.BAT
2008-06-20 15:10:25 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-06-20 15:10:13 0 dr------- C:\WINDOWS\Offline Web Pages
2008-06-20 15:10:13 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-06-20 15:10:02 0 d--h----- C:\Program Files\WindowsUpdate
2008-06-20 15:09:40 0 d-------- C:\WINDOWS\system32\DirectX
2008-06-20 15:08:53 0 d---s---- C:\WINDOWS\Tasks
2008-06-20 15:08:52 0 d-------- C:\Program Files\Common Files\MSSoap
2008-06-20 15:08:46 0 d-------- C:\WINDOWS\srchasst
2008-06-20 15:08:45 0 d-------- C:\WINDOWS\system32\Macromed
2008-06-20 15:08:35 0 d-------- C:\Program Files\Movie Maker
2008-06-20 15:08:24 0 d-------- C:\WINDOWS\system32\Restore
2008-06-20 15:07:43 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-06-20 15:07:28 0 d-------- C:\WINDOWS\Registration
2008-06-20 15:07:21 0 d-------- C:\Program Files\Online Services
2008-06-20 15:07:14 0 d-------- C:\Program Files\Messenger
2008-06-20 15:07:08 0 d-------- C:\Program Files\MSN Gaming Zone
2008-06-20 15:06:02 0 d-------- C:\Program Files\Windows NT
2008-06-20 15:05:57 0 d-------- C:\WINDOWS\system32\MsDtc
2008-06-20 15:05:54 0 d-------- C:\WINDOWS\system32\Com

-- Find3M Report ---------------------------------------------------------------

2008-06-20 17:56:23 62 --ahs---- C:\Documents and Settings\admin\Application Data\desktop.ini

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2FF811E6-8925-4084-A649-C159955E67E8}]
21.06.2008 Ј. 22:26 13824 --a------ C:\WINDOWS\system32\dani.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer "= "Mixer.exe" [03.05.2004 Ј. 17:58 C:\WINDOWS\mixer.exe]
"Resume copy "= "copyfstq.exe" [20.06.2008 Ј. 15:27 C:\WINDOWS\copyfstq.exe]
"WinampAgent "= "C:\Program Files\Winamp\winampa.exe" [20.12.2004 Ј. 21:41]
"egui "= "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [21.12.2007 Ј. 08:21]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 Ј. 03:56]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
FlexType 2K.lnk - C:\Program Files\Datecs\FlexType 2K\FType2K.exe [21.6.2008 Ј. 21:27:10]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"C:\Program Files\ICQLite\ICQLite.exe" -minimize

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
Logi_MwX.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\Winampa.exe "

-- End of Deckard's System Scanner: finished at 2008-06-22 19:59:31 ------------

noahdfear · 2008/06/22

Please upload the following file to my submission channel for analysis. Leave a link back to this topic.

C:\WINDOWS\system32\dani.dll

Thanks!

Nikoloff · 2008/06/22

Ok. Looking forward to your reply. Thanks

noahdfear · 2008/06/22

It's a baddie alright.

Please download the Killbox by Option^Explicit.

Save it to your desktop.

Please double-click Killbox.exe to run it.

Select:

Delete on Reboot

then Click on the All Files button.

Please copy the filepath below and paste it into Killbox:

C:\WINDOWS\system32\dani.dll

Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

After restart, scan again with HijackThis and place a check next to the following entry, then click Fix Checked.

O2 - BHO: IE ext - {2FF811E6-8925-4084-A649-C159955E67E8} - C:\WINDOWS\system32\dani.dll

Restart the computer again please, then create and post a new HijackThis log.

Nikoloff · 2008/06/22

PendingFileRenameOperations prompt :this message DID NOT appear

Here is the Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:18:36, on 22.6.2008 г.
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Datecs\FlexType 2K\FType2K.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\admin\Desktop\killer.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IE ext - {2FF811E6-8925-4084-A649-C159955E67E8} - C:\WINDOWS\system32\dani.dll (file missing)
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: FlexType 2K.lnk = C:\Program Files\Datecs\FlexType 2K\FType2K.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

--
End of file - 3288 bytes

noahdfear · 2008/06/22

Fix the following entry with HijackThis and reboot.

O2 - BHO: IE ext - {2FF811E6-8925-4084-A649-C159955E67E8} - C:\WINDOWS\system32\dani.dll (file missing)

Run a new scan and post the log please.

