Virtumonde, It's Gone, It's Back [Archive]

View Full Version : Virtumonde, It's Gone, It's Back

Toronto

2007-11-18, 04:17

Following your read first post, here they are

after looking at this log, I really have a question
this posting is not the whole log file, but itkinda of redundent
because the whole thing reads like this

Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 18/11/2007
Kaspersky Anti-Virus database records: 461006
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 314263
Number of viruses found: 2
Number of infected objects: 4
Number of suspicious objects: 0
Duration of the scan process: 03:00:13

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0006f43ebf119cecc2d0e68f875325dd_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\035e647339d1bcd393d29fc7775ad2c0_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\03a1728d7b0b039c6eef094302741855_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\046980a982bfc7bfea6b422215e038c8_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\04700245e984744b67879744c99142c3_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\052d932715ea7f726c9cba1cc315ff8d_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\053167d84718a6b9e868bec634bcee45_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\057d76cd677ddd54efd86319ee9eb4aa_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\05cd95842c47e5846b6ad6a9d9b2b857_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\05ebc92fafe28f5b13a7049d5db7e34b_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\061822531683b5f818697856b67788de_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\06a12e456aea028e9672e5d11159288a_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\073a4963b5a13d9457206d8db1d27da1_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\075e6c263af7c883baef0bd73f50e158_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\07ba9401651187b59d25c3406bcb420f_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0823db5532fb07a6902f7952987ae45f_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0858083c8f11f172c6495fdd77865b52_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\08a9b18633a4936f596db1366d4e15f8_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\08fec117508c54ae2d13dae29a5db48f_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\092b618c35f5cab0a87d960db3978187_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\095137661f64c517e11c61d8d9667f3c_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\09c7700f11012bd6633d6b6b410da505_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\09d69ce675c99594aca87f09da491137_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\09fecb11af9ae3ae69ce9bca0fa5be01_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0a26b14f79c7934a5c5b60d95953ad6f_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0a2bb49aeff82e199ff91a4e09c2186d_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0a51cc00cb4a57283d4b59b59bb22ac9_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0ad1a8b81cff127a9975de8b621f1bf5_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0ae2b43193299ae87c3e539144c5b306_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0b190fbc3df233365e19d68a2cf6d201_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0b52a664ec8c6ef0cc35f928f7cee382_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0b88bf815c26635faff1861fce9e503d_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0c6b5a9b1f5e1a1ef947b0a9eab950d0_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0ce4064988a69332913e0b908b0476c9_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0cf6cfed196d10aad7e3dbe26edf4172_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0e2867daeaac6385ea3f31f959782693_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0e5636133f41619a033dab564c2e422e_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0e84fae677ff18bd2be900c63691ecb1_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0e9fb76d2e7d04780016f7ed12ba203b_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0eb98b7c8869600b186925cddad30068_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0fc1907aac70eebb1b21214ee3b570e4_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\101c98982d64198c374ed14700ae683d_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1030d4c91fcf4473d2e150bcb4072f57_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\105977a32dc941da78bc6b7245b0ee98_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1100b056a3326c679eba4aff48eebfcd_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\11a7b35c9d6ef2e2886cefb0d741d693_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\11f57530c7d610a5631a972b13880d4c_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1205d7c9b3b6be439f0bda5b1f344d08_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\12aff79004a8ccab916111435a7b0fa8_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\12cfdfc88cf3e6ecc3ad453f3dc52fda_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\12f1f60498f3193b1b1a6980abc5c871_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\134d0633017702df18d0693c96f53b21_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\135fed6c2b3e49cce9dc898861a0dcf9_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\136c7febf8fe53e6c2bb347a412c6d29_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1480bb02f6f685e46fa7b55219d7d381_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\14e79b84cf9e66e3f1fe792c80755d28_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\150f5d09070abbefdc8991a7d8570164_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1608e4c0b1eaf5164a249cca038cf04e_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\160aeabaa9ffb932dc95bc7919004199_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\16ab00b9fee96daabe6a133511d2f2cf_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\16bda93bf85938163ca5b635dfe55451_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\172ea2ca020c958eb9eb7695d78aaa05_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\173a7685aaeadc502e3ecb5af781e71c_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\17817847c7ee1a0cc0293b0681f71b64_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1865ecf704cb492b05b835ab263536c4_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\191389a9a3c9b783267c2f5a2745535b_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\194845ab6b17e1b385a422c479774b6b_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1992739b56d30319da23dccc2707884d_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\19c5d6fda3d8b69f88c630f3b5de8b69_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1a6cff8ad67bc96c535952733d7ec3ed_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1aefcf6cdf8c5ae76b6897141dd3f36d_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1b2deab54740bf07a6d3eeef2a24eeca_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1b9f17204c3644e7d501663874b919ed_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1bc3660cab7a9242b6a4c7e70e01c6a2_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1bcc6e9b9c7f2425f0fc4c42288893ce_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1c471b0228fed94737defc0ed0aeb718_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1d78fdea56c18d4e209a6d9f313fb796_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1e35bcf547a99a5d7ece7dbf4115ee85_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1f00d5edb36502886c77b9136100cfb9_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1f78903ba4e97d0645b28a78c8b7dc8b_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1ff2cc68e78c36b92e23e4a7ea9573dc_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\204baa3902fea48dbffe40a93cb0201e_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\20903d1c82637099d1e5fe93436f8da6_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\20a9b5bf4072e656c0544073fa9c815b_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\210bdba56dc46633019140e13f710a08_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\211d96808d3943889cb0ce3ba758d73e_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\21646025f1fb51a2f0eaf294da5737b6_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\21c56fe26deb8c880d40388abfe8f157_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\21e7f15718f0048de8ca8cb2289cd6b6_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2265a449460d092c2ff735cc1fcff0cf_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\22d484688be9813845a01f40587be9d8_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\24285e41755d44d1b8ba53745d277936_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2446523d1573ded6468b35a1baa05bb1_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2476b99f4d23cb545d8672f8c6e2c2b2_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\247aa46944416afcb9909365061c1b80_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\24a69dbe3331383134f128afcbe25863_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\24c059ca0a1f23405d0de3f09fb57050_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\24e7fafbf2ed9a343c4940d193a74c19_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2571987228cb10dff4127f477295e21e_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2703dfa0460dcd0be94a7b739719a3ef_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2724aad860b8cde07124c1713fd6bce2_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\27561081bdc70ebf1bc14b4fb5bfa04c_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\27c8f2e11014bd15836163cdcdc9b418_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\27e1f96eacedaac1ecc96b2ea5d57266_97bb2c03-188c-4e64-ac61-7f23551ce662 Object is locked skipped

