Virtumonde

Harro · May 24, 2008

Hi,

I am after some help - to me this is the forum of choice and I thank you in advance. I have tried to take on this virus (the first since my teen years) by myself but to no avail.

I run Microsoft Windows XP Professional SP 3 (Build 2600), comodo firewall, bitdefender antivirus and have spybot and ad-aware 2008 as my spyware scanners. I have also run two "fix" .exe's which did not locate any of the files.

Spybot has been the only application to identify that this is the virus/spyware I have.

The logs:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:25:55 AM, on 5/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Comodo\Comodo AntiVirus\Cavaud.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: localhost virtumonde.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C16603A8-C5FB-4909-B4A4-D75E472C113F} - C:\WINDOWS\system32\vtUkiJDW.dll (file missing)
O2 - BHO: (no name) - {C7803E93-3FFA-4590-8CB1-597349B014E1} - C:\WINDOWS\system32\jkkJATmm.dll (file missing)
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1210516761031
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1210591786625
O17 - HKLM\System\CCS\Services\Tcpip\..\{052E4CBC-216D-4501-B664-C1E496BCE180}: NameServer = 61.9.133.193,61.9.134.49
O17 - HKLM\System\CS1\Services\Tcpip\..\{052E4CBC-216D-4501-B664-C1E496BCE180}: NameServer = 61.9.133.193,61.9.134.49
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0092120.dat
O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 7965 bytes

--
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, May 25, 2008 5:05:04 AM
Operating System: Microsoft Windows XP Professional, Service Pack 3 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 24/05/2008
Kaspersky Anti-Virus database records: 799624
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 81288
Number of viruses found: 2
Number of infected objects: 2
Number of suspicious objects: 0
Duration of the scan process: 01:07:57

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\comodo\Comodo AntiVirus\cav.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\comodo\Comodo AntiVirus\TroubleShootLog\cavasm.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\comodo\Comodo AntiVirus\TroubleShootLog\monln.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\comodo\Firewall Pro\cfplogdb.sdb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-05242008-223107.log Object is locked skipped
C:\Documents and Settings\DominicB\Application Data\Mozilla\Firefox\Profiles\gsg6w6e4.default\cert8.db Object is locked skipped
C:\Documents and Settings\DominicB\Application Data\Mozilla\Firefox\Profiles\gsg6w6e4.default\content-prefs.sqlite Object is locked skipped
C:\Documents and Settings\DominicB\Application Data\Mozilla\Firefox\Profiles\gsg6w6e4.default\cookies.sqlite Object is locked skipped
C:\Documents and Settings\DominicB\Application Data\Mozilla\Firefox\Profiles\gsg6w6e4.default\downloads.sqlite Object is locked skipped
C:\Documents and Settings\DominicB\Application Data\Mozilla\Firefox\Profiles\gsg6w6e4.default\formhistory.sqlite Object is locked skipped
C:\Documents and Settings\DominicB\Application Data\Mozilla\Firefox\Profiles\gsg6w6e4.default\key3.db Object is locked skipped
C:\Documents and Settings\DominicB\Application Data\Mozilla\Firefox\Profiles\gsg6w6e4.default\parent.lock Object is locked skipped
C:\Documents and Settings\DominicB\Application Data\Mozilla\Firefox\Profiles\gsg6w6e4.default\permissions.sqlite Object is locked skipped
C:\Documents and Settings\DominicB\Application Data\Mozilla\Firefox\Profiles\gsg6w6e4.default\places.sqlite Object is locked skipped
C:\Documents and Settings\DominicB\Application Data\Mozilla\Firefox\Profiles\gsg6w6e4.default\places.sqlite-journal Object is locked skipped
C:\Documents and Settings\DominicB\Application Data\Mozilla\Firefox\Profiles\gsg6w6e4.default\places.sqlite-stmtjrnl Object is locked skipped
C:\Documents and Settings\DominicB\Application Data\Mozilla\Firefox\Profiles\gsg6w6e4.default\search.sqlite Object is locked skipped
C:\Documents and Settings\DominicB\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\DominicB\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\DominicB\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\DominicB\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{1CF6B29F-1ED3-411B-A687-5A9ACC7CEB80} Object is locked skipped
C:\Documents and Settings\DominicB\Local Settings\Application Data\Mozilla\Firefox\Profiles\gsg6w6e4.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\DominicB\Local Settings\Application Data\Mozilla\Firefox\Profiles\gsg6w6e4.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\DominicB\Local Settings\Application Data\Mozilla\Firefox\Profiles\gsg6w6e4.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\DominicB\Local Settings\Application Data\Mozilla\Firefox\Profiles\gsg6w6e4.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\DominicB\Local Settings\Application Data\Mozilla\Firefox\Profiles\gsg6w6e4.default\urlclassifier3.sqlite Object is locked skipped
C:\Documents and Settings\DominicB\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\DominicB\Local Settings\History\History.IE5\MSHist012008052520080526\index.dat Object is locked skipped
C:\Documents and Settings\DominicB\Local Settings\Temp\~DF4D93.tmp Object is locked skipped
C:\Documents and Settings\DominicB\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\DominicB\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\DominicB\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\DominicB\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{61AD98D2-8EE2-4066-8E74-06CF4FA4A6CE}\RP33\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\system32\bdss.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\ddcCUklk.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\ybetugla.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.trl skipped
C:\WINDOWS\Temp\tmp000012ea\tmp00000000 Object is locked skipped

