help removing command service,virtumond [Archive]

View Full Version : help removing command service,virtumond

akm111

2007-09-25, 15:05

hope i did this right, thanks for help. virus file is long
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:43:04 AM, on 9/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Cox\Applications\App\syssvcnt.exe
C:\WINDOWS\System32\CTsvcCDA.exe
c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Cox\Applications\app\Console.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {25AFE747-1E13-4E56-AC4F-DF6CF7867EA2} - C:\WINDOWS\system32\vturq.dll
O2 - BHO: AuthPopupBHO01.cBHO - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - c:\Program Files\Cox\Applications\App\popupbho01.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {5AAC1E30-29FE-4C0E-A46C-43AA0C9D9C36} - (no file)
O2 - BHO: (no name) - {94FE7606-3CC6-4245-AFF7-90598021DEA3} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {ab2dbaf8-50d4-457b-9957-4afba69f3a95} - C:\WINDOWS\system32\uxdbfvf.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Cox Popup Blocker - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - c:\Program Files\Cox\Applications\App\popupbho01.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [OBD2_TekLink_Start] C:\Program Files\OBD2 TekLink\2100D.exe
O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
O4 - HKLM\..\Run: [Traymin900] %SystemRoot%\System32\drivers\Tray900.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ESP] c:\Program Files\Cox\Applications\app\start.exe
O4 - HKLM\..\Run: [ShareSearcher] c:\wsusupd.exe
O4 - HKLM\..\Run: [lanmanwrk.exe] C:\WINDOWS\System32\lanmanwrk.exe
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\nvnogrtq.dll",sitypnow
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [Notn] "C:\PROGRA~1\COMMON~1\DOBE~1\chkdsk.exe" -vt yazb
O4 - Startup: WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} (CNavigationManager Object) - http://www3.authentium.com/cssrelease/bin/wizard.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1190014191984
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O20 - Winlogon Notify: rqrponl - rqrponl.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Cox High Speed Internet Security Suite System Service (AuthSysSvc) - Authentium, Inc. - c:\Program Files\Cox\Applications\App\syssvcnt.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows NT\rteserigo.html

--
End of file - 11013 bytes

Rorschach112

2007-09-25, 22:28

Hello akm11, my name is Rorschach and I'll be helping you with your problems.

We must disable the Real-Time Protection feature of Windows Defender for it may interfere with the changes we need to make.

To disable Real-Time Protection: Go to "Tools" | "General Settings" Scroll down to "Real-time protection options" Uncheck "Turn on real-time protection (recommended)" Remember to reactivate this feature when we have finished all our work.

Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

So post back with the following : the VundoFix text, the ComboFix log, a new HijackThis log, and tell me how your PC is running now and if you had any problems.

akm111

2007-09-26, 02:35

ran vundofix.exe
it didnt find any files,rebooted and ran hijackthis here is logs
will run combofix and post again
thanks for help

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:24:12 PM, on 9/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Cox\Applications\App\syssvcnt.exe
C:\WINDOWS\System32\CTsvcCDA.exe
c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\explore.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Cox\Applications\app\Console.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {348E6961-629A-4FBD-AFEA-9827AAB38354} - C:\WINDOWS\system32\vturq.dll
O2 - BHO: AuthPopupBHO01.cBHO - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - c:\Program Files\Cox\Applications\App\popupbho01.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {5AAC1E30-29FE-4C0E-A46C-43AA0C9D9C36} - (no file)
O2 - BHO: (no name) - {94FE7606-3CC6-4245-AFF7-90598021DEA3} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {ab2dbaf8-50d4-457b-9957-4afba69f3a95} - C:\WINDOWS\system32\uxdbfvf.dll (file missing)
O2 - BHO: IEHlprObj Class - {ABCDECF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\vtr.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Cox Popup Blocker - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - c:\Program Files\Cox\Applications\App\popupbho01.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [OBD2_TekLink_Start] C:\Program Files\OBD2 TekLink\2100D.exe
O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
O4 - HKLM\..\Run: [Traymin900] %SystemRoot%\System32\drivers\Tray900.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ESP] c:\Program Files\Cox\Applications\app\start.exe
O4 - HKLM\..\Run: [ShareSearcher] c:\wsusupd.exe
O4 - HKLM\..\Run: [lanmanwrk.exe] C:\WINDOWS\System32\lanmanwrk.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore.exe
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\eskqnmbt.dll",sitypnow
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [Notn] "C:\PROGRA~1\COMMON~1\DOBE~1\chkdsk.exe" -vt yazb
O4 - HKCU\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore.exe
O4 - Startup: info.exe
O4 - Startup: WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: info.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} (CNavigationManager Object) - http://www3.authentium.com/cssrelease/bin/wizard.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1190014191984
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\stdole32.dat
O20 - Winlogon Notify: rqrponl - rqrponl.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Cox High Speed Internet Security Suite System Service (AuthSysSvc) - Authentium, Inc. - c:\Program Files\Cox\Applications\App\syssvcnt.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows NT\rteserigo.html

--
End of file - 11416 bytes
VundoFix V6.5.8

Checking Java version...

Scan started at 7:16:58 PM 9/25/2007

Listing files found while scanning....

No infected files were found.

Beginning removal...

akm111

2007-09-26, 03:04

ran combofix, i think it hung up at the end waited long time
finally ctrl,alt, del rebooted ran hijackthis also there is icon
on desktop catchme.zip

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:57, on 2007-09-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\system32\rundll32.exe
c:\Program Files\Cox\Applications\App\syssvcnt.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Cox\Applications\app\Console.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: AuthPopupBHO01.cBHO - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - c:\Program Files\Cox\Applications\App\popupbho01.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {5AAC1E30-29FE-4C0E-A46C-43AA0C9D9C36} - (no file)
O2 - BHO: (no name) - {94FE7606-3CC6-4245-AFF7-90598021DEA3} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {ab2dbaf8-50d4-457b-9957-4afba69f3a95} - C:\WINDOWS\system32\uxdbfvf.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Cox Popup Blocker - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - c:\Program Files\Cox\Applications\App\popupbho01.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [OBD2_TekLink_Start] C:\Program Files\OBD2 TekLink\2100D.exe
O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
O4 - HKLM\..\Run: [Traymin900] %SystemRoot%\System32\drivers\Tray900.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ESP] c:\Program Files\Cox\Applications\app\start.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\eskqnmbt.dll",sitypnow
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [Notn] "C:\PROGRA~1\COMMON~1\DOBE~1\chkdsk.exe" -vt yazb
O4 - Startup: WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} (CNavigationManager Object) - http://www3.authentium.com/cssrelease/bin/wizard.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1190014191984
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\stdole32.dat
O20 - Winlogon Notify: rqrponl - rqrponl.dll (file missing)
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - cmd.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Cox High Speed Internet Security Suite System Service (AuthSysSvc) - Authentium, Inc. - c:\Program Files\Cox\Applications\App\syssvcnt.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

--
End of file - 10471 bytes

Rorschach112

2007-09-26, 16:24

Hello

Please go to UploadMalware (http://www.uploadmalware.com/) to upload a suspicious file for analysis.
Enter your username from this forum
Copy and paste the link to this thread
Browse for this filename: C:\PROGRA~1\COMMON~1\DOBE~1\chkdsk.exe
In the comments, please mention that I asked you to upload this file
Click on Send File

Repeat that for this file in bold

C:\WINDOWS\system32\stdole32.dat

Please delete your version of VundoFix.exe and do the following

Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
If it says "No infected files were found", right-click the list box (white box) in the main VundoFix window.
Select "Add More Files?" from the menu that comes up.
This will open a new VundoFix window that says "Paste files into the boxes below:"
In that window, copy and paste the following file path in the first (top) field:
C:\WINDOWS\system32\eskqnmbt.dll
Now copy and paste the following file path in the second field:
C:\PROGRA~1\COMMON~1\DOBE~1\chkdsk.exe
Click the 'Add Files' button.
Click the 'Close Window' button.
Click the 'Remove Vundo' button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in your next reply.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot

Open Notepad and Copy (Control+C) and Paste (Control+V) the following code into the Notepad window.

@echo off
sc stop ALG
sc delete ALG
exit

Click on 'File' then 'Save As'
In the Save in drop down box select Desktop
In the File name box type in FixService.bat
In the Save as type drop down box select All Files
Close Notepad.

Now, find FixService.bat on your Desktop and Double click it
A window will open and close, do not be concerned this is normal.
.

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {5AAC1E30-29FE-4C0E-A46C-43AA0C9D9C36} - (no file)
O2 - BHO: (no name) - {94FE7606-3CC6-4245-AFF7-90598021DEA3} - (no file)
O2 - BHO: (no name) - {ab2dbaf8-50d4-457b-9957-4afba69f3a95} - C:\WINDOWS\system32\uxdbfvf.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\eskqnmbt.dll",sitypnow
O4 - HKCU\..\Run: [Notn] "C:\PROGRA~1\COMMON~1\DOBE~1\chkdsk.exe" -vt yazb
O20 - AppInit_DLLs: C:\WINDOWS\system32\stdole32.dat
O20 - Winlogon Notify: rqrponl - rqrponl.dll (file missing)
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - cmd.exe (file missing)

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

Please download OTMoveIt by OldTimer (http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe).

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\eskqnmbt.dll
C:\PROGRA~1\COMMON~1\DOBE~1
C:\WINDOWS\system32\stdole32.dat
C:\WINDOWS\system32\cmd.exe

Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum.

Note : If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")

Click "Exit" to close OTMoveIt.

So in your next reply please post the following : a new HijackThis log, the VundoFix text, the OTMoveIt results, and tell me how your PC is running now and if you had any problems.

akm111

2007-09-27, 03:59

sent the one file to uploadmaiware
could not find stdole32.dat

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:53, on 2007-09-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Cox\Applications\App\syssvcnt.exe
C:\WINDOWS\System32\CTsvcCDA.exe
c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Cox\Applications\app\Console.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: AuthPopupBHO01.cBHO - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - c:\Program Files\Cox\Applications\App\popupbho01.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {5AAC1E30-29FE-4C0E-A46C-43AA0C9D9C36} - (no file)
O2 - BHO: (no name) - {94FE7606-3CC6-4245-AFF7-90598021DEA3} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {ab2dbaf8-50d4-457b-9957-4afba69f3a95} - C:\WINDOWS\system32\uxdbfvf.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Cox Popup Blocker - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - c:\Program Files\Cox\Applications\App\popupbho01.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [OBD2_TekLink_Start] C:\Program Files\OBD2 TekLink\2100D.exe
O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
O4 - HKLM\..\Run: [Traymin900] %SystemRoot%\System32\drivers\Tray900.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ESP] c:\Program Files\Cox\Applications\app\start.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [Notn] "C:\PROGRA~1\COMMON~1\DOBE~1\chkdsk.exe" -vt yazb
O4 - Startup: WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} (CNavigationManager Object) - http://www3.authentium.com/cssrelease/bin/wizard.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1190014191984
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\stdole32.dat
O20 - Winlogon Notify: rqrponl - rqrponl.dll (file missing)
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - cmd.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Cox High Speed Internet Security Suite System Service (AuthSysSvc) - Authentium, Inc. - c:\Program Files\Cox\Applications\App\syssvcnt.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

--
End of file - 10395 bytes
VundoFix V6.5.9

Checking Java version...

Scan started at 20:34:13 2007-09-26

Listing files found while scanning....

C:\WINDOWS\system32\eskqnmbt.dll
C:\WINDOWS\system32\tbmnqkse.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\eskqnmbt.dll
C:\WINDOWS\system32\eskqnmbt.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\tbmnqkse.ini
C:\WINDOWS\system32\tbmnqkse.ini Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.9

Checking Java version...

Scan started at 20:47:03 2007-09-26

Listing files found while scanning....

No infected files were found.

Beginning removal...

Rorschach112

2007-09-27, 04:01

Hello

Delete your version of ComboFix.exe and do the following(make sure not to use your PC while its scanning)

1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply along with a new HijackThis log

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

akm111

2007-09-27, 04:22

sorry forgot this moveit results

File/Folder not found.
LoadLibrary failed for C:\WINDOWS\system32\eskqnmbt.dll
C:\WINDOWS\system32\eskqnmbt.dll NOT unregistered.
C:\WINDOWS\system32\eskqnmbt.dll moved successfully.
File/Folder C:\PROGRA~1\COMMON~1\DOBE~1 not found.
File/Folder C:\WINDOWS\system32\stdole32.dat not found.
C:\WINDOWS\system32\cmd.exe moved successfully.
File/Folder not found.
File/Folder not found.