Nikoloff · 2008/06/22

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:25:14, on 23.6.2008 г.
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Datecs\FlexType 2K\FType2K.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Documents and Settings\admin\Desktop\killer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: FlexType 2K.lnk = C:\Program Files\Datecs\FlexType 2K\FType2K.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

--
End of file - 3360 bytes

noahdfear · 2008/06/22

Are you still getting the system error message? Please do an online scan with Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.

Please be patient as this can take several minutes.

Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.

Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

Click View scan report at the bottom.

Click the Save Report As... button.

Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

Close any open programs.

Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Post the Kaspersky log here.

Nikoloff · 2008/06/23

I'm not getting the error message anymore

But i couldn't run the Kaspersky Online Scanner.
You need to install Java version 1.5 or later to run Kaspersky Online Scanner 7.0.
I downloaded java from java.com ,updated and it still shows the same message

noahdfear · 2008/06/23

We'll use another scanner. Please go HERE to run Panda's ActiveScan

Once you are on the Panda site click the Scan your PC now button

A new window will open...click the Check Now button

Enter your Country

Enter your State/Province

Enter your e-mail address and click send

Select either Home User or Company

Select the appropriate Yes or No to receiving marketing information

Click the Free Online Scan button

If it wants to install an ActiveX component allow it

It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)

When download is complete, click on My Computer to start the scan

When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Post the contents of the ActiveScan report along with a fresh HijackThis log.

Nikoloff · 2008/06/23

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:23:24, on 23.6.2008 г.
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Datecs\FlexType 2K\FType2K.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Documents and Settings\admin\Desktop\killer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe "
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: FlexType 2K.lnk = C:\Program Files\Datecs\FlexType 2K\FType2K.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

--
End of file - 3312 bytes

Nikoloff · 2008/06/23

Active scan log part1

ANALYSIS: 2008-06-23 16:20:39
PROTECTIONS: 1
MALWARE: 11
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
ESET NOD32 Antivirus 3.0 3.0 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\lo0qjvly.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\lo0qjvly.default\cookies.txt[.atdmt.com/]
00139535 Application/Processor HackTools No 0 Yes No C:\SDFix\apps\Process.exe
00139535 Application/Processor HackTools No 0 No No C:\Documents and Settings\admin\Desktop\SDFix.exe[SDFix\apps\Process.exe]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\lo0qjvly.default\cookies.txt[.mediaplex.com/]
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\lo0qjvly.default\cookies.txt[.revenue.net/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\lo0qjvly.default\cookies.txt[.yadro.ru/]
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\lo0qjvly.default\cookies.txt[.yadro.ru/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\lo0qjvly.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\lo0qjvly.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\lo0qjvly.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\lo0qjvly.default\cookies.txt[ad.yieldmanager.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\lo0qjvly.default\cookies.txt[statse.webtrendslive.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\lo0qjvly.default\cookies.txt[.overture.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\lo0qjvly.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\lo0qjvly.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\lo0qjvly.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\lo0qjvly.default\cookies.txt[.adultfriendfinder.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\lo0qjvly.default\cookies.txt[searchportal.information.com/]

Nikoloff · 2008/06/23

SUSPECTS
Sent Location
l
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
l
;===================================================================================================================================================================================
184380 MEDIUM MS08-002
l
184379 MEDIUM MS08-001
l
182048 HIGH MS07-069
l
182046 HIGH MS07-067
l
182043 HIGH MS07-064
l
179553 HIGH MS07-061
l
176382 HIGH MS07-057
l
176383 HIGH MS07-058
l
170911 HIGH MS07-050
l
170907 HIGH MS07-046
l
170906 HIGH MS07-045
l
170904 HIGH MS07-043
l
164915 HIGH MS07-035
l
164913 HIGH MS07-033
l
164911 HIGH MS07-031
l
160623 HIGH MS07-027
l
157262 HIGH MS07-022
l
157261 HIGH MS07-021
l
157260 HIGH MS07-020
l
157259 HIGH MS07-019
l
156477 HIGH MS07-017
l
150253 HIGH MS07-016
l
150249 HIGH MS07-013
l
150248 HIGH MS07-012
l
150247 HIGH MS07-011
l
150243 HIGH MS07-008
l
150242 HIGH MS07-007
l
150241 MEDIUM MS07-006
l
141034 HIGH MS06-076
l
141033 MEDIUM MS06-075
l
141030 HIGH MS06-072
l
137571 HIGH MS06-070
l
137568 HIGH MS06-067
l
133387 MEDIUM MS06-065
l
133386 MEDIUM MS06-064
l
133385 MEDIUM MS06-063
l
133379 HIGH MS06-057
l
131654 HIGH MS06-055
l
129977 MEDIUM MS06-053
l
129976 MEDIUM MS06-052
l
126093 HIGH MS06-051
l
126092 MEDIUM MS06-050
l
126087 HIGH MS06-046
l
126086 MEDIUM MS06-045
l
126083 HIGH MS06-042
l
126082 HIGH MS06-041
l
126081 HIGH MS06-040
l
123421 HIGH MS06-036
l
123420 HIGH MS06-035
l
120825 MEDIUM MS06-032
l
120823 MEDIUM MS06-030
l
120818 HIGH MS06-025
l
120815 HIGH MS06-022
l
120814 HIGH MS06-021
l

