Solved Hijackthis log + Virus info.

[Resolved] Hijackthis log + Virus info.

Im having very similar problems to snookie28.

I have some sort of virus,trojan,worm that is driving me crazy. I've tried so many things and if this doesnt work im going to have to format. Anyways here are the symptoms im getting followed by the Hijackthis log.

-Computer freezes apart from mouse after being on for about 20 mins or so (nothing is clickable), and if I dont close a bunch of my processes the machine will freeze up within a minute of windows loading.
-As soon as I open IE the computer will freeze (same way as above)
-Using Firefox I can connect to websites but it is extremelow slow
-When I click a google link I get redirected to some advertising site (usually medicine at a low low price
-Cant download anything booting in normal mode (this includes updates for virus scanners)
-When I try clicking on any link to do with getting rid of a virus on Firefox I get blocked from viewing the site
-I get the blue screen of death (In safe mode aswell)

That's about all I can think of at the moment, anyways here is the log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:14 PM, on 29/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\Iexplore.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSIEPlugin - {4B0FAF5A-67C4-4625-AE07-B0DBADA16EBF} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R350 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJP.EXE /P30 "EPSON Stylus Photo R350 Series" /O6 "USB001" /M "Stylus Photo R350 "
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [InternodeUsage] C:\PROGRA~1\INTERN~2\mum.exe
O4 - HKCU\..\Run: [ManyCam] "C:\Program Files\ManyCam 2.3\ManyCam.exe "
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02...s/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7677 bytes



ADDITIONAL INFO: Avast picked up a trojan described as win32 Tibs-EJA: lphcropj0e769.exe

I moved and renamed it but my deskstop still freezes.

Any help would be much appreciated. Thanks.

 

Hi GFitz
Welcome to Windowsbbs.

Lets try this. If it downloads please boot to normal windows and try running it, if that dosen't work try running it in safe mode.

1. Click noahdfear's Rename ComboFix.
2. If it launches a file download dialog for download_file.exe from noahdfear.net, click Run.
3. download_file.vbs file should appear on the desktop, and shortly there-after a renamed copy of ComboFix.
4. Please note that the vbs file is recognized by some security programs as a Trojan-Downloader.JS and may try to block it. I assure you, the file is safe. So please allow it.
5. If successful, double click the renamed ComboFix and follow the prompts.

Please post the log it produces.

Thanks
Geri

 

Thanks for the welcome

I ran that program as you said and once the load bar finishes it says "combofix has detected rootkit activity and needs to reboot the system! "... once i reboot nothing happens. i suspect the program is getting blocked at startup because i see something flash up on the screen really quickly then vanish before i can even see what it is... hope this is useful info.

 

Hi
Please look and see if CF left a log. It would be located here.
C:\combofix.txt <this may be a little different name because it was renamed.

If it is there please open it and post the contents of the log here

Geri

 

Hi again. the only new thing that was in there was a txt doc named bug.txt...




does this look about right?

 

Hi
No.
OK lets make sure you have done everything correctly.
When you clicked on that link and downloaded the download_file.exe did you save it or click Run?

If you clicked run a red round icon should have been put on your desktop called Fombocix.exe

If you saved it then a small box with what looks like books should have been downloaded, this need to be on your desktop (download_file.exe).

Please tell me which it was.

Thanks

 

Alright so when i clicked the link off that site you provided, i had to save as because there was no run option. once it was saved on my desktop i double clicked it, i chose run, it put a file on my desktop named "download file" with a scroll on a document for the icon, shortly after a file named FomboCix appeared on my desktop. i double clicked the file, it loaded, shortly after it had loaded a message came up saying "combofix has detected rootkit activity and needs to reboot the system!" all i could do was press ok and the system rebooted. after windows had loaded nothing else came up so i dont know if ive done anything wrong or if the virus or whatever it is has just really owned me good n proper :/

 

OK

OK more then likely this...virus or whatever it is has just really owned me good n proper

I will contact noahdfear on this.

see if you can download and run this. if so please post the logs.

• Download RSIT by random/random and save it to your desktop.
• Double click RSIT.exe to start the tool and click Continue at the disclaimer.
• When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
• Please post the contents of both logs here in your next reply.

Let me know.
Geri

 

here are the 2 logs.