Created on 09-26-2007 21:18:46

akm111

2007-09-27, 05:08

ran combofix it asked me to submit
C:\Documents and Settings\Owner\Desktop.\[4]-Submit_2007-09-26@21.24.zip
to Submit malware to Bleeping Computer for analysis

ComboFix 07-09-27.3 - Owner 2007-09-26 21:24:18.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.367 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\xpdx.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_XPDX

((((((((((((((((((((((((( Files Created from 2007-08-27 to 2007-09-27 )))))))))))))))))))))))))))))))
.

2007-09-26 20:34 <DIR> d-------- C:\VundoFix Backups
2007-09-25 19:15 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-25 18:50 9,728 --a------ C:\WINDOWS\exploeee.exe
2007-09-25 18:49 41,472 --a------ C:\WINDOWS\dafdar.exe
2007-09-25 18:49 41,472 --a------ C:\WINDOWS\0x57.exe
2007-09-25 15:18 39,424 --a------ C:\WINDOWS\system32\vtr.dll
2007-09-25 07:42 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-25 05:02 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-09-25 05:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-09-24 18:22 <DIR> d-------- C:\temp\mpg
2007-09-24 18:22 <DIR> d-------- C:\temp\jpg
2007-09-24 18:22 <DIR> d-------- C:\temp\bmp
2007-09-24 15:48 <DIR> d-------- C:\Program Files\Windows Defender
2007-09-24 14:52 75,328 --a------ C:\WINDOWS\system32\yppcopux.exe
2007-09-24 12:53 85,056 --------- C:\WINDOWS\system32\mrilthix.dll
2007-09-24 12:47 75,328 --a------ C:\WINDOWS\system32\lebhnmlf.exe
2007-09-23 16:00 85,568 --------- C:\WINDOWS\system32\hhxvtnfl.dll
2007-09-23 15:57 75,328 --a------ C:\WINDOWS\system32\dfrlinfr.exe
2007-09-23 15:24 75,328 --a------ C:\WINDOWS\system32\ttribgdp.exe
2007-09-23 14:45 75,328 --a------ C:\WINDOWS\system32\dsggjevu.exe
2007-09-23 14:08 314,464 --a------ C:\WINDOWS\system32\geebb.dll
2007-09-23 14:08 1,976,494 ---hs---- C:\WINDOWS\system32\bbeeg.bak1
2007-09-23 03:21 75,328 --a------ C:\WINDOWS\system32\gmqeqjac.exe
2007-09-23 02:20 75,328 --a------ C:\WINDOWS\system32\jkveljhc.exe
2007-09-22 06:18 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-09-21 07:10 68,608 --a------ C:\WINDOWS\system32\grb4.exe
2007-09-21 05:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
2007-09-20 23:52 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Viewpoint
2007-09-20 03:48 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-09-20 03:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-09-20 03:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2007-09-20 03:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2007-09-20 03:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Real
2007-09-20 03:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\interMute
2007-09-19 04:35 <DIR> d-------- C:\Program Files\Colorizer
2007-09-17 22:33 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\acccore
2007-09-17 22:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-09-17 22:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2007-09-17 22:25 <DIR> d-------- C:\Program Files\Common Files\AOL
2007-09-17 22:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-09-17 22:24 335 --a------ C:\WINDOWS\nsreg.dat
2007-09-17 22:24 <DIR> d-------- C:\Program Files\AIM6
2007-09-17 22:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-09-15 07:48 <DIR> d-------- C:\Program Files\DVDAttache
2007-09-15 07:23 <DIR> d-------- C:\WINDOWS\system32\ElectricSheep
2007-09-11 02:57 <DIR> d-------- C:\Documents and Settings\Owner\shit
2007-09-10 20:05 <DIR> d-------- C:\Program Files\MTV Networks
2007-09-10 17:31 <DIR> d-------- C:\Program Files\Common Files\Aluria
2007-09-10 17:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Authentium
2007-09-10 17:30 <DIR> d-------- C:\Program Files\Common Files\Authentium
2007-09-10 17:29 <DIR> d-------- C:\Program Files\Cox
2007-09-10 17:25 <DIR> d-------- C:\Program Files\Common Files\Authentium Shared
2007-09-09 20:31 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
2007-09-09 02:08 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Google
2007-09-08 20:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-09-08 20:13 <DIR> d-------- C:\Program Files\Google
2007-09-08 20:13 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Google
2007-09-08 06:05 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\ATI
2007-09-08 05:39 <DIR> d-------- C:\Program Files\Common Files\ATI Technologies
2007-09-08 05:34 <DIR> d-------- C:\Program Files\TitanTV
2007-09-08 05:32 <DIR> d-------- C:\ATI
2007-09-08 02:07 <DIR> d-------- C:\Program Files\Virtual Earth 3D
2007-09-07 03:30 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-09-07 03:12 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2007-09-07 03:12 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2007-09-07 03:12 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2007-09-06 08:32 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\X10 Commander
2007-09-06 06:17 <DIR> d-------- C:\WINDOWS\system32\drvr2
2007-09-06 06:17 <DIR> d-------- C:\WINDOWS\system32\cfig322
2007-09-06 06:17 <DIR> d-------- C:\WINDOWS\system32\capcom
2007-09-06 04:21 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AVS4YOU
2007-09-06 04:20 638,976 --a------ C:\WINDOWS\system32\divx.dll
2007-09-06 04:20 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-09-06 04:20 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2007-09-06 04:20 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-09-06 04:20 139,264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-09-06 04:20 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2007-09-06 04:06 524,288 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-09-06 04:06 383,238 --a------ C:\WINDOWS\system32\libmp3lame-0.dll
2007-09-03 19:45 17,176 --------- C:\WINDOWS\hpomdl04.dat
2007-09-03 19:45 104,253 --a------ C:\WINDOWS\hpoins04.dat
2007-09-03 06:44 <DIR> d-------- C:\Program Files\Grisoft(2)
2007-09-03 06:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft(2)
2007-09-03 06:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7(2)
2007-09-03 06:00 <DIR> d-------- C:\temp\shay_files
2007-09-03 05:51 <DIR> d-------- C:\temp\kelso_files
2007-09-03 01:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-01 22:44 36,224 --a--c--- C:\WINDOWS\system32\dllcache\an983.sys
2007-09-01 22:44 36,224 --a------ C:\WINDOWS\system32\drivers\an983.sys
2007-09-01 03:51 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SoundSpectrum
2007-09-01 03:36 <DIR> d-------- C:\Documents and Settings\Owner\WhiteCap
2007-09-01 03:35 <DIR> d-------- C:\Program Files\SoundSpectrum
2007-08-28 22:23 202,240 --a------ C:\WINDOWS\system32\Yamaha 2007 Fontana Roadracing.scr
2007-08-28 22:23 <DIR> d-------- C:\WINDOWS\system32\Yamaha 2007 Fontana Roadracing dir
2007-08-28 19:54 722,176 --a------ C:\Documents and Settings\Owner\gotomypc_428.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 07:01 --------- d-------- C:\Documents and Settings\Owner\Application Data\Microsoft Web Folders
2011-11-25 06:48 --------- d-------- C:\Program Files\Accessories
2011-11-25 04:42 --------- d-------- C:\Program Files\Quicken
2011-11-25 04:26 --------- d-------- C:\Documents and Settings\Owner\Application Data\ACD Systems
2011-11-25 04:25 --------- d-------- C:\Program Files\ACD
2011-11-25 04:25 --------- d-------- C:\Documents and Settings\Owner\Application Data\ACDInTouch
2011-11-25 04:16 --------- d-------- C:\Program Files\ACDSee32
2011-11-25 02:41 --------- d-------- C:\Program Files\Hewlett-Packard
2011-11-25 02:41 --------- d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2011-11-25 00:00 --------- d-------- C:\Program Files\Windows Media Components
2011-11-24 23:59 --------- d-------- C:\Program Files\Common Files\CyberLink
2011-11-24 23:22 --------- d-------- C:\Program Files\Easy Internet signup
2011-11-24 23:10 3704 -rahs---- C:\WINDOWS\system32\drivers\HP_DQ181A-ABA S6500NX NA410_YC_Pres_QMXK408_E41NAheRED4_4_IKamet2_SASUSTek Computer INC._V2.01_B3.08_T040204_WXH1_L409_M768_J160_7AMD_8Athlon XP 3000+_92.16_111063044_N11063065_P_Z11C1044C_K_A_U11063038_G10025961.MRK
2011-11-24 23:09 --------- d-------- C:\Program Files\Yahoo!
2007-09-25 04:26 --------- d-------- C:\Documents and Settings\All Users\Application Data\ATI MMC
2007-09-25 03:26 --------- d-------- C:\Documents and Settings\Owner\Application Data\ATI MMC
2007-09-21 07:00 --------- d-------- C:\Program Files\OBD2 TekLink
2007-09-17 22:25 --------- d-------- C:\Program Files\Viewpoint
2007-09-17 09:14 --------- d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2007-09-08 06:01 --------- d-------- C:\Program Files\ATI Technologies
2007-09-08 05:45 --------- d-------- C:\Program Files\ATI Multimedia
2007-09-08 05:44 --------- d-------- C:\Program Files\Common Files\ATI
2007-09-03 19:51 --------- d-------- C:\Program Files\HP
2007-08-15 04:54 --------- d-------- C:\Documents and Settings\Owner\Application Data\Real
2007-08-15 02:01 --------- d-------- C:\Documents and Settings\Owner\Application Data\ArcSoft
2007-08-15 01:52 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-15 01:36 --------- d-------- C:\Program Files\Creative
2007-08-14 20:14 --------- d-------- C:\Program Files\MSXML 6.0
2007-08-13 22:43 4117 --a------ C:\WINDOWS\viassary-hp.reg
2007-08-13 20:22 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-08-13 19:47 --------- d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-08-13 19:42 --------- d-------- C:\Program Files\MSXML 4.0
2007-08-13 19:02 43672 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS
2007-08-02 05:46 --------- d-------- C:\Program Files\ArcSoft
2007-07-27 07:51 --------- d-------- C:\Documents and Settings\Owner\Application Data\Image Zone Express
2007-07-19 04:32 9977128 --a------ C:\WINDOWS\Roadtrip.exe
2007-07-19 04:32 404544 --a------ C:\WINDOWS\Roadtrip.scr
2007-07-19 04:32 30208 --a------ C:\WINDOWS\mickey32.dll
.