Nikoloff · 2008/06/23

117384 MEDIUM MS06-018
l
114666 HIGH MS06-015
l
114664 HIGH MS06-013
l
108744 MEDIUM MS06-008
l
108743 MEDIUM MS06-007
l
108742 MEDIUM MS06-006
l
104567 HIGH MS06-002
l
104237 HIGH MS06-001
l
96574 HIGH MS05-053
l
93395 HIGH MS05-051
l
93394 HIGH MS05-050
l
93454 MEDIUM MS05-049
l
;===================================================================================================================================================================================

noahdfear · 2008/06/23

Delete the SDFix file on the desktop and the C:\SDFix folder.

Run the Killbox.exe again.
Click File>Cleanup>Delete all backups then exit.
You can delete Killbox.exe now.
Make sure the folder C:\!submit is gone (delete it if present).

Download ATF Cleaner by Atribune and save it to your Desktop.

Double click ATF-Cleaner.exe to run the program.

Check the boxes to the left of:

Windows Temp

Current User Temp

All Users Temp

Temporary Internet Files (TIFs)

Prefetch

Java Cache

Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".

Finally, click Empty Selected.

When you get the "Done Cleaning" message, select the Firefox tab and clear out the TIFs and Cookies.

Click OK then exit.

Reboot

If you're satisfied that the computer is working properly, clear the System Restore points. They are infected.

Clear past system restore points and create a new one.
Right click My Computer and select Properties. On the System Restore tab, check the box to turn System Restore off. Click Apply. Now, uncheck the box and click Apply to turn System Restore back on. Click OK, then OK to close the System Properties dialog.

Verify a new restore point was created.
Click Start>All Programs>Accessories>System Tools>System Restore
Select 'Restore my computer to an earlier time', then click next.
You should have a newly created System Checkpoint available. If so, click Cancel. If not, click Back and select 'Create a restore point' then click Next. Give the restore point a name and click next.

Let me know how things are now.

Nikoloff · 2008/06/24

Thank you very much you've been more than helpful.Everything seems to be working fine.I'd just like to ask one more question.What anti-virus software do you recommend because i am using NOD 32 but i read some different opinions about it?

Log in or Sign up

Solved Dangerous trojan horse detected

Nikoloff Inactive Thread Starter

noahdfear Inactive

Nikoloff Inactive Thread Starter

noahdfear Inactive

Nikoloff Inactive Thread Starter

noahdfear Inactive

Nikoloff Inactive Thread Starter

noahdfear Inactive

Nikoloff Inactive Thread Starter

noahdfear Inactive

Nikoloff Inactive Thread Starter

noahdfear Inactive

Nikoloff Inactive Thread Starter

noahdfear Inactive

Nikoloff Inactive Thread Starter

Nikoloff Inactive Thread Starter

Nikoloff Inactive Thread Starter

Nikoloff Inactive Thread Starter

noahdfear Inactive

Nikoloff Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Dangerous trojan horse detected

Nikoloff Inactive Thread Starter

noahdfear Inactive

Nikoloff Inactive Thread Starter

noahdfear Inactive

Nikoloff Inactive Thread Starter

noahdfear Inactive

Nikoloff Inactive Thread Starter

noahdfear Inactive

Nikoloff Inactive Thread Starter

noahdfear Inactive

Nikoloff Inactive Thread Starter

noahdfear Inactive

Nikoloff Inactive Thread Starter

noahdfear Inactive

Nikoloff Inactive Thread Starter

Nikoloff Inactive Thread Starter

Nikoloff Inactive Thread Starter

Nikoloff Inactive Thread Starter

noahdfear Inactive

Nikoloff Inactive Thread Starter

Share This Page

Useful Searches