Virtumonde

**Harro** · 2008-05-24, 21:07

Hi,

I am after some help - to me this is the forum of choice and I thank you in advance. I have tried to take on this virus (the first since my teen years) by myself but to no avail.

I run Microsoft Windows XP Professional SP 3 (Build 2600), comodo firewall, bitdefender antivirus and have spybot and ad-aware 2008 as my spyware scanners. I have also run two "fix" .exe's which did not locate any of the files.

Spybot has been the only application to identify that this is the virus/spyware I have.

The logs:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:25:55 AM, on 5/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Comodo\Comodo AntiVirus\Cavaud.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: localhost virtumonde.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C16603A8-C5FB-4909-B4A4-D75E472C113F} - C:\WINDOWS\system32\vtUkiJDW.dll (file missing)
O2 - BHO: (no name) - {C7803E93-3FFA-4590-8CB1-597349B014E1} - C:\WINDOWS\system32\jkkJATmm.dll (file missing)
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase9563.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1210516761031
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1210591786625
O17 - HKLM\System\CCS\Services\Tcpip\..\{052E4CBC-216D-4501-B664-C1E496BCE180}: NameServer = 61.9.133.193,61.9.134.49
O17 - HKLM\System\CS1\Services\Tcpip\..\{052E4CBC-216D-4501-B664-C1E496BCE180}: NameServer = 61.9.133.193,61.9.134.49
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0092120.dat
O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 7965 bytes

--
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, May 25, 2008 5:05:04 AM
Operating System: Microsoft Windows XP Professional, Service Pack 3 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 24/05/2008
Kaspersky Anti-Virus database records: 799624
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 81288
Number of viruses found: 2
Number of infected objects: 2
Number of suspicious objects: 0
Duration of the scan process: 01:07:57

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\comodo\Comodo AntiVirus\cav.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\comodo\Comodo AntiVirus\TroubleShootLog\cavasm.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\comodo\Comodo AntiVirus\TroubleShootLog\monln.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\comodo\Firewall Pro\cfplogdb.sdb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-05242008-223107.log Object is locked skipped
C:\Documents and Settings\DominicB\Application Data\Mozilla\Firefox\Profiles\gsg6w6e4.default\cert8.db Object is locked skipped
C:\Documents and Settings\DominicB\Application Data\Mozilla\Firefox\Profiles\gsg6w6e4.default\content-prefs.sqlite Object is locked skipped
C:\Documents and Settings\DominicB\Application Data\Mozilla\Firefox\Profiles\gsg6w6e4.default\cookies.sqlite Object is locked skipped
C:\Documents and Settings\DominicB\Application Data\Mozilla\Firefox\Profiles\gsg6w6e4.default\downloads.sqlite Object is locked skipped
C:\Documents and Settings\DominicB\Application Data\Mozilla\Firefox\Profiles\gsg6w6e4.default\formhistory.sqlite Object is locked skipped
C:\Documents and Settings\DominicB\Application Data\Mozilla\Firefox\Profiles\gsg6w6e4.default\key3.db Object is locked skipped
C:\Documents and Settings\DominicB\Application Data\Mozilla\Firefox\Profiles\gsg6w6e4.default\parent.lock Object is locked skipped
C:\Documents and Settings\DominicB\Application Data\Mozilla\Firefox\Profiles\gsg6w6e4.default\permissions.sqlite Object is locked skipped
C:\Documents and Settings\DominicB\Application Data\Mozilla\Firefox\Profiles\gsg6w6e4.default\places.sqlite Object is locked skipped
C:\Documents and Settings\DominicB\Application Data\Mozilla\Firefox\Profiles\gsg6w6e4.default\places.sqlite-journal Object is locked skipped
C:\Documents and Settings\DominicB\Application Data\Mozilla\Firefox\Profiles\gsg6w6e4.default\places.sqlite-stmtjrnl Object is locked skipped
C:\Documents and Settings\DominicB\Application Data\Mozilla\Firefox\Profiles\gsg6w6e4.default\search.sqlite Object is locked skipped
C:\Documents and Settings\DominicB\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\DominicB\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\DominicB\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\DominicB\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{1CF6B29F-1ED3-411B-A687-5A9ACC7CEB80} Object is locked skipped
C:\Documents and Settings\DominicB\Local Settings\Application Data\Mozilla\Firefox\Profiles\gsg6w6e4.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\DominicB\Local Settings\Application Data\Mozilla\Firefox\Profiles\gsg6w6e4.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\DominicB\Local Settings\Application Data\Mozilla\Firefox\Profiles\gsg6w6e4.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\DominicB\Local Settings\Application Data\Mozilla\Firefox\Profiles\gsg6w6e4.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\DominicB\Local Settings\Application Data\Mozilla\Firefox\Profiles\gsg6w6e4.default\urlclassifier3.sqlite Object is locked skipped
C:\Documents and Settings\DominicB\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\DominicB\Local Settings\History\History.IE5\MSHist012008052520080526\index.dat Object is locked skipped
C:\Documents and Settings\DominicB\Local Settings\Temp\~DF4D93.tmp Object is locked skipped
C:\Documents and Settings\DominicB\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\DominicB\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\DominicB\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\DominicB\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{61AD98D2-8EE2-4066-8E74-06CF4FA4A6CE}\RP33\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\system32\bdss.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\ddcCUklk.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\ybetugla.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.trl skipped
C:\WINDOWS\Temp\tmp000012ea\tmp00000000 Object is locked skipped

Scan process completed.

--

Just quickly I'll also mention that this is the second time I've got it. The first was "fixed" by a format of my pc. I'd like to learn how to fix this virus so I don't have to keep formatting - or better yet prevent coming into contact with this nasty ever again. I believe old versions of Java are what cause it so I'll make sure to always have up to date versions of java.

once again, thanks.

P.s. My tinkering or the virus has led cmd.exe and userinit.exe to come up with a 0xc0000005 error on startup. This seems to have kept the virus at bay in that it can't use cmd.exe. However this means I have to ctrl+alt+delete and run explorer.exe to even see my desktop without just a wallpaper. SO currently it's dormant but still there. Hope that bit of info also helps. Thanks.

p.p.s the problem began with a warning bubble that automatic updates were disabled.

**Rorschach112** · 2008-05-24, 22:23

Hello

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingcomputer.com/comb...o-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

**Harro** · 2008-05-25, 09:04

Ran the cleaner. All went well.

Installed the recover console and rebooted. No problems.