info.txt logfile of random's system information tool 2008-09-01 01:38:35

Uninstall list

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acoustica MP3 To Wave Converter PLUS-->C:\PROGRA~1\ACOUST~1\UNWISE.EXE C:\PROGRA~1\ACOUST~1\INSTALL.LOG
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AoA DVD Ripper--> "C:\Program Files\AoA DVD Ripper\unins000.exe "
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll ",RunSetup
Bulent's Screen Recorder 3-->C:\Program Files\Bulent's Screen Recorder\Uninstall Screen Recorder 3.exe
CCleaner (remove only)--> "C:\Program Files\CCleaner\uninst.exe "
ConvertXtoDVD 2.1.5.173--> "C:\Program Files\vso\ConvertXtoDVD\unins000.exe "
Counter-Strike: Source--> "C:\Program Files\Steam\steam.exe" steam://uninstall/240
Counter-Strike--> "C:\Program Files\Steam\steam.exe" steam://uninstall/10
Day of Defeat--> "C:\Program Files\Steam\steam.exe" steam://uninstall/30
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only)--> "C:\Program Files\DVD Decrypter\uninstall.exe "
DVD Shrink 3.2--> "C:\Program Files\DVD Shrink\unins000.exe "
EPSON Attach To Email-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27F650A9-6FAB-41C8-8621-92FF0118B0C4}\SETUP.EXE" -l0x9 UNINST
EPSON File Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x9 UNINST
EPSON Print CD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\SETUP.EXE" -l0x9 -SYSTEM
EPSON PRINT Image Framer Tool-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD04987D-96A6-4FE1-813B-82B77B8B809C}\SETUP.EXE" -l0x9 anything
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x9 -anything
ESPR350 User's Guide-->C:\Program Files\EPSON\TPMANUAL\ESPR350\USE_G\DOCUNINS.EXE
GIGABYTE VGA Utility Manager-->C:\WINDOWS\IsUninst.exe -f "C:\Program Files\GigaByte\VGA Utility Manager\Uninst.isu "
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll "
High Definition Audio Driver Package - KB888111-->C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HijackThis 2.0.2--> "C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hitman Pro--> "C:\Program Files\Hitman Pro\unins000.exe "
Hotfix for Windows Media Format 11 SDK (KB929399)--> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe "
Hotfix for Windows Media Player 11 (KB939683)--> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe "
Hotfix for Windows XP (KB915865)--> "C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe "
Hotfix for Windows XP (KB926239)--> "C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe "
Hotfix for Windows XP (KB929120)--> "C:\WINDOWS\$NtUninstallKB929120$\spuninst\spuninst.exe "
Hotfix for Windows XP (KB952287)--> "C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe "
Internode Monthly Usage Meter 7.1m--> "C:\Program Files\Internode\unins000.exe "
J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
JRAID-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9 -removeonly
LimeWire 4.16.3--> "C:\Program Files\LimeWire\uninstall.exe "
ManyCam 2.3 (remove only)--> "C:\Program Files\ManyCam 2.3\uninstall.exe "
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP--> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe "
Microsoft Internationalized Domain Names Mitigation APIs--> "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe "
Microsoft National Language Support Downlevel APIs--> "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe "
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.5--> "C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe "
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC--> "C:\Program Files\mIRC\mirc.exe" -uninstall
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 7 Ultra Edition-->MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}
Nokia Connectivity Cable Driver-->MsiExec.exe /X{98F837F9-A1B4-4155-AABC-4C80637165B5}
Nokia PC Suite-->MsiExec.exe /I{68E9B173-BC4D-4FFF-812D-32D79BE370AD}
n-Track Studio 5-->MsiExec.exe /I{D0D6AF0F-A943-4295-9A49-B25A2B807C63}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA WDM Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B023185F-F1EF-4F97-B0BD-AE6D802226D1}\setup.exe"
PC Connectivity Solution-->MsiExec.exe /I{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8}
PIF DESIGNER-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B90450DF-E781-46FD-B1F1-0C86DA40E443}\SETUP.EXE" -l0x9 anything
ratDVD 0.78.1444-->C:\Program Files\ratDVD\uninst.exe
Security Update for Windows Internet Explorer 7 (KB938127)--> "C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB950759)--> "C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB953838)--> "C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe "
Security Update for Windows Media Player (KB911564)--> "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe "
Security Update for Windows Media Player 11 (KB936782)--> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe "
Security Update for Windows Media Player 6.4 (KB925398)--> "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe "
Security Update for Windows Media Player 9 (KB917734)--> "C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe "
Security Update for Windows XP (KB893756)--> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe "
Security Update for Windows XP (KB896358)--> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe "
Security Update for Windows XP (KB896423)--> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe "
Security Update for Windows XP (KB896424)--> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe "
Security Update for Windows XP (KB896428)--> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe "
Security Update for Windows XP (KB899587)--> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe "
Security Update for Windows XP (KB899591)--> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe "
Security Update for Windows XP (KB900725)--> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe "
Security Update for Windows XP (KB901017)--> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe "
Security Update for Windows XP (KB901214)--> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe "
Security Update for Windows XP (KB902400)--> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe "
Security Update for Windows XP (KB904706)--> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe "
Security Update for Windows XP (KB905414)--> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe "
Security Update for Windows XP (KB905749)--> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe "
Security Update for Windows XP (KB908519)--> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe "
Security Update for Windows XP (KB911562)--> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe "
Security Update for Windows XP (KB911567)--> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe "
Security Update for Windows XP (KB911927)--> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe "
Security Update for Windows XP (KB912919)--> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe "
Security Update for Windows XP (KB913580)--> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe "
Security Update for Windows XP (KB914388)--> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe "
Security Update for Windows XP (KB914389)--> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe "
Security Update for Windows XP (KB917344)--> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe "
Security Update for Windows XP (KB917422)--> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe "
Security Update for Windows XP (KB917953)--> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe "
Security Update for Windows XP (KB918118)--> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe "
Security Update for Windows XP (KB918439)--> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe "
Security Update for Windows XP (KB919007)--> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe "
Security Update for Windows XP (KB920213)--> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe "
Security Update for Windows XP (KB920214)--> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe "
Security Update for Windows XP (KB920670)--> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe "
Security Update for Windows XP (KB920683)--> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe "
Security Update for Windows XP (KB920685)--> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe "
Security Update for Windows XP (KB921398)--> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe "
Security Update for Windows XP (KB921503)--> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe "
Security Update for Windows XP (KB922616)--> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe "
Security Update for Windows XP (KB922760)--> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe "
Security Update for Windows XP (KB922819)--> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe "
Security Update for Windows XP (KB923191)--> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe "
Security Update for Windows XP (KB923414)--> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe "
Security Update for Windows XP (KB923689)--> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe "
Security Update for Windows XP (KB923694)--> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe "
Security Update for Windows XP (KB923980)--> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe "
Security Update for Windows XP (KB924191)--> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe "
Security Update for Windows XP (KB924270)--> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe "
Security Update for Windows XP (KB924496)--> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe "
Security Update for Windows XP (KB924667)--> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe "
Security Update for Windows XP (KB925454)--> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe "
Security Update for Windows XP (KB925486)--> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe "
Security Update for Windows XP (KB925902)--> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe "
Security Update for Windows XP (KB926255)--> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe "
Security Update for Windows XP (KB926436)--> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe "
Security Update for Windows XP (KB927779)--> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe "
Security Update for Windows XP (KB927802)--> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe "
Security Update for Windows XP (KB928090)--> "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe "
Security Update for Windows XP (KB928255)--> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe "
Security Update for Windows XP (KB928843)--> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe "
Security Update for Windows XP (KB929123)--> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe "
Security Update for Windows XP (KB929969)--> "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe "
Security Update for Windows XP (KB930178)--> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe "
Security Update for Windows XP (KB931261)--> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe "
Security Update for Windows XP (KB931768)--> "C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe "
Security Update for Windows XP (KB931784)--> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe "
Security Update for Windows XP (KB932168)--> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe "
Security Update for Windows XP (KB933566)--> "C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe "
Security Update for Windows XP (KB933729)--> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe "
Security Update for Windows XP (KB935839)--> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe "
Security Update for Windows XP (KB935840)--> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe "
Security Update for Windows XP (KB936021)--> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe "
Security Update for Windows XP (KB937143)--> "C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe "
Security Update for Windows XP (KB937894)--> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe "
Security Update for Windows XP (KB938127)--> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe "
Security Update for Windows XP (KB938829)--> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe "
Security Update for Windows XP (KB939653)--> "C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe "
Security Update for Windows XP (KB941202)--> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe "
Security Update for Windows XP (KB941568)--> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe "
Security Update for Windows XP (KB941569)--> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe "
Security Update for Windows XP (KB941644)--> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe "
Security Update for Windows XP (KB941693)--> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe "
Security Update for Windows XP (KB942615)--> "C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe "
Security Update for Windows XP (KB943055)--> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe "
Security Update for Windows XP (KB943460)--> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe "
Security Update for Windows XP (KB943485)--> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe "
Security Update for Windows XP (KB944338)--> "C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe "
Security Update for Windows XP (KB944533)--> "C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe "
Security Update for Windows XP (KB944653)--> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe "
Security Update for Windows XP (KB945553)--> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe "
Security Update for Windows XP (KB946026)--> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe "
Security Update for Windows XP (KB946648)--> "C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe "
Security Update for Windows XP (KB947864)--> "C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe "
Security Update for Windows XP (KB948590)--> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe "
Security Update for Windows XP (KB948881)--> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950749)--> "C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950760)--> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950762)--> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950974)--> "C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951066)--> "C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951376)--> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951376-v2)--> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951698)--> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951748)--> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe "
Security Update for Windows XP (KB952954)--> "C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe "
Security Update for Windows XP (KB953839)--> "C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe "
Skype 3.1--> "C:\Program Files\Skype\Phone\unins000.exe "
Skype Plugin Manager-->MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" -l0x9 -removeonly
Spybot - Search & Destroy--> "C:\Program Files\Spybot - Search & Destroy\unins001.exe "
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Team Fortress 2--> "C:\Program Files\Steam\steam.exe" steam://uninstall/440
Team Fortress Classic--> "C:\Program Files\Steam\steam.exe" steam://uninstall/20
Update for Windows XP (KB894391)--> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe "
Update for Windows XP (KB898461)--> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe "
Update for Windows XP (KB900485)--> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe "
Update for Windows XP (KB908531)--> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe "
Update for Windows XP (KB910437)--> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe "
Update for Windows XP (KB911280)--> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe "
Update for Windows XP (KB916595)--> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe "
Update for Windows XP (KB920872)--> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe "
Update for Windows XP (KB922582)--> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe "
Update for Windows XP (KB927891)--> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe "
Update for Windows XP (KB929338)--> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe "
Update for Windows XP (KB930916)--> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe "
Update for Windows XP (KB931836)--> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe "
Update for Windows XP (KB932823-v3)--> "C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe "
Update for Windows XP (KB933360)--> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe "
Update for Windows XP (KB936357)--> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe "
Update for Windows XP (KB938828)--> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe "
Update for Windows XP (KB942763)--> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe "
Update for Windows XP (KB942840)--> "C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe "
Update for Windows XP (KB946627)--> "C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe "
Update for Windows XP (KB951072-v2)--> "C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe "
Urban Terror 4.1--> "C:\Program Files\UrbanTerror\unins000.exe "
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoLAN VLC media player 0.8.6a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VIMICRO USB PC Camera V-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AD824A5-1CCC-4BB7-82C9-E6FB25CC0479}\setup.exe" -l0x9
Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_6B630EE2E66584353C6CD8683D447072872F34D8\pccswpddriver.inf
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567\nokbtmdm.inf
Windows Installer 3.1 (KB893803)--> "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe "
Windows Internet Explorer 7--> "C:\WINDOWS\ie7\spuninst\spuninst.exe "
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll ",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime--> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime--> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe "
Windows Media Player 11--> "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11--> "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe "
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859--> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe "
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
XviD 1.1 final uninstall--> "C:\Program Files\XviD\unins000.exe "