-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 09:07]
"CamMonitor"="c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 09:23]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" []
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 04:55]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 22:02]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 10:01]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-10-11 07:07]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" []
"LTMSG"="LTMSG.exe" [2003-07-14 19:52 C:\WINDOWS\ltmsg.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-07-31 22:28]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-13 22:10]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-07-23 18:37]
"CTSysVol"="C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 11:43]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 14:38]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-23 17:26]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 03:46]
"OBD2_TekLink_Start"="C:\Program Files\OBD2 TekLink\2100D.exe" []
"PhiBtn"="C:\WINDOWS\System32\drivers\PhiBtn.exe" []
"Traymin900"="C:\WINDOWS\System32\drivers\Tray900.exe" []
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41]
"ESP"="c:\Program Files\Cox\Applications\app\start.exe" [2007-05-09 14:40]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll,nViewLoadHook" []
"ATI Remote Control"="C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe" [2003-12-03 06:13]
"MtdAcq"="C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe" [2002-10-16 19:13]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"ATI Launchpad"="" []
"ATI DeviceDetect"="C:\Program Files\ATI Multimedia\main\ATIDtct.EXE" [2005-12-23 01:20]
"Aim6"="" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 23:31:38]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-29 00:06:36]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
WKCALREM.LNK - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2002-06-20 13:21:32]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 23:31:38]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-29 00:06:36]

R2 ATITUNEP;ATI WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\atintuxx.sys
R2 ATIXSAudio;ATI WDM TV Audio Crossbar;C:\WINDOWS\system32\DRIVERS\atinxsxx.sys
R2 PCDCODEC;ATI WDM Specialized PCD Codec;C:\WINDOWS\system32\DRIVERS\atinpdxx.sys
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys
R3 ativraxx;ATI WDM Rage Theater Audio;C:\WINDOWS\system32\DRIVERS\atinraxx.sys
R3 camvid40;Philips SPC 900NC PC Camera;C:\WINDOWS\system32\DRIVERS\camdrv41.sys
R3 P17;Sound Blaster Live! 24-bit;C:\WINDOWS\system32\drivers\P17.sys
R3 Point32;Microsoft IntelliPoint Filter Driver;C:\WINDOWS\system32\DRIVERS\point32.sys
S2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys
S2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys

.
Contents of the 'Scheduled Tasks' folder
"2011-11-25 04:22:52 C:\WINDOWS\Tasks\Easy Internet Sign-up.job"
- C:\Program Files\Easy Internet signup\HPSdpApp.exe
"2007-09-27 02:32:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-09-21 10:27:16 C:\WINDOWS\Tasks\Pareto UNS.job"
- C:\Program Files\Common Files\ParetoLogic\UUS\UUS.dll\Pareto_Update.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-26 21:41:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-26 21:43:03 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-26 21:42
.
--- E O F ---

akm111

2007-09-27, 05:09

akm111

2007-09-27, 05:10

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:05:47 PM, on 9/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Cox\Applications\App\syssvcnt.exe
C:\WINDOWS\System32\CTsvcCDA.exe
c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Cox\Applications\app\Console.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: AuthPopupBHO01.cBHO - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - c:\Program Files\Cox\Applications\App\popupbho01.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Cox Popup Blocker - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - c:\Program Files\Cox\Applications\App\popupbho01.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [OBD2_TekLink_Start] C:\Program Files\OBD2 TekLink\2100D.exe
O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
O4 - HKLM\..\Run: [Traymin900] %SystemRoot%\System32\drivers\Tray900.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ESP] c:\Program Files\Cox\Applications\app\start.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - Startup: WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} (CNavigationManager Object) - http://www3.authentium.com/cssrelease/bin/wizard.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1190014191984
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Cox High Speed Internet Security Suite System Service (AuthSysSvc) - Authentium, Inc. - c:\Program Files\Cox\Applications\App\syssvcnt.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

--
End of file - 9724 bytes

Rorschach112

2007-09-27, 14:06

Hello

CLICK THIS TO LINK TO BE SURE YOU CAN VIEW HIDDEN FILES (http://www.xtra.co.nz/help/0,,4155-1916458,00.html)

Please go here:
The Spy Killer Forum (http://www.thespykiller.co.uk/index.php?board=1.0)
Click on "New Topic"
Put your name, e-mail address, and this as the title: "C:\Documents and Settings\Owner\Desktop.\[4]-Submit_2007-09-26@21.24.zip "
Put a link to this topic in the description box.
Then next to the file box, at the bottom, click the browse button, then navigate to this file:

C:\Documents and Settings\Owner\Desktop.\[4]-Submit_2007-09-26@21.24.zip

Click Open.
Click Post.
Thank you!

Please download OTMoveIt by OldTimer (http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe).

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\exploeee.exe
C:\WINDOWS\dafdar.exe
C:\WINDOWS\0x57.exe
C:\WINDOWS\system32\vtr.dll
C:\WINDOWS\system32\yppcopux.exe
C:\WINDOWS\system32\mrilthix.dll
C:\WINDOWS\system32\lebhnmlf.exe
C:\WINDOWS\system32\hhxvtnfl.dll
C:\WINDOWS\system32\dfrlinfr.exe
C:\WINDOWS\system32\ttribgdp.exe
C:\WINDOWS\system32\dsggjevu.exe
C:\WINDOWS\system32\geebb.dll
C:\WINDOWS\system32\bbeeg.bak1
C:\WINDOWS\system32\gmqeqjac.exe
C:\WINDOWS\system32\jkveljhc.exe
C:\WINDOWS\system32\grb4.exe

Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum.

Note : If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")

Click "Exit" to close OTMoveIt.

Next download AVG Anti-Spyware from HERE (http://downloads.grisoft.cz/softw/70/filedir/inst/avgas-setup-7.5.0.50.exe) and save that file to your desktop.
This is a 30 day trial of the program
Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.

Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
Select "Automatically generate report after every scan"
Un-Select "Only if threats were found"

Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Next select the "Reports" icon at the top.
Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Double click the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, in the menu, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

So in your next reply please post the OTMoveIt results, the AVG anti-spyware report, the Dr. Web Cureit report, and tell me how your PC is running now and if you had any problems.

akm111

2007-09-28, 12:30

did everything you said the move it log looks like or the
date anyway was from day before, ran avg found a lot think it was 116, would't let me save report,drweb found lot to,seems to be running ok haven't done much with it except this

File/Folder not found.
LoadLibrary failed for C:\WINDOWS\system32\eskqnmbt.dll
C:\WINDOWS\system32\eskqnmbt.dll NOT unregistered.
C:\WINDOWS\system32\eskqnmbt.dll moved successfully.
File/Folder C:\PROGRA~1\COMMON~1\DOBE~1 not found.
File/Folder C:\WINDOWS\system32\stdole32.dat not found.
C:\WINDOWS\system32\cmd.exe moved successfully.
File/Folder not found.
File/Folder not found.

Created on 09-26-2007 21:18:46

setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2;Probably BACKDOOR.Trojan;Incurable.Deleted.;
RegUBP2b-Owner.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots;Trojan.StartPage.1505;Deleted.;
KillWind.exe;C:\hp\bin;Tool.ProcessKill;Incurable.Deleted.;
Terminator.exe;C:\hp\bin;Trojan.KillApp.30208;Deleted.;
videotype.vbs;C:\hp\patches\41NA0RED\WinDVD;Probably SCRIPT.Virus;Incurable.Deleted.;
crbkneql.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod;Deleted.;
lanmandrv.sys.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.DownLoader.33221;Deleted.;
wbbhbfxx.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod;Deleted.;
f02WtR1065.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32\f02WtR;Trojan.DownLoader.24715;Deleted.;
A0028607.exe;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP311;Trojan.Winpop;Deleted.;
A0028608.exe;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP311;Trojan.MulDrop.8200;Deleted.;
A0028609.exe;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP311;Trojan.LowZones.267;Deleted.;
A0028612.exe;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP311;Adware.WebBuying;Incurable.Deleted.;
A0028616.exe;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP311;Adware.ZenoSearch;Incurable.Deleted.;
A0032152.reg;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP318;Trojan.StartPage.1505;Deleted.;
A0032226.reg;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP318;Trojan.StartPage.1505;Deleted.;
A0032333.reg;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP319;Trojan.StartPage.1505;Deleted.;
A0033960.dll;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP325;Adware.WebBuying;Incurable.Deleted.;
A0034013.dll;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP326;Trojan.Virtumod;Deleted.;
A0036013.dll;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP327;Trojan.Virtumod;Deleted.;
A0036100.dll;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP330;Trojan.Virtumod;Deleted.;
A0036101.dll;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP330;Trojan.Virtumod;Deleted.;
A0037100.dll;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP331;Trojan.Virtumod;Deleted.;
A0038187.dll;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP331;Trojan.Virtumod;Deleted.;
A0038190.dll;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP331;Trojan.Virtumod;Deleted.;
A0038191.dll;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP331;Trojan.Virtumod;Deleted.;
A0038192.dll;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP331;Trojan.Virtumod;Deleted.;
A0038200.dll;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP331;Trojan.Virtumod;Deleted.;
A0038227.dll;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP331;Trojan.Virtumod;Deleted.;
A0038299.dll;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP332;Trojan.Virtumod;Deleted.;
A0039345.dll;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP332;Trojan.Virtumod;Deleted.;
A0039348.dll;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP332;Trojan.Virtumod;Deleted.;
A0039355.dll;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP332;Trojan.Virtumod;Deleted.;
A0042356.dll;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP334;Trojan.Virtumod;Deleted.;
A0042380.dll;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP335;Trojan.Virtumod;Deleted.;
A0043404.dll;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP335;Trojan.Virtumod;Deleted.;
A0043423.dll;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP335;Trojan.Virtumod;Deleted.;
A0043426.dll;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP335;Trojan.Virtumod;Deleted.;
A0043428.dll;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP335;Trojan.Virtumod;Deleted.;
A0043434.dll;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP335;Trojan.Virtumod;Deleted.;
A0044482.dll;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP336;Trojan.Virtumod;Deleted.;
A0044529.exe;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP336;Trojan.Ssearch;Deleted.;
A0044538.sys;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP336;Trojan.DownLoader.33221;Deleted.;
A0044569.sys;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP337;Trojan.DownLoader.33221;Deleted.;
A0044570.exe;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP337;Trojan.DownLoader.33221;Deleted.;
A0044588.exe;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP337;Trojan.DownLoader.33221;Deleted.;
A0044589.exe;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP337;Trojan.DownLoader.33221;Deleted.;
A0044590.exe;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP337;Trojan.DownLoader.33221;Deleted.;
A0044596.exe;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP337;Trojan.DownLoader.33221;Deleted.;
A0045632.sys;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP338;Trojan.DownLoader.33221;Deleted.;
A0045644.exe;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP338;Trojan.DownLoader.33221;Deleted.;
A0048821.sys;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP339;Trojan.DownLoader.33221;Deleted.;
A0048833.exe;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP339;Trojan.DownLoader.33221;Deleted.;
A0048890.sys;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP340;Trojan.DownLoader.33221;Deleted.;
A0048903.exe;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP340;Trojan.DownLoader.33221;Deleted.;
A0048960.sys;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP341;Trojan.DownLoader.33221;Deleted.;
A0048973.exe;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP341;Trojan.DownLoader.33221;Deleted.;
A0049066.sys;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP342;Trojan.DownLoader.33221;Deleted.;
A0049078.exe;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP342;Trojan.DownLoader.33221;Deleted.;
A0051179.exe;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP342;Trojan.DownLoader.33221;Deleted.;
A0051199.dll;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP342;Probably BACKDOOR.Trojan;Incurable.Deleted.;
A0051205.exe;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP342;Trojan.Ssearch;Deleted.;
A0052156.dll;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP342;Trojan.Mezzia;Deleted.;
A0060470.sys;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP348;Trojan.DownLoader.33221;Deleted.;
A0060736.reg;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP352;Trojan.StartPage.1505;Deleted.;
A0060737.exe;C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP352;Trojan.KillApp.30208;Deleted.;
0x57.exe;C:\_OTMoveIt\MovedFiles\WINDOWS;Trojan.Fakealert.305 - read error;Deleted.;
dafdar.exe;C:\_OTMoveIt\MovedFiles\WINDOWS;Trojan.Fakealert.305 - read error;Deleted.;
videotype.vbs;D:\hp\patches\41NA0RED\WinDVD;Probably SCRIPT.Virus;Incurable.Deleted.;

Rorschach112

2007-09-28, 13:46

Can you please post me a new DSS log.

Please do an online scan with Kaspersky WebScanner (http://www.kaspersky.com/virusscanner)

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT

Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)

Scan Options:
Scan Archives
Scan Mail Bases

Click OK
Now under select a target to scan:Select My Computer

This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

Please download RUNSCANNER (http://www.runscanner.net/download.aspx) to your desktop and run it.

When the first page comes up select Beginner Mode
On the next page select Save a binary .Run file (optional) then click Start full computer scan at the bottom.
At this time Runscanner.exe may request access to the Internet through your firewall please allow it to do so, it will then run for two or three minutes.
On completion it will ask for a location to save the file and a name. It will do this for both the .run file and the log
Call the file "Select a file name here" and save it to your desktop. You will see the .run file on your desktop. Please zip that file by right clicking and selecting send to Zip file

Then upload that as an attachment along with the log file produced in your next post.