Closed all protection and disconnected from the internet. Ran combofix.exe from my desktop. Got a 0xc0000005 error for cmd.exe and rundll32.exe. The combofix.exe would run the loading screen and then those errors would come up four times and it would close.

This is similar to what is happening here:

http://forums.spybot.info/showthread.php?t=28448&page=2
and here:
http://forums.spybot.info/showthread.php?t=28419

Seems to be different courses of action in both of those so I will await your advice. Thanks.

**Harro** · 2008-05-25, 09:09

Also, whenever I close my laptop to put it into standby. It will do so but then after about 10 seconds will reboot.

Might be of interest. I don't know.

**Harro** · 2008-05-25, 09:25

One last thing...

I've been reading your "how to keep yourself protected" stickied post. I've decided I got infected due to having an outdated version of java. So I went to uninstall it and reinstall the new version as per your instructions.

I get the same error as for running combofix.exe when trying to load Add/Remove Programs.

**Harro** · 2008-05-25, 10:26

Originally Posted by Rorschach112

Try run it in Safe Mode

If that fails do this from Normal Mode

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

* Close all other windows before proceeding.
* Double-click on dss.exe and follow the prompts.
* If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
* When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Well I lied. That wasn't the last thing. Instead I did this for you. Unlike the other fellow whom it was asked of it worked for me. I tried combofix.exe in safe mode but I get the same error. DSS.exe did work in normal mode.

Here are its logs:

Deckard's System Scanner v20071014.68
Run by DominicB on 2008-05-25 18:16:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
29: 2008-05-25 08:17:00 UTC - RP34 - Deckard's System Scanner Restore Point
28: 2008-05-24 12:39:18 UTC - RP33 - Software Distribution Service 3.0
27: 2008-05-24 12:30:32 UTC - RP32 - Installed Windows Defender
26: 2008-05-24 10:35:37 UTC - RP31 - Removed Nero 8
25: 2008-05-24 02:42:41 UTC - RP30 - Last known good configuration

-- First Restore Point --
1: 2008-05-24 02:42:09 UTC - RP6 - Software Distribution Service 3.0

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as DominicB.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:17:50 PM, on 5/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\DominicB\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\DominicB.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: localhost virtumonde.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C16603A8-C5FB-4909-B4A4-D75E472C113F} - C:\WINDOWS\system32\vtUkiJDW.dll (file missing)
O2 - BHO: (no name) - {C7803E93-3FFA-4590-8CB1-597349B014E1} - C:\WINDOWS\system32\jkkJATmm.dll (file missing)
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase9563.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1210516761031
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1210591786625
O17 - HKLM\System\CCS\Services\Tcpip\..\{052E4CBC-216D-4501-B664-C1E496BCE180}: NameServer = 61.9.133.193,61.9.134.49
O17 - HKLM\System\CS1\Services\Tcpip\..\{052E4CBC-216D-4501-B664-C1E496BCE180}: NameServer = 61.9.133.193,61.9.134.49
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0092120.dat
O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 7371 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080525-014155-239 O4 - HKLM\..\Run: [e4d4586a] rundll32.exe "C:\WINDOWS\system32\pdlupnal.dll",b
backup-20080525-014155-295 O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
backup-20080525-014155-843 O4 - HKLM\..\Run: [BMe7e76bf6] Rundll32.exe "C:\WINDOWS\system32\vmscapnp.dll",s
backup-20080525-014155-884 O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Cavasm - c:\windows\system32\drivers\cavasm.sys <Not Verified; Comodo Inc.; Comodo Anti-Viruspyware>
R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>

S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>
S3 bdfdll - c:\program files\softwin\bitdefender10\bdfdll.sys (file missing)
S3 BDFsDrv - c:\program files\softwin\bitdefender10\bdfsdrv.sys (file missing)
S3 BDRsDrv - c:\program files\softwin\bitdefender10\bdrsdrv.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Comodo Anti-Virus and Anti-Spyware Service - "c:\program files\comodo\common\cavaspy\cavasm.exe" <Not Verified; Comodo Inc.; Comodo Anti-Viruspyware>
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>
R2 WLANKEEPER (Intel(R) PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel(R) Corporation; SSO Service>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: USB Device
Device ID: USB\VID_413C&PID_8106\6&18397FCA&0&4
Manufacturer:
Name: USB Device
PNP Device ID: USB\VID_413C&PID_8106\6&18397FCA&0&4
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01CD1028&REV_02\4&2FE911E8&0&00F0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01CD1028&REV_02\4&2FE911E8&0&00F0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_01CD1028&REV_01\3&61AAA01&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_01CD1028&REV_01\3&61AAA01&0&FB
Service:

-- Scheduled Tasks -------------------------------------------------------------

2008-05-25 18:07:28 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job

-- Files created between 2008-04-25 and 2008-05-25 -----------------------------

2008-05-25 16:52:35 0 d-------- C:\327882R2FWJFW
2008-05-25 16:35:36 0 dr-hs---- C:\cmdcons
2008-05-25 16:35:31 0 d-------- C:\WINDOWS\setup.pss
2008-05-25 16:34:45 0 d-------- C:\WINDOWS\setupupd
2008-05-25 03:22:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-25 03:22:06 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-25 02:47:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-05-25 02:47:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-05-25 02:45:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-05-25 01:22:49 115200 --a------ C:\WINDOWS\system32\pdlupnal.dll
2008-05-25 01:20:40 51200 --a------ C:\WINDOWS\system32\__c0092120.dat
2008-05-25 01:20:38 51200 --a------ C:\WINDOWS\system32\amuammlr.dll
2008-05-25 01:19:49 2560 --a------ C:\WINDOWS\system32\wenmkcnq.exe
2008-05-25 01:14:26 126464 --a------ C:\WINDOWS\system32\vmscapnp.dll
2008-05-25 00:59:22 51200 --a------ C:\WINDOWS\system32\__c003599E.dat
2008-05-25 00:59:19 51200 --a------ C:\WINDOWS\system32\piecexox.dll
2008-05-25 00:54:16 2560 --a------ C:\WINDOWS\system32\ugbpdtwx.exe
2008-05-25 00:54:00 126464 --a------ C:\WINDOWS\system32\qocyanlf.dll
2008-05-25 00:53:14 442835 --ahs---- C:\WINDOWS\system32\DehOVvut.ini2
2008-05-24 23:40:10 0 d-------- C:\Program Files\Windows Live Safety Center
2008-05-24 23:10:11 0 d-------- C:\Program Files\Trend Micro
2008-05-24 23:07:55 0 d-------- C:\Program Files\Ad-Aware
2008-05-24 23:07:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-24 23:07:06 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-24 22:46:22 0 dr-h----- C:\Documents and Settings\DominicB\Recent
2008-05-24 22:38:53 1270 --ahs---- C:\WINDOWS\system32\WDJikUtv.ini2
2008-05-24 22:30:37 0 d-------- C:\Program Files\Windows Defender
2008-05-24 22:27:19 0 d-------- C:\Program Files\CCleaner
2008-05-24 20:46:04 0 d-------- C:\WINDOWS\system32\appmgmt
2008-05-24 18:13:57 0 d-------- C:\Program Files\MSN Messenger
2008-05-24 18:13:56 0 d-------- C:\Program Files\MessengerDiscovery
2008-05-24 12:43:17 115200 -----n--- C:\WINDOWS\system32\ybetugla.dll
2008-05-24 12:41:59 31189 --ahs---- C:\WINDOWS\system32\mmTAJkkj.ini2
2008-05-24 05:09:20 57344 --a------ C:\WINDOWS\system32\ddcCUklk.dll
2008-05-24 03:49:39 0 d-------- C:\Documents and Settings\DominicB\Application Data\Nero
2008-05-24 03:44:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-05-23 22:40:08 0 d-------- C:\Program Files\DVD Decrypter
2008-05-23 16:03:38 0 d-------- C:\Documents and Settings\DominicB\Application Data\ImgBurn
2008-05-23 16:02:46 0 d-------- C:\Program Files\ImgBurn
2008-05-23 04:10:33 0 d-------- C:\Documents and Settings\DominicB\Application Data\dvdcss
2008-05-23 03:57:03 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-05-23 03:57:02 0 d-------- C:\Program Files\DVD Shrink
2008-05-22 06:32:24 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-22 06:23:48 0 d-------- C:\WINDOWS\system32\URTTemp
2008-05-22 05:52:03 0 d-------- C:\Program Files\Kasparov Chessmate
2008-05-22 05:51:46 0 d-------- C:\Program Files\ReflexiveArcade
2008-05-22 04:02:09 0 d-------- C:\WINDOWS\Sun
2008-05-22 04:02:09 0 d-------- C:\Documents and Settings\DominicB\Application Data\Sun
2008-05-22 03:59:38 0 d-------- C:\Program Files\Java
2008-05-22 03:56:39 0 d-------- C:\Program Files\Common Files\Java
2008-05-20 15:19:36 0 d-------- C:\Program Files\Dell
2008-05-20 15:19:18 16128 --a------ C:\WINDOWS\system32\drivers\APPDRV.SYS <Not Verified; Dell Inc; Application Driver>
2008-05-20 15:19:13 0 d-------- C:\Documents and Settings\DominicB\Application Data\InstallShield
2008-05-16 20:00:59 0 d-------- C:\Program Files\CoreFTP
2008-05-16 18:25:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Last.fm
2008-05-16 18:22:16 0 d-------- C:\Program Files\Last.fm
2008-05-16 16:03:33 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-16 16:01:57 0 d-------- C:\WINDOWS\system32\LogFiles
2008-05-16 16:01:57 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-16 03:09:34 0 d-------- C:\Documents and Settings\DominicB\Application Data\vlc
2008-05-16 03:08:31 0 d-------- C:\Program Files\VideoLAN
2008-05-16 00:43:06 0 d-------- C:\Program Files\BabasChess
2008-05-15 23:31:44 0 d-------- C:\Program Files\Real Alternative
2008-05-15 23:31:44 0 d-------- C:\Documents and Settings\DominicB\Application Data\Real
2008-05-15 23:31:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Real
2008-05-15 22:51:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-15 22:51:21 0 d-------- C:\Program Files\QuickTime Alternative
2008-05-15 19:40:59 164352 --a------ C:\WINDOWS\system32\unrar.dll
2008-05-15 19:40:56 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-05-15 19:40:56 159839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-05-15 19:40:56 755027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-15 19:40:56 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-15 19:40:56 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-15 19:40:55 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-15 19:40:55 682496 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-15 19:40:54 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-05-15 14:55:23 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-05-15 14:53:35 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-15 14:53:35 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-15 14:53:35 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-15 14:53:34 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-15 14:53:34 1474560 --a------ C:\WINDOWS\system32\nview.dll
2008-05-15 14:53:34 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-15 14:53:34 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-15 14:53:34 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-05-15 14:52:04 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2008-05-15 14:51:46 0 d-------- C:\nVidia Forceware
2008-05-14 17:16:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-05-14 17:16:23 0 d-------- C:\Program Files\StuffPlug3
2008-05-14 16:36:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-05-14 16:36:21 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-14 14:21:02 0 d-------- C:\Documents and Settings\DominicB\Application Data\Macromedia
2008-05-14 14:21:02 0 d-------- C:\Documents and Settings\DominicB\Application Data\Adobe
2008-05-14 13:18:49 0 d-------- C:\Program Files\Messenger Plus! Live
2008-05-14 13:16:33 0 d-------- C:\Documents and Settings\DominicB\Application Data\WinRAR
2008-05-14 13:10:57 0 d-------- C:\WINDOWS\WinRAR
2008-05-14 13:09:39 0 d-------- C:\Documents and Settings\DominicB\Contacts
2008-05-14 11:33:39 0 d-------- C:\Program Files\uTorrent
2008-05-14 11:33:28 0 d-------- C:\Documents and Settings\DominicB\Application Data\uTorrent
2008-05-14 04:50:54 73728 --a------ C:\WINDOWS\system32\CavEmLSP.dll <Not Verified; COMODO; Comodo AntiVirus.>
2008-05-14 04:49:28 102400 --a------ C:\WINDOWS\system32\drivers\cavasm.sys <Not Verified; Comodo Inc.; Comodo Anti-Viruspyware>
2008-05-14 04:48:54 216576 --a------ C:\WINDOWS\system32\monln.dll <Not Verified; Comodo Inc.; Comodo Anti-Viruspyware>
2008-05-14 02:46:00 0 d-------- C:\Program Files\SigmaTel
2008-05-14 02:45:59 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-14 02:03:41 0 d-------- C:\Program Files\CONEXANT
2008-05-13 18:34:56 0 d-------- C:\Program Files\IDT
2008-05-13 18:00:46 0 d-------- C:\WINDOWS\Prefetch
2008-05-13 17:45:47 0 d-------- C:\WINDOWS\system32\scripting
2008-05-13 17:45:46 0 d-------- C:\WINDOWS\system32\en
2008-05-13 17:45:46 0 d-------- C:\WINDOWS\system32\bits
2008-05-13 17:45:46 0 d-------- C:\WINDOWS\l2schemas
2008-05-13 17:44:27 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-13 17:42:38 0 d-------- C:\WINDOWS\network diagnostic
2008-05-13 17:41:22 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-05-12 21:24:38 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-12 21:24:06 0 d-------- C:\Program Files\Windows Live
2008-05-12 21:23:56 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-12 17:53:49 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-05-12 17:42:13 0 d-------- C:\WINDOWS\CSC
2008-05-12 17:39:12 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2008-05-12 17:33:27 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-05-12 17:33:27 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-12 17:33:27 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-12 17:33:26 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-12 17:33:26 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-12 17:33:26 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-12 17:33:26 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-05-12 17:33:26 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-05-12 17:33:26 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-05-12 17:33:26 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-05-12 17:33:26 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-12 17:33:26 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-05-12 17:33:26 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-12 17:33:25 1835008 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-12 15:56:06 0 d-------- C:\Documents and Settings\DominicB\dwhelper
2008-05-12 02:14:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-05-12 02:13:41 0 d-------- C:\WINDOWS\system32\PreInstall
2008-05-12 02:11:32 0 d--h----- C:\WINDOWS\$hf_mig$
2008-05-12 01:04:03 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-05-12 01:02:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-12 00:35:52 0 d--hs---- C:\Documents and Settings\DominicB\UserData
2008-05-12 00:32:11 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-05-12 00:31:40 0 d-------- C:\WINDOWS\SHELLNEW
