1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Dangerous Trojan Horse Detected - Registry fix?

Discussion in 'Malware and Virus Removal Archive' started by wstanow, 2008/06/23.

  1. 2008/06/23
    wstanow

    wstanow Inactive Thread Starter

    Joined:
    2008/06/23
    Messages:
    8
    Likes Received:
    0
    Hi support gurus, you guys are awesome from what i read in previous post of helping others.

    My problem:
    ============
    I have encountered the unwanted pop up message whenever I click to view folder contents from windows explorer or whenever i open IE.

    "System error Attention (my name). Some dangerous trojan horse detected in your system. Microsoft XP files corrupted. This may lead to the destruction of imporant files in C:\WINDOWS. Download protection software now! Click OK to download the antispyware. (Recommended) "

    What I did:
    ============
    After Symantec Antivirus and MS Defender provided no help, i searched on the net and found this forum, after reading a few previous posts with similar message that was resolved by Geri and Noahdfear I followed below steps:

    1. Downloaded HJT (renamed to killer) & DSS and collected HJT logs, main & extra logs from DSS.
    2. Downloaded, installed MBAM, scanned, cleaned and rebooted system (also got mbam log)
    3. Ran DSS again and got a new main log.

    After step 2, I don't seem to get the message anymore, MBAM reported 12 infected objects, 1 of which was cleaned on reboot, all deleted.

    My Question (need help on :)
    ============
    In some of the previous post i noticed that the "victims" were asked to use more than one scan software, also some registry key fix was applied manually after malware was removed by tools such as MBAM.

    Why is extra registry key fix needed? (i suppose they were infected), is this a global thing or only needed on case by case basis? I wonder if my system needs similar treatment and what should i be looking for in the logs to see if such registry key fix is needed?

    =====================
    Thanks for any assistance!!!
    =====================
     
    wstanow,
    #1
  2. 2008/06/23
    wstanow

    wstanow Inactive Thread Starter

    Joined:
    2008/06/23
    Messages:
    8
    Likes Received:
    0
    Sorry forgotten to attach log files, here i have 3 of them. Thanks for any assistance!

    1. hjt log by dss before mbam took place
    2. mbam log
    3. hjt log by dss after mbam & reboot took place

    ================================
    1. hjt log by dss before mbam took place
    ================================

    Deckard's System Scanner v20071014.68
    Run by wsong on 2008-06-24 03:40:48
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 5 Restore Point(s) --
    52: 2008-06-23 17:41:00 UTC - RP481 - Deckard's System Scanner Restore Point
    51: 2008-06-23 16:10:45 UTC - RP480 - Removed SmartFTP Client
    50: 2008-06-23 16:09:41 UTC - RP479 - Installed SmartFTP Client
    49: 2008-06-23 04:35:40 UTC - RP478 - System Checkpoint
    48: 2008-06-22 01:34:29 UTC - RP477 - Removed Sonic Update Manager


    -- First Restore Point --
    1: 2008-05-16 08:31:55 UTC - RP430 - Software Distribution Service 3.0


    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis (run as wsong.exe) -----------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:45:15 AM, on 24/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Norton Ghost\Agent\GhostTray.exe
    C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe
    C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
    C:\Program Files\Common Files\kingsoft\KSG\client.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\LVComS.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Kingsoft\PowerWord 2005\XDICT.EXE
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Documents and Settings\wsong\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\wsong.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: BHO - {2FF811E6-8925-4084-A649-C159955E67E8} - C:\WINDOWS\system32\opus64.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe "
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe "
    O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe "
    O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [KsgUpdateRun] C:\Program Files\Common Files\kingsoft\KSG\client.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe "
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Powerword 2005.lnk = C:\Program Files\Kingsoft\PowerWord 2005\XDICT.EXE
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: Logo Calibration Loader.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe
    O4 - Global Startup: ProfileReminder.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\wsong\Start Menu\Programs\IMVU\Run IMVU.lnk
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154408332859
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://happyoceanxfhy.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Sym_davcni - Symantec Corporation - (no file)
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    --
    End of file - 17462 bytes

    -- File Associations -----------------------------------------------------------

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
    R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
    R1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver>
    R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0>
    R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys <Not Verified; Conexant; Diagnostic Interface>
    R2 PDIHWCTL - c:\windows\system32\drivers\pdihwctl.sys <Not Verified; Portrait Displays, Inc.; PdiHwCtl>
    R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
    R3 HSF_DPV - c:\windows\system32\drivers\hsx_dpv.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
    R3 HSXHWAZL - c:\windows\system32\drivers\hsxhwazl.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
    R3 rimmptsk - c:\windows\system32\drivers\rimmptsk.sys <Not Verified; REDC; RICOH MMC Driver>
    R3 rimsptsk - c:\windows\system32\drivers\rimsptsk.sys <Not Verified; REDC; Ricoh Memorystick Controller>
    R3 ROOTMODEM (Microsoft Legacy Modem Driver) - c:\windows\system32\drivers\rootmdm.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    R3 sdbus - c:\windows\system32\drivers\sdbus.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    R3 STHDA (SigmaTel High Definition Audio CODEC) - c:\windows\system32\drivers\sthda.sys <Not Verified; SigmaTel, Inc.; C-Major Audio>
    R3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver>
    R3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)>
    R3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - c:\windows\system32\drivers\tosrfbnp.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFBNEP Driver from TOSHIBA>
    R3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA>
    R3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - c:\windows\system32\drivers\tosrfnds.sys <Not Verified; TOSHIBA Corporation.; Bluetooth BNEP Driver from TOSHIBA>
    R3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Microsoft(R) Windows NT(R) Operating System>
    R3 winachsf - c:\windows\system32\drivers\hsx_cnxt.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>