Also let me know how your PC is running now

akm111

2007-09-29, 02:57

Runscanner logfile http://www.runscanner.net

* = authenticode signed file
- = file not found

000 General info
----------------
Computer name : HOME
Creation time : 9/28/2007 7:20:59 PM
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 7.0.5730.11
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 2
RunScanner Version : 1.0.3.0
Type of scan : Full scan

Runscanner logfile http://www.runscanner.net

* = authenticode signed file
- = file not found

000 General info
----------------
Computer name : HOME
Creation time : 9/28/2007 7:20:59 PM
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 7.0.5730.11
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 2
RunScanner Version : 1.0.3.0
Type of scan : Full scan
User Language : English (United States)
User rights : Administrator
Windows folder : C:\WINDOWS

001 Running processes
---------------------
* c:\program files\grisoft\avg anti-spyware 7.5\guard.exe (GRISOFT s.r.o.)
c:\windows\system32\ctsvccda.exe (Creative Technology Ltd)
* c:\program files\common files\authentium\antivirus\dvpapi.exe (Authentium, Inc.)
* c:\program files\cox\applications\app\syssvcnt.exe (Authentium, Inc.)
c:\windows\system32\hpzipm12.exe (HP)
* c:\docume~1\owner\locals~1\temp\runscanner.exe (Runscanner.net)
c:\windows\system32\mspmspsv.exe (Microsoft Corporation)

002 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
* c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe (GRISOFT s.r.o.)
c:\program files\ati technologies\ati.ace\cli.exe (ATI Technologies Inc.)
c:\program files\ati technologies\ati control panel\atiptaxx.exe (ATI Technologies, Inc.)
c:\program files\hp\digital imaging\unload\hpqcmon.exe
c:\program files\creative\sb live! 24-bit\surround mixer\ctsysvol.exe (Creative Technology Ltd)
* c:\program files\cox\applications\app\start.exe (Authentium, Inc.)
* c:\windows\system32\hkcmd.exe (Intel Corporation)
c:\program files\hp\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
c:\program files\hp\hp software update\hpwuschd2.exe (Hewlett-Packard Company)
c:\windows\system32\hphmon05.exe (Hewlett-Packard)
- c:\program files\hp\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
c:\program files\microsoft intellipoint\point32.exe (Microsoft Corporation)
c:\hp\kbd\kbd.exe (Hewlett-Packard Company)
* C:\WINDOWS\ltmsg.exe (Agere Systems)
c:\program files\musicmatch\musicmatch jukebox\mmtask.exe (TODO: <Company name>)
- c:\program files\obd2 teklink\2100d.exe
- C:\WINDOWS\system32\drivers\phibtn.exe
* c:\windows\system32\ps2.exe (Hewlett-Packard Company)
- c:\windows\sminst\recguard.exe
c:\program files\common files\real\update_ob\realsched.exe (RealNetworks, Inc.)
- C:\WINDOWS\system32\drivers\tray900.exe
c:\program files\microsoft intellitype pro\type32.exe (Microsoft Corporation)
c:\program files\common files\sonic\update manager\sgtray.exe (Sonic Solutions)
c:\windows\updreg.exe (Creative Technology Ltd.)

003 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
c:\program files\ati multimedia\main\atidtct.exe (ATI Technologies Inc.)
c:\program files\ati multimedia\remctrl\atirw.exe (ATI Technologies Inc.)
c:\program files\creative\shared files\media sniffer\mtdacq.exe (Creative Technology Ltd)
* C:\WINDOWS\system32\nview.dll (NVIDIA Corporation)

004 C:\Documents and Settings\Owner\Start Menu\Programs\Startup
---------------------------------------------------------------
c:\progra~1\common~1\micros~1\workss~1\wkcalrem.exe (Microsoft® Corporation)

005 C:\Documents and Settings\All Users\Start Menu\Programs\Startup
-------------------------------------------------------------------
c:\progra~1\hp\digita~1\bin\hpqtra08.exe (Hewlett-Packard Co.)
c:\progra~1\hp\digita~1\bin\hpqthb08.exe (Hewlett-Packard Co.)

010 HKLM\SYSTEM\CurrentControlSet\Services (Services)
-----------------------------------------------------
C:\WINDOWS\microsoft.net\framework\v1.1.4322\aspnet_state.exe (ASP.NET State Service)
* C:\WINDOWS\system32\ati2evxx.exe (ATI External Event Utility EXE Module)
c:\windows\system32\ati2sgag.exe (ATI Smart)
* c:\program files\grisoft\avg anti-spyware 7.5\guard.exe (AVG Anti-Spyware Guard)
* c:\program files\cox\applications\app\syssvcnt.exe (Cox High Speed Internet Security Suite System Service)
c:\windows\system32\ctsvccda.exe (Creative Service for CDROM Access)
* c:\program files\common files\authentium\antivirus\dvpapi.exe (DvpApi)
* c:\program files\google\common\google updater\googleupdaterservice.exe (Google Updater Service)
* C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Driver Helper Service)
c:\windows\system32\hpzipm12.exe (Pml Driver HPZ12)
c:\windows\system32\mspmspsv.exe (WMDM PMSP Service)
- c:\progra~1\atimul~1\remctrl\x10nets.exe (X10 Device Network Service)

011 HKLM\SYSTEM\CurrentControlSet\Services (drivers)
----------------------------------------------------
* C:\WINDOWS\system32\drivers\an983.sys (ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter)
* C:\WINDOWS\system32\drivers\ltmdmnt.sys (Agere Modem Driver)
* C:\WINDOWS\system32\drivers\atinraxx.sys (ATI WDM Rage Theater Audio)
* C:\WINDOWS\system32\drivers\atinrvxx.sys (ATI WDM Rage Theater Video)
* C:\WINDOWS\system32\drivers\atinmdxx.sys (ATI WDM Specialized MVD Codec)
* C:\WINDOWS\system32\drivers\atinpdxx.sys (ATI WDM Specialized PCD Codec)
* C:\WINDOWS\system32\drivers\atinxsxx.sys (ATI WDM TV Audio Crossbar)
* C:\WINDOWS\system32\drivers\atintuxx.sys (ATI WDM TV Tuner)
C:\WINDOWS\system32\drivers\avgascln.sys (AVG Anti-Spyware Clean Driver)
* c:\program files\grisoft\avg anti-spyware 7.5\guard.sys (AVG Anti-Spyware Driver)
- c:\docume~1\owner\locals~1\temp\catchme.sys (Base)
* C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative OS Services Driver)
* C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative SoundFont Management Device Driver)
* C:\WINDOWS\system32\drivers\ptilink.sys (Direct Parallel Link Driver)
* C:\WINDOWS\system32\drivers\css-dvp.sys (Dynamic Virus Protection)
C:\WINDOWS\system32\drivers\pxhelp20.sys (Filter)
C:\WINDOWS\system32\giveio.sys (giveio)
c:\windows\system32\drivers\hardlock.sys (hardlock)
c:\windows\system32\drivers\haspnt.sys (Haspnt)
* C:\WINDOWS\system32\drivers\hpzid412.sys (IEEE-1284.4 Driver HPZid412)
* C:\WINDOWS\system32\drivers\ialmkchw.sys (Intel(R) Graphics Chipset (KCH) Driver)
* C:\WINDOWS\system32\drivers\ialmsbw.sys (Intel(R) Graphics Platform (SoftBIOS) Driver)
* C:\WINDOWS\system32\drivers\nv_agp.sys (NVIDIA nForce AGP Bus Filter)
* C:\WINDOWS\system32\drivers\nvxbar.sys (nVidia WDM A/V Crossbar)
* C:\WINDOWS\system32\drivers\nvcap.sys (nVidia WDM Video Capture (universal))
C:\WINDOWS\system32\drivers\pfc.sys (Padus ASPI Shell)
* c:\windows\system32\drivers\pfmodnt.sys (PCI/ISA Device Info. Service)
* C:\WINDOWS\system32\drivers\camdrv41.sys (Philips SPC 900NC PC Camera)
* C:\WINDOWS\system32\drivers\hpzipr12.sys (Print Class Driver for IEEE-1284.4 HPZipr12)
* C:\WINDOWS\system32\drivers\ps2.sys (PS2)
* C:\WINDOWS\system32\drivers\r8139n51.sys (Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver)
* C:\WINDOWS\system32\drivers\fasttx2k.sys (SCSI Miniport)
* C:\WINDOWS\system32\drivers\secdrv.sys (Secdrv)
* C:\WINDOWS\system32\drivers\sisagpx.sys (SiS AGP Filter)
* C:\WINDOWS\system32\drivers\srvkp.sys (SiS VGA Driver Manager)
* C:\WINDOWS\system32\drivers\p17.sys (Sound Blaster Live! 24-bit)
C:\WINDOWS\system32\speedfan.sys (speedfan)
* C:\WINDOWS\system32\drivers\hpzius12.sys (USB to IEEE-1284.4 Translation Driver HPZius12)
* C:\WINDOWS\system32\drivers\viaagp1.sys (VIA AGP Filter)
* C:\WINDOWS\system32\drivers\fetnd5b.sys (VIA Rhine Family Fast Ethernet Adapter Driver Service)
* C:\WINDOWS\system32\drivers\fetnd5bv.sys (VIA Rhine-Family Fast Ethernet Adapter Driver Service)
* C:\WINDOWS\system32\drivers\vtmini.sys (viagfx)
* C:\WINDOWS\system32\drivers\ati2mtag.sys (Video)
* C:\WINDOWS\system32\drivers\sisgrp.sys (Video)
* C:\WINDOWS\system32\drivers\ialmnt5.sys (Video)
* C:\WINDOWS\system32\drivers\nv4_mini.sys (Video)
* C:\WINDOWS\system32\drivers\s3gnbm.sys (Video)

030 HKLM\SOFTWARE\Classes\PROTOCOLS\Filter
------------------------------------------
C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}

031 HKLM\SOFTWARE\Classes\PROTOCOLS\Handler
-------------------------------------------
c:\program files\hp\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company) {CF184AD3-CDCB-4168-A3F7-8E447D129300}

035 HKLM-HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components
------------------------------------------------------------------
c:\windows\system32\mscories.dll (Microsoft Corporation) {89B4C1CD-B018-4511-B0A1-5476DBF70820}

041 HKLM-HKCU\Software\Microsoft\Internet Explorer\Toolbar
----------------------------------------------------------
* c:\program files\google\googletoolbar1.dll (Google Inc.) {2318C2B1-4965-11d4-9B18-009027A5CD4F}
* c:\program files\cox\applications\app\popupbho01.dll (Authentium, Inc.) {2C0A5F28-48D8-408B-9172-9C6121025BCE}
c:\program files\yahoo!\common\ycomp5,1,1,0.dll (Yahoo! Inc.) {EF99BD32-C1FB-11D2-892F-0090271D4F88}

045 HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
----------------------------------------------------------------
* c:\program files\google\googletoolbar1.dll (Google Inc.) {2318C2B1-4965-11D4-9B18-009027A5CD4F}
c:\program files\yahoo!\common\ycomp5,1,1,0.dll (Yahoo! Inc.) {EF99BD32-C1FB-11D2-892F-0090271D4F88}

047 Trusted zones
-----------------
Zone: free.aol.com : http://free.aol.com

050 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
-----------------------------------------------------------------------------
* c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.) {57B86673-276A-48B2-BAE7-C6DBB3020EB8}

052 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
----------------------------------------------------------------------------------
* c:\program files\adobe\acrobat 6.0\reader\activex\acroiehelper.dll (Adobe Systems Incorporated) {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
* c:\progra~1\spybot~1\sdhelper.dll (Safer Networking Limited) {53707962-6F74-2D53-2644-206D7942484F}
* c:\program files\google\googletoolbar1.dll (Google Inc.) {AA58ED58-01DD-4d91-8333-CF10577473F7}
* c:\program files\cox\applications\app\popupbho01.dll (Authentium, Inc.) {3C7195F6-D788-4D50-BA72-2EE212EDAC78}
c:\program files\yahoo!\common\ycomp5,1,1,0.dll (Yahoo! Inc.) {02478D38-C3F9-4efb-9B51-7695ECA05670}