2008-05-12 00:28:11 0 dr-h----- C:\MSOCache
2008-05-11 23:07:07 81984 --a------ C:\WINDOWS\system32\bdod.bin
2008-05-11 23:03:34 0 d-------- C:\Documents and Settings\DominicB\Application Data\Bitdefender
2008-05-11 23:01:45 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-05-11 22:57:01 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-11 22:56:47 0 d-------- C:\Documents and Settings\DominicB\Application Data\Mozilla
2008-05-11 22:55:46 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 5
2008-05-11 20:06:20 0 d-------- C:\Documents and Settings\DominicB\Application Data\Comodo
2008-05-11 20:06:18 0 d-------- C:\Program Files\COMODO
2008-05-11 08:35:19 0 d-------- C:\Documents and Settings\DominicB\Application Data\Intel
2008-05-11 08:35:09 21275 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0>
2008-05-11 08:34:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-05-11 08:34:37 0 d-------- C:\Program Files\Intel
2008-05-11 08:29:16 0 d-------- C:\WINDOWS\nview
2008-05-11 08:28:54 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-11 08:25:19 0 d-------- C:\Program Files\DIFX
2008-05-11 08:25:11 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-05-11 03:56:21 0 d--hs---- C:\WINDOWS\Installer
2008-05-11 03:56:20 0 d-------- C:\Program Files\Common Files\ODBC
2008-05-11 03:56:17 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-05-11 03:56:16 0 dr------- C:\Program Files
2008-05-11 03:56:16 0 d-------- C:\Program Files\Common Files
2008-05-11 03:55:53 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-05-11 03:55:53 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-05-11 03:55:53 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-05-11 03:55:53 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-05-11 03:55:53 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-05-11 03:55:53 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-05-11 03:55:53 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-05-11 03:55:53 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-05-11 03:55:53 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-05-11 03:55:53 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-05-11 03:55:53 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-05-11 03:55:53 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-05-11 03:55:53 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-05-11 03:55:53 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-05-11 03:55:53 0 dr------- C:\Documents and Settings\All Users\Documents
2008-05-11 03:55:53 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-05-11 03:55:41 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-05-11 03:55:41 0 d-------- C:\WINDOWS\system32\CatRoot
2008-05-11 03:55:36 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-05-11 03:55:36 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-05-11 03:55:35 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-05-11 03:55:35 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-05-11 03:55:10 0 d--hs---- C:\System Volume Information
2008-05-11 03:55:10 0 d-------- C:\Documents and Settings
2008-05-11 03:46:58 0 d-------- C:\WINDOWS
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\WinSxS
2008-05-11 03:46:58 0 dr------- C:\WINDOWS\Web
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\twain_32
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\wins
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\wbem
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\usmt
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\spool
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\ShellExt
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\Setup
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\ras
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\oobe
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\npp
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\mui
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\inetsrv
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\IME
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\icsxml
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\ias
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\export
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\drivers
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-05-11 03:46:58 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\dhcp
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\config
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\3076
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\2052
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\1054
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\1042
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\1041
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\1037
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\1033
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\1031
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\1028
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\1025
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\security
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Resources
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\repair
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Provisioning
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\PeerNet
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\pchealth
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\mui
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\msapps
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\msagent
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Media
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\java
2008-05-11 03:46:58 0 d--h----- C:\WINDOWS\inf
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\ime
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Help
2008-05-11 03:46:58 0 dr--s---- C:\WINDOWS\Fonts
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\ehome
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Driver Cache
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\dell
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Debug
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Cursors
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Connection Wizard
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Config
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\AppPatch
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\addins
2008-05-11 02:18:49 0 d-------- C:\Documents and Settings\DominicB\Application Data\Identities
2008-05-11 02:18:43 0 d--h----- C:\Documents and Settings\DominicB\Templates
2008-05-11 02:18:43 0 dr------- C:\Documents and Settings\DominicB\Start Menu
2008-05-11 02:18:43 0 dr-h----- C:\Documents and Settings\DominicB\SendTo
2008-05-11 02:18:43 0 d--h----- C:\Documents and Settings\DominicB\PrintHood
2008-05-11 02:18:43 4194304 --ah----- C:\Documents and Settings\DominicB\NTUSER.DAT
2008-05-11 02:18:43 0 d--h----- C:\Documents and Settings\DominicB\NetHood
2008-05-11 02:18:43 0 dr------- C:\Documents and Settings\DominicB\My Documents
2008-05-11 02:18:43 0 d--h----- C:\Documents and Settings\DominicB\Local Settings
2008-05-11 02:18:43 0 dr------- C:\Documents and Settings\DominicB\Favorites
2008-05-11 02:18:43 0 d-------- C:\Documents and Settings\DominicB\Desktop
2008-05-11 02:18:43 0 d--hs---- C:\Documents and Settings\DominicB\Cookies
2008-05-11 02:18:43 0 dr-h----- C:\Documents and Settings\DominicB\Application Data
2008-05-11 02:17:44 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-05-11 02:17:42 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-05-11 02:17:41 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-05-11 02:17:41 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-05-11 02:17:41 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-05-11 02:17:41 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-05-11 02:17:41 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-05-11 02:09:45 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-05-11 02:09:45 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-05-11 02:09:45 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-05-11 02:09:45 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-05-11 02:09:45 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-05-11 02:06:38 0 d-------- C:\WINDOWS\system32\xircom
2008-05-11 02:06:38 0 d-------- C:\Program Files\microsoft frontpage
2008-05-11 02:06:27 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-05-11 02:06:27 0 d-------- C:\DELL
2008-05-11 02:06:15 0 -rahs---- C:\MSDOS.SYS
2008-05-11 02:06:15 0 -rahs---- C:\IO.SYS
2008-05-11 02:06:15 0 --a------ C:\CONFIG.SYS
2008-05-11 02:06:15 0 --a------ C:\AUTOEXEC.BAT
2008-05-11 02:05:25 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-05-11 02:05:18 0 dr------- C:\WINDOWS\Offline Web Pages
2008-05-11 02:05:18 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-05-11 02:05:10 0 d--h----- C:\Program Files\WindowsUpdate
2008-05-11 02:04:51 0 d-------- C:\WINDOWS\system32\DirectX
2008-05-11 02:04:17 0 d---s---- C:\WINDOWS\Tasks
2008-05-11 02:04:16 0 d-------- C:\Program Files\Common Files\MSSoap
2008-05-11 02:04:12 0 d-------- C:\WINDOWS\srchasst
2008-05-11 02:04:11 0 d-------- C:\WINDOWS\system32\Macromed
2008-05-11 02:04:01 0 d-------- C:\Program Files\Movie Maker
2008-05-11 02:03:53 0 d-------- C:\WINDOWS\system32\Restore
2008-05-11 02:03:14 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-11 02:02:57 0 d-------- C:\WINDOWS\Registration
2008-05-11 02:02:50 0 d-------- C:\Program Files\Online Services
2008-05-11 02:02:44 0 d-------- C:\Program Files\Messenger
2008-05-11 02:02:40 0 d-------- C:\Program Files\MSN Gaming Zone
2008-05-11 02:01:56 0 d-------- C:\Program Files\Windows NT
2008-05-11 02:01:53 0 d-------- C:\WINDOWS\system32\MsDtc
2008-05-11 02:01:51 0 d-------- C:\WINDOWS\system32\Com