Some how I don't think this is what I should be seeing:sick:

Toronto

2007-11-18, 04:18

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:39:02 PM, on 17/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Executive Software\Undelete\UdServe.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\InterVideo\MSIPVS\WinScheduler.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroDist.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/su/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/sb/*http://www.yahoo.com/search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {59766137-A541-4E6A-937A-8EFCF6173D46} - (no file)
O2 - BHO: (no name) - {6BA7AC7A-5951-4D3B-9E62-AC15B8177BB8} - (no file)
O2 - BHO: (no name) - {74E41E53-001C-4F11-901A-89B1630423BC} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {859BC038-49FA-4C7D-952C-40CC604A13D9} - (no file)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\wjbdqwrb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {963E16F7-F695-4F77-9667-6926BF1F4963} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {BC33E8A9-9376-4539-BBE3-B8DBE8CCA974} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C3FDE922-B3A0-4701-B644-B33CF00F6843} - (no file)
O2 - BHO: (no name) - {E5DA9954-06C9-415C-B2F6-0552AC74A682} - (no file)
O2 - BHO: (no name) - {E7FA40E3-0D37-4C92-9274-773BF6872512} - (no file)
O2 - BHO: (no name) - {F6B1F430-52B5-4478-9FC6-A94F79D423C3} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe"
O4 - HKLM\..\Run: [CTDVDDet] "C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE"
O4 - HKLM\..\Run: [SBDrvDet] "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" /r
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [fc448863] rundll32.exe "C:\WINDOWS\system32\ucdbolcb.dll",b
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: InterVideo WinScheduler.lnk = C:\Program Files\InterVideo\MSIPVS\WinScheduler.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.msi.com.tw
O15 - Trusted Zone: http://www.softpedia.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n020p/EN/install/gtdownlr.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/3124aec729f817224805/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154294930359
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154294920140
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15031/CTPID.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O20 - AppInit_DLLs: wbsys.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: tuvtqon - tuvtqon.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Executive Software Undelete (UndeleteService) - Executive Software International - C:\Program Files\Executive Software\Undelete\UdServe.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: WUSB54Gv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 17151 bytes

steamwiz

2007-11-18, 18:26

Hi

RE: Kaspersky Online Scanner log ...