061 HKLM-HCKU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
---------------------------------------------------------------------------------
c:\program files\ati technologies\ati.ace\atiacmxx.dll {5E2121EE-0300-11D4-8D3B-444553540000}
* c:\windows\system32\nvshell.dll (NVIDIA Corporation) {1CDB2949-8F65-4355-8456-263E7C208A5D}
* c:\windows\system32\nvshell.dll (NVIDIA Corporation) {1E9B04FB-F9E5-4718-997B-B8DA88302A47}
- deskpan.dll {42071714-76d4-11d1-8b24-00a0c9068ff3}
c:\windows\system32\mscoree.dll (Microsoft Corporation) {1D2680C9-0E2A-469d-B787-065558BC7D43}
* c:\windows\system32\hticons.dll (Hilgraeve, Inc.) {88895560-9AA2-1069-930E-00AA0030EBC8}
c:\program files\microsoft intellipoint\ipcplact.dll (Microsoft Corporation) {653DCCC2-13DB-45B2-A389-427885776CFE}
c:\program files\microsoft intellipoint\ipcplbtn.dll (Microsoft Corporation) {124597D8-850A-41AE-849C-017A4FA99CA2}
c:\program files\microsoft intellipoint\ipcplwhl.dll (Microsoft Corporation) {AF90F543-6A3A-4C1B-8B16-ECEC073E69BE}
c:\program files\microsoft intellipoint\ipcplwir.dll (Microsoft Corporation) {20082881-FC36-4E47-9A7A-644C95FF749F}
c:\program files\microsoft intellitype pro\itcplkey.dll (Microsoft Corporation) {ED6E87C6-8A83-43aa-8208-8DBC8247F4D2}
c:\program files\microsoft intellitype pro\itcplwhl.dll (Microsoft Corporation) {111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB}
c:\program files\microsoft intellitype pro\itcplwir.dll (Microsoft Corporation) {A2569D1F-4E06-43EC-9825-0088B471BE47}
c:\program files\microsoft intellitype pro\itcplzm.dll (Microsoft Corporation) {97FA8AA2-EE77-4FF2-9449-424D8924EF21}
c:\progra~1\mi1933~1\office\olkfstub.dll (Microsoft Corporation) {0006F045-0000-0000-C000-000000000046}
c:\program files\recordnow!\shlext.dll (Sonic Solutions) {DEE12703-6333-4D4E-8F34-738C4DCC2E04}
c:\windows\system32\shellvrtf.dll (XSS) {7F67036B-66F1-411A-AD85-759FB9C5B0DB}
c:\program files\real\realone player\rpshellext.dll (RealNetworks) {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
c:\windows\system32\dfshim.dll (Microsoft Corporation) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}
c:\windows\system32\dfshim.dll (Microsoft Corporation) {e82a2d71-5b2f-43a0-97b8-81be15854de8}
c:\progra~1\winzip\wzshlstb.dll (WinZip Computing, Inc.) {E0D79304-84BE-11CE-9641-444553540000}
c:\progra~1\winzip\wzshlstb.dll (WinZip Computing, Inc.) {E0D79305-84BE-11CE-9641-444553540000}
c:\progra~1\winzip\wzshlstb.dll (WinZip Computing, Inc.) {E0D79306-84BE-11CE-9641-444553540000}

067 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
---------------------------------------------------------------------
* C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
* C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)

068 HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9
--------------------------------------------------------------------------------
C:\WINDOWS\system32\spsublsp.dll (interMute, Inc.)
C:\WINDOWS\system32\spsublsp.dll (interMute, Inc.)
C:\WINDOWS\system32\spsublsp.dll (interMute, Inc.)
C:\WINDOWS\system32\spsublsp.dll (interMute, Inc.)
C:\WINDOWS\system32\spsublsp.dll (interMute, Inc.)
C:\WINDOWS\system32\spsublsp.dll (interMute, Inc.)

069 HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
--------------------------------------------------------
* C:\WINDOWS\system32\hpzsnt10.dll (HP)

073 %windir%\Tasks
------------------
Easy Internet Sign-up.job : c:\program files\easy internet signup\hpsdpapp.exe (Hewlett-Packard)
Pareto UNS.job : c:\program files\common files\paretologic\uus\uus.dll\pareto_update.exe

akm111

2007-09-29, 02:59

100 Internet Explorer settings
------------------------------
CustomizeSearch HKLM : http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
Default_Page_URL HKLM : http://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL HKCU : http://srch-qus10.hpwis.com/
Default_Search_URL HKLM : http://go.microsoft.com/fwlink/?LinkId=54896
ProxyOverride HKCU : localhost
Search Page HKCU : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page HKLM : http://go.microsoft.com/fwlink/?LinkId=54896
SearchAssistant HKLM : http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
ShellNext HKCU : iexplore
Start Page HKCU : http://www.google.com/
Start Page HKLM : http://go.microsoft.com/fwlink/?LinkId=69157

102 HKLM - HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
------------------------------------------------------------------
GUID / CLSID not found {32683183-48a0-441b-a342-7c2a440a9478}

104 HKLM\Software\Microsoft\Code Store Database\Distribution Units
------------------------------------------------------------------
* c:\windows\downlo~1\ctsueng.ocx (Creative Technology Ltd) {0A5FD7C5-A45C-49FC-ADB5-9952547D5715}
c:\windows\system32\kaspersky lab\kaspersky online scanner\kavwebscan.dll (Kaspersky Lab) {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}
c:\program files\common files\authentium shared\core\webwiz.dll (Authentium, Inc.) {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75}
c:\program files\java\j2re1.4.2\bin\npjpi142.dll (JavaSoft / Sun Microsystems, Inc.) {8AD9C840-044E-11D1-B3E9-00805F499D93}
GUID / CLSID not found {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
c:\program files\java\j2re1.4.2\bin\npjpi142.dll (JavaSoft / Sun Microsystems, Inc.) {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}
* c:\windows\downlo~1\ctpid.ocx (Creative Technology Ltd) {F6ACF75C-C32C-447B-9BEF-46B766368D29}

105 HKCU\Software\Microsoft\Internet Explorer\MenuExt
-----------------------------------------------------
E&xport to Microsoft Excel : res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

160 HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
------------------------------------------------------------------
DisableRegistryTools : 0
DisableTaskMgr : 0

161 HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System
------------------------------------------------------------------
dontdisplaylastusername : 0
shutdownwithoutlogon : 1
undockwithoutlogon : 1

173 HKCR\*\shellex\ContextMenuHandlers
--------------------------------------
GUID / CLSID not found
* c:\program files\grisoft\avg anti-spyware 7.5\context.dll (GRISOFT s.r.o.) {8934FCEF-F5B8-468f-951F-78A921CD3920}
c:\progra~1\winzip\wzshlstb.dll (WinZip Computing, Inc.) {E0D79304-84BE-11CE-9641-444553540000}

User Language : English (United States)
User rights : Administrator
Windows folder : C:\WINDOWS

001 Running processes
---------------------
* c:\program files\grisoft\avg anti-spyware 7.5\guard.exe (GRISOFT s.r.o.)
c:\windows\system32\ctsvccda.exe (Creative Technology Ltd)
* c:\program files\common files\authentium\antivirus\dvpapi.exe (Authentium, Inc.)
* c:\program files\cox\applications\app\syssvcnt.exe (Authentium, Inc.)
c:\windows\system32\hpzipm12.exe (HP)
* c:\docume~1\owner\locals~1\temp\runscanner.exe (Runscanner.net)
c:\windows\system32\mspmspsv.exe (Microsoft Corporation)

002 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
* c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe (GRISOFT s.r.o.)
c:\program files\ati technologies\ati.ace\cli.exe (ATI Technologies Inc.)
c:\program files\ati technologies\ati control panel\atiptaxx.exe (ATI Technologies, Inc.)
c:\program files\hp\digital imaging\unload\hpqcmon.exe
c:\program files\creative\sb live! 24-bit\surround mixer\ctsysvol.exe (Creative Technology Ltd)
* c:\program files\cox\applications\app\start.exe (Authentium, Inc.)
* c:\windows\system32\hkcmd.exe (Intel Corporation)
c:\program files\hp\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
c:\program files\hp\hp software update\hpwuschd2.exe (Hewlett-Packard Company)
c:\windows\system32\hphmon05.exe (Hewlett-Packard)
- c:\program files\hp\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
c:\program files\microsoft intellipoint\point32.exe (Microsoft Corporation)
c:\hp\kbd\kbd.exe (Hewlett-Packard Company)
* C:\WINDOWS\ltmsg.exe (Agere Systems)
c:\program files\musicmatch\musicmatch jukebox\mmtask.exe (TODO: <Company name>)
- c:\program files\obd2 teklink\2100d.exe
- C:\WINDOWS\system32\drivers\phibtn.exe
* c:\windows\system32\ps2.exe (Hewlett-Packard Company)
- c:\windows\sminst\recguard.exe
c:\program files\common files\real\update_ob\realsched.exe (RealNetworks, Inc.)
- C:\WINDOWS\system32\drivers\tray900.exe
c:\program files\microsoft intellitype pro\type32.exe (Microsoft Corporation)
c:\program files\common files\sonic\update manager\sgtray.exe (Sonic Solutions)
c:\windows\updreg.exe (Creative Technology Ltd.)

003 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
c:\program files\ati multimedia\main\atidtct.exe (ATI Technologies Inc.)
c:\program files\ati multimedia\remctrl\atirw.exe (ATI Technologies Inc.)
c:\program files\creative\shared files\media sniffer\mtdacq.exe (Creative Technology Ltd)
* C:\WINDOWS\system32\nview.dll (NVIDIA Corporation)

004 C:\Documents and Settings\Owner\Start Menu\Programs\Startup
---------------------------------------------------------------
c:\progra~1\common~1\micros~1\workss~1\wkcalrem.exe (Microsoft® Corporation)

005 C:\Documents and Settings\All Users\Start Menu\Programs\Startup
-------------------------------------------------------------------
c:\progra~1\hp\digita~1\bin\hpqtra08.exe (Hewlett-Packard Co.)
c:\progra~1\hp\digita~1\bin\hpqthb08.exe (Hewlett-Packard Co.)

010 HKLM\SYSTEM\CurrentControlSet\Services (Services)
-----------------------------------------------------
C:\WINDOWS\microsoft.net\framework\v1.1.4322\aspnet_state.exe (ASP.NET State Service)
* C:\WINDOWS\system32\ati2evxx.exe (ATI External Event Utility EXE Module)
c:\windows\system32\ati2sgag.exe (ATI Smart)
* c:\program files\grisoft\avg anti-spyware 7.5\guard.exe (AVG Anti-Spyware Guard)
* c:\program files\cox\applications\app\syssvcnt.exe (Cox High Speed Internet Security Suite System Service)
c:\windows\system32\ctsvccda.exe (Creative Service for CDROM Access)
* c:\program files\common files\authentium\antivirus\dvpapi.exe (DvpApi)
* c:\program files\google\common\google updater\googleupdaterservice.exe (Google Updater Service)
* C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Driver Helper Service)
c:\windows\system32\hpzipm12.exe (Pml Driver HPZ12)
c:\windows\system32\mspmspsv.exe (WMDM PMSP Service)
- c:\progra~1\atimul~1\remctrl\x10nets.exe (X10 Device Network Service)