-- Find3M Report ---------------------------------------------------------------

2008-05-11 03:55:53 62 --ahs---- C:\Documents and Settings\DominicB\Application Data\desktop.ini

-- Registry Dump ---------------------------------------------------------------

-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8521 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2008-05-25 18:21:57 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Genuine Intel(R) CPU T2600 @ 2.16GHz
Percentage of Memory in Use: 21%
Physical Memory (total/avail): 2046.37 MiB / 1596.97 MiB
Pagefile Memory (total/avail): 3938.98 MiB / 3575.86 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1900.86 MiB

C: is Fixed (NTFS) - 88.56 GiB total, 18.27 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HTS721010G9SA00 - 91.76 GiB - 3 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Installable File System - 88.56 GiB - C:
\PARTITION2 - Unknown - 3.14 GiB

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.

-- Environment Variables -------------------------------------------------------

-- User Profiles ---------------------------------------------------------------

DominicB (admin)
Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

-- Application Event Log -------------------------------------------------------

Event Record #/Type658 / Success
Event Submitted/Written: 05/25/2008 05:22:29 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type656 / Success
Event Submitted/Written: 05/25/2008 04:34:22 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type655 / Error
Event Submitted/Written: 05/25/2008 04:01:06 PM
Event ID/Source: 3003 / WinDefendRtp
Event Description:
%DOMINIC27 Real-Time Protection checkpoint has encountered an error and failed to start.

User: DOMINIC\DominicB

Checkpoint ID: 7

Error Code: 0x80070020

Error description: The process cannot access the file because it is being used by another process.

Event Record #/Type647 / Warning
Event Submitted/Written: 05/25/2008 02:42:59 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type639 / Success
Event Submitted/Written: 05/25/2008 02:13:53 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type3661 / Error
Event Submitted/Written: 05/25/2008 06:19:52 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The BDRsDrv service failed to start due to the following error:
%%2

Event Record #/Type3660 / Error
Event Submitted/Written: 05/25/2008 06:19:52 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The BDFsDrv service failed to start due to the following error:
%%2

Event Record #/Type3659 / Error
Event Submitted/Written: 05/25/2008 06:19:52 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The bdfdll service failed to start due to the following error:
%%2

Event Record #/Type3642 / Warning
Event Submitted/Written: 05/25/2008 04:14:54 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%DOMINIC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DOMINIC27 can't undo changes that you allow.

For more information please see the following:
%DOMINIC275

Scan ID: {E331017C-2BFD-4B6C-92C3-F1D440228DEF}

User: DOMINIC\DominicB

Name: %DOMINIC271

ID: %DOMINIC272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %DOMINIC276

Alert Type: %DOMINIC278

Detection Type: 1.1.1593.02

Event Record #/Type3641 / Error
Event Submitted/Written: 05/25/2008 04:14:50 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The BDRsDrv service failed to start due to the following error:
%%2

-- End of Deckard's System Scanner: finished at 2008-05-25 18:21:57 ------------

Cheers.

**Harro** · 2008-05-25, 12:30

I apologise for the multiple posts.

Could this be part of the solution? http://forums.majorgeeks.com/showthread.php?p=1156671

**Rorschach112** · 2008-05-25, 13:36

Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C16603A8-C5FB-4909-B4A4-D75E472C113F} - C:\WINDOWS\system32\vtUkiJDW.dll (file missing)
O2 - BHO: (no name) - {C7803E93-3FFA-4590-8CB1-597349B014E1} - C:\WINDOWS\system32\jkkJATmm.dll (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0092120.dat
O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

Please download the OTMoveIt2 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it.