    S3 BCOREUSB (BCOREUSB.Sys CSR test driver) - c:\windows\system32\drivers\bcoreusb.sys <Not Verified; CSR; Bluetooth USB Dongle Device Driver>
    S3 BthEnum (Bluetooth Enumerator Service) - c:\windows\system32\drivers\bthenum.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    S3 BthPan (Bluetooth Device (Personal Area Network)) - c:\windows\system32\drivers\bthpan.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    S3 BTHUSB (Bluetooth Radio USB Driver) - c:\windows\system32\drivers\bthusb.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    S3 eyeonedp (eye-one display) - c:\windows\system32\drivers\eyeonedp.sys
    S3 toshidpt (TOSHIBA Bluetooth HID port driver) - c:\windows\system32\drivers\toshidpt.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Bluetooth HID Mini Port Driver>
    S3 TosRfSnd (Bluetooth Audio Device (WDM) from TOSHIBA) - c:\windows\system32\drivers\tosrfsnd.sys <Not Verified; TOSHIBA Corporation; Bluetooth Audio Driver>
    S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
    R2 BthServ (Bluetooth Support Service) - c:\windows\system32\svchost.exe -k bthsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    R2 GEARSecurity - c:\windows\system32\gearsec.exe <Not Verified; GEAR Software; gearsec>
    R2 NICCONFIGSVC - c:\program files\dell\quickset\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
    R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>
    R2 WLANKEEPER (Intel(R) PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel(R) Corporation; SSO Service>
    R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

    S3 Sym_davcni -
    S4 Bluetooth Hid Switch Service - "c:\program files\bluetooth\hidswitchservice\hidsw.exe" <Not Verified; Cambridge Silicon Radio; HID Switch Service>


    -- Device Manager: Disabled ----------------------------------------------------

    Class GUID: {4D36E96E-E325-11CE-BFC1-08002BE10318}
    Description: Default Monitor
    Device ID: DISPLAY\DEFAULT_MONITOR\5&3268F280&0&10000003&01&00
    Manufacturer: (Standard monitor types)
    Name: Default Monitor
    PNP Device ID: DISPLAY\DEFAULT_MONITOR\5&3268F280&0&10000003&01&00
    Service:

    Class GUID: {4D36E96E-E325-11CE-BFC1-08002BE10318}
    Description: Default Monitor
    Device ID: DISPLAY\DEFAULT_MONITOR\5&3268F280&0&00000110&01&00
    Manufacturer: (Standard monitor types)
    Name: Default Monitor
    PNP Device ID: DISPLAY\DEFAULT_MONITOR\5&3268F280&0&00000110&01&00
    Service:

    Class GUID: {4D36E96E-E325-11CE-BFC1-08002BE10318}
    Description: Default Monitor
    Device ID: DISPLAY\DEFAULT_MONITOR\5&3268F280&0&00000200&01&00
    Manufacturer: (Standard monitor types)
    Name: Default Monitor
    PNP Device ID: DISPLAY\DEFAULT_MONITOR\5&3268F280&0&00000200&01&00
    Service:

    Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
    Description: Wyatt NK 6500s-1
    Device ID: ROOT\WPD\0000
    Manufacturer: Nokia
    Name: Wyatt NK 6500s-1
    PNP Device ID: ROOT\WPD\0000
    Service: WUDFRd


    -- Scheduled Tasks -------------------------------------------------------------

    2008-06-24 03:27:02 256 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
    2008-06-24 02:46:20 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
    2008-06-24 01:24:11 422 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{9BCC96B0-517F-46DA-9231-A866C09E5096}.job
    2008-06-18 13:50:08 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


    -- Files created between 2008-05-24 and 2008-06-24 -----------------------------

    2008-06-24 03:34:15 0 d-------- C:\Program Files\Trend Micro
    2008-06-24 02:37:14 18432 --a------ C:\WINDOWS\system32\opus64.dll
    2008-06-24 02:36:00 18432 --a------ C:\WINDOWS\system32\sigma64.dll
    2008-06-24 02:35:46 18432 --a------ C:\WINDOWS\system32\opus16.dll
    2008-06-24 02:35:32 18432 --a------ C:\WINDOWS\system32\nada32.dll
    2008-06-24 02:02:50 0 d-------- C:\Program Files\SmartFTP Client 3.0 Setup Files
    2008-06-22 11:30:16 0 d-------- C:\Documents and Settings\wsong\Application Data\Sonic
    2008-06-19 18:31:34 0 d-------- C:\Program Files\FDCSIK
    2008-06-19 18:31:33 0 d-------- C:\Program Files\BigPond
    2008-06-14 20:38:50 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
    2008-06-14 20:38:37 0 d-------- C:\Program Files\Sonic
    2008-06-06 00:30:23 0 d-------- C:\WINDOWS\system32\windows media
    2008-06-06 00:30:15 0 d-------- C:\WINDOWS\RegisteredPackages
    2008-06-06 00:30:13 0 d--h----- C:\WINDOWS\msdownld.tmp
    2008-06-06 00:30:07 0 d-------- C:\Program Files\Windows Media Components
    2008-06-06 00:29:22 0 d-------- C:\Documents and Settings\wsong\Application Data\Ulead Systems
    2008-06-06 00:26:48 0 d-------- C:\Program Files\Ulead Systems
    2008-06-06 00:26:45 0 d-------- C:\Program Files\Common Files\Ulead Systems
    2008-06-06 00:26:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
    2008-06-03 20:00:02 0 d-------- C:\Documents and Settings\wsong\Application Data\GretagMacbeth
    2008-06-03 19:32:37 14416 --a------ C:\WINDOWS\system32\drivers\pdihwctl.sys <Not Verified; Portrait Displays, Inc.; PdiHwCtl>
    2008-06-03 19:32:36 28672 --a------ C:\WINDOWS\system32\drivers\i1io2.sys <Not Verified; Thesycon GmbH, Germany; Universal USB Device Driver>
    2008-06-03 19:32:36 26045 --a------ C:\WINDOWS\system32\drivers\i1.sys <Not Verified; GretagMacbeth; Minilino / SpectroMat USB Driver>
    2008-06-03 19:32:36 44344 --a------ C:\WINDOWS\system32\drivers\EyeOneDp.sys
    2008-06-03 19:32:36 126976 --a------ C:\WINDOWS\system32\drivers\direci2c.dll <Not Verified; Portrait Displays, Inc.; >
    2008-06-03 19:31:44 0 d-------- C:\Program Files\GretagMacbeth