011 HKLM\SYSTEM\CurrentControlSet\Services (drivers)
----------------------------------------------------
* C:\WINDOWS\system32\drivers\an983.sys (ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter)
* C:\WINDOWS\system32\drivers\ltmdmnt.sys (Agere Modem Driver)
* C:\WINDOWS\system32\drivers\atinraxx.sys (ATI WDM Rage Theater Audio)
* C:\WINDOWS\system32\drivers\atinrvxx.sys (ATI WDM Rage Theater Video)
* C:\WINDOWS\system32\drivers\atinmdxx.sys (ATI WDM Specialized MVD Codec)
* C:\WINDOWS\system32\drivers\atinpdxx.sys (ATI WDM Specialized PCD Codec)
* C:\WINDOWS\system32\drivers\atinxsxx.sys (ATI WDM TV Audio Crossbar)
* C:\WINDOWS\system32\drivers\atintuxx.sys (ATI WDM TV Tuner)
C:\WINDOWS\system32\drivers\avgascln.sys (AVG Anti-Spyware Clean Driver)
* c:\program files\grisoft\avg anti-spyware 7.5\guard.sys (AVG Anti-Spyware Driver)
- c:\docume~1\owner\locals~1\temp\catchme.sys (Base)
* C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative OS Services Driver)
* C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative SoundFont Management Device Driver)
* C:\WINDOWS\system32\drivers\ptilink.sys (Direct Parallel Link Driver)
* C:\WINDOWS\system32\drivers\css-dvp.sys (Dynamic Virus Protection)
C:\WINDOWS\system32\drivers\pxhelp20.sys (Filter)
C:\WINDOWS\system32\giveio.sys (giveio)
c:\windows\system32\drivers\hardlock.sys (hardlock)
c:\windows\system32\drivers\haspnt.sys (Haspnt)
* C:\WINDOWS\system32\drivers\hpzid412.sys (IEEE-1284.4 Driver HPZid412)
* C:\WINDOWS\system32\drivers\ialmkchw.sys (Intel(R) Graphics Chipset (KCH) Driver)
* C:\WINDOWS\system32\drivers\ialmsbw.sys (Intel(R) Graphics Platform (SoftBIOS) Driver)
* C:\WINDOWS\system32\drivers\nv_agp.sys (NVIDIA nForce AGP Bus Filter)
* C:\WINDOWS\system32\drivers\nvxbar.sys (nVidia WDM A/V Crossbar)
* C:\WINDOWS\system32\drivers\nvcap.sys (nVidia WDM Video Capture (universal))
C:\WINDOWS\system32\drivers\pfc.sys (Padus ASPI Shell)
* c:\windows\system32\drivers\pfmodnt.sys (PCI/ISA Device Info. Service)
* C:\WINDOWS\system32\drivers\camdrv41.sys (Philips SPC 900NC PC Camera)
* C:\WINDOWS\system32\drivers\hpzipr12.sys (Print Class Driver for IEEE-1284.4 HPZipr12)
* C:\WINDOWS\system32\drivers\ps2.sys (PS2)
* C:\WINDOWS\system32\drivers\r8139n51.sys (Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver)
* C:\WINDOWS\system32\drivers\fasttx2k.sys (SCSI Miniport)
* C:\WINDOWS\system32\drivers\secdrv.sys (Secdrv)
* C:\WINDOWS\system32\drivers\sisagpx.sys (SiS AGP Filter)
* C:\WINDOWS\system32\drivers\srvkp.sys (SiS VGA Driver Manager)
* C:\WINDOWS\system32\drivers\p17.sys (Sound Blaster Live! 24-bit)
C:\WINDOWS\system32\speedfan.sys (speedfan)
* C:\WINDOWS\system32\drivers\hpzius12.sys (USB to IEEE-1284.4 Translation Driver HPZius12)
* C:\WINDOWS\system32\drivers\viaagp1.sys (VIA AGP Filter)
* C:\WINDOWS\system32\drivers\fetnd5b.sys (VIA Rhine Family Fast Ethernet Adapter Driver Service)
* C:\WINDOWS\system32\drivers\fetnd5bv.sys (VIA Rhine-Family Fast Ethernet Adapter Driver Service)
* C:\WINDOWS\system32\drivers\vtmini.sys (viagfx)
* C:\WINDOWS\system32\drivers\ati2mtag.sys (Video)
* C:\WINDOWS\system32\drivers\sisgrp.sys (Video)
* C:\WINDOWS\system32\drivers\ialmnt5.sys (Video)
* C:\WINDOWS\system32\drivers\nv4_mini.sys (Video)
* C:\WINDOWS\system32\drivers\s3gnbm.sys (Video)

030 HKLM\SOFTWARE\Classes\PROTOCOLS\Filter
------------------------------------------
C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}

031 HKLM\SOFTWARE\Classes\PROTOCOLS\Handler
-------------------------------------------
c:\program files\hp\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company) {CF184AD3-CDCB-4168-A3F7-8E447D129300}

035 HKLM-HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components
------------------------------------------------------------------
c:\windows\system32\mscories.dll (Microsoft Corporation) {89B4C1CD-B018-4511-B0A1-5476DBF70820}

041 HKLM-HKCU\Software\Microsoft\Internet Explorer\Toolbar
----------------------------------------------------------
* c:\program files\google\googletoolbar1.dll (Google Inc.) {2318C2B1-4965-11d4-9B18-009027A5CD4F}
* c:\program files\cox\applications\app\popupbho01.dll (Authentium, Inc.) {2C0A5F28-48D8-408B-9172-9C6121025BCE}
c:\program files\yahoo!\common\ycomp5,1,1,0.dll (Yahoo! Inc.) {EF99BD32-C1FB-11D2-892F-0090271D4F88}

045 HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
----------------------------------------------------------------
* c:\program files\google\googletoolbar1.dll (Google Inc.) {2318C2B1-4965-11D4-9B18-009027A5CD4F}
c:\program files\yahoo!\common\ycomp5,1,1,0.dll (Yahoo! Inc.) {EF99BD32-C1FB-11D2-892F-0090271D4F88}

047 Trusted zones
-----------------
Zone: free.aol.com : http://free.aol.com

050 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
-----------------------------------------------------------------------------
* c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.) {57B86673-276A-48B2-BAE7-C6DBB3020EB8}

052 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
----------------------------------------------------------------------------------
* c:\program files\adobe\acrobat 6.0\reader\activex\acroiehelper.dll (Adobe Systems Incorporated) {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
* c:\progra~1\spybot~1\sdhelper.dll (Safer Networking Limited) {53707962-6F74-2D53-2644-206D7942484F}
* c:\program files\google\googletoolbar1.dll (Google Inc.) {AA58ED58-01DD-4d91-8333-CF10577473F7}
* c:\program files\cox\applications\app\popupbho01.dll (Authentium, Inc.) {3C7195F6-D788-4D50-BA72-2EE212EDAC78}
c:\program files\yahoo!\common\ycomp5,1,1,0.dll (Yahoo! Inc.) {02478D38-C3F9-4efb-9B51-7695ECA05670}

061 HKLM-HCKU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
---------------------------------------------------------------------------------
c:\program files\ati technologies\ati.ace\atiacmxx.dll {5E2121EE-0300-11D4-8D3B-444553540000}
* c:\windows\system32\nvshell.dll (NVIDIA Corporation) {1CDB2949-8F65-4355-8456-263E7C208A5D}
* c:\windows\system32\nvshell.dll (NVIDIA Corporation) {1E9B04FB-F9E5-4718-997B-B8DA88302A47}
- deskpan.dll {42071714-76d4-11d1-8b24-00a0c9068ff3}
c:\windows\system32\mscoree.dll (Microsoft Corporation) {1D2680C9-0E2A-469d-B787-065558BC7D43}
* c:\windows\system32\hticons.dll (Hilgraeve, Inc.) {88895560-9AA2-1069-930E-00AA0030EBC8}
c:\program files\microsoft intellipoint\ipcplact.dll (Microsoft Corporation) {653DCCC2-13DB-45B2-A389-427885776CFE}
c:\program files\microsoft intellipoint\ipcplbtn.dll (Microsoft Corporation) {124597D8-850A-41AE-849C-017A4FA99CA2}
c:\program files\microsoft intellipoint\ipcplwhl.dll (Microsoft Corporation) {AF90F543-6A3A-4C1B-8B16-ECEC073E69BE}
c:\program files\microsoft intellipoint\ipcplwir.dll (Microsoft Corporation) {20082881-FC36-4E47-9A7A-644C95FF749F}
c:\program files\microsoft intellitype pro\itcplkey.dll (Microsoft Corporation) {ED6E87C6-8A83-43aa-8208-8DBC8247F4D2}
c:\program files\microsoft intellitype pro\itcplwhl.dll (Microsoft Corporation) {111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB}
c:\program files\microsoft intellitype pro\itcplwir.dll (Microsoft Corporation) {A2569D1F-4E06-43EC-9825-0088B471BE47}
c:\program files\microsoft intellitype pro\itcplzm.dll (Microsoft Corporation) {97FA8AA2-EE77-4FF2-9449-424D8924EF21}
c:\progra~1\mi1933~1\office\olkfstub.dll (Microsoft Corporation) {0006F045-0000-0000-C000-000000000046}
c:\program files\recordnow!\shlext.dll (Sonic Solutions) {DEE12703-6333-4D4E-8F34-738C4DCC2E04}
c:\windows\system32\shellvrtf.dll (XSS) {7F67036B-66F1-411A-AD85-759FB9C5B0DB}
c:\program files\real\realone player\rpshellext.dll (RealNetworks) {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
c:\windows\system32\dfshim.dll (Microsoft Corporation) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}
c:\windows\system32\dfshim.dll (Microsoft Corporation) {e82a2d71-5b2f-43a0-97b8-81be15854de8}
c:\progra~1\winzip\wzshlstb.dll (WinZip Computing, Inc.) {E0D79304-84BE-11CE-9641-444553540000}
c:\progra~1\winzip\wzshlstb.dll (WinZip Computing, Inc.) {E0D79305-84BE-11CE-9641-444553540000}
c:\progra~1\winzip\wzshlstb.dll (WinZip Computing, Inc.) {E0D79306-84BE-11CE-9641-444553540000}

067 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
---------------------------------------------------------------------
* C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
* C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)

068 HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9
--------------------------------------------------------------------------------
C:\WINDOWS\system32\spsublsp.dll (interMute, Inc.)
C:\WINDOWS\system32\spsublsp.dll (interMute, Inc.)
C:\WINDOWS\system32\spsublsp.dll (interMute, Inc.)
C:\WINDOWS\system32\spsublsp.dll (interMute, Inc.)
C:\WINDOWS\system32\spsublsp.dll (interMute, Inc.)
C:\WINDOWS\system32\spsublsp.dll (interMute, Inc.)

069 HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
--------------------------------------------------------
* C:\WINDOWS\system32\hpzsnt10.dll (HP)

073 %windir%\Tasks
------------------
Easy Internet Sign-up.job : c:\program files\easy internet signup\hpsdpapp.exe (Hewlett-Packard)
Pareto UNS.job : c:\program files\common files\paretologic\uus\uus.dll\pareto_update.exe

100 Internet Explorer settings
------------------------------
CustomizeSearch HKLM : http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
Default_Page_URL HKLM : http://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL HKCU : http://srch-qus10.hpwis.com/
Default_Search_URL HKLM : http://go.microsoft.com/fwlink/?LinkId=54896
ProxyOverride HKCU : localhost
Search Page HKCU : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page HKLM : http://go.microsoft.com/fwlink/?LinkId=54896
SearchAssistant HKLM : http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
ShellNext HKCU : iexplore
Start Page HKCU : http://www.google.com/
Start Page HKLM : http://go.microsoft.com/fwlink/?LinkId=69157

102 HKLM - HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
------------------------------------------------------------------
GUID / CLSID not found {32683183-48a0-441b-a342-7c2a440a9478}

104 HKLM\Software\Microsoft\Code Store Database\Distribution Units
------------------------------------------------------------------
* c:\windows\downlo~1\ctsueng.ocx (Creative Technology Ltd) {0A5FD7C5-A45C-49FC-ADB5-9952547D5715}
c:\windows\system32\kaspersky lab\kaspersky online scanner\kavwebscan.dll (Kaspersky Lab) {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}
c:\program files\common files\authentium shared\core\webwiz.dll (Authentium, Inc.) {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75}
c:\program files\java\j2re1.4.2\bin\npjpi142.dll (JavaSoft / Sun Microsystems, Inc.) {8AD9C840-044E-11D1-B3E9-00805F499D93}
GUID / CLSID not found {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
c:\program files\java\j2re1.4.2\bin\npjpi142.dll (JavaSoft / Sun Microsystems, Inc.) {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}
* c:\windows\downlo~1\ctpid.ocx (Creative Technology Ltd) {F6ACF75C-C32C-447B-9BEF-46B766368D29}

105 HKCU\Software\Microsoft\Internet Explorer\MenuExt
-----------------------------------------------------
E&xport to Microsoft Excel : res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

160 HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
------------------------------------------------------------------
DisableRegistryTools : 0
DisableTaskMgr : 0

161 HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System
------------------------------------------------------------------
dontdisplaylastusername : 0
shutdownwithoutlogon : 1
undockwithoutlogon : 1

173 HKCR\*\shellex\ContextMenuHandlers
--------------------------------------
GUID / CLSID not found
* c:\program files\grisoft\avg anti-spyware 7.5\context.dll (GRISOFT s.r.o.) {8934FCEF-F5B8-468f-951F-78A921CD3920}
c:\progra~1\winzip\wzshlstb.dll (WinZip Computing, Inc.) {E0D79304-84BE-11CE-9641-444553540000}

SEEMS TO BE DOING OK HAVEN'T SEEN ANY PROBLEMS

Rorschach112

2007-09-29, 03:46

Can you upload the .run file onto the forums, it will need to be zipped first. Also please post a new DSS log and the Kaspersky Webscanner report.

akm111

2007-09-29, 09:56

Runscanner logfile http://www.runscanner.net

* = authenticode signed file
- = file not found

000 General info
----------------
Computer name : HOME
Creation time : 9/28/2007 7:20:59 PM
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 7.0.5730.11
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 2
RunScanner Version : 1.0.3.0
Type of scan : Full scan
User Language : English (United States)
User rights : Administrator
Windows folder : C:\WINDOWS