You're right, I don't need to see it all...

Scan Statistics:
Total number of scanned objects: 314263
Number of viruses found: 2
Number of infected objects: 4
Number of suspicious objects: 0
Duration of the scan process: 03:00:13

If you can look at the log & find the infected entries ...

Number of infected objects: 4

Just post then ... that would be great ...

locked entries are not a problem ...

-

Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop.
1. Double-click VundoFix.exe to run it.
2. When VundoFix re-opens, click the Scan for Vundo button.
3. Once it's done scanning, click the Remove Vundo button.
4. You will receive a prompt asking if you want to remove the files, click "YES".
5. Once you click yes, your desktop will go blank as it starts removing Vundo.
6. When completed, it will prompt that it will reboot your computer, click "OK".

7. Please post the contents of C:\vundofix.txt

If vundofix cannot delete a file, it will try to delete it during a reboot, after the reboot vundofix will open again, you must run vundofix again, from "Click the Scan for Vundo button" ... and you must keep running vundofix until it does delete the file... I've known a stubborn vundo file take 5 or 6 reboots before it is deleted...

Keep running vundofix untill it gives you the message "no infected files were found"

THEN ...

Download Superantispyware.

http://www.superantispyware.com/

Once downloaded and installed update the definitions
and then run a full system scan quarantine what it finds!

* Double-click SUPERAntiSypware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)

http://www.superantispyware.com/definitions.html

* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.

THEN ...

Please download Combofix: http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
and save to the desktop.

1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Post the contents of that log in your next reply with a new hijackthis log.

Notes:
* Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.
* Disable script blocking if you have NAV installed so it will not interfere with the fix. Trojan Hunter has been reported to detect combofix as Worm.Qiv.100.

Please remember to post :-

1. C:\vundofix.txt
2. SUPERAntiSpyware Scan Log
3. C:\ComboFix.txt
4. a new hijackthis log.( run after everything else)

steam

Toronto

2007-11-19, 19:30

Ok, when I ran Vundofix it found nothing ???, so there was no log created

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/19/2007 at 12:55 PM

Application Version : 3.9.1008

Core Rules Database Version : 3346
Trace Rules Database Version: 1347

Scan type : Complete Scan
Total Scan Time : 11:33:16

Memory items scanned : 565
Memory threats detected : 0
Registry items scanned : 8559
Registry threats detected : 0
File items scanned : 220834
File threats detected : 30

Adware.Tracking Cookie
C:\Documents and Settings\bart\Cookies\bart@macromedia.112.2o7[1].txt
C:\Documents and Settings\bart\Cookies\bart@statcounter[1].txt
C:\Documents and Settings\bart\Cookies\bart@clickaider[2].txt
C:\Documents and Settings\bart\Cookies\bart@ads.revsci[1].txt
C:\Documents and Settings\bart\Cookies\bart@atdmt[1].txt
C:\Documents and Settings\bart\Cookies\bart@2o7[2].txt
C:\Documents and Settings\bart\Cookies\bart@doubleclick[2].txt
C:\Documents and Settings\bart\Cookies\bart@microsoftgamestudio.112.2o7[1].txt
C:\Documents and Settings\bart\Cookies\bart@revsci[1].txt
C:\Documents and Settings\bart\Cookies\bart@zedo[1].txt
C:\Documents and Settings\bart\Cookies\bart@ads.adbrite[1].txt
C:\Documents and Settings\bart\Cookies\bart@clicktorrent[2].txt
C:\Documents and Settings\bart\Cookies\bart@www.mediarevenue[1].txt
C:\Documents and Settings\bart\Cookies\bart@bs.serving-sys[2].txt
C:\Documents and Settings\bart\Cookies\bart@adbrite[2].txt
C:\Documents and Settings\bart\Cookies\bart@divx.112.2o7[1].txt
C:\Documents and Settings\bart\Cookies\bart@toplist[1].txt
C:\Documents and Settings\bart\Cookies\bart@ads.pointroll[1].txt
C:\Documents and Settings\bart\Cookies\bart@advertising[2].txt
C:\Documents and Settings\bart\Cookies\bart@epochstats[1].txt
C:\Documents and Settings\bart\Cookies\bart@www.crackz[1].txt
C:\Documents and Settings\bart\Cookies\bart@msnlivefavorites.112.2o7[1].txt
C:\Documents and Settings\bart\Cookies\bart@image.masterstats[1].txt
C:\Documents and Settings\bart\Cookies\bart@adlegend[1].txt
C:\Documents and Settings\bart\Cookies\bart@msnportal.112.2o7[1].txt
C:\Documents and Settings\bart\Cookies\bart@serving-sys[2].txt
C:\Documents and Settings\bart\Cookies\bart@perf.overture[1].txt
C:\Documents and Settings\bart\Cookies\bart@yadro[2].txt
C:\Documents and Settings\bart\Cookies\bart@3.adbrite[1].txt