Hosts File

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

Security center information

AV: avast! antivirus 4.8.1229 [VPS 080830-0]

Environment variables

"ComSpec "=%SystemRoot%\system32\cmd.exe
"Path "=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir "=%SystemRoot%
"FP_NO_HOST_CHECK "=NO
"OS "=Windows_NT
"PROCESSOR_ARCHITECTURE "=x86
"PROCESSOR_LEVEL "=15
"PROCESSOR_IDENTIFIER "=x86 Family 15 Model 6 Stepping 5, GenuineIntel
"PROCESSOR_REVISION "=0605
"NUMBER_OF_PROCESSORS "=2
"PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP "=%SystemRoot%\TEMP
"TMP "=%SystemRoot%\TEMP

-----------------EOF-----------------

 

Logfile of random's system information tool (written by random/random)
Run by owner at 2008-09-01 01:38:15
Microsoft Windows XP Professional Service Pack 2
System drive C: has 77 GB (32%) free of 238 GB
Total RAM: 2047 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:38:33 AM, on 1/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\WINDOWS\VM305_STI.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJP.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\program files\steam\steam.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\PROGRA~1\INTERN~2\mum.exe
C:\Program Files\ManyCam 2.3\ManyCam.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\owner\Desktop\RSIT.exe
C:\Program Files\trend micro\owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSIEPlugin - {4B0FAF5A-67C4-4625-AE07-B0DBADA16EBF} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R350 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJP.EXE /P30 "EPSON Stylus Photo R350 Series" /O6 "USB001" /M "Stylus Photo R350 "
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [InternodeUsage] C:\PROGRA~1\INTERN~2\mum.exe
O4 - HKCU\..\Run: [ManyCam] "C:\Program Files\ManyCam 2.3\ManyCam.exe "
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8761 bytes