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Code:

[kill explorer]
C:\WINDOWS\system32\pdlupnal.dll
C:\WINDOWS\system32\__c0092120.dat
C:\WINDOWS\system32\amuammlr.dll
C:\WINDOWS\system32\wenmkcnq.exe
C:\WINDOWS\system32\vmscapnp.dll
C:\WINDOWS\system32\__c003599E.dat
C:\WINDOWS\system32\piecexox.dll
C:\WINDOWS\system32\ugbpdtwx.exe
C:\WINDOWS\system32\qocyanlf.dll
C:\WINDOWS\system32\DehOVvut.ini2
C:\WINDOWS\system32\WDJikUtv.ini2
C:\WINDOWS\system32\ybetugla.dll
C:\WINDOWS\system32\mmTAJkkj.ini2
C:\WINDOWS\system32\ddcCUklk.dll
C:\WINDOWS\SYSTEM32\monln.dll
purity 
[start explorer]

Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Reboot and post a new DSS log

**Harro** · 2008-05-25, 14:00

Ran HijackThis and removed those items.

Ran OTMoveIt2 and using the code. It required a reboot.

Here is the log after reboot:

Explorer killed successfully
File/Folder C:\WINDOWS\system32\pdlupnal.dll not found.
File move failed. C:\WINDOWS\system32\__c0092120.dat scheduled to be moved on reboot.
File/Folder C:\WINDOWS\system32\amuammlr.dll not found.
File/Folder C:\WINDOWS\system32\wenmkcnq.exe not found.
File/Folder C:\WINDOWS\system32\vmscapnp.dll not found.
File/Folder C:\WINDOWS\system32\__c003599E.dat not found.
File/Folder C:\WINDOWS\system32\piecexox.dll not found.
File/Folder C:\WINDOWS\system32\ugbpdtwx.exe not found.
File/Folder C:\WINDOWS\system32\qocyanlf.dll not found.
File/Folder C:\WINDOWS\system32\DehOVvut.ini2 not found.
File/Folder C:\WINDOWS\system32\WDJikUtv.ini2 not found.
File/Folder C:\WINDOWS\system32\ybetugla.dll not found.
File/Folder C:\WINDOWS\system32\mmTAJkkj.ini2 not found.
File/Folder C:\WINDOWS\system32\ddcCUklk.dll not found.
File/Folder C:\WINDOWS\SYSTEM32\monln.dll not found.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05252008_214841

Files moved on Reboot...
File move failed. C:\WINDOWS\system32\__c0092120.dat scheduled to be moved on reboot.

Ran dss.exe again.

The following is the log:

Deckard's System Scanner v20071014.68
Run by DominicB on 2008-05-25 21:55:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as DominicB.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:55:41 PM, on 5/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Documents and Settings\DominicB\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\DominicB.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: localhost virtumonde.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase9563.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1210516761031
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1210591786625
O17 - HKLM\System\CCS\Services\Tcpip\..\{052E4CBC-216D-4501-B664-C1E496BCE180}: NameServer = 61.9.133.193,61.9.134.49
O17 - HKLM\System\CS1\Services\Tcpip\..\{052E4CBC-216D-4501-B664-C1E496BCE180}: NameServer = 61.9.133.193,61.9.134.49
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0092120.dat
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 7014 bytes