Unclassified.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9EFFB5B1-3130-459A-9036-F932AC7AC0F4}\RP323\A0189671.NFO

Toronto

2007-11-19, 19:31

ComboFix 07-11-08.3 - bart 2007-11-19 13:07:09.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.446 [GMT -5:00]
Running from: \\Thesimpsonsofto\shareddocs\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-10-19 to 2007-11-19 )))))))))))))))))))))))))))))))
.

2007-11-19 01:14 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-19 01:14 <DIR> d-------- C:\Documents and Settings\bart\Application Data\SUPERAntiSpyware.com
2007-11-19 01:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-19 00:45 <DIR> d-------- C:\VundoFix Backups
2007-11-17 22:48 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-17 20:36 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-11-17 16:37 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-17 16:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-17 16:34 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-17 00:37 <DIR> d-------- C:\Program Files\illiminable
2007-11-16 18:09 <DIR> d-------- C:\Documents and Settings\bart\Application Data\Download Manager
2007-11-16 14:40 <DIR> d-------- C:\Program Files\ExplorerXP
2007-11-15 22:45 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-11-15 22:45 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2007-11-15 22:45 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2007-11-15 22:45 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2007-11-15 22:45 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2007-11-15 02:05 <DIR> d-------- C:\Program Files\Womble Multimedia
2007-11-14 02:30 <DIR> d-------- C:\Program Files\DVD Shrink
2007-11-14 02:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-11-13 23:57 <DIR> d-------- C:\Program Files\Pegasys Inc
2007-11-12 23:51 <DIR> d-------- C:\Program Files\AusLogics Disk Defrag
2007-11-12 16:45 <DIR> d-------- C:\Program Files\Punch! Pro
2007-11-12 12:47 <DIR> d-------- C:\Program Files\Microsoft Plus!
2007-11-11 22:15 <DIR> d-------- C:\Program Files\Ares
2007-11-10 20:28 <DIR> d-------- C:\Program Files\Motorola Phone Tools
2007-11-10 15:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-10 14:59 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-04 23:39 <DIR> d-------- C:\Program Files\IVT Corporation
2007-11-04 22:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2007-11-04 22:42 53,760 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll
2007-11-04 22:31 <DIR> d-------- C:\Program Files\Avanquest update
2007-11-04 22:30 <DIR> d-------- C:\Program Files\Common Files\Motorola Shared
2007-11-04 22:29 <DIR> d-------- C:\Documents and Settings\bart\Application Data\InstallShield
2007-11-04 22:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2007-11-04 14:18 <DIR> d-------- C:\Documents and Settings\bart\Application Data\OfficeUpdate12
2007-11-04 14:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-11-04 13:54 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2007-11-03 14:17 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2007-11-03 13:45 <DIR> d-------- C:\Documents and Settings\bart\Application Data\Canon
2007-11-02 12:08 <DIR> d-------- C:\Documents and Settings\bart\Application Data\ExecutiveSoftware
2007-11-02 11:46 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-11-02 11:46 <DIR> d--hs---- C:\RecoveryBin
2007-11-02 11:46 <DIR> d-------- C:\Documents and Settings\bart\Application Data\Leadertech
2007-11-02 11:45 <DIR> d-------- C:\Program Files\Executive Software
2007-11-02 11:40 <DIR> d-------- C:\Program Files\Advanced JPEG Compressor
2007-11-02 11:33 <DIR> d-------- C:\WINDOWS\vf_hip
2007-11-02 11:33 <DIR> d-------- C:\Program Files\Hide IP Platinum
2007-11-02 00:18 <DIR> d-------- C:\Documents and Settings\bart\Application Data\Talkback
2007-11-02 00:17 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-01 23:17 8 -r-hs---- C:\WINDOWS\system32\ED9381C96D.sys
2007-11-01 23:16 <DIR> d-------- C:\Documents and Settings\bart\Application Data\Corel
2007-11-01 23:10 <DIR> d-------- C:\Program Files\Common Files\Protexis
2007-11-01 23:09 <DIR> d-------- C:\Program Files\Common Files\Corel
2007-11-01 23:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Corel
2007-11-01 23:03 2,516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-11-01 23:01 <DIR> d-------- C:\Program Files\Corel
2007-11-01 20:08 <DIR> d-------- C:\Program Files\Wisdom-soft ScreenHunter 5 Pro
2007-11-01 19:41 <DIR> d-------- C:\Program Files\NVIDIA Corporation
2007-11-01 19:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
2007-11-01 19:41 671,744 --a------ C:\WINDOWS\system32\DolbyHph.dll
2007-11-01 19:41 60,416 --a------ C:\WINDOWS\system32\DSETUP.dll
2007-11-01 19:41 4,608 --a------ C:\WINDOWS\system32\drivers\nvport.sys
2007-11-01 16:03 <DIR> d-------- C:\Program Files\bersoft
2007-11-01 01:20 <DIR> d-------- C:\Documents and Settings\bart\G-Force
2007-11-01 01:20 <DIR> d-------- C:\Documents and Settings\bart\Application Data\G-Force
2007-10-31 17:51 <DIR> d-------- C:\Program Files\Quick Launch Panel
2007-10-31 15:15 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-10-31 15:15 <DIR> d-------- C:\Documents and Settings\bart\Application Data\PC Tools
2007-10-31 15:15 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-10-31 15:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-10-31 15:15 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-10-31 15:15 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-10-30 20:50 <DIR> d-------- C:\Program Files\Picasa2
2007-10-30 20:49 <DIR> d-------- C:\WINDOWS\system32\runtime
2007-10-30 20:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-10-30 20:02 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-10-30 16:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-10-30 16:18 <DIR> d-------- C:\Program Files\Bonjour