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B0FAF5A-67C4-4625-AE07-B0DBADA16EBF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-08-14 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-05-26 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-06-29 734704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-05-26 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP "=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-05-01 843776]
"SoundMAX "=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-04-10 729088]
"JMB36X Configure "=C:\WINDOWS\system32\JMRaidTool.exe [2006-06-02 385024]
"NvCplDaemon "=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"NeroFilterCheck "=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"VGAUtil "=C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe [2006-06-21 544768]
"BigDog305 "=C:\WINDOWS\VM305_STI.EXE [2005-08-05 61440]
"SunJavaUpdateSched "=C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe [2005-04-13 36975]
"EPSON Stylus Photo R350 Series "=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJP.EXE [2005-05-12 98304]
"PCSuiteTrayApplication "=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-01-23 223232]
"QuickTime Task "=C:\Program Files\QuickTime\qttask.exe [2007-11-21 286720]
"NvMediaCenter "=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"nwiz "=C:\WINDOWS\system32\nwiz.exe [2008-05-16 1630208]
"avast! "=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-20 78008]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"MsnMsgr "=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"Steam "=c:\program files\steam\steam.exe [2008-04-14 1271032]
"DAEMON Tools Lite "=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-03-21 486856]
"swg "=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-06-29 68856]
"InternodeUsage "=C:\PROGRA~1\INTERN~2\mum.exe [2008-06-04 1339392]
"ManyCam "=C:\Program Files\ManyCam 2.3\ManyCam.exe [2008-08-08 1725736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2007-03-30 25263144]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage "=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\Gigabyte\VGA Utility Manager\G-VGA.exe "= "C:\Program Files\Gigabyte\VGA Utility Manager\G-VGA.exe:*:Enabled:Menu "
"C:\WINDOWS\system32\dpvsetup.exe "= "C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test "
"C:\WINDOWS\system32\rundll32.exe "= "C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App "
"C:\Program Files\Steam\steamapps\triple-a\counter-strike\hl.exe "= "C:\Program Files\Steam\steamapps\triple-a\counter-strike\hl.exe:*:Enabled:Half-Life Launcher "
"C:\Documents and Settings\owner\Desktop\utorrent.exe "= "C:\Documents and Settings\owner\Desktop\utorrent.exe:*:Enabled:µTorrent "
"C:\Program Files\mIRC\mirc.exe "= "C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC "
"C:\StubInstaller.exe "= "C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer "
"C:\Program Files\LimeWire\LimeWire.exe "= "C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire "
"C:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe "= "C:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
"C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe "= "C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader "
"C:\Program Files\World of Warcraft\WoW-2.0.3-enUS-downloader.exe "= "C:\Program Files\World of Warcraft\WoW-2.0.3-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
"C:\Program Files\World of Warcraft\WoW-2.0.3.6299-to-2.0.10.6448-enUS-downloader.exe "= "C:\Program Files\World of Warcraft\WoW-2.0.3.6299-to-2.0.10.6448-enUS-downloader.exe:*:Enabled:Blizzard Downloader "
"C:\WINDOWS\system32\rtcshare.exe "= "C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing "
"C:\Program Files\NetMeeting\conf.exe "= "C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® "
"C:\Program Files\Steam\steamapps\triple-a\counter-strike source\hl2.exe "= "C:\Program Files\Steam\steamapps\triple-a\counter-strike source\hl2.exe:*:Enabled:hl2 "
"C:\Program Files\Steam\steamapps\triple-a\team fortress classic\hl.exe "= "C:\Program Files\Steam\steamapps\triple-a\team fortress classic\hl.exe:*:Enabled:Half-Life Launcher "
"C:\Program Files\Steam\Steam.exe "= "C:\Program Files\Steam\Steam.exe:*:Enabled:Steam "
"C:\Program Files\Steam\steamapps\triple-a\day of defeat\hl.exe "= "C:\Program Files\Steam\steamapps\triple-a\day of defeat\hl.exe:*:Enabled:Half-Life Launcher "
"C:\Program Files\Steam\steamapps\bravonyx\counter-strike\hl.exe "= "C:\Program Files\Steam\steamapps\bravonyx\counter-strike\hl.exe:*:Enabled:Half-Life Launcher "
"C:\Program Files\Steam\steamapps\triple-a\half-life\hl.exe "= "C:\Program Files\Steam\steamapps\triple-a\half-life\hl.exe:*:Enabled:Half-Life Launcher "
"C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe "= "C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) "
"C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe "= "C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) "
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe "= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger "
"C:\Program Files\Windows Live\Messenger\livecall.exe "= "C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) "
"C:\Program Files\UrbanTerror\ioUrbanTerror.exe "= "C:\Program Files\UrbanTerror\ioUrbanTerror.exe:*:Enabled:ioUrbanTerror "
"C:\Program Files\Skype\Phone\Skype.exe "= "C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Program Files\Steam\steamapps\bravonyx\team fortress 2\hl2.exe "= "C:\Program Files\Steam\steamapps\bravonyx\team fortress 2\hl2.exe:*:Enabled:hl2 "
"C:\Program Files\Network Associates\Common Framework\FrameworkService.exe "= "C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*isabled:Framework Service "
"C:\Program Files\Steam\steamapps\bravonyx\counter-strike source\hl2.exe "= "C:\Program Files\Steam\steamapps\bravonyx\counter-strike source\hl2.exe:*:Enabled:hl2 "
"C:\WINDOWS\system32\drivers\svchost.exe "= "C:\WINDOWS\system32\drivers\svchost.exe:*:Enabled:svchost "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe "= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger "
"C:\Program Files\Windows Live\Messenger\livecall.exe "= "C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) "

