Deckard's System Scanner v20070905.67
Run by Administrator on 2007-09-30 10:01:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
65: 2007-09-30 02:01:12 UTC - RP90 - Deckard's System Scanner Restore Point
64: 2007-09-29 20:03:29 UTC - RP89 - Removed BitDefender Antivirus 2008
63: 2007-09-29 18:07:47 UTC - RP88 - Installed BitDefender Antivirus 2008
62: 2007-09-29 18:02:48 UTC - RP87 - Removed BitDefender Total Security 2008
61: 2007-09-29 14:52:42 UTC - RP86 - Installed BitDefender Total Security 2008


-- First Restore Point --
1: 2007-08-09 17:11:08 UTC - RP26 - Installed Microsoft Office XP Professional with FrontPage


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:03:23 AM, on 9/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\sistray.EXE
C:\WINDOWS\system32\khooker.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Wireless LAN Utility\WlanUtility.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
D:\Installer\utorrent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
D:\Installer\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Wireless Lan Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189073797467
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{119AE582-EE59-4012-ADB7-EF21B0893D36}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{119AE582-EE59-4012-ADB7-EF21B0893D36}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{119AE582-EE59-4012-ADB7-EF21B0893D36}: NameServer = 202.188.0.133,202.188.1.5
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

--
End of file - 4375 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 ADM8211 (Wireless PC Card) - c:\windows\system32\drivers\wlanpci.sys <Not Verified; Wireless LAN; 802.11b Wireless PC Card>
R3 WLANNDIS5 (WLANNDIS5 NDIS Protocol Driver) - c:\program files\wireless lan utility\wlanndis5.sys <Not Verified; NDIS Protocol Driver Vendor; NDIS 5.0 Protocol Driver for Windows>
R4 bdftdif - c:\program files\common files\bitdefender\bitdefender firewall\bdftdif.sys (file missing)

S3 Profos - c:\program files\common files\bitdefender\bitdefender threat scanner\profos.sys (file missing)
S3 Trufos - c:\program files\common files\bitdefender\bitdefender threat scanner\trufos.sys (file missing)
S3 USB-100 (Compex LinkPort/UE202-B USB To Fast Ethernet Adapter) - c:\windows\system32\drivers\ue202b.sys <Not Verified; Compex Inc.; Compex UE202B USB Adapter>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2007-08-30 and 2007-09-30 -----------------------------

2007-09-30 10:03:11 0 d-------- C:\Program Files\Trend Micro
2007-09-30 10:00:12 0 drahs---- C:\autorun.inf
2007-09-30 04:05:56 0 d-------- C:\Program Files\MSXML 6.0
2007-09-30 04:03:42 0 d-------- C:\WINDOWS\LastGood
2007-09-29 22:56:21 81984 --a------ C:\WINDOWS\system32\bdod.bin
2007-09-29 22:37:08 0 d-------- C:\Program Files\Common Files\BitDefender
2007-09-28 14:07:11 0 d-------- C:\Program Files\Kaspersky Lab
2007-09-28 14:07:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-09-20 23:38:25 0 d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2007-09-18 14:51:40 0 d-------- C:\Program Files\Counter-Strike
2007-09-06 22:29:45 0 d-------- C:\Program Files\MSBuild
2007-09-06 22:15:17 0 d-------- C:\WINDOWS\system32\XPSViewer
2007-09-06 22:13:16 0 d-------- C:\Program Files\Reference Assemblies
2007-09-06 22:10:18 0 d-------- C:\eccf45d6181b6b4a41da752937
2007-09-06 22:06:17 0 d-------- C:\Program Files\SiS7018
2007-09-06 22:03:00 0 d-------- C:\WINDOWS\system32\URTTEMP
2007-09-06 21:04:38 1536 --a------ C:\WINDOWS\system32\TrueSoft.dat
2007-09-06 19:49:51 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-09-06 18:26:31 0 d-------- C:\WINDOWS\system32\PreInstall
2007-09-06 18:18:10 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-09-04 20:04:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-09-04 19:42:50 0 d-------- C:\Program Files\Alibre PhotoRender
2007-09-04 19:20:20 0 d--hs---- C:\WINDOWS\ftpcache
2007-09-04 19:19:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Alibre Design
2007-09-04 18:43:29 0 d-------- C:\Program Files\Alibre Design
2007-09-04 18:40:09 171280 --a------ C:\WINDOWS\system32\jit.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-09-04 18:40:09 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-09-04 18:40:08 313856 --a------ C:\WINDOWS\system32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Java>
2007-09-04 18:40:08 6550 --a------ C:\WINDOWS\jautoexp.dat
2007-09-04 18:39:57 113 --a------ C:\WINDOWS\system32\zonedon.reg
2007-09-04 18:39:57 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2007-09-04 18:39:57 171792 --a------ C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-09-04 18:39:57 286992 --a------ C:\WINDOWS\system32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-09-04 18:39:56 21264 --a------ C:\WINDOWS\system32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-09-04 18:39:56 947472 --a------ C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-09-04 18:39:55 154384 --a------ C:\WINDOWS\system32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-09-04 18:39:55 172304 --a------ C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-09-04 18:39:54 15120 --a------ C:\WINDOWS\system32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-09-04 18:39:54 404752 --a------ C:\WINDOWS\system32\javart.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-09-04 18:39:53 63248 --a------ C:\WINDOWS\system32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-09-04 18:39:53 187152 --a------ C:\WINDOWS\system32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-09-04 18:39:51 49424 --a------ C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>