Scan process completed.

--

Just quickly I'll also mention that this is the second time I've got it. The first was "fixed" by a format of my pc. I'd like to learn how to fix this virus so I don't have to keep formatting - or better yet prevent coming into contact with this nasty ever again. I believe old versions of Java are what cause it so I'll make sure to always have up to date versions of java.

once again, thanks.

P.s. My tinkering or the virus has led cmd.exe and userinit.exe to come up with a 0xc0000005 error on startup. This seems to have kept the virus at bay in that it can't use cmd.exe. However this means I have to ctrl+alt+delete and run explorer.exe to even see my desktop without just a wallpaper. SO currently it's dormant but still there. Hope that bit of info also helps. Thanks.

p.p.s the problem began with a warning bubble that automatic updates were disabled.

Rorschach112 · May 24, 2008

Hello

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Harro · May 25, 2008

Ran the cleaner. All went well.

Installed the recover console and rebooted. No problems.

Closed all protection and disconnected from the internet. Ran combofix.exe from my desktop. Got a 0xc0000005 error for cmd.exe and rundll32.exe. The combofix.exe would run the loading screen and then those errors would come up four times and it would close.

This is similar to what is happening here:

http://forums.spybot.info/showthread.php?t=28448&page=2
and here:
http://forums.spybot.info/showthread.php?t=28419

Seems to be different courses of action in both of those so I will await your advice. Thanks.

Harro · May 25, 2008

Also, whenever I close my laptop to put it into standby. It will do so but then after about 10 seconds will reboot.

Might be of interest. I don't know.

Harro · May 25, 2008

One last thing...

I've been reading your "how to keep yourself protected" stickied post. I've decided I got infected due to having an outdated version of java. So I went to uninstall it and reinstall the new version as per your instructions.

I get the same error as for running combofix.exe when trying to load Add/Remove Programs.

Harro · May 25, 2008

Rorschach112 said:
Try run it in Safe Mode

If that fails do this from Normal Mode

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

* Close all other windows before proceeding.
* Double-click on dss.exe and follow the prompts.
* If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
* When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Well I lied. That wasn't the last thing. Instead I did this for you. Unlike the other fellow whom it was asked of it worked for me. I tried combofix.exe in safe mode but I get the same error. DSS.exe did work in normal mode.

Here are its logs:

Deckard's System Scanner v20071014.68
Run by DominicB on 2008-05-25 18:16:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
29: 2008-05-25 08:17:00 UTC - RP34 - Deckard's System Scanner Restore Point
28: 2008-05-24 12:39:18 UTC - RP33 - Software Distribution Service 3.0
27: 2008-05-24 12:30:32 UTC - RP32 - Installed Windows Defender
26: 2008-05-24 10:35:37 UTC - RP31 - Removed Nero 8
25: 2008-05-24 02:42:41 UTC - RP30 - Last known good configuration

-- First Restore Point --
1: 2008-05-24 02:42:09 UTC - RP6 - Software Distribution Service 3.0