2007-10-30 16:03 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-10-30 13:17 <DIR> d-------- C:\Program Files\MagicDisc
2007-10-30 13:17 92,544 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
2007-10-30 13:13 <DIR> d-------- C:\Program Files\Mp3tag
2007-10-29 22:34 <DIR> d-------- C:\Program Files\Mpeg2Decoder
2007-10-29 22:33 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-29 22:33 356,352 --a------ C:\WINDOWS\eSellerateEngine.dll
2007-10-29 22:30 <DIR> d-------- C:\Program Files\Deskshare
2007-10-29 22:30 <DIR> d-------- C:\Program Files\Common Files\DeskShare Shared
2007-10-29 22:30 258,352 --a------ C:\WINDOWS\system32\Unicows.dll
2007-10-29 20:13 <DIR> d-------- C:\Program Files\MSECache
2007-10-29 20:01 <DIR> d-------- C:\Program Files\Blaze Media Pro
2007-10-29 20:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{CFAB4006-0AE0-414D-866A-DCB2C46553CF}
2007-10-29 13:12 <DIR> d-------- C:\Documents and Settings\Game Boy\Application Data\Motive
2007-10-29 13:07 <DIR> d-------- C:\Documents and Settings\Game Boy\Application Data\VersionTracker Pro
2007-10-29 13:07 <DIR> d-------- C:\Documents and Settings\Game Boy\Application Data\Nero
2007-10-29 01:18 <DIR> d-------- C:\Documents and Settings\bart\Application Data\InterVideo
2007-10-29 01:13 <DIR> d-------- C:\Program Files\Google
2007-10-29 01:12 <DIR> d-------- C:\Program Files\InterVideo Information Service
2007-10-29 01:12 <DIR> d-------- C:\Program Files\Common Files\Ulead
2007-10-29 01:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-17 01:01 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-14 04:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-11 20:25 --------- d-----w C:\Program Files\Freeze.com
2007-11-10 20:01 --------- d-----w C:\Program Files\Lavasoft
2007-11-05 20:36 34,312 ----a-w C:\WINDOWS\system32\drivers\blueletaudio.sys
2007-10-31 19:22 --------- d-----w C:\Program Files\MSI
2007-10-31 15:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-29 06:14 --------- d-----w C:\Program Files\QuickTime
2007-10-29 06:09 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-28 20:30 12,528 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-28 17:05 --------- d-----w C:\Program Files\nero
2007-10-28 02:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-27 01:49 1,841,152 ----a-w C:\WINDOWS\system32\logonuiX.exe
2007-10-26 03:00 --------- d-----w C:\Program Files\123 Copy DVD
2007-10-25 20:55 --------- d-----w C:\Program Files\SpeedFan
2007-10-24 00:18 --------- d-----w C:\Program Files\Creative
2007-10-23 20:26 --------- d-----w C:\Program Files\Common Files\Real
2007-10-23 18:46 --------- d-----w C:\Program Files\Guild Wars
2007-10-23 05:26 --------- d-----w C:\Program Files\Yahoo!
2007-10-23 02:15 114,688 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2007-10-22 08:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
2007-10-18 09:06 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-10-18 09:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-10-18 09:03 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-10-18 09:03 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-10-18 09:03 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-10-18 09:02 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-10-05 07:49 13,056 ----a-w C:\WINDOWS\system32\drivers\FlashSys.sys
2007-09-28 17:42 2,790,976 ----a-w C:\WINDOWS\system32\GPhotos.scr
2007-09-24 13:05 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2007-09-24 13:05 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2007-09-20 13:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-09-20 13:55 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-09-20 13:55 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2007-09-17 06:10 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-09-17 05:07 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-09-17 05:07 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-09-17 05:07 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-09-17 05:07 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-09-17 05:07 6,746,112 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-09-17 05:07 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-09-17 05:07 5,783,040 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-09-17 05:07 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-09-17 05:07 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-09-17 05:07 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-09-17 05:07 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-09-17 05:07 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-09-17 05:07 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-09-17 05:07 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-09-17 05:07 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-09-17 05:07 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-09-17 05:07 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-09-17 05:07 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-09-17 05:07 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-09-17 05:07 2,371,584 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-09-17 05:07 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-09-17 05:07 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-09-17 05:07 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-09-17 05:07 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-09-17 05:07 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-09-17 05:07 1,478,656 ----a-w C:\WINDOWS\system32\nview.dll
2007-09-17 05:07 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-09-17 05:07 1,150,976 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-09-17 05:07 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-08-21 17:53 28,766 ----a-w C:\WINDOWS\system32\PlayerCtrl.dll
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2006-08-20 07:31 154 ---ha-w C:\Program Files\Desktop.ini
.