-- Find3M Report ---------------------------------------------------------------

2007-09-30 09:46:50 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2007-09-29 22:37:08 0 d-------- C:\Program Files\Common Files
2007-09-23 14:38:32 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2007-09-21 23:57:50 2068 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-09-20 20:21:58 0 d-------- C:\Program Files\Common Files\Adobe
2007-09-06 19:51:47 0 d-------- C:\Program Files\Messenger
2007-09-04 18:39:11 0 d-------- C:\Program Files\Common Files\InstallShield
2007-08-27 21:31:26 0 --a------ C:\WINDOWS\nsreg.dat
2007-08-27 21:31:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2007-08-19 20:54:01 0 d-------- C:\Program Files\VSTplugins
2007-08-19 20:53:58 0 d-------- C:\Documents and Settings\Administrator\Application Data\Publish Providers
2007-08-19 00:00:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sony
2007-08-18 23:59:18 0 d-------- C:\Program Files\Sony
2007-08-16 21:08:44 1956 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-08-16 21:08:09 0 dr-h----- C:\Documents and Settings\Administrator\Application Data\SecuROM
2007-08-14 22:35:21 63656 --a------ C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2007-08-12 10:48:31 0 d-------- C:\Program Files\SiS630_730_V2.03
2007-08-10 01:14:00 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-08-10 01:11:39 0 d-------- C:\Program Files\Common Files\L&H
2007-08-06 17:10:36 0 d-------- C:\Program Files\Winamp
2007-08-04 16:12:26 0 d-------- C:\Program Files\Wireless LAN Utility
2007-08-04 16:12:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-28 17:24:58 12219983 -----n--- C:\AVG7QT.DAT
2007-07-26 04:51:07 62 --ahs---- C:\Documents and Settings\Administrator\Application Data\desktop.ini
2007-07-25 21:21:15 0 -rahs---- C:\MSDOS.SYS
2007-07-25 21:21:15 0 -rahs---- C:\IO.SYS
2007-07-25 21:21:15 0 --a------ C:\CONFIG.SYS
2007-07-25 21:21:15 0 --a------ C:\AUTOEXEC.BAT
2007-07-25 21:16:34 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM]
"SiS Tray"="C:\WINDOWS\system32\sistray.EXE" [08/13/2001 09:56 AM]
"SiS KHooker"="C:\WINDOWS\system32\khooker.exe" [09/02/2001 03:17 AM]
"BluetoothAuthenticationAgent"="bthprops.cpl" [09/01/2004 04:00 PM C:\WINDOWS\system32\bthprops.cpl]
"PCTVOICE"="pctspk.exe" [08/11/2001 05:31 AM C:\WINDOWS\system32\pctspk.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [09/30/2007 09:38 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [09/01/2004 04:00 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
Wireless Lan Utility.lnk - C:\Program Files\Wireless LAN Utility\WlanUtility.exe [8/4/2007 4:12:26 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16139f50-4774-11dc-a3ce-d54cf63add95}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe .MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2649a610-48c9-11dc-a3d1-e02b3c8e2097}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe .MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{309288cd-4e1b-11dc-a3da-fd1e18e93bbb}]
Auto\command- RavMonE.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f9666a0-41d3-11dc-a3c2-d36646071496}]
Auto\command- MicrosoftPowerPoint.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0de15b0-4bc4-11dc-a3d4-bc5f91bb7697}]
Auto\command- F:\RavMonE.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8c91780-4eeb-11dc-a3db-8541647ebb96}]
Auto\command- MicrosoftPowerPoint.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