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as DominicB.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:17:50 PM, on 5/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\DominicB\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\DominicB.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: localhost virtumonde.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C16603A8-C5FB-4909-B4A4-D75E472C113F} - C:\WINDOWS\system32\vtUkiJDW.dll (file missing)
O2 - BHO: (no name) - {C7803E93-3FFA-4590-8CB1-597349B014E1} - C:\WINDOWS\system32\jkkJATmm.dll (file missing)
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1210516761031
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1210591786625
O17 - HKLM\System\CCS\Services\Tcpip\..\{052E4CBC-216D-4501-B664-C1E496BCE180}: NameServer = 61.9.133.193,61.9.134.49
O17 - HKLM\System\CS1\Services\Tcpip\..\{052E4CBC-216D-4501-B664-C1E496BCE180}: NameServer = 61.9.133.193,61.9.134.49
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0092120.dat
O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 7371 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080525-014155-239 O4 - HKLM\..\Run: [e4d4586a] rundll32.exe "C:\WINDOWS\system32\pdlupnal.dll",b
backup-20080525-014155-295 O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
backup-20080525-014155-843 O4 - HKLM\..\Run: [BMe7e76bf6] Rundll32.exe "C:\WINDOWS\system32\vmscapnp.dll",s
backup-20080525-014155-884 O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Cavasm - c:\windows\system32\drivers\cavasm.sys <Not Verified; Comodo Inc.; Comodo Anti-Viruspyware>
R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>

S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>
S3 bdfdll - c:\program files\softwin\bitdefender10\bdfdll.sys (file missing)
S3 BDFsDrv - c:\program files\softwin\bitdefender10\bdfsdrv.sys (file missing)
S3 BDRsDrv - c:\program files\softwin\bitdefender10\bdrsdrv.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Comodo Anti-Virus and Anti-Spyware Service - "c:\program files\comodo\common\cavaspy\cavasm.exe" <Not Verified; Comodo Inc.; Comodo Anti-Viruspyware>
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>
R2 WLANKEEPER (Intel(R) PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel(R) Corporation; SSO Service>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: USB Device
Device ID: USB\VID_413C&PID_8106\6&18397FCA&0&4
Manufacturer:
Name: USB Device
PNP Device ID: USB\VID_413C&PID_8106\6&18397FCA&0&4
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01CD1028&REV_02\4&2FE911E8&0&00F0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01CD1028&REV_02\4&2FE911E8&0&00F0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_01CD1028&REV_01\3&61AAA01&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_01CD1028&REV_01\3&61AAA01&0&FB
Service:

-- Scheduled Tasks -------------------------------------------------------------

2008-05-25 18:07:28 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job

-- Files created between 2008-04-25 and 2008-05-25 -----------------------------

2008-05-25 16:52:35 0 d-------- C:\327882R2FWJFW
2008-05-25 16:35:36 0 dr-hs---- C:\cmdcons
2008-05-25 16:35:31 0 d-------- C:\WINDOWS\setup.pss
2008-05-25 16:34:45 0 d-------- C:\WINDOWS\setupupd
2008-05-25 03:22:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-25 03:22:06 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-25 02:47:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-05-25 02:47:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-05-25 02:45:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-05-25 01:22:49 115200 --a------ C:\WINDOWS\system32\pdlupnal.dll
2008-05-25 01:20:40 51200 --a------ C:\WINDOWS\system32\__c0092120.dat
2008-05-25 01:20:38 51200 --a------ C:\WINDOWS\system32\amuammlr.dll
2008-05-25 01:19:49 2560 --a------ C:\WINDOWS\system32\wenmkcnq.exe
2008-05-25 01:14:26 126464 --a------ C:\WINDOWS\system32\vmscapnp.dll
2008-05-25 00:59:22 51200 --a------ C:\WINDOWS\system32\__c003599E.dat
2008-05-25 00:59:19 51200 --a------ C:\WINDOWS\system32\piecexox.dll
2008-05-25 00:54:16 2560 --a------ C:\WINDOWS\system32\ugbpdtwx.exe
2008-05-25 00:54:00 126464 --a------ C:\WINDOWS\system32\qocyanlf.dll
2008-05-25 00:53:14 442835 --ahs---- C:\WINDOWS\system32\DehOVvut.ini2
2008-05-24 23:40:10 0 d-------- C:\Program Files\Windows Live Safety Center
2008-05-24 23:10:11 0 d-------- C:\Program Files\Trend Micro
2008-05-24 23:07:55 0 d-------- C:\Program Files\Ad-Aware
2008-05-24 23:07:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-24 23:07:06 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-24 22:46:22 0 dr-h----- C:\Documents and Settings\DominicB\Recent
2008-05-24 22:38:53 1270 --ahs---- C:\WINDOWS\system32\WDJikUtv.ini2
2008-05-24 22:30:37 0 d-------- C:\Program Files\Windows Defender
2008-05-24 22:27:19 0 d-------- C:\Program Files\CCleaner
2008-05-24 20:46:04 0 d-------- C:\WINDOWS\system32\appmgmt
2008-05-24 18:13:57 0 d-------- C:\Program Files\MSN Messenger
2008-05-24 18:13:56 0 d-------- C:\Program Files\MessengerDiscovery
2008-05-24 12:43:17 115200 -----n--- C:\WINDOWS\system32\ybetugla.dll
2008-05-24 12:41:59 31189 --ahs---- C:\WINDOWS\system32\mmTAJkkj.ini2
2008-05-24 05:09:20 57344 --a------ C:\WINDOWS\system32\ddcCUklk.dll
2008-05-24 03:49:39 0 d-------- C:\Documents and Settings\DominicB\Application Data\Nero
2008-05-24 03:44:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-05-23 22:40:08 0 d-------- C:\Program Files\DVD Decrypter
2008-05-23 16:03:38 0 d-------- C:\Documents and Settings\DominicB\Application Data\ImgBurn
2008-05-23 16:02:46 0 d-------- C:\Program Files\ImgBurn
2008-05-23 04:10:33 0 d-------- C:\Documents and Settings\DominicB\Application Data\dvdcss
2008-05-23 03:57:03 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-05-23 03:57:02 0 d-------- C:\Program Files\DVD Shrink
2008-05-22 06:32:24 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-22 06:23:48 0 d-------- C:\WINDOWS\system32\URTTemp
2008-05-22 05:52:03 0 d-------- C:\Program Files\Kasparov Chessmate
2008-05-22 05:51:46 0 d-------- C:\Program Files\ReflexiveArcade
2008-05-22 04:02:09 0 d-------- C:\WINDOWS\Sun
2008-05-22 04:02:09 0 d-------- C:\Documents and Settings\DominicB\Application Data\Sun
2008-05-22 03:59:38 0 d-------- C:\Program Files\Java
2008-05-22 03:56:39 0 d-------- C:\Program Files\Common Files\Java
2008-05-20 15:19:36 0 d-------- C:\Program Files\Dell
2008-05-20 15:19:18 16128 --a------ C:\WINDOWS\system32\drivers\APPDRV.SYS <Not Verified; Dell Inc; Application Driver>
2008-05-20 15:19:13 0 d-------- C:\Documents and Settings\DominicB\Application Data\InstallShield
2008-05-16 20:00:59 0 d-------- C:\Program Files\CoreFTP
2008-05-16 18:25:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Last.fm
2008-05-16 18:22:16 0 d-------- C:\Program Files\Last.fm
2008-05-16 16:03:33 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-16 16:01:57 0 d-------- C:\WINDOWS\system32\LogFiles
2008-05-16 16:01:57 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-16 03:09:34 0 d-------- C:\Documents and Settings\DominicB\Application Data\vlc
2008-05-16 03:08:31 0 d-------- C:\Program Files\VideoLAN
2008-05-16 00:43:06 0 d-------- C:\Program Files\BabasChess
2008-05-15 23:31:44 0 d-------- C:\Program Files\Real Alternative
2008-05-15 23:31:44 0 d-------- C:\Documents and Settings\DominicB\Application Data\Real
2008-05-15 23:31:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Real
2008-05-15 22:51:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-15 22:51:21 0 d-------- C:\Program Files\QuickTime Alternative
2008-05-15 19:40:59 164352 --a------ C:\WINDOWS\system32\unrar.dll
2008-05-15 19:40:56 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-05-15 19:40:56 159839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-05-15 19:40:56 755027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-15 19:40:56 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-15 19:40:56 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-15 19:40:55 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-15 19:40:55 682496 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-15 19:40:54 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-05-15 14:55:23 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-05-15 14:53:35 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-15 14:53:35 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-15 14:53:35 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-15 14:53:34 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-15 14:53:34 1474560 --a------ C:\WINDOWS\system32\nview.dll
2008-05-15 14:53:34 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-15 14:53:34 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-15 14:53:34 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-05-15 14:52:04 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2008-05-15 14:51:46 0 d-------- C:\nVidia Forceware
2008-05-14 17:16:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-05-14 17:16:23 0 d-------- C:\Program Files\StuffPlug3
2008-05-14 16:36:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-05-14 16:36:21 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-14 14:21:02 0 d-------- C:\Documents and Settings\DominicB\Application Data\Macromedia
2008-05-14 14:21:02 0 d-------- C:\Documents and Settings\DominicB\Application Data\Adobe
2008-05-14 13:18:49 0 d-------- C:\Program Files\Messenger Plus! Live