-- Files created between 2008-04-25 and 2008-05-25 -----------------------------

2008-05-25 16:52:35 0 d-------- C:\327882R2FWJFW
2008-05-25 16:35:36 0 dr-hs---- C:\cmdcons
2008-05-25 16:35:31 0 d-------- C:\WINDOWS\setup.pss
2008-05-25 16:34:45 0 d-------- C:\WINDOWS\setupupd
2008-05-25 03:22:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-25 03:22:06 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-25 02:47:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-05-25 02:47:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-05-25 02:45:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-05-25 01:20:40 51200 --a------ C:\WINDOWS\system32\__c0092120.dat
2008-05-24 23:40:10 0 d-------- C:\Program Files\Windows Live Safety Center
2008-05-24 23:10:11 0 d-------- C:\Program Files\Trend Micro
2008-05-24 23:07:55 0 d-------- C:\Program Files\Ad-Aware
2008-05-24 23:07:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-24 23:07:06 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-24 22:46:22 0 dr-h----- C:\Documents and Settings\DominicB\Recent
2008-05-24 22:30:37 0 d-------- C:\Program Files\Windows Defender
2008-05-24 22:27:19 0 d-------- C:\Program Files\CCleaner
2008-05-24 20:46:04 0 d-------- C:\WINDOWS\system32\appmgmt
2008-05-24 18:13:57 0 d-------- C:\Program Files\MSN Messenger
2008-05-24 18:13:56 0 d-------- C:\Program Files\MessengerDiscovery
2008-05-24 03:49:39 0 d-------- C:\Documents and Settings\DominicB\Application Data\Nero
2008-05-24 03:44:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-05-23 22:40:08 0 d-------- C:\Program Files\DVD Decrypter
2008-05-23 16:03:38 0 d-------- C:\Documents and Settings\DominicB\Application Data\ImgBurn
2008-05-23 16:02:46 0 d-------- C:\Program Files\ImgBurn
2008-05-23 04:10:33 0 d-------- C:\Documents and Settings\DominicB\Application Data\dvdcss
2008-05-23 03:57:03 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-05-23 03:57:02 0 d-------- C:\Program Files\DVD Shrink
2008-05-22 06:32:24 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-22 06:23:48 0 d-------- C:\WINDOWS\system32\URTTemp
2008-05-22 05:52:03 0 d-------- C:\Program Files\Kasparov Chessmate
2008-05-22 05:51:46 0 d-------- C:\Program Files\ReflexiveArcade
2008-05-22 04:02:09 0 d-------- C:\WINDOWS\Sun
2008-05-22 04:02:09 0 d-------- C:\Documents and Settings\DominicB\Application Data\Sun
2008-05-22 03:59:38 0 d-------- C:\Program Files\Java
2008-05-22 03:56:39 0 d-------- C:\Program Files\Common Files\Java
2008-05-20 15:19:36 0 d-------- C:\Program Files\Dell
2008-05-20 15:19:18 16128 --a------ C:\WINDOWS\system32\drivers\APPDRV.SYS <Not Verified; Dell Inc; Application Driver>
2008-05-20 15:19:13 0 d-------- C:\Documents and Settings\DominicB\Application Data\InstallShield
2008-05-16 20:00:59 0 d-------- C:\Program Files\CoreFTP
2008-05-16 18:25:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Last.fm
2008-05-16 18:22:16 0 d-------- C:\Program Files\Last.fm
2008-05-16 16:03:33 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-16 16:01:57 0 d-------- C:\WINDOWS\system32\LogFiles
2008-05-16 16:01:57 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-16 03:09:34 0 d-------- C:\Documents and Settings\DominicB\Application Data\vlc
2008-05-16 03:08:31 0 d-------- C:\Program Files\VideoLAN
2008-05-16 00:43:06 0 d-------- C:\Program Files\BabasChess
2008-05-15 23:31:44 0 d-------- C:\Program Files\Real Alternative
2008-05-15 23:31:44 0 d-------- C:\Documents and Settings\DominicB\Application Data\Real
2008-05-15 23:31:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Real
2008-05-15 22:51:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-15 22:51:21 0 d-------- C:\Program Files\QuickTime Alternative
2008-05-15 19:40:59 164352 --a------ C:\WINDOWS\system32\unrar.dll
2008-05-15 19:40:56 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-05-15 19:40:56 159839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-05-15 19:40:56 755027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-15 19:40:56 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-15 19:40:56 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-15 19:40:55 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-15 19:40:55 682496 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-15 19:40:54 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-05-15 14:55:23 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-05-15 14:53:35 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-15 14:53:35 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-15 14:53:35 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-15 14:53:34 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-15 14:53:34 1474560 --a------ C:\WINDOWS\system32\nview.dll
2008-05-15 14:53:34 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-15 14:53:34 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-15 14:53:34 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-05-15 14:52:04 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2008-05-15 14:51:46 0 d-------- C:\nVidia Forceware
2008-05-14 17:16:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-05-14 17:16:23 0 d-------- C:\Program Files\StuffPlug3
2008-05-14 16:36:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-05-14 16:36:21 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-14 14:21:02 0 d-------- C:\Documents and Settings\DominicB\Application Data\Macromedia
2008-05-14 14:21:02 0 d-------- C:\Documents and Settings\DominicB\Application Data\Adobe
2008-05-14 13:18:49 0 d-------- C:\Program Files\Messenger Plus! Live
2008-05-14 13:16:33 0 d-------- C:\Documents and Settings\DominicB\Application Data\WinRAR
2008-05-14 13:10:57 0 d-------- C:\WINDOWS\WinRAR
2008-05-14 13:09:39 0 d-------- C:\Documents and Settings\DominicB\Contacts
2008-05-14 11:33:39 0 d-------- C:\Program Files\uTorrent
2008-05-14 11:33:28 0 d-------- C:\Documents and Settings\DominicB\Application Data\uTorrent
2008-05-14 04:50:54 73728 --a------ C:\WINDOWS\system32\CavEmLSP.dll <Not Verified; COMODO; Comodo AntiVirus.>
2008-05-14 04:49:28 102400 --a------ C:\WINDOWS\system32\drivers\cavasm.sys <Not Verified; Comodo Inc.; Comodo Anti-Viruspyware>
2008-05-14 02:46:00 0 d-------- C:\Program Files\SigmaTel
2008-05-14 02:45:59 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-14 02:03:41 0 d-------- C:\Program Files\CONEXANT
2008-05-13 18:34:56 0 d-------- C:\Program Files\IDT
2008-05-13 18:00:46 0 d-------- C:\WINDOWS\Prefetch
2008-05-13 17:45:47 0 d-------- C:\WINDOWS\system32\scripting
2008-05-13 17:45:46 0 d-------- C:\WINDOWS\system32\en
2008-05-13 17:45:46 0 d-------- C:\WINDOWS\system32\bits
2008-05-13 17:45:46 0 d-------- C:\WINDOWS\l2schemas
2008-05-13 17:44:27 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-13 17:42:38 0 d-------- C:\WINDOWS\network diagnostic
2008-05-13 17:41:22 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-05-12 21:24:38 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-12 21:24:06 0 d-------- C:\Program Files\Windows Live
2008-05-12 21:23:56 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-12 17:53:49 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-05-12 17:42:13 0 d-------- C:\WINDOWS\CSC
2008-05-12 17:39:12 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2008-05-12 17:33:27 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-05-12 17:33:27 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-12 17:33:27 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-12 17:33:26 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-12 17:33:26 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-12 17:33:26 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-12 17:33:26 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-05-12 17:33:26 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-05-12 17:33:26 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-05-12 17:33:26 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-05-12 17:33:26 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-12 17:33:26 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-05-12 17:33:26 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-12 17:33:25 1835008 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-12 15:56:06 0 d-------- C:\Documents and Settings\DominicB\dwhelper
2008-05-12 02:14:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-05-12 02:13:41 0 d-------- C:\WINDOWS\system32\PreInstall
2008-05-12 02:11:32 0 d--h----- C:\WINDOWS\$hf_mig$
2008-05-12 01:04:03 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-05-12 01:02:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-12 00:35:52 0 d--hs---- C:\Documents and Settings\DominicB\UserData
2008-05-12 00:32:11 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-05-12 00:31:40 0 d-------- C:\WINDOWS\SHELLNEW
2008-05-12 00:28:11 0 dr-h----- C:\MSOCache
2008-05-11 23:07:07 81984 --a------ C:\WINDOWS\system32\bdod.bin
2008-05-11 23:03:34 0 d-------- C:\Documents and Settings\DominicB\Application Data\Bitdefender
2008-05-11 23:01:45 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-05-11 22:57:01 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-11 22:56:47 0 d-------- C:\Documents and Settings\DominicB\Application Data\Mozilla
2008-05-11 22:55:46 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 5
2008-05-11 20:06:20 0 d-------- C:\Documents and Settings\DominicB\Application Data\Comodo
2008-05-11 20:06:18 0 d-------- C:\Program Files\COMODO
2008-05-11 08:35:19 0 d-------- C:\Documents and Settings\DominicB\Application Data\Intel
2008-05-11 08:35:09 21275 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0>