*Newly Created Service* - AVG7ALRT
*Newly Created Service* - AVG7CORE
*Newly Created Service* - AVG7RSXP
*Newly Created Service* - AVG7UPDSVC
*Newly Created Service* - AVGCLEAN
*Newly Created Service* - AVGEMS
*Newly Created Service* - AVGTDI



-- End of Deckard's System Scanner: finished at 2007-09-30 10:04:32 ------------

p/s help me....ASAP

Hi fendy87

First we'll need to backup registry:

Start -> Run -> regedit -> ok. Then File -> Export. Give it a name and press Save.

Save text below as fix.reg on Notepad (save it as all files (*.*)) on Desktop

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16139f50-4774-11dc-a3ce-d54cf63add95}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2649a610-48c9-11dc-a3d1-e02b3c8e2097}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{309288cd-4e1b-11dc-a3da-fd1e18e93bbb}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f9666a0-41d3-11dc-a3c2-d36646071496}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0de15b0-4bc4-11dc-a3d4-bc5f91bb7697}]


It should look like this -> http://users.telenet.be/bluepatchy/miekiemoes/images/reg.gif

Doubleclick fix.reg, press Yes and ok.

(In case you are unsure how to create a reg file, take a look here (http://www.nellie2.co.uk/file.htm#How_to_Make_a_.Reg_File_) with screenshots.)

1. Download combofix from one of these links:
Link1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link2 (http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post:

- a fresh HijackThis log
- combofix report

ComboFix 07-10-04.6 - Administrator 2007-10-05 1:42:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.316 [GMT 8:00]
Running from: D:\Installer\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-09-04 to 2007-10-04 )))))))))))))))))))))))))))))))
.