2008-05-14 13:16:33 0 d-------- C:\Documents and Settings\DominicB\Application Data\WinRAR
2008-05-14 13:10:57 0 d-------- C:\WINDOWS\WinRAR
2008-05-14 13:09:39 0 d-------- C:\Documents and Settings\DominicB\Contacts
2008-05-14 11:33:39 0 d-------- C:\Program Files\uTorrent
2008-05-14 11:33:28 0 d-------- C:\Documents and Settings\DominicB\Application Data\uTorrent
2008-05-14 04:50:54 73728 --a------ C:\WINDOWS\system32\CavEmLSP.dll <Not Verified; COMODO; Comodo AntiVirus.>
2008-05-14 04:49:28 102400 --a------ C:\WINDOWS\system32\drivers\cavasm.sys <Not Verified; Comodo Inc.; Comodo Anti-Viruspyware>
2008-05-14 04:48:54 216576 --a------ C:\WINDOWS\system32\monln.dll <Not Verified; Comodo Inc.; Comodo Anti-Viruspyware>
2008-05-14 02:46:00 0 d-------- C:\Program Files\SigmaTel
2008-05-14 02:45:59 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-14 02:03:41 0 d-------- C:\Program Files\CONEXANT
2008-05-13 18:34:56 0 d-------- C:\Program Files\IDT
2008-05-13 18:00:46 0 d-------- C:\WINDOWS\Prefetch
2008-05-13 17:45:47 0 d-------- C:\WINDOWS\system32\scripting
2008-05-13 17:45:46 0 d-------- C:\WINDOWS\system32\en
2008-05-13 17:45:46 0 d-------- C:\WINDOWS\system32\bits
2008-05-13 17:45:46 0 d-------- C:\WINDOWS\l2schemas
2008-05-13 17:44:27 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-13 17:42:38 0 d-------- C:\WINDOWS\network diagnostic
2008-05-13 17:41:22 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-05-12 21:24:38 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-12 21:24:06 0 d-------- C:\Program Files\Windows Live
2008-05-12 21:23:56 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-12 17:53:49 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-05-12 17:42:13 0 d-------- C:\WINDOWS\CSC
2008-05-12 17:39:12 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2008-05-12 17:33:27 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-05-12 17:33:27 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-12 17:33:27 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-12 17:33:26 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-12 17:33:26 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-12 17:33:26 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-12 17:33:26 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-05-12 17:33:26 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-05-12 17:33:26 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-05-12 17:33:26 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-05-12 17:33:26 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-12 17:33:26 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-05-12 17:33:26 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-12 17:33:25 1835008 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-12 15:56:06 0 d-------- C:\Documents and Settings\DominicB\dwhelper
2008-05-12 02:14:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-05-12 02:13:41 0 d-------- C:\WINDOWS\system32\PreInstall
2008-05-12 02:11:32 0 d--h----- C:\WINDOWS\$hf_mig$
2008-05-12 01:04:03 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-05-12 01:02:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-12 00:35:52 0 d--hs---- C:\Documents and Settings\DominicB\UserData
2008-05-12 00:32:11 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-05-12 00:31:40 0 d-------- C:\WINDOWS\SHELLNEW
2008-05-12 00:28:11 0 dr-h----- C:\MSOCache
2008-05-11 23:07:07 81984 --a------ C:\WINDOWS\system32\bdod.bin
2008-05-11 23:03:34 0 d-------- C:\Documents and Settings\DominicB\Application Data\Bitdefender
2008-05-11 23:01:45 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-05-11 22:57:01 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-11 22:56:47 0 d-------- C:\Documents and Settings\DominicB\Application Data\Mozilla
2008-05-11 22:55:46 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 5
2008-05-11 20:06:20 0 d-------- C:\Documents and Settings\DominicB\Application Data\Comodo
2008-05-11 20:06:18 0 d-------- C:\Program Files\COMODO
2008-05-11 08:35:19 0 d-------- C:\Documents and Settings\DominicB\Application Data\Intel
2008-05-11 08:35:09 21275 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0>
2008-05-11 08:34:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-05-11 08:34:37 0 d-------- C:\Program Files\Intel
2008-05-11 08:29:16 0 d-------- C:\WINDOWS\nview
2008-05-11 08:28:54 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-11 08:25:19 0 d-------- C:\Program Files\DIFX
2008-05-11 08:25:11 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-05-11 03:56:21 0 d--hs---- C:\WINDOWS\Installer
2008-05-11 03:56:20 0 d-------- C:\Program Files\Common Files\ODBC
2008-05-11 03:56:17 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-05-11 03:56:16 0 dr------- C:\Program Files
2008-05-11 03:56:16 0 d-------- C:\Program Files\Common Files
2008-05-11 03:55:53 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-05-11 03:55:53 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-05-11 03:55:53 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-05-11 03:55:53 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-05-11 03:55:53 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-05-11 03:55:53 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-05-11 03:55:53 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-05-11 03:55:53 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-05-11 03:55:53 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-05-11 03:55:53 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-05-11 03:55:53 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-05-11 03:55:53 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-05-11 03:55:53 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-05-11 03:55:53 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-05-11 03:55:53 0 dr------- C:\Documents and Settings\All Users\Documents
2008-05-11 03:55:53 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-05-11 03:55:41 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-05-11 03:55:41 0 d-------- C:\WINDOWS\system32\CatRoot
2008-05-11 03:55:36 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-05-11 03:55:36 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-05-11 03:55:35 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-05-11 03:55:35 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-05-11 03:55:10 0 d--hs---- C:\System Volume Information
2008-05-11 03:55:10 0 d-------- C:\Documents and Settings
2008-05-11 03:46:58 0 d-------- C:\WINDOWS
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\WinSxS
2008-05-11 03:46:58 0 dr------- C:\WINDOWS\Web