    -- Find3M Report ---------------------------------------------------------------

    2008-06-24 03:37:28 0 d-------- C:\Documents and Settings\wsong\Application Data\StumbleUpon
    2008-06-24 02:43:42 0 d-------- C:\Program Files\Symantec AntiVirus
    2008-06-24 02:40:46 0 d-------- C:\Program Files\FlashGet
    2008-06-24 02:10:46 0 d-------- C:\Program Files\SmartFTP Client
    2008-06-23 23:09:27 0 d-------- C:\Documents and Settings\wsong\Application Data\Adobe
    2008-06-22 12:22:10 0 d-------- C:\Documents and Settings\wsong\Application Data\IMVU
    2008-06-22 12:16:09 0 d-------- C:\Program Files\IMVU
    2008-06-22 11:33:50 0 d-------- C:\Program Files\Common Files
    2008-06-19 18:31:38 0 d-------- C:\Program Files\DIFX
    2008-06-14 22:40:11 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-06-06 00:26:41 0 d-------- C:\Program Files\Common Files\InstallShield
    2008-05-29 09:35:13 0 d-------- C:\Documents and Settings\wsong\Application Data\AdobeUM
    2008-04-29 13:39:17 0 d-------- C:\Program Files\MSECache
    2008-04-26 12:00:47 0 d-------- C:\Documents and Settings\wsong\Application Data\Apple Computer
    2008-04-26 12:00:36 0 d-------- C:\Program Files\iTunes
    2008-04-26 12:00:21 0 d-------- C:\Program Files\iPod
    2008-04-26 11:59:39 0 d-------- C:\Program Files\QuickTime
    2008-04-26 11:56:51 0 d-------- C:\Program Files\Common Files\Apple
    2008-04-26 11:34:04 0 d-------- C:\Program Files\Apple Software Update
     
    wstanow,
    #2


  3. to hide this advert.

  4. 2008/06/23
    wstanow

    wstanow Inactive Thread Starter

    Joined:
    2008/06/23
    Messages:
    8
    Likes Received:
    0
    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2FF811E6-8925-4084-A649-C159955E67E8}]
    24/06/2008 02:37 AM 18432 --a------ C:\WINDOWS\system32\opus64.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1 "= "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [03/08/2004 10:32 PM]
    "PHIME2002ASync "= "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [31/03/2003 10:00 PM]
    "PHIME2002A "= "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [31/03/2003 10:00 PM]
    "BluetoothAuthenticationAgent "= "bthprops.cpl" [04/08/2004 12:56 AM C:\WINDOWS\system32\bthprops.cpl]
    "SunJavaUpdateSched "= "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [19/11/2003 05:48 PM]
    "Dell QuickSet "= "C:\Program Files\Dell\QuickSet\quickset.exe" [06/04/2006 02:58 PM]
    "IntelZeroConfig "= "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [28/12/2005 11:55 AM]
    "IntelWireless "= "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [28/12/2005 11:56 AM]
    "ATICCC "= "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [02/01/2006 05:41 PM]
    "SigmatelSysTrayApp "= "stsystra.exe" [24/03/2006 05:30 PM C:\WINDOWS\stsystra.exe]
    "SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [08/03/2006 12:48 PM]
    "ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/06/2005 09:21 AM]
    "vptray "= "C:\PROGRA~1\SYMANT~1\VPTray.exe" [23/06/2005 07:27 PM]
    "Norton Ghost 10.0 "= "C:\Program Files\Norton Ghost\Agent\GhostTray.exe" [09/09/2005 07:09 PM]
    "Device Detector "= "DevDetect.exe" []
    "NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50 AM]
    "Windows Defender "= "C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 06:20 PM]
    "Adobe Photo Downloader "= "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe" [19/06/2007 08:21 AM]
    "MMReminderService "= "C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe" [13/12/2006 11:16 PM]
    "pdfSaver3 "=" " []
    "Easy-PrintToolBox "= "C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [14/01/2004 11:10 AM]
    "LogitechVideoRepair "= "C:\Program Files\Logitech\Video\ISStart.exe" [29/08/2003 01:17 PM]
    "LogitechVideoTray "= "C:\Program Files\Logitech\Video\LogiTray.exe" [29/08/2003 01:20 PM]
    "LogitechGalleryRepair "= "C:\Program Files\Logitech\Video\ISStart.exe" [29/08/2003 01:17 PM]
    "TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/03/2008 07:46 AM]
    "StxTrayMenu "= "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe" [18/01/2007 12:20 PM]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [28/03/2008 11:37 PM]
    "iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36 AM]
    "Ulead AutoDetector v2 "= "C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [27/08/2004 07:22 PM]
    "ISUSPM Startup "= "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" []
    "ISUSScheduler "= "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" []
    "KsgUpdateRun "= "C:\Program Files\Common Files\kingsoft\KSG\client.exe" [08/06/2004 07:24 PM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE "= "C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 12:56 AM]
    "MsnMsgr "= "C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 11:54 AM]
    "MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [14/10/2004 02:24 AM]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [21/11/2007 08:32 AM]
    "pdfSaver3 "= "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe" [05/09/2004 04:20 PM]
    "PC Suite Tray "= "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [10/12/2007 09:12 AM]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Nokia.PCSync "= "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
    "DWQueuedReporting "= "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

    C:\Documents and Settings\wsong\Start Menu\Programs\Startup\
    Powerword 2005.lnk - C:\Program Files\Kingsoft\PowerWord 2005\XDICT.EXE [14/10/2004 3:46:14 PM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [24/10/2003 2:37:56 PM]
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [6/12/2007 3:52:14 PM]
    Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [18/11/2005 5:46:00 PM]
    Logo Calibration Loader.lnk - C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe [3/06/2008 7:31:54 PM]
    ProfileReminder.lnk - C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe [3/06/2008 7:31:54 PM]
    Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [3/05/2005 10:07:32 PM]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @= "Volume shadow copy "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs BthServ