001 Running processes
---------------------
* c:\program files\grisoft\avg anti-spyware 7.5\guard.exe (GRISOFT s.r.o.)
c:\windows\system32\ctsvccda.exe (Creative Technology Ltd)
* c:\program files\common files\authentium\antivirus\dvpapi.exe (Authentium, Inc.)
* c:\program files\cox\applications\app\syssvcnt.exe (Authentium, Inc.)
c:\windows\system32\hpzipm12.exe (HP)
* c:\docume~1\owner\locals~1\temp\runscanner.exe (Runscanner.net)
c:\windows\system32\mspmspsv.exe (Microsoft Corporation)

002 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
* c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe (GRISOFT s.r.o.)
c:\program files\ati technologies\ati.ace\cli.exe (ATI Technologies Inc.)
c:\program files\ati technologies\ati control panel\atiptaxx.exe (ATI Technologies, Inc.)
c:\program files\hp\digital imaging\unload\hpqcmon.exe
c:\program files\creative\sb live! 24-bit\surround mixer\ctsysvol.exe (Creative Technology Ltd)
* c:\program files\cox\applications\app\start.exe (Authentium, Inc.)
* c:\windows\system32\hkcmd.exe (Intel Corporation)
c:\program files\hp\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
c:\program files\hp\hp software update\hpwuschd2.exe (Hewlett-Packard Company)
c:\windows\system32\hphmon05.exe (Hewlett-Packard)
- c:\program files\hp\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
c:\program files\microsoft intellipoint\point32.exe (Microsoft Corporation)
c:\hp\kbd\kbd.exe (Hewlett-Packard Company)
* C:\WINDOWS\ltmsg.exe (Agere Systems)
c:\program files\musicmatch\musicmatch jukebox\mmtask.exe (TODO: <Company name>)
- c:\program files\obd2 teklink\2100d.exe
- C:\WINDOWS\system32\drivers\phibtn.exe
* c:\windows\system32\ps2.exe (Hewlett-Packard Company)
- c:\windows\sminst\recguard.exe
c:\program files\common files\real\update_ob\realsched.exe (RealNetworks, Inc.)
- C:\WINDOWS\system32\drivers\tray900.exe
c:\program files\microsoft intellitype pro\type32.exe (Microsoft Corporation)
c:\program files\common files\sonic\update manager\sgtray.exe (Sonic Solutions)
c:\windows\updreg.exe (Creative Technology Ltd.)

003 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
c:\program files\ati multimedia\main\atidtct.exe (ATI Technologies Inc.)
c:\program files\ati multimedia\remctrl\atirw.exe (ATI Technologies Inc.)
c:\program files\creative\shared files\media sniffer\mtdacq.exe (Creative Technology Ltd)
* C:\WINDOWS\system32\nview.dll (NVIDIA Corporation)

004 C:\Documents and Settings\Owner\Start Menu\Programs\Startup
---------------------------------------------------------------
c:\progra~1\common~1\micros~1\workss~1\wkcalrem.exe (Microsoft® Corporation)

005 C:\Documents and Settings\All Users\Start Menu\Programs\Startup
-------------------------------------------------------------------
c:\progra~1\hp\digita~1\bin\hpqtra08.exe (Hewlett-Packard Co.)
c:\progra~1\hp\digita~1\bin\hpqthb08.exe (Hewlett-Packard Co.)

010 HKLM\SYSTEM\CurrentControlSet\Services (Services)
-----------------------------------------------------
C:\WINDOWS\microsoft.net\framework\v1.1.4322\aspnet_state.exe (ASP.NET State Service)
* C:\WINDOWS\system32\ati2evxx.exe (ATI External Event Utility EXE Module)
c:\windows\system32\ati2sgag.exe (ATI Smart)
* c:\program files\grisoft\avg anti-spyware 7.5\guard.exe (AVG Anti-Spyware Guard)
* c:\program files\cox\applications\app\syssvcnt.exe (Cox High Speed Internet Security Suite System Service)
c:\windows\system32\ctsvccda.exe (Creative Service for CDROM Access)
* c:\program files\common files\authentium\antivirus\dvpapi.exe (DvpApi)
* c:\program files\google\common\google updater\googleupdaterservice.exe (Google Updater Service)
* C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Driver Helper Service)
c:\windows\system32\hpzipm12.exe (Pml Driver HPZ12)
c:\windows\system32\mspmspsv.exe (WMDM PMSP Service)
- c:\progra~1\atimul~1\remctrl\x10nets.exe (X10 Device Network Service)

011 HKLM\SYSTEM\CurrentControlSet\Services (drivers)
----------------------------------------------------
* C:\WINDOWS\system32\drivers\an983.sys (ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter)
* C:\WINDOWS\system32\drivers\ltmdmnt.sys (Agere Modem Driver)
* C:\WINDOWS\system32\drivers\atinraxx.sys (ATI WDM Rage Theater Audio)
* C:\WINDOWS\system32\drivers\atinrvxx.sys (ATI WDM Rage Theater Video)
* C:\WINDOWS\system32\drivers\atinmdxx.sys (ATI WDM Specialized MVD Codec)
* C:\WINDOWS\system32\drivers\atinpdxx.sys (ATI WDM Specialized PCD Codec)
* C:\WINDOWS\system32\drivers\atinxsxx.sys (ATI WDM TV Audio Crossbar)
* C:\WINDOWS\system32\drivers\atintuxx.sys (ATI WDM TV Tuner)
C:\WINDOWS\system32\drivers\avgascln.sys (AVG Anti-Spyware Clean Driver)
* c:\program files\grisoft\avg anti-spyware 7.5\guard.sys (AVG Anti-Spyware Driver)
- c:\docume~1\owner\locals~1\temp\catchme.sys (Base)
* C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative OS Services Driver)
* C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative SoundFont Management Device Driver)
* C:\WINDOWS\system32\drivers\ptilink.sys (Direct Parallel Link Driver)
* C:\WINDOWS\system32\drivers\css-dvp.sys (Dynamic Virus Protection)
C:\WINDOWS\system32\drivers\pxhelp20.sys (Filter)
C:\WINDOWS\system32\giveio.sys (giveio)
c:\windows\system32\drivers\hardlock.sys (hardlock)
c:\windows\system32\drivers\haspnt.sys (Haspnt)
* C:\WINDOWS\system32\drivers\hpzid412.sys (IEEE-1284.4 Driver HPZid412)
* C:\WINDOWS\system32\drivers\ialmkchw.sys (Intel(R) Graphics Chipset (KCH) Driver)
* C:\WINDOWS\system32\drivers\ialmsbw.sys (Intel(R) Graphics Platform (SoftBIOS) Driver)
* C:\WINDOWS\system32\drivers\nv_agp.sys (NVIDIA nForce AGP Bus Filter)
* C:\WINDOWS\system32\drivers\nvxbar.sys (nVidia WDM A/V Crossbar)
* C:\WINDOWS\system32\drivers\nvcap.sys (nVidia WDM Video Capture (universal))
C:\WINDOWS\system32\drivers\pfc.sys (Padus ASPI Shell)
* c:\windows\system32\drivers\pfmodnt.sys (PCI/ISA Device Info. Service)
* C:\WINDOWS\system32\drivers\camdrv41.sys (Philips SPC 900NC PC Camera)
* C:\WINDOWS\system32\drivers\hpzipr12.sys (Print Class Driver for IEEE-1284.4 HPZipr12)
* C:\WINDOWS\system32\drivers\ps2.sys (PS2)
* C:\WINDOWS\system32\drivers\r8139n51.sys (Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver)
* C:\WINDOWS\system32\drivers\fasttx2k.sys (SCSI Miniport)
* C:\WINDOWS\system32\drivers\secdrv.sys (Secdrv)
* C:\WINDOWS\system32\drivers\sisagpx.sys (SiS AGP Filter)
* C:\WINDOWS\system32\drivers\srvkp.sys (SiS VGA Driver Manager)
* C:\WINDOWS\system32\drivers\p17.sys (Sound Blaster Live! 24-bit)
C:\WINDOWS\system32\speedfan.sys (speedfan)
* C:\WINDOWS\system32\drivers\hpzius12.sys (USB to IEEE-1284.4 Translation Driver HPZius12)
* C:\WINDOWS\system32\drivers\viaagp1.sys (VIA AGP Filter)
* C:\WINDOWS\system32\drivers\fetnd5b.sys (VIA Rhine Family Fast Ethernet Adapter Driver Service)
* C:\WINDOWS\system32\drivers\fetnd5bv.sys (VIA Rhine-Family Fast Ethernet Adapter Driver Service)
* C:\WINDOWS\system32\drivers\vtmini.sys (viagfx)
* C:\WINDOWS\system32\drivers\ati2mtag.sys (Video)
* C:\WINDOWS\system32\drivers\sisgrp.sys (Video)
* C:\WINDOWS\system32\drivers\ialmnt5.sys (Video)
* C:\WINDOWS\system32\drivers\nv4_mini.sys (Video)
* C:\WINDOWS\system32\drivers\s3gnbm.sys (Video)

030 HKLM\SOFTWARE\Classes\PROTOCOLS\Filter
------------------------------------------
C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}

031 HKLM\SOFTWARE\Classes\PROTOCOLS\Handler
-------------------------------------------
c:\program files\hp\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company) {CF184AD3-CDCB-4168-A3F7-8E447D129300}

035 HKLM-HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components
------------------------------------------------------------------
c:\windows\system32\mscories.dll (Microsoft Corporation) {89B4C1CD-B018-4511-B0A1-5476DBF70820}

041 HKLM-HKCU\Software\Microsoft\Internet Explorer\Toolbar
----------------------------------------------------------
* c:\program files\google\googletoolbar1.dll (Google Inc.) {2318C2B1-4965-11d4-9B18-009027A5CD4F}
* c:\program files\cox\applications\app\popupbho01.dll (Authentium, Inc.) {2C0A5F28-48D8-408B-9172-9C6121025BCE}
c:\program files\yahoo!\common\ycomp5,1,1,0.dll (Yahoo! Inc.) {EF99BD32-C1FB-11D2-892F-0090271D4F88}

045 HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
----------------------------------------------------------------
* c:\program files\google\googletoolbar1.dll (Google Inc.) {2318C2B1-4965-11D4-9B18-009027A5CD4F}
c:\program files\yahoo!\common\ycomp5,1,1,0.dll (Yahoo! Inc.) {EF99BD32-C1FB-11D2-892F-0090271D4F88}

047 Trusted zones
-----------------
Zone: free.aol.com : http://free.aol.com

050 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
-----------------------------------------------------------------------------
* c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.) {57B86673-276A-48B2-BAE7-C6DBB3020EB8}

052 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
----------------------------------------------------------------------------------
* c:\program files\adobe\acrobat 6.0\reader\activex\acroiehelper.dll (Adobe Systems Incorporated) {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
* c:\progra~1\spybot~1\sdhelper.dll (Safer Networking Limited) {53707962-6F74-2D53-2644-206D7942484F}
* c:\program files\google\googletoolbar1.dll (Google Inc.) {AA58ED58-01DD-4d91-8333-CF10577473F7}
* c:\program files\cox\applications\app\popupbho01.dll (Authentium, Inc.) {3C7195F6-D788-4D50-BA72-2EE212EDAC78}
c:\program files\yahoo!\common\ycomp5,1,1,0.dll (Yahoo! Inc.) {02478D38-C3F9-4efb-9B51-7695ECA05670}