Toronto

2007-11-19, 19:32

((((((((((((((((((((((((((((( snapshot@2007-11-17_23.04.16.89 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-29 23:56:19 136,192 ----a-w C:\WINDOWS\catchme.exe
+ 2007-11-08 21:59:01 136,704 ----a-w C:\WINDOWS\catchme.exe
+ 2007-11-19 06:14:18 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
+ 2007-11-19 06:14:18 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2007-11-19 06:14:18 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2007-11-19 18:00:25 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_588.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59766137-A541-4E6A-937A-8EFCF6173D46}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6BA7AC7A-5951-4D3B-9E62-AC15B8177BB8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74E41E53-001C-4F11-901A-89B1630423BC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{859BC038-49FA-4C7D-952C-40CC604A13D9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{963E16F7-F695-4F77-9667-6926BF1F4963}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC33E8A9-9376-4539-BBE3-B8DBE8CCA974}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3FDE922-B3A0-4701-B644-B33CF00F6843}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E5DA9954-06C9-415C-B2F6-0552AC74A682}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7FA40E3-0D37-4C92-9274-773BF6872512}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 08:18]
"CTDVDDet"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 00:00]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 17:06]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57]
"CTHelper"="CTHELPER.EXE" [2007-04-09 11:32 C:\WINDOWS\system32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 11:32 C:\WINDOWS\system32\Ctxfihlp.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-11-15 09:36]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-06 19:05]
"Cmaudio"="cmicnfg.cpl" []
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 02:56 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-09-17 00:07 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 02:56 C:\WINDOWS\system32\rundll32.exe]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 17:38]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 16:34]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-11 21:54]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 03:56 C:\WINDOWS\system32\bthprops.cpl]
"BtTray"="C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe" [2007-11-05 15:36]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-08-16 15:19]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 17:23]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-10-24 16:14:25]
InterVideo WinScheduler.lnk - C:\Program Files\InterVideo\MSIPVS\WinScheduler.exe [2007-10-24 16:14:18]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvtqon]
tuvtqon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll 2001-12-20 21:34 24576 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