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    AutoRun\command- F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
    AutoRun\command- H:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d299b0e-1e86-11dd-806b-001641767c90}]
    AutoRun\command- F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d299b0f-1e86-11dd-806b-001641767c90}]
    AutoRun\command- F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8044e5d-0b4e-11dd-8066-001641767c90}]
    AutoRun\command- H:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8044e61-0b4e-11dd-8066-001641767c90}]
    AutoRun\command- H:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8044e70-0b4e-11dd-8066-001641767c90}]
    AutoRun\command- F:\AutoRun.exe

    -- End of Deckard's System Scanner: finished at 2008-06-24 03:45:47 ------------
     
    wstanow,
    #3
  5. 2008/06/23
    wstanow

    wstanow Inactive Thread Starter

    Joined:
    2008/06/23
    Messages:
    8
    Likes Received:
    0
    ===========
    Mbam log
    ===========

    Malwarebytes' Anti-Malware 1.18
    Database version: 883

    4:20:15 AM 24/06/2008
    mbam-log-6-24-2008 (04-20-15).txt

    Scan type: Quick Scan
    Objects scanned: 66436
    Time elapsed: 17 minute(s), 58 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 1
    Registry Keys Infected: 7
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 4

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    C:\WINDOWS\system32\opus64.dll (Trojan.FakeAlert) -> Unloaded module successfully.

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{2ff811e6-8925-4084-a649-c159955e67e8} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2ff811e6-8925-4084-a649-c159955e67e8} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\bhonew.bhoapp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\bhonew.bhoapp.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{4937d5d1-2039-409a-bd83-fec9b39b2356} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{caf9d798-c659-4b9b-8e19-ee27c3d04ee7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{15c7d7ad-a87a-4c0d-9d8b-637fcd3488ef} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\opus64.dll (Trojan.FakeAlert) -> Delete on reboot.
    C:\WINDOWS\system32\nada32.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\opus16.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sigma64.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
     
    wstanow,
    #4
  6. 2008/06/23
    wstanow

    wstanow Inactive Thread Starter

    Joined:
    2008/06/23
    Messages:
    8
    Likes Received:
    0
    ==================
    HJT after mbam & reboot
    ==================

    Deckard's System Scanner v20071014.68
    Run by wsong on 2008-06-24 04:38:01
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as wsong.exe) -----------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:38:09 AM, on 24/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Norton Ghost\Agent\GhostTray.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe
    C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
    C:\Program Files\Common Files\kingsoft\KSG\client.exe
    C:\WINDOWS\system32\LVComS.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Kingsoft\PowerWord 2005\XDICT.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\wsong\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\wsong.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe "
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe "
    O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe "
    O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [KsgUpdateRun] C:\Program Files\Common Files\kingsoft\KSG\client.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe "
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Powerword 2005.lnk = C:\Program Files\Kingsoft\PowerWord 2005\XDICT.EXE
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: Logo Calibration Loader.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe
    O4 - Global Startup: ProfileReminder.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\wsong\Start Menu\Programs\IMVU\Run IMVU.lnk
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154408332859
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://happyoceanxfhy.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Sym_davcni - Symantec Corporation - (no file)
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    --
    End of file - 17418 bytes

    -- Files created between 2008-05-24 and 2008-06-24 -----------------------------

    2008-06-24 03:59:08 0 d-------- C:\Documents and Settings\wsong\Application Data\Malwarebytes
    2008-06-24 03:59:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-06-24 03:59:05 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-24 03:34:15 0 d-------- C:\Program Files\Trend Micro
    2008-06-24 02:02:50 0 d-------- C:\Program Files\SmartFTP Client 3.0 Setup Files
    2008-06-22 11:30:16 0 d-------- C:\Documents and Settings\wsong\Application Data\Sonic
    2008-06-19 18:31:34 0 d-------- C:\Program Files\FDCSIK
    2008-06-19 18:31:33 0 d-------- C:\Program Files\BigPond
    2008-06-14 20:38:50 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
    2008-06-14 20:38:37 0 d-------- C:\Program Files\Sonic
    2008-06-06 00:30:23 0 d-------- C:\WINDOWS\system32\windows media
    2008-06-06 00:30:15 0 d-------- C:\WINDOWS\RegisteredPackages
    2008-06-06 00:30:13 0 d--h----- C:\WINDOWS\msdownld.tmp
    2008-06-06 00:30:07 0 d-------- C:\Program Files\Windows Media Components
    2008-06-06 00:29:22 0 d-------- C:\Documents and Settings\wsong\Application Data\Ulead Systems
    2008-06-06 00:26:48 0 d-------- C:\Program Files\Ulead Systems
    2008-06-06 00:26:45 0 d-------- C:\Program Files\Common Files\Ulead Systems
    2008-06-06 00:26:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
    2008-06-03 20:00:02 0 d-------- C:\Documents and Settings\wsong\Application Data\GretagMacbeth
    2008-06-03 19:32:37 14416 --a------ C:\WINDOWS\system32\drivers\pdihwctl.sys <Not Verified; Portrait Displays, Inc.; PdiHwCtl>
    2008-06-03 19:32:36 28672 --a------ C:\WINDOWS\system32\drivers\i1io2.sys <Not Verified; Thesycon GmbH, Germany; Universal USB Device Driver>
    2008-06-03 19:32:36 26045 --a------ C:\WINDOWS\system32\drivers\i1.sys <Not Verified; GretagMacbeth; Minilino / SpectroMat USB Driver>
    2008-06-03 19:32:36 44344 --a------ C:\WINDOWS\system32\drivers\EyeOneDp.sys
    2008-06-03 19:32:36 126976 --a------ C:\WINDOWS\system32\drivers\direci2c.dll <Not Verified; Portrait Displays, Inc.; >
    2008-06-03 19:31:44 0 d-------- C:\Program Files\GretagMacbeth