2008-05-11 08:34:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-05-11 08:34:37 0 d-------- C:\Program Files\Intel
2008-05-11 08:29:16 0 d-------- C:\WINDOWS\nview
2008-05-11 08:28:54 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-11 08:25:19 0 d-------- C:\Program Files\DIFX
2008-05-11 08:25:11 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-05-11 03:56:21 0 d--hs---- C:\WINDOWS\Installer
2008-05-11 03:56:20 0 d-------- C:\Program Files\Common Files\ODBC
2008-05-11 03:56:17 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-05-11 03:56:16 0 dr------- C:\Program Files
2008-05-11 03:56:16 0 d-------- C:\Program Files\Common Files
2008-05-11 03:55:53 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-05-11 03:55:53 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-05-11 03:55:53 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-05-11 03:55:53 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-05-11 03:55:53 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-05-11 03:55:53 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-05-11 03:55:53 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-05-11 03:55:53 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-05-11 03:55:53 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-05-11 03:55:53 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-05-11 03:55:53 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-05-11 03:55:53 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-05-11 03:55:53 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-05-11 03:55:53 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-05-11 03:55:53 0 dr------- C:\Documents and Settings\All Users\Documents
2008-05-11 03:55:53 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-05-11 03:55:41 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-05-11 03:55:41 0 d-------- C:\WINDOWS\system32\CatRoot
2008-05-11 03:55:36 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-05-11 03:55:36 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-05-11 03:55:35 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-05-11 03:55:35 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-05-11 03:55:10 0 d--hs---- C:\System Volume Information
2008-05-11 03:55:10 0 d-------- C:\Documents and Settings
2008-05-11 03:46:58 0 d-------- C:\WINDOWS
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\WinSxS
2008-05-11 03:46:58 0 dr------- C:\WINDOWS\Web
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\twain_32
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\wins
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\wbem
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\usmt
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\spool
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\ShellExt
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\Setup
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\ras
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\oobe
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\npp
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\mui
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\inetsrv
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\IME
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\icsxml
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\ias
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\export
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\drivers
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-05-11 03:46:58 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\dhcp
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\config
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\3076
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\2052
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\1054
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\1042
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\1041
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\1037
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\1033
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\1031
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\1028
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\1025
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\security
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Resources
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\repair
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Provisioning
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\PeerNet
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\pchealth
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\mui
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\msapps
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\msagent
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Media
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\java
2008-05-11 03:46:58 0 d--h----- C:\WINDOWS\inf
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\ime
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Help
2008-05-11 03:46:58 0 dr--s---- C:\WINDOWS\Fonts
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\ehome
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Driver Cache
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\dell
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Debug
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Cursors
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Connection Wizard
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Config
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\AppPatch
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\addins
2008-05-11 02:18:49 0 d-------- C:\Documents and Settings\DominicB\Application Data\Identities
2008-05-11 02:18:43 0 d--h----- C:\Documents and Settings\DominicB\Templates
2008-05-11 02:18:43 0 dr------- C:\Documents and Settings\DominicB\Start Menu
2008-05-11 02:18:43 0 dr-h----- C:\Documents and Settings\DominicB\SendTo
2008-05-11 02:18:43 0 d--h----- C:\Documents and Settings\DominicB\PrintHood
2008-05-11 02:18:43 4194304 --ah----- C:\Documents and Settings\DominicB\NTUSER.DAT
2008-05-11 02:18:43 0 d--h----- C:\Documents and Settings\DominicB\NetHood
2008-05-11 02:18:43 0 dr------- C:\Documents and Settings\DominicB\My Documents
2008-05-11 02:18:43 0 d--h----- C:\Documents and Settings\DominicB\Local Settings
2008-05-11 02:18:43 0 dr------- C:\Documents and Settings\DominicB\Favorites
2008-05-11 02:18:43 0 d-------- C:\Documents and Settings\DominicB\Desktop
2008-05-11 02:18:43 0 d--hs---- C:\Documents and Settings\DominicB\Cookies
2008-05-11 02:18:43 0 dr-h----- C:\Documents and Settings\DominicB\Application Data
2008-05-11 02:17:44 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-05-11 02:17:42 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-05-11 02:17:41 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-05-11 02:17:41 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-05-11 02:17:41 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-05-11 02:17:41 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-05-11 02:17:41 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-05-11 02:09:45 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-05-11 02:09:45 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-05-11 02:09:45 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-05-11 02:09:45 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-05-11 02:09:45 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-05-11 02:06:38 0 d-------- C:\WINDOWS\system32\xircom
2008-05-11 02:06:38 0 d-------- C:\Program Files\microsoft frontpage
2008-05-11 02:06:27 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-05-11 02:06:27 0 d-------- C:\DELL
2008-05-11 02:06:15 0 -rahs---- C:\MSDOS.SYS
2008-05-11 02:06:15 0 -rahs---- C:\IO.SYS
2008-05-11 02:06:15 0 --a------ C:\CONFIG.SYS
2008-05-11 02:06:15 0 --a------ C:\AUTOEXEC.BAT
2008-05-11 02:05:25 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-05-11 02:05:18 0 dr------- C:\WINDOWS\Offline Web Pages
2008-05-11 02:05:18 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-05-11 02:05:10 0 d--h----- C:\Program Files\WindowsUpdate
2008-05-11 02:04:51 0 d-------- C:\WINDOWS\system32\DirectX
2008-05-11 02:04:17 0 d---s---- C:\WINDOWS\Tasks
2008-05-11 02:04:16 0 d-------- C:\Program Files\Common Files\MSSoap
2008-05-11 02:04:12 0 d-------- C:\WINDOWS\srchasst
2008-05-11 02:04:11 0 d-------- C:\WINDOWS\system32\Macromed
2008-05-11 02:04:01 0 d-------- C:\Program Files\Movie Maker
2008-05-11 02:03:53 0 d-------- C:\WINDOWS\system32\Restore
2008-05-11 02:03:14 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-11 02:02:57 0 d-------- C:\WINDOWS\Registration
2008-05-11 02:02:50 0 d-------- C:\Program Files\Online Services
2008-05-11 02:02:44 0 d-------- C:\Program Files\Messenger
2008-05-11 02:02:40 0 d-------- C:\Program Files\MSN Gaming Zone
2008-05-11 02:01:56 0 d-------- C:\Program Files\Windows NT
2008-05-11 02:01:53 0 d-------- C:\WINDOWS\system32\MsDtc
2008-05-11 02:01:51 0 d-------- C:\WINDOWS\system32\Com

-- Find3M Report ---------------------------------------------------------------

2008-05-11 03:55:53 62 --ahs---- C:\Documents and Settings\DominicB\Application Data\desktop.ini

-- Registry Dump ---------------------------------------------------------------

-- End of Deckard's System Scanner: finished at 2008-05-25 22:00:11 ------------

**Rorschach112** · 2008-05-25, 14:03

Hello

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Reboot and post a new DSS log

Thread: Virtumonde

Thread Tools

Display

Virtumonde

Posting Permissions