List of files/folders created in the last three months

2008-09-01 01:38:15 ----D---- C:\rsit
2008-08-31 16:14:37 ----A---- C:\WINDOWS\ntbtlog.txt
2008-08-31 16:03:06 ----A---- C:\Bug.txt
2008-08-29 23:50:08 ----D---- C:\Program Files\Trend Micro
2008-08-29 22:54:39 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-08-29 19:41:21 ----SHD---- C:\WINDOWS\CSC
2008-08-29 01:03:21 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-28 02:11:55 ----D---- C:\WINDOWS\system32\GroupPolicy
2008-08-28 02:11:48 ----D---- C:\Program Files\Hitman Pro
2008-08-28 00:11:29 ----D---- C:\WINDOWS\pss
2008-08-27 19:33:58 ----D---- C:\Program Files\CCleaner
2008-08-27 17:19:49 ----D---- C:\Program Files\Alwil Software
2008-08-26 22:01:46 ----D---- C:\WINDOWS\Virtual Villagers - The Secret City
2008-08-16 18:04:29 ----D---- C:\Program Files\ManyCam 2.3
2008-08-16 02:37:47 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-16 02:37:40 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-16 02:37:35 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-16 02:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-16 02:37:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-16 02:37:14 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-16 02:36:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-09 12:54:06 ----D---- C:\Program Files\Windows Live Safety Center
2008-07-27 22:04:29 ----D---- C:\WINDOWS\NV29522956.TMP
2008-07-27 21:44:00 ----D---- C:\WINDOWS\NV1980788.TMP
2008-07-10 03:01:18 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-06-28 16:24:09 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-26 03:04:27 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-06-26 03:03:47 ----D---- C:\Documents and Settings\All Users\Application Data\uPlayMe
2008-06-26 03:03:23 ----D---- C:\Program Files\ManyCam 2.2
2008-06-21 14:59:14 ----D---- C:\vcs5BGEffects
2008-06-21 03:01:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-06-19 23:26:55 ----D---- C:\Documents and Settings\owner\Application Data\Internode
2008-06-19 23:26:53 ----D---- C:\Program Files\Internode
2008-06-19 03:01:25 ----D---- C:\WINDOWS\ie7updates
2008-06-19 03:01:17 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2008-06-18 17:08:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-06-18 17:08:33 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-06-18 17:08:28 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-06-18 17:08:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-06-18 16:53:28 ----D---- C:\Program Files\UrbanTerror
2008-06-18 15:22:24 ----D---- C:\WINDOWS\WBEM
2008-06-18 15:22:21 ----D---- C:\WINDOWS\system32\en-US
2008-06-18 15:21:14 ----HDC---- C:\WINDOWS\ie7
2008-06-18 15:21:04 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-06-18 15:20:39 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-06-18 15:20:10 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-06-18 15:19:49 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-06-18 14:55:37 ----A---- C:\WINDOWS\system32\nvcodins.dll
2008-06-18 14:55:37 ----A---- C:\WINDOWS\system32\nvcod.dll
2008-06-18 14:55:34 ----A---- C:\WINDOWS\system32\nvwssr.dll
2008-06-18 14:55:32 ----A---- C:\WINDOWS\system32\nvwss.dll
2008-06-18 14:55:27 ----A---- C:\WINDOWS\system32\nvvitvsr.dll
2008-06-18 14:55:21 ----A---- C:\WINDOWS\system32\nvvitvs.dll
2008-06-18 14:55:18 ----A---- C:\WINDOWS\system32\nvmoblsr.dll
2008-06-18 14:55:16 ----A---- C:\WINDOWS\system32\nvmobls.dll
2008-06-18 14:55:15 ----A---- C:\WINDOWS\system32\nvmccssr.dll
2008-06-18 14:55:14 ----A---- C:\WINDOWS\system32\nvmccss.dll
2008-06-18 14:55:10 ----A---- C:\WINDOWS\system32\nvgamesr.dll
2008-06-18 14:55:04 ----A---- C:\WINDOWS\system32\nvgames.dll
2008-06-18 14:54:54 ----A---- C:\WINDOWS\system32\nvdispsr.dll
2008-06-18 14:54:47 ----A---- C:\WINDOWS\system32\nvdisps.dll
2008-06-18 14:54:46 ----A---- C:\WINDOWS\system32\nvwddi.dll
2008-06-18 14:54:46 ----A---- C:\WINDOWS\system32\nvnt4cpl.dll
2008-06-18 14:54:46 ----A---- C:\WINDOWS\system32\nvmccs.dll
2008-06-18 14:54:45 ----A---- C:\WINDOWS\system32\nvmctray.dll
2008-06-18 14:54:34 ----A---- C:\WINDOWS\system32\nvcpl.dll
2008-06-18 14:54:27 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2008-06-18 14:54:26 ----A---- C:\WINDOWS\system32\nvapi.dll
2008-06-18 14:54:25 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2008-06-18 14:54:25 ----A---- C:\WINDOWS\system32\nvhwvid.dll
2008-06-18 14:54:18 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2008-06-08 21:55:05 ----D---- C:\Documents and Settings\owner\Application Data\Microsoft Games

List of drivers

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-20 26944]
R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2002-07-17 16877]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-20 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-20 42912]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.1.6.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-11-20 17119]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-20 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-20 94416]
R2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS\system32\DRIVERS\nvcap.sys [2005-01-31 141246]
R2 NVXBAR;nVidia WDM A/V Crossbar; C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2005-01-31 16176]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-05-03 229376]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-04-27 93824]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-20 23152]
R3 GVTDrv;GVTDrv; \??\C:\WINDOWS\system32\Drivers\GVTDrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-10-27 138240]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-01-20 47360]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-07-27 83712]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-18 392960]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 a12jffpk;a12jffpk; C:\WINDOWS\system32\drivers\a12jffpk.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\owner\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2003-09-29 83008]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 Nokia USB Generic;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2006-10-10 9216]
S3 Nokia USB Modem;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2006-10-10 12800]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2006-10-10 138240]
S3 Nokia USB Port;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2006-10-10 12800]
S3 RT61;Gigabyte Wireless Driver(Turbo); C:\WINDOWS\system32\DRIVERS\RT61.sys [2005-06-04 319104]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S3 ZSMC0305;VIMICRO USB PC Camera V; C:\WINDOWS\System32\Drivers\usbVM305.sys [2006-05-08 391688]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

List of services

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-20 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-20 147640]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-20 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-24 348344]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2006-11-06 210432]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-26 138168]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------


FYI: It wouldnt allow me to download onto the computer so i downloaded it on to my laptop and transferred it across via a USB stick

 

Hi
Ok lets try to do this.

Rename FomboCix to something else and run it again.
If CF fails to run through, after doing the 'rootkit detected .. reboot thing', rename it and run again.