    -- Find3M Report ---------------------------------------------------------------

    2008-06-24 04:25:02 0 d-------- C:\Program Files\Symantec AntiVirus
    2008-06-24 04:19:42 0 d-------- C:\Documents and Settings\wsong\Application Data\StumbleUpon
    2008-06-24 02:40:46 0 d-------- C:\Program Files\FlashGet
    2008-06-24 02:10:46 0 d-------- C:\Program Files\SmartFTP Client
    2008-06-23 23:09:27 0 d-------- C:\Documents and Settings\wsong\Application Data\Adobe
    2008-06-22 12:22:10 0 d-------- C:\Documents and Settings\wsong\Application Data\IMVU
    2008-06-22 12:16:09 0 d-------- C:\Program Files\IMVU
    2008-06-22 11:33:50 0 d-------- C:\Program Files\Common Files
    2008-06-19 18:31:38 0 d-------- C:\Program Files\DIFX
    2008-06-14 22:40:11 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-06-06 00:26:41 0 d-------- C:\Program Files\Common Files\InstallShield
    2008-05-29 09:35:13 0 d-------- C:\Documents and Settings\wsong\Application Data\AdobeUM
    2008-04-29 13:39:17 0 d-------- C:\Program Files\MSECache
    2008-04-26 12:00:47 0 d-------- C:\Documents and Settings\wsong\Application Data\Apple Computer
    2008-04-26 12:00:36 0 d-------- C:\Program Files\iTunes
    2008-04-26 12:00:21 0 d-------- C:\Program Files\iPod
    2008-04-26 11:59:39 0 d-------- C:\Program Files\QuickTime
    2008-04-26 11:56:51 0 d-------- C:\Program Files\Common Files\Apple
    2008-04-26 11:34:04 0 d-------- C:\Program Files\Apple Software Update


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1 "= "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [03/08/2004 10:32 PM]
    "PHIME2002ASync "= "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [31/03/2003 10:00 PM]
    "PHIME2002A "= "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [31/03/2003 10:00 PM]
    "BluetoothAuthenticationAgent "= "bthprops.cpl" [04/08/2004 12:56 AM C:\WINDOWS\system32\bthprops.cpl]
    "SunJavaUpdateSched "= "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [19/11/2003 05:48 PM]
    "Dell QuickSet "= "C:\Program Files\Dell\QuickSet\quickset.exe" [06/04/2006 02:58 PM]
    "IntelZeroConfig "= "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [28/12/2005 11:55 AM]
    "IntelWireless "= "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [28/12/2005 11:56 AM]
    "ATICCC "= "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [02/01/2006 05:41 PM]
    "SigmatelSysTrayApp "= "stsystra.exe" [24/03/2006 05:30 PM C:\WINDOWS\stsystra.exe]
    "SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [08/03/2006 12:48 PM]
    "ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/06/2005 09:21 AM]
    "vptray "= "C:\PROGRA~1\SYMANT~1\VPTray.exe" [23/06/2005 07:27 PM]
    "Norton Ghost 10.0 "= "C:\Program Files\Norton Ghost\Agent\GhostTray.exe" [09/09/2005 07:09 PM]
    "Device Detector "= "DevDetect.exe" []
    "NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50 AM]
    "Windows Defender "= "C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 06:20 PM]
    "Adobe Photo Downloader "= "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe" [19/06/2007 08:21 AM]
    "MMReminderService "= "C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe" [13/12/2006 11:16 PM]
    "pdfSaver3 "=" " []
    "Easy-PrintToolBox "= "C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [14/01/2004 11:10 AM]
    "LogitechVideoRepair "= "C:\Program Files\Logitech\Video\ISStart.exe" [29/08/2003 01:17 PM]
    "LogitechVideoTray "= "C:\Program Files\Logitech\Video\LogiTray.exe" [29/08/2003 01:20 PM]
    "LogitechGalleryRepair "= "C:\Program Files\Logitech\Video\ISStart.exe" [29/08/2003 01:17 PM]
    "TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/03/2008 07:46 AM]
    "StxTrayMenu "= "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe" [18/01/2007 12:20 PM]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [28/03/2008 11:37 PM]
    "iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36 AM]
    "Ulead AutoDetector v2 "= "C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [27/08/2004 07:22 PM]
    "ISUSPM Startup "= "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" []
    "ISUSScheduler "= "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" []
    "KsgUpdateRun "= "C:\Program Files\Common Files\kingsoft\KSG\client.exe" [08/06/2004 07:24 PM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE "= "C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 12:56 AM]
    "MsnMsgr "= "C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 11:54 AM]
    "MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [14/10/2004 02:24 AM]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [21/11/2007 08:32 AM]
    "pdfSaver3 "= "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe" [05/09/2004 04:20 PM]
    "PC Suite Tray "= "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [10/12/2007 09:12 AM]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Nokia.PCSync "= "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
    "DWQueuedReporting "= "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

    C:\Documents and Settings\wsong\Start Menu\Programs\Startup\
    Powerword 2005.lnk - C:\Program Files\Kingsoft\PowerWord 2005\XDICT.EXE [14/10/2004 3:46:14 PM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [24/10/2003 2:37:56 PM]
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [6/12/2007 3:52:14 PM]
    Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [18/11/2005 5:46:00 PM]
    Logo Calibration Loader.lnk - C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe [3/06/2008 7:31:54 PM]
    ProfileReminder.lnk - C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe [3/06/2008 7:31:54 PM]
    Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [3/05/2005 10:07:32 PM]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @= "Volume shadow copy "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs BthServ


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    AutoRun\command- F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
    AutoRun\command- H:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d299b0e-1e86-11dd-806b-001641767c90}]
    AutoRun\command- F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d299b0f-1e86-11dd-806b-001641767c90}]
    AutoRun\command- F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8044e5d-0b4e-11dd-8066-001641767c90}]
    AutoRun\command- H:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8044e61-0b4e-11dd-8066-001641767c90}]
    AutoRun\command- H:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8044e70-0b4e-11dd-8066-001641767c90}]
    AutoRun\command- F:\AutoRun.exe




    -- End of Deckard's System Scanner: finished at 2008-06-24 04:38:27 ------------
     
    wstanow,
    #5
  7. 2008/06/28
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Welcome to WindowsBBS wstanow :)

    My apologies for the late response. With the number of replies to this topic I thought you had already gotten some help. :eek:

    Are you still having problems? If so, please run dss again and post a fresh main.txt log.
     
    noahdfear,
    #6
  8. 2008/06/29
    wstanow

    wstanow Inactive Thread Starter

    Joined:
    2008/06/23
    Messages:
    8
    Likes Received:
    0
    Thanks Noahdfear for getting back to me on this. i have tried MBAM and seems the trojan had gone away. My only question remains do i need some sort of registry patch or fix after the virus had been removed? the reason i'm asking is because i see that users in some other posts had to do more than just a scan and clean, so i'm not sure if I need to do the same?