2007-10-04 17:05 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-09-30 13:26 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-09-30 13:26 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-09-30 13:26 3,270,432 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-09-30 13:26 20,512 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-09-30 13:23 <DIR> d-------- C:\KAV
2007-09-30 11:03 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-09-30 10:03 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-30 10:00 <DIR> drahs---- C:\autorun.inf
2007-09-30 10:00 <DIR> d-------- C:\Deckard
2007-09-30 04:05 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-09-29 22:56 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-09-29 22:37 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2007-09-28 14:07 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-09-28 14:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-09-20 23:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2007-09-18 14:51 <DIR> d-------- C:\Program Files\Counter-Strike
2007-09-06 22:29 <DIR> d-------- C:\Program Files\MSBuild
2007-09-06 22:15 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-09-06 22:13 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-09-06 22:11 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-09-06 22:10 <DIR> d-------- C:\eccf45d6181b6b4a41da752937
2007-09-06 22:06 <DIR> d-------- C:\Program Files\SiS7018
2007-09-06 22:03 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2007-09-06 21:39 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2007-09-06 21:38 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2007-09-06 21:38 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2007-09-06 21:05 806,400 -ra------ C:\WINDOWS\system32\ESB.exe
2007-09-06 21:05 5,560 -ra------ C:\WINDOWS\system32\ntESB.SYS
2007-09-06 21:05 461,824 -ra------ C:\WINDOWS\system32\unESB.exe
2007-09-06 21:04 456 -ra------ C:\WINDOWS\system32\pthsp.dat
2007-09-06 21:04 151,552 -ra------ C:\WINDOWS\system32\ptsetup.dll
2007-09-06 21:04 122,880 -ra------ C:\WINDOWS\system32\ptuninst.exe
2007-09-06 21:04 1,536 --a------ C:\WINDOWS\system32\TrueSoft.dat
2007-09-06 19:49 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2007-09-06 18:18 43,352 --a------ C:\WINDOWS\system32\wups2.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-02 15:17 49052 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-10-02 15:17 3320 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-09-23 14:38 --------- d-------- C:\Documents and Settings\Administrator\Application Data\Real
2007-09-04 21:26 --------- d-------- C:\Program Files\Alibre Design
2007-09-04 20:04 --------- d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-09-04 19:20 --------- d-------- C:\Documents and Settings\Administrator\Application Data\Alibre Design
2007-09-04 18:39 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-08-19 20:54 --------- d-------- C:\Program Files\VSTplugins
2007-08-19 20:53 --------- d-------- C:\Documents and Settings\Administrator\Application Data\Publish Providers
2007-08-19 00:00 --------- d-------- C:\Documents and Settings\Administrator\Application Data\Sony
2007-08-18 23:59 --------- d-------- C:\Program Files\Sony
2007-08-16 21:08 108144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-08-16 21:08 --------- dr-h----- C:\Documents and Settings\Administrator\Application Data\SecuROM
2007-08-12 10:48 --------- d-------- C:\Program Files\SiS630_730_V2.03
2007-08-10 01:14 --------- d-------- C:\Program Files\Microsoft ActiveSync
2007-08-10 01:11 --------- d-------- C:\Program Files\Common Files\L&H
2007-08-07 02:44 --------- d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-08-06 17:10 --------- d-------- C:\Program Files\Winamp
2007-08-04 16:12 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-04 16:12 --------- d-------- C:\Program Files\Wireless LAN Utility
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"SiS Tray"="C:\WINDOWS\system32\sistray.EXE" [2001-08-13 09:56]
"SiS KHooker"="C:\WINDOWS\system32\khooker.exe" [2001-09-02 03:17]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-01 16:00 C:\WINDOWS\system32\bthprops.cpl]
"PCTVOICE"="pctspk.exe" [2001-08-11 05:31 C:\WINDOWS\system32\pctspk.exe]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-01-29 23:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-01 16:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
Wireless Lan Utility.lnk - C:\Program Files\Wireless LAN Utility\WlanUtility.exe [2007-08-04 16:12:26]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
Wireless Lan Utility.lnk - C:\Program Files\Wireless LAN Utility\WlanUtility.exe [2007-08-04 16:12:26]

R2 MTC0001_RMC;Remove Control Device;C:\WINDOWS\system32\drivers\RMC.sys
R3 ADM8211;Wireless PC Card;C:\WINDOWS\system32\DRIVERS\WLANPCI.sys
R3 SiS630;SiS630;C:\WINDOWS\system32\DRIVERS\sis630p.sys
R3 WLANNDIS5;WLANNDIS5 NDIS Protocol Driver;\??\C:\PROGRA~1\WIRELE~1\WLANNDIS5.SYS
S3 MTC0001_ESB;ESB device driver;C:\WINDOWS\system32\ntESB.sys
S3 USB-100;Compex LinkPort/UE202-B USB To Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\UE202B.SYS


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f817ba5-6ec7-11dc-a41f-0011b107a24a}]
Auto\command- F:\MicrosoftPowerPoint.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

*Newly Created Service* - CATCHME
.
**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-05 3:22:51
.
--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:49:17 AM, on 10/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\sistray.EXE
C:\WINDOWS\system32\khooker.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Wireless LAN Utility\WlanUtility.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
D:\Installer\utorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Wireless Lan Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189073797467
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{119AE582-EE59-4012-ADB7-EF21B0893D36}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{119AE582-EE59-4012-ADB7-EF21B0893D36}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{119AE582-EE59-4012-ADB7-EF21B0893D36}: NameServer = 202.188.0.133,202.188.1.5
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

--
End of file - 4130 bytes

how was it?? is my computer ok???

how was it?? is my computer ok???

Hi

Well do you have any problems left?

erm..its ok...n i dun hve any problem yet...but...from your observation of my log....how was my cmputer?? any problem?

Hi

It's look fine to me, though no firewall installed:

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) Comodo (http://www.personalfirewall.comodo.com/)
2) Sunbelt/Kerio (http://www.sunbelt-software.com/Kerio-Download.cfm)
3) Agnitum (http://www.agnitum.com/products/outpostfree/download.php)
4) ZoneAlarm (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?dc=12bms&ctry=US&lang=en&lid=nav_za)

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

After that, please post back a fresh HijackThis log :)

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.