Please try this a few times with different names until you can get one to run all the way through.

If it does not work after a few tries let me know.

Geri

 

Sigh, no luck at all mate. same thing over and over again even after changing the name 3 times.

 

OK
Here is what we'll try. You will have to disconnect from the internet so please print or save these instructions so you can follow them.

You will need to download and transfer MBAM setup.exe from your lap top to the infected machine.

Download Malwarebytes' Anti-Malware (MBAM) from here or here and save the file to your desktop.

Now follow these instrctions carefully.


Double click mbam-setup.exe to install the application on the infected machine.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded the updates, physically disconnect your internet connection.
  Then select 'Perform Quick Scan', then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  After MBAM completes, immediately run CF.
  Once CF runs to completion, the internet connection can be made again.
• The MBAM log is automatically saved and can be viewed by clicking the Logs tab in MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Please post the MBAM log and the CF log.

Thanks
Geri

 

alright. im gonna head to bed now but ill post the results tomorrow. thanks for all the help. cya

 

After running Malwarebytes, it picked up a fair few things. it couldnt delete some until the system had rebooted so i have 4 logs in total for you.

Malwarebytes' Anti-Malware 1.25
Database version: 1102
Windows 5.1.2600 Service Pack 2

3:23:19 PM 1/09/2008
mbam-log-09-01-2008 (15-23-11).txt

Scan type: Quick Scan
Objects scanned: 44686
Time elapsed: 1 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\phcropj0e769.bmp (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\owner\results.txt (Malware.Trace) -> No action taken.

 

Malwarebytes' Anti-Malware 1.25
Database version: 1102
Windows 5.1.2600 Service Pack 2

3:23:58 PM 1/09/2008
mbam-log-09-01-2008 (15-23-58).txt

Scan type: Quick Scan
Objects scanned: 44686
Time elapsed: 1 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\phcropj0e769.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\owner\results.txt (Malware.Trace) -> Quarantined and deleted successfully.

 

Malwarebytes' Anti-Malware 1.25
Database version: 1102
Windows 5.1.2600 Service Pack 2

3:48:17 PM 1/09/2008
mbam-log-09-01-2008 (15-48-17).txt

Scan type: Quick Scan
Objects scanned: 44410
Time elapsed: 2 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

finally after this I was able to run FomboCix.

ComboFix 08-08-30.03 - owner 2008-09-01 15:49:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1540 [GMT 10:00]
Running from: C:\Documents and Settings\owner\Desktop\killit.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Downloaded Program Files\setup.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_tdssserv


((((((((((((((((((((((((( Files Created from 2008-08-01 to 2008-09-01 )))))))))))))))))))))))))))))))
.

2008-09-01 15:18 . 2008-09-01 15:18 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-01 15:18 . 2008-09-01 15:18 <DIR> d-------- C:\Documents and Settings\owner\Application Data\Malwarebytes
2008-09-01 15:18 . 2008-09-01 15:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-01 15:18 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-01 15:18 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-01 01:38 . 2008-09-01 01:38 <DIR> d-------- C:\rsit
2008-08-29 23:50 . 2008-09-01 01:38 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-29 01:03 . 2008-08-29 01:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-28 02:11 . 2008-08-28 02:11 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2008-08-28 02:11 . 2008-08-28 03:02 <DIR> d-------- C:\Program Files\Hitman Pro
2008-08-27 19:33 . 2008-08-27 19:33 <DIR> d-------- C:\Program Files\CCleaner
2008-08-27 17:19 . 2008-08-29 22:54 <DIR> d-------- C:\Program Files\Alwil Software
2008-08-26 22:01 . 2008-08-26 22:01 <DIR> d-------- C:\WINDOWS\Virtual Villagers - The Secret City
2008-08-16 18:04 . 2008-08-16 18:07 <DIR> d-------- C:\Program Files\ManyCam 2.3
2008-08-09 12:54 . 2008-08-27 19:35 <DIR> d-------- C:\Program Files\Windows Live Safety Center