    Any help would be appreciated.
     
    wstanow,
    #7
  9. 2008/06/29
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    It would be a good idea to run an online scan. Please scan with Kaspersky WebScanner

    You will be promted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:
      • Extended (if available otherwise Standard)
      • Scan Options:
      • Scan Archives
        Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
      • Select My Computer
    • This will program will start and scan your system.
    • The scan will take a while so be patient and let it run.
    • Once the scan is complete it will display if your system has been infected.
      • Now click on the Save as Text button:
    • Save the file to your desktop.

    Post the Kaspersky log and a fresh dss log to this topic.
     
    noahdfear,
    #8
  10. 2008/06/30
    wstanow

    wstanow Inactive Thread Starter

    Joined:
    2008/06/23
    Messages:
    8
    Likes Received:
    0
    Thanks Noahdfear, I have done so, and I can't believe this! the online scan detected some 37 infected objects and 16 Sus and 10 Threat :(

    ============================

    Tuesday, July 1, 2008
    Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Monday, June 30, 2008 07:45:24
    Records in database: 898257

    Scan settings
    Scan using the following database extended
    Scan archives yes
    Scan mail databases yes

    Scan area My Computer
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\
    J:\

    Scan statistics
    Files scanned 569493
    Threat name 10
    Infected objects 37
    Suspicious objects 16
    Duration of the scan 13:27:15

    File name Threat name Threats count
    C:\WINDOWS\System32\msftpd.dll/C:\WINDOWS\System32\msftpd.dll Infected: Trojan.Win32.Zapchast.kl 1

    C:\Documents and Settings\wsong\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 1

    C:\Documents and Settings\wsong\Local Settings\Application Data\Microsoft\Outlook\OutlookHotmail-00000002.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 2

    C:\WINDOWS\system32\msftpd.dll Infected: Trojan.Win32.Zapchast.kl 1

    E:\Documents and Settings\wsong\Application Data\Microsoft\复件 Outlook\Default Outlook ProfileHotmail-00000006.pst Infected: Trojan.JS.Redirector.b 2

    E:\RECYCLER\S-1-5-21-1409082233-1960408961-725345543-1003\De2.pst Infected: Trojan.JS.Redirector.b 2

    E:\WSData3 - Mail Data\Outlook Mail\2 Sorted Storage - WSong.zip Infected: Trojan.BAT.FormatCU 1

    E:\WSData3 - Mail Data\Outlook Mail\3 Personal Mails.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 1

    G:\HD01_75GB\Outlook Mail\2 Sorted Storage - WSong.zip Infected: Trojan.BAT.FormatCU 1

    G:\HD01_75GB\Outlook Mail\3 Personal Mails.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 1

    G:\HD01_75GB\WSData3 - Mail Data\Outlook Mail\2 Sorted Storage - WSong.zip Infected: Trojan.BAT.FormatCU 1

    G:\HD01_75GB\WSData3 - Mail Data\Outlook Mail\3 Personal Mails.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 1

    G:\HD04_400GB W\Doc Data\FDrive\GDrive\5 My Subscriptions.pst Suspicious: Exploit.HTML.Iframe.FileDownload 4

    G:\HD04_400GB W\Doc Data\Tools\keyfinder.exe Infected: not-a-virus:pSWTool.Win32.RAS.a 2

    G:\HD04_400GB W\Doc Data\WSData3 - Mail Data\Outlook Mail\2 Sorted Storage - WSong.zip Infected: Trojan.BAT.FormatCU 1

    G:\HD04_400GB W\Doc Data\WSData3 - Mail Data\Outlook Mail\3 Personal Mails.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 1

    G:\HD06_500GB B\Old Data\Mail Data\Outlook Mail\PST Files\2 Sorted Storage - WSong.zip Infected: Trojan.BAT.FormatCU 1

    G:\HD06_500GB B\Old Data\Mail Data\Outlook Mail\PST Files\5 My Subscriptions.pst Suspicious: Exploit.HTML.Iframe.FileDownload 4

    G:\HD06_500GB B\Old Data\Mail Data\Outlook Mail\PST Files\_1_ Local Inbox - WSong.bak Suspicious: Exploit.HTML.ObjData 1

    G:\HD06_500GB B\Old Data\Mail Data\Outlook Mail\PST Files\_1_ Local Inbox - WSong.bak Infected: Exploit.HTML.CodeBaseExec 1

    G:\HD06_500GB B\Old Data\Mail Data\Outlook Mail\PST Files\_1_ Local Inbox - WSong.bak Infected: Email-Worm.Win32.Bagle.al 12

    G:\HD06_500GB B\Old Data\Mail Data\Outlook Mail\PST Files\_1_ Local Inbox - WSong.bak Infected: Trojan-Dropper.VBS.Zerolin 9

    G:\Software\Operating System & Plug ins\WinXP\WXPVOL_EN\Key Hack\keyfinder.exe Infected: not-a-virus:pSWTool.Win32.RAS.a 2
     
    wstanow,
    #9
  11. 2008/06/30
    wstanow

    wstanow Inactive Thread Starter

    Joined:
    2008/06/23
    Messages:
    8
    Likes Received:
    0
    DSS Log here:
    =============

    Deckard's System Scanner v20071014.68
    Run by wosng on 2008-07-01 09:20:46
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    System Drive C: has 3.34 GiB (less than 15%) free.