R0 UdDrv;Executive Software Filter;C:\WINDOWS\system32\drivers\UdDrv.sys
R1 nvport;NVIDIA PORT IO Control Driver;\??\C:\WINDOWS\system32\Drivers\nvport.sys
R2 BlueSoleilCS;BlueSoleilCS;C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
R2 CX23880;MSI 8606 Video Capture;C:\WINDOWS\system32\drivers\CX88Vid.SYS
R2 CX88AUD;MSI 8606 Audio Capture;C:\WINDOWS\system32\drivers\cx88aud.sys
R2 CX88XBAR;MSI 8606 Crossbar;C:\WINDOWS\system32\drivers\CX88XBar.SYS
R2 CXTUNE;MSI 8606 Tuner;C:\WINDOWS\system32\drivers\CX88Tune.SYS
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
R2 UndeleteService;Executive Software Undelete;"C:\Program Files\Executive Software\Undelete\UdServe.exe"
R3 BsHelpCS;BsHelpCS;C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
R3 ctgame;Game Port;C:\WINDOWS\system32\DRIVERS\ctgame.sys
S3 BTNetFilter;Bluetooth Network Filter;\??\C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys
S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe"
S3 HwIOctl;HwIOctl;\??\C:\Program Files\Setup Files\MS-6728 v2.50\HwIOctl.sys
S3 Memctl;Memctl;\??\C:\Program Files\Setup Files\MS-6728 v2.50\Memctl.sys
S3 MPCSYS;MPCSYS;\??\C:\WINDOWS\system32\DRIVERS\mpcsys.sys
S3 n558;N558 Bluetooth USB Filter Driver;C:\WINDOWS\system32\Drivers\n558.sys
S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-19 17:27:03 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-19 13:11:51
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-19 13:14:27
C:\ComboFix2.txt ... 2007-11-17 23:06
.
--- E O F ---

Toronto

2007-11-19, 19:33

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:18:18 PM, on 19/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Executive Software\Undelete\UdServe.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\InterVideo\MSIPVS\WinScheduler.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/su/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/sb/*http://www.yahoo.com/search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {59766137-A541-4E6A-937A-8EFCF6173D46} - (no file)
O2 - BHO: (no name) - {6BA7AC7A-5951-4D3B-9E62-AC15B8177BB8} - (no file)
O2 - BHO: (no name) - {74E41E53-001C-4F11-901A-89B1630423BC} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {859BC038-49FA-4C7D-952C-40CC604A13D9} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {963E16F7-F695-4F77-9667-6926BF1F4963} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {BC33E8A9-9376-4539-BBE3-B8DBE8CCA974} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C3FDE922-B3A0-4701-B644-B33CF00F6843} - (no file)
O2 - BHO: (no name) - {E5DA9954-06C9-415C-B2F6-0552AC74A682} - (no file)
O2 - BHO: (no name) - {E7FA40E3-0D37-4C92-9274-773BF6872512} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe"
O4 - HKLM\..\Run: [CTDVDDet] "C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE"
O4 - HKLM\..\Run: [SBDrvDet] "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" /r
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: InterVideo WinScheduler.lnk = C:\Program Files\InterVideo\MSIPVS\WinScheduler.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.msi.com.tw
O15 - Trusted Zone: http://www.softpedia.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n020p/EN/install/gtdownlr.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/3124aec729f817224805/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154294930359
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154294920140
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15031/CTPID.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O20 - AppInit_DLLs: wbsys.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: tuvtqon - tuvtqon.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Executive Software Undelete (UndeleteService) - Executive Software International - C:\Program Files\Executive Software\Undelete\UdServe.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: WUSB54Gv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 16935 bytes

steamwiz

2007-11-19, 22:07

HI

you didn't post the 4 infected files from the Kaspersky Online Scanner log

RE: Kaspersky Online Scanner log ...

You're right, I don't need to see it all...

Scan Statistics:
Total number of scanned objects: 314263
Number of viruses found: 2
Number of infected objects: 4
Number of suspicious objects: 0
Duration of the scan process: 03:00:13

If you can look at the log & find the infected entries ...

Number of infected objects: 4

Just post then ... that would be great ...