061 HKLM-HCKU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
---------------------------------------------------------------------------------
c:\program files\ati technologies\ati.ace\atiacmxx.dll {5E2121EE-0300-11D4-8D3B-444553540000}
* c:\windows\system32\nvshell.dll (NVIDIA Corporation) {1CDB2949-8F65-4355-8456-263E7C208A5D}
* c:\windows\system32\nvshell.dll (NVIDIA Corporation) {1E9B04FB-F9E5-4718-997B-B8DA88302A47}
- deskpan.dll {42071714-76d4-11d1-8b24-00a0c9068ff3}
c:\windows\system32\mscoree.dll (Microsoft Corporation) {1D2680C9-0E2A-469d-B787-065558BC7D43}
* c:\windows\system32\hticons.dll (Hilgraeve, Inc.) {88895560-9AA2-1069-930E-00AA0030EBC8}
c:\program files\microsoft intellipoint\ipcplact.dll (Microsoft Corporation) {653DCCC2-13DB-45B2-A389-427885776CFE}
c:\program files\microsoft intellipoint\ipcplbtn.dll (Microsoft Corporation) {124597D8-850A-41AE-849C-017A4FA99CA2}
c:\program files\microsoft intellipoint\ipcplwhl.dll (Microsoft Corporation) {AF90F543-6A3A-4C1B-8B16-ECEC073E69BE}
c:\program files\microsoft intellipoint\ipcplwir.dll (Microsoft Corporation) {20082881-FC36-4E47-9A7A-644C95FF749F}
c:\program files\microsoft intellitype pro\itcplkey.dll (Microsoft Corporation) {ED6E87C6-8A83-43aa-8208-8DBC8247F4D2}
c:\program files\microsoft intellitype pro\itcplwhl.dll (Microsoft Corporation) {111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB}
c:\program files\microsoft intellitype pro\itcplwir.dll (Microsoft Corporation) {A2569D1F-4E06-43EC-9825-0088B471BE47}
c:\program files\microsoft intellitype pro\itcplzm.dll (Microsoft Corporation) {97FA8AA2-EE77-4FF2-9449-424D8924EF21}
c:\progra~1\mi1933~1\office\olkfstub.dll (Microsoft Corporation) {0006F045-0000-0000-C000-000000000046}
c:\program files\recordnow!\shlext.dll (Sonic Solutions) {DEE12703-6333-4D4E-8F34-738C4DCC2E04}
c:\windows\system32\shellvrtf.dll (XSS) {7F67036B-66F1-411A-AD85-759FB9C5B0DB}
c:\program files\real\realone player\rpshellext.dll (RealNetworks) {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
c:\windows\system32\dfshim.dll (Microsoft Corporation) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}
c:\windows\system32\dfshim.dll (Microsoft Corporation) {e82a2d71-5b2f-43a0-97b8-81be15854de8}
c:\progra~1\winzip\wzshlstb.dll (WinZip Computing, Inc.) {E0D79304-84BE-11CE-9641-444553540000}
c:\progra~1\winzip\wzshlstb.dll (WinZip Computing, Inc.) {E0D79305-84BE-11CE-9641-444553540000}
c:\progra~1\winzip\wzshlstb.dll (WinZip Computing, Inc.) {E0D79306-84BE-11CE-9641-444553540000}

067 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
---------------------------------------------------------------------
* C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
* C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)

068 HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9
--------------------------------------------------------------------------------
C:\WINDOWS\system32\spsublsp.dll (interMute, Inc.)
C:\WINDOWS\system32\spsublsp.dll (interMute, Inc.)
C:\WINDOWS\system32\spsublsp.dll (interMute, Inc.)
C:\WINDOWS\system32\spsublsp.dll (interMute, Inc.)
C:\WINDOWS\system32\spsublsp.dll (interMute, Inc.)
C:\WINDOWS\system32\spsublsp.dll (interMute, Inc.)

069 HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
--------------------------------------------------------
* C:\WINDOWS\system32\hpzsnt10.dll (HP)

073 %windir%\Tasks
------------------
Easy Internet Sign-up.job : c:\program files\easy internet signup\hpsdpapp.exe (Hewlett-Packard)
Pareto UNS.job : c:\program files\common files\paretologic\uus\uus.dll\pareto_update.exe

100 Internet Explorer settings
------------------------------
CustomizeSearch HKLM : http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
Default_Page_URL HKLM : http://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL HKCU : http://srch-qus10.hpwis.com/
Default_Search_URL HKLM : http://go.microsoft.com/fwlink/?LinkId=54896
ProxyOverride HKCU : localhost
Search Page HKCU : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page HKLM : http://go.microsoft.com/fwlink/?LinkId=54896
SearchAssistant HKLM : http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
ShellNext HKCU : iexplore
Start Page HKCU : http://www.google.com/
Start Page HKLM : http://go.microsoft.com/fwlink/?LinkId=69157

102 HKLM - HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
------------------------------------------------------------------
GUID / CLSID not found {32683183-48a0-441b-a342-7c2a440a9478}

104 HKLM\Software\Microsoft\Code Store Database\Distribution Units
------------------------------------------------------------------
* c:\windows\downlo~1\ctsueng.ocx (Creative Technology Ltd) {0A5FD7C5-A45C-49FC-ADB5-9952547D5715}
c:\windows\system32\kaspersky lab\kaspersky online scanner\kavwebscan.dll (Kaspersky Lab) {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}
c:\program files\common files\authentium shared\core\webwiz.dll (Authentium, Inc.) {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75}
c:\program files\java\j2re1.4.2\bin\npjpi142.dll (JavaSoft / Sun Microsystems, Inc.) {8AD9C840-044E-11D1-B3E9-00805F499D93}
GUID / CLSID not found {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
c:\program files\java\j2re1.4.2\bin\npjpi142.dll (JavaSoft / Sun Microsystems, Inc.) {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}
* c:\windows\downlo~1\ctpid.ocx (Creative Technology Ltd) {F6ACF75C-C32C-447B-9BEF-46B766368D29}

105 HKCU\Software\Microsoft\Internet Explorer\MenuExt
-----------------------------------------------------
E&xport to Microsoft Excel : res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

160 HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
------------------------------------------------------------------
DisableRegistryTools : 0
DisableTaskMgr : 0

161 HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System
------------------------------------------------------------------
dontdisplaylastusername : 0
shutdownwithoutlogon : 1
undockwithoutlogon : 1

173 HKCR\*\shellex\ContextMenuHandlers
--------------------------------------
GUID / CLSID not found
* c:\program files\grisoft\avg anti-spyware 7.5\context.dll (GRISOFT s.r.o.) {8934FCEF-F5B8-468f-951F-78A921CD3920}
c:\progra~1\winzip\wzshlstb.dll (WinZip Computing, Inc.) {E0D79304-84BE-11CE-9641-444553540000}

akm111

2007-09-29, 09:59

KASPERSKY ONLINE SCANNER REPORT
Friday, September 28, 2007 2:55:25 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 28/09/2007
Kaspersky Anti-Virus database records: 424632
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 145759
Number of viruses found: 6
Number of infected objects: 7
Number of suspicious objects: 2
Duration of the scan process: 02:09:44

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\ATI MMC\RemoteWonder.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Authentium\ESPC\prf\imdb.bin Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Authentium\ESPC\prf\{D2F5620D-8DB3-427d-9356-04AB08B907CB} Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-09242007-154902.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde48.zip Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip/v1.8.3/wbuninst.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini.inuse Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012007092820070929\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_a20.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_b54.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF49C3.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF8D39.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFAD97.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP311\A0028532.exe/file2 Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP311\A0028532.exe Inno: infected - 1 skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP311\A0028534.exe Infected: Trojan-Downloader.Win32.Agent.dhj skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP313\A0028664.dll Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP325\A0033959.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP325\A0033965.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP326\A0034000.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP326\A0034001.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP326\A0034004.dll Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP326\A0034005.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP326\A0034006.dll Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP326\A0034007.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP332\A0039347.dll Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP335\A0043427.dll Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP337\A0044565.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP338\A0045626.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP338\A0045630.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP338\A0048665.dll Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP339\A0048793.dll Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP339\A0048799.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP339\A0048802.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP339\A0048805.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP339\A0048811.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP339\A0048816.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP339\A0048819.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP340\A0048862.dll Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP340\A0048868.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP340\A0048871.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP340\A0048874.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP340\A0048880.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP340\A0048885.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP340\A0048888.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP341\A0048932.dll Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP341\A0048938.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP341\A0048941.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP341\A0048944.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP341\A0048950.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP341\A0048955.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP341\A0048958.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-

akm111

2007-09-29, 10:31

93C7-198E1A9B1607}\RP342\A0049039.dll Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP342\A0049045.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP342\A0049048.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP342\A0049051.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP342\A0049057.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP342\A0049061.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP342\A0049064.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP342\A0051171.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP342\A0051172.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP342\A0051173.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP342\A0051174.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP342\A0051175.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP342\A0051176.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP342\A0051177.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP342\A0051178.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP342\A0051180.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP342\A0051181.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP342\A0051182.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP342\A0051183.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP342\A0051184.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP342\A0051185.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP342\A0051186.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP342\A0051187.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP342\A0051188.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP342\A0051189.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP342\A0051190.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP342\A0051191.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP342\A0051192.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP342\A0051193.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP342\A0051194.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP342\A0051195.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP342\A0051196.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP342\A0051197.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP342\A0051198.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP342\A0051200.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP342\A0051201.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP342\A0051202.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP342\A0051203.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP346\A0056270.dll Infected: Trojan-Downloader.Win32.Agent.dlu skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP347\A0057289.dll Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP348\A0060454.dll Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP348\A0060455.dll Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP348\A0060467.exe Object is locked skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP352\A0060742.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped
C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP352\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\capcom\nab22011.exe/data0004 Infected: not-a-virus:AdWare.Win32.TTC.c skipped
C:\WINDOWS\system32\capcom\nab22011.exe NSIS: infected - 1 skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\dfrlinfr.exe Object is locked skipped
C:\WINDOWS\system32\dsggjevu.exe Object is locked skipped
C:\WINDOWS\system32\gmqeqjac.exe Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\jkveljhc.exe Object is locked skipped
C:\WINDOWS\system32\lebhnmlf.exe Object is locked skipped
C:\WINDOWS\system32\ttribgdp.exe Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\yppcopux.exe Object is locked skipped
D:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP352\change.log Object is locked skipped
G:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP352\change.log Object is locked skipped

Scan process completed.

Rorschach112

2007-09-29, 14:19

Hello

Download the zipped attachment at the end of this post(this will be your runscanner as fixed by me)

Unzip it to your desktop then double click the runscanner icon this will run the program.
You will notice several entries in ORANGE with a tick, right click them individually and select delete.
Accept the warning then repeat until they are all gone.

Please download OTMoveIt by OldTimer (http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe).

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\capcom\nab22011.exe

Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum.

Note : If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")

Click "Exit" to close OTMoveIt.

So post back with the OTMoveIt results and a new DSS log.

Rorschach112

2007-10-01, 17:29

Hello akm11

I have to go to Canada tomorrow so I thought I would post this now while I can since your logs are looking clean.

To re-enable Windows Defender Real-Time Protection: Go to "Tools" | "General Settings" Scroll down to "Real-time protection options" check "Turn on real-time protection (recommended)" Remember to reactivate this feature when we have finished all our work.

Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com/products/acrobat/readstep2.html

Some clean up :

Please double-click OTMoveIt.exe to run it.
Click the Clean up button
Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
Click Yes to the reboot

Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster (http://www.javacoolsoftware.com/sbdownload.html) protects against bad ActiveX
IE-SPYAD (http://www.spywarewarrior.com/uiuc/res/ie-spyad.exe) puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here (http://www.bleepingcomputer.com/tutorials/tutorial53.html)

Make Internet Explorer more secure

Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here (http://www.mozilla.org/products/firefox/)

* I notice that you have no firewall on your PC, this is extremely dangerous and leaves your PC open to vulnerabilities, so please download and install one of the following programs : ZoneAlarm (http://www.zonealarm.com/store/content/catalog/products/sku_list_za.jsp?dc=56pus&ctry=GB&lang=en), Comodo (http://www.personalfirewall.comodo.com/), or
Outpost (http://www.agnitum.com/products/outpostfree/index.php)
Make sure you only use one firewall though. A tutorial on understanding and using firewalls may be found here (http://www.bleepingcomputer.com/tutorials/tutorial60.html).

* I notice that you have no anti-virus program on your PC, this is extremely dangerous and leaves your PC open to vulnerabilities, so please download and install one of the following programs :
AVG (http://free.grisoft.com/doc/2/lng/us/tpl/v5) makes an excellent free antivirus client, as do AntiVir (http://www.free-av.com) or avast! (http://www.avast.com/eng/download-avast-home.html).

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here (http://forums.spywareinfo.com/index.php?showtopic=60955)

Thank you for your patience, and performing all of the procedures requested.

akm111

2007-10-02, 01:39

C:\WINDOWS\system32\capcom\nab22011.exe moved successfully.
File/Folder not found.
File/Folder not found.

Created on 09/29/2007 18:09:11

we ran so many log not sure what dss is
but everything seems to be doing real good
thanks for all the help
hope your trip goes well:)

Rorschach112

2007-10-02, 01:48

Hello akm11

we ran so many log not sure what dss is
but everything seems to be doing real good
Nothing to worry about, your logs look clean :)

hope your trip goes well
Me two :) It's a long flight.

Anyway glad to be of help, good luck !

akm111

2007-10-02, 05:26

again thanks a lot