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\twain_32
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\wins
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\wbem
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\usmt
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\spool
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\ShellExt
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\Setup
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\ras
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\oobe
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\npp
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\mui
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\inetsrv
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\IME
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\icsxml
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\ias
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\export
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\drivers
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-05-11 03:46:58 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\dhcp
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\config
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\3076
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\2052
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\1054
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\1042
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\1041
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\1037
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\1033
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\1031
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\1028
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\1025
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\security
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Resources
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\repair
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Provisioning
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\PeerNet
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\pchealth
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\mui
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\msapps
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\msagent
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Media
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\java
2008-05-11 03:46:58 0 d--h----- C:\WINDOWS\inf
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\ime
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Help
2008-05-11 03:46:58 0 dr--s---- C:\WINDOWS\Fonts
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\ehome
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Driver Cache
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\dell
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Debug
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Cursors
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Connection Wizard
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Config
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\AppPatch
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\addins
2008-05-11 02:18:49 0 d-------- C:\Documents and Settings\DominicB\Application Data\Identities
2008-05-11 02:18:43 0 d--h----- C:\Documents and Settings\DominicB\Templates
2008-05-11 02:18:43 0 dr------- C:\Documents and Settings\DominicB\Start Menu
2008-05-11 02:18:43 0 dr-h----- C:\Documents and Settings\DominicB\SendTo
2008-05-11 02:18:43 0 d--h----- C:\Documents and Settings\DominicB\PrintHood
2008-05-11 02:18:43 4194304 --ah----- C:\Documents and Settings\DominicB\NTUSER.DAT
2008-05-11 02:18:43 0 d--h----- C:\Documents and Settings\DominicB\NetHood
2008-05-11 02:18:43 0 dr------- C:\Documents and Settings\DominicB\My Documents
2008-05-11 02:18:43 0 d--h----- C:\Documents and Settings\DominicB\Local Settings
2008-05-11 02:18:43 0 dr------- C:\Documents and Settings\DominicB\Favorites
2008-05-11 02:18:43 0 d-------- C:\Documents and Settings\DominicB\Desktop
2008-05-11 02:18:43 0 d--hs---- C:\Documents and Settings\DominicB\Cookies
2008-05-11 02:18:43 0 dr-h----- C:\Documents and Settings\DominicB\Application Data
2008-05-11 02:17:44 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-05-11 02:17:42 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-05-11 02:17:41 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-05-11 02:17:41 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-05-11 02:17:41 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-05-11 02:17:41 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-05-11 02:17:41 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-05-11 02:09:45 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-05-11 02:09:45 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-05-11 02:09:45 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-05-11 02:09:45 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-05-11 02:09:45 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-05-11 02:06:38 0 d-------- C:\WINDOWS\system32\xircom
2008-05-11 02:06:38 0 d-------- C:\Program Files\microsoft frontpage
2008-05-11 02:06:27 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-05-11 02:06:27 0 d-------- C:\DELL
2008-05-11 02:06:15 0 -rahs---- C:\MSDOS.SYS
2008-05-11 02:06:15 0 -rahs---- C:\IO.SYS
2008-05-11 02:06:15 0 --a------ C:\CONFIG.SYS
2008-05-11 02:06:15 0 --a------ C:\AUTOEXEC.BAT
2008-05-11 02:05:25 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-05-11 02:05:18 0 dr------- C:\WINDOWS\Offline Web Pages
2008-05-11 02:05:18 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-05-11 02:05:10 0 d--h----- C:\Program Files\WindowsUpdate
2008-05-11 02:04:51 0 d-------- C:\WINDOWS\system32\DirectX
2008-05-11 02:04:17 0 d---s---- C:\WINDOWS\Tasks
2008-05-11 02:04:16 0 d-------- C:\Program Files\Common Files\MSSoap
2008-05-11 02:04:12 0 d-------- C:\WINDOWS\srchasst
2008-05-11 02:04:11 0 d-------- C:\WINDOWS\system32\Macromed
2008-05-11 02:04:01 0 d-------- C:\Program Files\Movie Maker
2008-05-11 02:03:53 0 d-------- C:\WINDOWS\system32\Restore
2008-05-11 02:03:14 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-11 02:02:57 0 d-------- C:\WINDOWS\Registration
2008-05-11 02:02:50 0 d-------- C:\Program Files\Online Services
2008-05-11 02:02:44 0 d-------- C:\Program Files\Messenger
2008-05-11 02:02:40 0 d-------- C:\Program Files\MSN Gaming Zone
2008-05-11 02:01:56 0 d-------- C:\Program Files\Windows NT
2008-05-11 02:01:53 0 d-------- C:\WINDOWS\system32\MsDtc
2008-05-11 02:01:51 0 d-------- C:\WINDOWS\system32\Com