    -- HijackThis (run as wosng.exe) -----------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:21:03 AM, on 1/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Norton Ghost\Agent\GhostTray.exe
    C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe
    C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
    E:\Program Files 4C\Adobe Master\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\Common Files\kingsoft\KSG\client.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\LVComS.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Kingsoft\PowerWord 2005\XDICT.EXE
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\wsong\Desktop\Trogen Attack\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\wsong.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - E:\Program Files 4C\Adobe Master\/Adobe Contribute CS3/contributeieplugin.dll
    O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files 4C\Adobe Master\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files 4C\Adobe Master\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - E:\Program Files 4C\Adobe Master\/Adobe Contribute CS3/contributeieplugin.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe "
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe "
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe "
    O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe "
    O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "E:\Program Files 4C\Adobe Master\Acrobat 8.0\Acrobat\Acrotray.exe "
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [KsgUpdateRun] C:\Program Files\Common Files\kingsoft\KSG\client.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe "
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
    O4 - Startup: Powerword 2005.lnk = C:\Program Files\Kingsoft\PowerWord 2005\XDICT.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: Logo Calibration Loader.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe
    O4 - Global Startup: ProfileReminder.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Append to existing PDF - res://E:\Program Files 4C\Adobe Master\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\Program Files 4C\Adobe Master\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://E:\Program Files 4C\Adobe Master\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\Program Files 4C\Adobe Master\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\Program Files 4C\Adobe Master\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\Program Files 4C\Adobe Master\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://E:\Program Files 4C\Adobe Master\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://E:\Program Files 4C\Adobe Master\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\wsong\Start Menu\Programs\IMVU\Run IMVU.lnk
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154408332859
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://happyoceanxfhy.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Sym_davcni - Symantec Corporation - (no file)
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    --
    End of file - 19981 bytes

    -- Files created between 2008-06-01 and 2008-07-01 -----------------------------

    2008-06-30 09:21:53 0 d-------- C:\Program Files\Sun
    2008-06-29 07:04:08 0 d-------- C:\Program Files\Common Files\xing shared
    2008-06-27 18:49:09 0 d-------- C:\Documents and Settings\wsong\System
    2008-06-27 18:49:09 0 d-------- C:\Documents and Settings\wsong\Application Data\SmartDraw
    2008-06-27 18:42:45 0 d-------- C:\Program Files\SmartDraw 2008
    2008-06-26 15:07:14 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-06-26 14:56:08 0 d-------- C:\Program Files\Common Files\Control Panels
    2008-06-26 14:52:50 0 d-------- C:\Documents and Settings\All Users\Application Data\ALM
    2008-06-26 14:13:12 0 d-------- C:\Program Files\Bonjour
    2008-06-26 14:06:18 0 d-------- C:\Program Files\Common Files\Macrovision Shared
    2008-06-25 11:24:54 0 d-------- C:\Documents and Settings\wsong\Application Data\GlobalSCAPE
    2008-06-25 11:23:30 0 d-------- C:\Program Files\GlobalSCAPE
    2008-06-24 03:59:08 0 d-------- C:\Documents and Settings\wsong\Application Data\Malwarebytes
    2008-06-24 03:59:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-06-24 03:59:05 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-24 03:34:15 0 d-------- C:\Program Files\Trend Micro
    2008-06-24 02:02:50 0 d-------- C:\Program Files\SmartFTP Client 3.0 Setup Files
    2008-06-22 11:30:16 0 d-------- C:\Documents and Settings\wsong\Application Data\Sonic
    2008-06-19 18:31:34 0 d-------- C:\Program Files\FDCSIK
    2008-06-19 18:31:33 0 d-------- C:\Program Files\BigPond
    2008-06-14 20:38:50 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
    2008-06-14 20:38:37 0 d-------- C:\Program Files\Sonic
    2008-06-06 00:30:23 0 d-------- C:\WINDOWS\system32\windows media
    2008-06-06 00:30:15 0 d-------- C:\WINDOWS\RegisteredPackages
    2008-06-06 00:30:13 0 d--h----- C:\WINDOWS\msdownld.tmp
    2008-06-06 00:30:07 0 d-------- C:\Program Files\Windows Media Components
    2008-06-06 00:29:22 0 d-------- C:\Documents and Settings\wsong\Application Data\Ulead Systems
    2008-06-06 00:26:48 0 d-------- C:\Program Files\Ulead Systems
    2008-06-06 00:26:45 0 d-------- C:\Program Files\Common Files\Ulead Systems
    2008-06-06 00:26:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
    2008-06-03 20:00:02 0 d-------- C:\Documents and Settings\wsong\Application Data\GretagMacbeth
    2008-06-03 19:32:37 14416 --a------ C:\WINDOWS\system32\drivers\pdihwctl.sys <Not Verified; Portrait Displays, Inc.; PdiHwCtl>
    2008-06-03 19:32:36 28672 --a------ C:\WINDOWS\system32\drivers\i1io2.sys <Not Verified; Thesycon GmbH, Germany; Universal USB Device Driver>
    2008-06-03 19:32:36 26045 --a------ C:\WINDOWS\system32\drivers\i1.sys <Not Verified; GretagMacbeth; Minilino / SpectroMat USB Driver>
    2008-06-03 19:32:36 44344 --a------ C:\WINDOWS\system32\drivers\EyeOneDp.sys
    2008-06-03 19:32:36 126976 --a------ C:\WINDOWS\system32\drivers\direci2c.dll <Not Verified; Portrait Displays, Inc.; >
    2008-06-03 19:31:44 0 d-------- C:\Program Files\GretagMacbeth