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-01 05:52 --------- d-----w C:\Program Files\Steam
2008-09-01 05:51 19,039 ----a-w C:\WINDOWS\system32\drivers\GVTDrv.sys
2008-08-30 18:00 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-30 17:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-27 07:59 --------- d-----w C:\Documents and Settings\owner\Application Data\Skype
2008-08-26 12:57 --------- d-----w C:\Documents and Settings\owner\Application Data\uTorrent
2008-08-16 08:04 --------- d-----w C:\Program Files\ManyCam 2.2
2008-08-11 10:49 --------- d-----w C:\Program Files\EPSON Print CD
2008-08-11 10:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-08-11 10:29 --------- d-----w C:\Documents and Settings\owner\Application Data\dvdcss
2008-08-09 15:26 --------- d-----w C:\Documents and Settings\owner\Application Data\Vso
2008-08-02 18:20 --------- d-----w C:\Documents and Settings\owner\Application Data\Nokia Multimedia Player
2008-07-07 17:00 --------- d-----w C:\Program Files\Bulent's Screen Recorder
2008-06-17 15:11 98,304 ----a-w C:\WINDOWS\DUMP7280.tmp
2008-06-17 14:48 98,304 ----a-w C:\WINDOWS\DUMP68db.tmp
2008-06-17 14:46 98,304 ----a-w C:\WINDOWS\DUMP6fe0.tmp
2007-01-20 13:38 81,920 ----a-w C:\Documents and Settings\owner\Application Data\ezpinst.exe
2007-01-20 13:38 47,360 ----a-w C:\Documents and Settings\owner\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 22:00 15360]
"MsnMsgr "= "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"Steam "= "c:\program files\steam\steam.exe" [2008-04-14 20:11 1271032]
"DAEMON Tools Lite "= "C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-03-21 18:30 486856]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-29 19:31 68856]
"InternodeUsage "= "C:\PROGRA~1\INTERN~2\mum.exe" [2008-06-04 22:58 1339392]
"ManyCam "= "C:\Program Files\ManyCam 2.3\ManyCam.exe" [2008-08-08 21:02 1725736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP "= "C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 20:07 843776]
"JMB36X Configure "= "C:\WINDOWS\system32\JMRaidTool.exe" [2006-06-02 18:45 385024]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088]
"NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"VGAUtil "= "C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe" [2006-06-21 14:45 544768]
"BigDog305 "= "C:\WINDOWS\VM305_STI.EXE" [2005-08-05 14:15 61440]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48 36975]
"EPSON Stylus Photo R350 Series "= "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJP.EXE" [2005-05-12 14:00 98304]
"PCSuiteTrayApplication "= "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 11:19 223232]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2007-11-21 13:44 286720]
"NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 14:01 86016]
"nwiz "= "nwiz.exe" [2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 22:00 15360]
"PcSync "= "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06 29696]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2007-03-30 13:34 25263144 C:\Program Files\Skype\Phone\Skype.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"C:\\Program Files\\Gigabyte\\VGA Utility Manager\\G-VGA.exe "=
"C:\\WINDOWS\\system32\\dpvsetup.exe "=
"C:\\Program Files\\Steam\\steamapps\\triple-a\\counter-strike\\hl.exe "=
"C:\\Documents and Settings\\owner\\Desktop\\utorrent.exe "=
"C:\\Program Files\\mIRC\\mirc.exe "=
"C:\\StubInstaller.exe "=
"C:\\Program Files\\LimeWire\\LimeWire.exe "=
"C:\\WINDOWS\\system32\\rtcshare.exe "=
"C:\\Program Files\\NetMeeting\\conf.exe "=
"C:\\Program Files\\Steam\\steamapps\\triple-a\\team fortress classic\\hl.exe "=
"C:\\Program Files\\Steam\\Steam.exe "=
"C:\\Program Files\\Steam\\steamapps\\triple-a\\day of defeat\\hl.exe "=
"C:\\Program Files\\Steam\\steamapps\\bravonyx\\counter-strike\\hl.exe "=
"C:\\Program Files\\Steam\\steamapps\\triple-a\\half-life\\hl.exe "=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"C:\\Program Files\\UrbanTerror\\ioUrbanTerror.exe "=
"C:\\Program Files\\Skype\\Phone\\Skype.exe "=
"C:\\Program Files\\Steam\\steamapps\\bravonyx\\team fortress 2\\hl2.exe "=
"C:\\Program Files\\Steam\\steamapps\\bravonyx\\counter-strike source\\hl2.exe "=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-20 00:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-20 00:37]
R3 GVTDrv;GVTDrv;C:\WINDOWS\system32\Drivers\GVTDrv.sys [2008-09-01 15:51]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2008-01-14 20:06]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-08-17 15:01]
S3 ZSMC0305;VIMICRO USB PC Camera V;C:\WINDOWS\system32\Drivers\usbVM305.sys [2006-05-08 09:24]
.
- - - - ORPHANS REMOVED - - - -

BHO-{4B0FAF5A-67C4-4625-AE07-B0DBADA16EBF} - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\aynmx2ry.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_03\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_03\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_03\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_03\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_03\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_03\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-01 15:51:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internode\mum.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
.
**************************************************************************
.
Completion time: 2008-09-01 15:54:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-01 05:54:33

Pre-Run: 80,099,311,616 bytes free
Post-Run: 80,010,665,984 bytes free

161 --- E O F --- 2008-08-31 17:25:50

 

Hi
OK please do this.

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
Click here to see how to use CFScript.txt
Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and another fresh HijackThis log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Code:

File::
C:\WINDOWS\DUMP7280.tmp
C:\WINDOWS\DUMP68db.tmp
C:\WINDOWS\DUMP6fe0.tmp

Driver::
tdssserv 

Please post the combofix (killit.exe ) log

Also see if you can go to this web site. or any others you were blocked from. Let me know.
http://www.bleepingcomputer.com

Thanks
Geri

 

Yes Geri I can go to that website and I can also open up IE without the computer freezing (I found that out by mistake lol) and no longer am I getting redirected to other websites. After Following your instrcuctions, I get a message on ComboFix saying "The process cannot access the file because it is being used by another process." twice.

FYI: I've had my computer on since my last post on here and it hasn't frozen or anything at all.