Disconnect from the internet Close ALL browser windows (including this one) - run hijackthis and tick to fix (check the box next to) the list below.........when all are ticked (checked) click the Fix Checked button at the bottom. :-

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {59766137-A541-4E6A-937A-8EFCF6173D46} - (no file)
O2 - BHO: (no name) - {6BA7AC7A-5951-4D3B-9E62-AC15B8177BB8} - (no file)
O2 - BHO: (no name) - {74E41E53-001C-4F11-901A-89B1630423BC} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {859BC038-49FA-4C7D-952C-40CC604A13D9} - (no file)
O2 - BHO: (no name) - {963E16F7-F695-4F77-9667-6926BF1F4963} - (no file)
O2 - BHO: (no name) - {BC33E8A9-9376-4539-BBE3-B8DBE8CCA974} - (no file)
O2 - BHO: (no name) - {C3FDE922-B3A0-4701-B644-B33CF00F6843} - (no file)
O2 - BHO: (no name) - {E5DA9954-06C9-415C-B2F6-0552AC74A682} - (no file)
O2 - BHO: (no name) - {E7FA40E3-0D37-4C92-9274-773BF6872512} - (no file)

O20 - Winlogon Notify: tuvtqon - tuvtqon.dll (file missing)

Reboot...

Is your problem resolved ?

steam

Toronto

2007-11-20, 01:38

as I said everything seeems to be clean
But, I've thought that before
My Sons where using this pc, playing on line games and there was tons of crap on it
I've deleted about 60 gig and keep finding more to rid myself of,
Now that there networked it'll be easier for me to make sure things are updated, firewalled and protected

thanks for your help
if it comes back, so will I
any suggestions to cracking my windows admin password:laugh:

again thanks for your help

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:17:07 PM, on 19/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Executive Software\Undelete\UdServe.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\InterVideo\MSIPVS\WinScheduler.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/su/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.clientapps.yahoo.com/customize/rogers/defaults/sb/*http://www.yahoo.com/search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe"
O4 - HKLM\..\Run: [CTDVDDet] "C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE"
O4 - HKLM\..\Run: [SBDrvDet] "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" /r
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: InterVideo WinScheduler.lnk = C:\Program Files\InterVideo\MSIPVS\WinScheduler.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files\Advanced JPEG Compressor\ajcieex.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.msi.com.tw
O15 - Trusted Zone: http://www.softpedia.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n020p/EN/install/gtdownlr.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/3124aec729f817224805/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154294930359
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154294920140
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15031/CTPID.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O20 - AppInit_DLLs: wbsys.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Executive Software Undelete (UndeleteService) - Executive Software International - C:\Program Files\Executive Software\Undelete\UdServe.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: WUSB54Gv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 16188 bytes

Toronto

2007-11-20, 05:14

Apparently I not qiute done,
after running another scan this is the resuts

KASPERSKY ONLINE SCANNER REPORT
Monday, November 19, 2007 10:57:23 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/11/2007
Kaspersky Anti-Virus database records: 462060
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 313088
Number of viruses found: 2
Number of infected objects: 4 Number of suspicious objects: 0
Duration of the scan process: 02:22:21
C:\qoobox\Quarantine\C\WINDOWS\1.exe.vir Infected: Trojan-Downloader.Win32.Delf.cee skipped
C:\RecoveryBin\Volume-54a78314-6426-44ef-be2e-959f4e5e2d22\Documents and Settings\All Users\Documents\Shared Downloads\Cane_Able\ca_setup(01C82968DD030003).exe/WISE0025.BIN Infected: not-a-virus:PSWTool.Win32.Cain.284 skipped
C:\RecoveryBin\Volume-54a78314-6426-44ef-be2e-959f4e5e2d22\Documents and Settings\All Users\Documents\Shared Downloads\Cane_Able\ca_setup(01C82968DD030003).exe WiseSFX: infected - 1 skipped
C:\System Volume Information\_restore{9EFFB5B1-3130-459A-9036-F932AC7AC0F4}\RP329\A0241914.exe Infected: Trojan-Downloader.Win32.Delf.cee skipped

Ok
I emptied the bin
can I just delete the C:\SYI and the C:\qoobox\Quarantine

steamwiz

2007-11-21, 22:16

HI

NO ... Not quite ...

Delete the C:\qoobox folder ...

This is just a backup of an allready deleted file, but you don't need to keep it.

The C:\System Volume Information\ is your system restore folder ... you can't delete it, you need to purge the restore points ...

This will clear all your infected restore points...

Turn off (Disable) System Restore in XP :-

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart your computer.

Then...

Turn on (enable) System Restore :-

Follow the same procedure, but this time uncheck Turn off System Restore

if you have any problem with this... here's a link to instructions :-

Disabling or enabling Windows XP System Restore >

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?OpenDocument&src=sec_doc_nam

steam