    -- Find3M Report ---------------------------------------------------------------

    2008-07-01 09:20:38 0 d-------- C:\Documents and Settings\wsong\Application Data\StumbleUpon
    2008-06-30 18:58:49 0 d-------- C:\Documents and Settings\wsong\Application Data\IMVU
    2008-06-30 18:26:46 0 d-------- C:\Program Files\Symantec AntiVirus
    2008-06-30 09:21:38 0 d-------- C:\Program Files\Java
    2008-06-29 07:04:08 0 d-------- C:\Program Files\Common Files
    2008-06-29 07:03:58 0 d-------- C:\Program Files\Common Files\Real
    2008-06-27 19:05:28 0 d-------- C:\Program Files\FlashGet
    2008-06-27 02:44:15 0 d-------- C:\Documents and Settings\wsong\Application Data\Adobe
    2008-06-26 14:55:45 0 d-------- C:\Program Files\Common Files\Adobe
    2008-06-25 11:23:30 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-06-24 02:10:46 0 d-------- C:\Program Files\SmartFTP Client
    2008-06-22 12:16:09 0 d-------- C:\Program Files\IMVU
    2008-06-19 18:31:38 0 d-------- C:\Program Files\DIFX
    2008-06-06 00:26:41 0 d-------- C:\Program Files\Common Files\InstallShield
    2008-05-29 09:35:13 0 d-------- C:\Documents and Settings\wsong\Application Data\AdobeUM


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1 "= "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [03/08/2004 10:32 PM]
    "PHIME2002ASync "= "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [31/03/2003 10:00 PM]
    "PHIME2002A "= "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [31/03/2003 10:00 PM]
    "BluetoothAuthenticationAgent "= "bthprops.cpl" [04/08/2004 12:56 AM C:\WINDOWS\system32\bthprops.cpl]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25/03/2008 04:28 AM]
    "Dell QuickSet "= "C:\Program Files\Dell\QuickSet\quickset.exe" [06/04/2006 02:58 PM]
    "IntelZeroConfig "= "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [28/12/2005 11:55 AM]
    "IntelWireless "= "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [28/12/2005 11:56 AM]
    "ATICCC "= "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [02/01/2006 05:41 PM]
    "SigmatelSysTrayApp "= "stsystra.exe" [24/03/2006 05:30 PM C:\WINDOWS\stsystra.exe]
    "SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [08/03/2006 12:48 PM]
    "ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/06/2005 09:21 AM]
    "vptray "= "C:\PROGRA~1\SYMANT~1\VPTray.exe" [23/06/2005 07:27 PM]
    "Norton Ghost 10.0 "= "C:\Program Files\Norton Ghost\Agent\GhostTray.exe" [09/09/2005 07:09 PM]
    "Device Detector "= "DevDetect.exe" []
    "NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50 AM]
    "Windows Defender "= "C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 06:20 PM]
    "Adobe Photo Downloader "= "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe" [19/06/2007 08:21 AM]
    "MMReminderService "= "C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe" [13/12/2006 11:16 PM]
    "pdfSaver3 "=" " []
    "Easy-PrintToolBox "= "C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [14/01/2004 11:10 AM]
    "LogitechVideoRepair "= "C:\Program Files\Logitech\Video\ISStart.exe" [29/08/2003 01:17 PM]
    "LogitechVideoTray "= "C:\Program Files\Logitech\Video\LogiTray.exe" [29/08/2003 01:20 PM]
    "LogitechGalleryRepair "= "C:\Program Files\Logitech\Video\ISStart.exe" [29/08/2003 01:17 PM]
    "StxTrayMenu "= "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe" [18/01/2007 12:20 PM]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [28/03/2008 11:37 PM]
    "iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36 AM]
    "Ulead AutoDetector v2 "= "C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [27/08/2004 07:22 PM]
    "ISUSPM Startup "= "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" []
    "ISUSScheduler "= "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" []
    "Acrobat Assistant 8.0 "= "E:\Program Files 4C\Adobe Master\Acrobat 8.0\Acrobat\Acrotray.exe" [10/05/2007 10:46 PM]
    "@ "=" " []
    "TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [29/06/2008 07:03 AM]
    "KsgUpdateRun "= "C:\Program Files\Common Files\kingsoft\KSG\client.exe" [08/06/2004 07:24 PM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE "= "C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 12:56 AM]
    "MsnMsgr "= "C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 11:54 AM]
    "MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [14/10/2004 02:24 AM]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [21/11/2007 08:32 AM]
    "pdfSaver3 "= "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe" [05/09/2004 04:20 PM]
    "PC Suite Tray "= "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [10/12/2007 09:12 AM]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Nokia.PCSync "= "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
    "DWQueuedReporting "= "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

    C:\Documents and Settings\wsong\Start Menu\Programs\Startup\
    IMVU.lnk - C:\Program Files\IMVU\IMVUClient.exe [21/06/2008 4:28:00 AM]
    Powerword 2005.lnk - C:\Program Files\Kingsoft\PowerWord 2005\XDICT.EXE [14/10/2004 3:46:14 PM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [6/12/2007 3:52:14 PM]
    Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [18/11/2005 5:46:00 PM]
    Logo Calibration Loader.lnk - C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe [3/06/2008 7:31:54 PM]
    ProfileReminder.lnk - C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe [3/06/2008 7:31:54 PM]
    Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [3/05/2005 10:07:32 PM]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @= "Volume shadow copy "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs BthServ


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    AutoRun\command- F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
    AutoRun\command- H:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d299b0e-1e86-11dd-806b-001641767c90}]
    AutoRun\command- F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d299b0f-1e86-11dd-806b-001641767c90}]
    AutoRun\command- F:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8044e5d-0b4e-11dd-8066-001641767c90}]
    AutoRun\command- H:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8044e61-0b4e-11dd-8066-001641767c90}]
    AutoRun\command- H:\AutoRun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8044e70-0b4e-11dd-8066-001641767c90}]
    AutoRun\command- F:\AutoRun.exe

    *Newly Created Service* - VPROEVENTMONITOR



    -- End of Deckard's System Scanner: finished at 2008-07-01 09:21:31 ------------
     
    wstanow,
    #10
  12. 2008/07/01
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Delete the following file.

    C:\WINDOWS\system32\msftpd.dll


    What is the following tool?

    WinXP\WXPVOL_EN\Key Hack\keyfinder.exe

    You've got a number of infected emails in Outlook and Outlook backups, however the scan did not identify which emails. Lets see if Panda picks up on them and gives any more detail. Please go HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC now button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Select the appropriate Yes or No to receiving marketing information
    • Click the Free Online Scan button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
    Post the contents of the ActiveScan report.
     
    noahdfear,
    #11

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...