-- Find3M Report ---------------------------------------------------------------

2008-05-11 03:55:53 62 --ahs---- C:\Documents and Settings\DominicB\Application Data\desktop.ini

-- Registry Dump ---------------------------------------------------------------

-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8521 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2008-05-25 18:21:57 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Genuine Intel(R) CPU T2600 @ 2.16GHz
Percentage of Memory in Use: 21%
Physical Memory (total/avail): 2046.37 MiB / 1596.97 MiB
Pagefile Memory (total/avail): 3938.98 MiB / 3575.86 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1900.86 MiB

C: is Fixed (NTFS) - 88.56 GiB total, 18.27 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HTS721010G9SA00 - 91.76 GiB - 3 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Installable File System - 88.56 GiB - C:
\PARTITION2 - Unknown - 3.14 GiB

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.

-- Environment Variables -------------------------------------------------------

-- User Profiles ---------------------------------------------------------------

DominicB (admin)
Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

-- Application Event Log -------------------------------------------------------

Event Record #/Type658 / Success
Event Submitted/Written: 05/25/2008 05:22:29 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type656 / Success
Event Submitted/Written: 05/25/2008 04:34:22 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type655 / Error
Event Submitted/Written: 05/25/2008 04:01:06 PM
Event ID/Source: 3003 / WinDefendRtp
Event Description:
%DOMINIC27 Real-Time Protection checkpoint has encountered an error and failed to start.

User: DOMINIC\DominicB

Checkpoint ID: 7

Error Code: 0x80070020

Error description: The process cannot access the file because it is being used by another process.

Event Record #/Type647 / Warning
Event Submitted/Written: 05/25/2008 02:42:59 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type639 / Success
Event Submitted/Written: 05/25/2008 02:13:53 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type3661 / Error
Event Submitted/Written: 05/25/2008 06:19:52 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The BDRsDrv service failed to start due to the following error:
%%2

Event Record #/Type3660 / Error
Event Submitted/Written: 05/25/2008 06:19:52 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The BDFsDrv service failed to start due to the following error:
%%2

Event Record #/Type3659 / Error
Event Submitted/Written: 05/25/2008 06:19:52 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The bdfdll service failed to start due to the following error:
%%2

Event Record #/Type3642 / Warning
Event Submitted/Written: 05/25/2008 04:14:54 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%DOMINIC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DOMINIC27 can't undo changes that you allow.

For more information please see the following:
%DOMINIC275

Scan ID: {E331017C-2BFD-4B6C-92C3-F1D440228DEF}

User: DOMINIC\DominicB

Name: %DOMINIC271

ID: %DOMINIC272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %DOMINIC276

Alert Type: %DOMINIC278

Detection Type: 1.1.1593.02

Event Record #/Type3641 / Error
Event Submitted/Written: 05/25/2008 04:14:50 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The BDRsDrv service failed to start due to the following error:
%%2

-- End of Deckard's System Scanner: finished at 2008-05-25 18:21:57 ------------

Cheers.

Harro · May 25, 2008

I apologise for the multiple posts.

Could this be part of the solution? http://forums.majorgeeks.com/showthread.php?p=1156671

Rorschach112 · May 25, 2008

Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C16603A8-C5FB-4909-B4A4-D75E472C113F} - C:\WINDOWS\system32\vtUkiJDW.dll (file missing)
O2 - BHO: (no name) - {C7803E93-3FFA-4590-8CB1-597349B014E1} - C:\WINDOWS\system32\jkkJATmm.dll (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0092120.dat
O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

Please download the OTMoveIt2 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it.

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Code:

[kill explorer]
C:\WINDOWS\system32\pdlupnal.dll
C:\WINDOWS\system32\__c0092120.dat
C:\WINDOWS\system32\amuammlr.dll
C:\WINDOWS\system32\wenmkcnq.exe
C:\WINDOWS\system32\vmscapnp.dll
C:\WINDOWS\system32\__c003599E.dat
C:\WINDOWS\system32\piecexox.dll
C:\WINDOWS\system32\ugbpdtwx.exe
C:\WINDOWS\system32\qocyanlf.dll
C:\WINDOWS\system32\DehOVvut.ini2
C:\WINDOWS\system32\WDJikUtv.ini2
C:\WINDOWS\system32\ybetugla.dll
C:\WINDOWS\system32\mmTAJkkj.ini2
C:\WINDOWS\system32\ddcCUklk.dll
C:\WINDOWS\SYSTEM32\monln.dll
purity 
[start explorer]

Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Reboot and post a new DSS log

Harro · May 25, 2008

Ran HijackThis and removed those items.

Ran OTMoveIt2 and using the code. It required a reboot.

Here is the log after reboot:

Explorer killed successfully
File/Folder C:\WINDOWS\system32\pdlupnal.dll not found.
File move failed. C:\WINDOWS\system32\__c0092120.dat scheduled to be moved on reboot.
File/Folder C:\WINDOWS\system32\amuammlr.dll not found.
File/Folder C:\WINDOWS\system32\wenmkcnq.exe not found.
File/Folder C:\WINDOWS\system32\vmscapnp.dll not found.
File/Folder C:\WINDOWS\system32\__c003599E.dat not found.
File/Folder C:\WINDOWS\system32\piecexox.dll not found.
File/Folder C:\WINDOWS\system32\ugbpdtwx.exe not found.
File/Folder C:\WINDOWS\system32\qocyanlf.dll not found.
File/Folder C:\WINDOWS\system32\DehOVvut.ini2 not found.
File/Folder C:\WINDOWS\system32\WDJikUtv.ini2 not found.
File/Folder C:\WINDOWS\system32\ybetugla.dll not found.
File/Folder C:\WINDOWS\system32\mmTAJkkj.ini2 not found.
File/Folder C:\WINDOWS\system32\ddcCUklk.dll not found.
File/Folder C:\WINDOWS\SYSTEM32\monln.dll not found.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05252008_214841

Files moved on Reboot...
File move failed. C:\WINDOWS\system32\__c0092120.dat scheduled to be moved on reboot.

Ran dss.exe again.

The following is the log:

Deckard's System Scanner v20071014.68
Run by DominicB on 2008-05-25 21:55:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as DominicB.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:55:41 PM, on 5/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Documents and Settings\DominicB\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\DominicB.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: localhost virtumonde.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1210516761031
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1210591786625
O17 - HKLM\System\CCS\Services\Tcpip\..\{052E4CBC-216D-4501-B664-C1E496BCE180}: NameServer = 61.9.133.193,61.9.134.49
O17 - HKLM\System\CS1\Services\Tcpip\..\{052E4CBC-216D-4501-B664-C1E496BCE180}: NameServer = 61.9.133.193,61.9.134.49
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0092120.dat
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 7014 bytes

-- Files created between 2008-04-25 and 2008-05-25 -----------------------------

2008-05-25 16:52:35 0 d-------- C:\327882R2FWJFW
2008-05-25 16:35:36 0 dr-hs---- C:\cmdcons
2008-05-25 16:35:31 0 d-------- C:\WINDOWS\setup.pss
2008-05-25 16:34:45 0 d-------- C:\WINDOWS\setupupd
2008-05-25 03:22:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-25 03:22:06 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-25 02:47:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-05-25 02:47:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-05-25 02:45:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-05-25 01:20:40 51200 --a------ C:\WINDOWS\system32\__c0092120.dat
2008-05-24 23:40:10 0 d-------- C:\Program Files\Windows Live Safety Center
2008-05-24 23:10:11 0 d-------- C:\Program Files\Trend Micro
2008-05-24 23:07:55 0 d-------- C:\Program Files\Ad-Aware
2008-05-24 23:07:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-24 23:07:06 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-24 22:46:22 0 dr-h----- C:\Documents and Settings\DominicB\Recent
2008-05-24 22:30:37 0 d-------- C:\Program Files\Windows Defender
2008-05-24 22:27:19 0 d-------- C:\Program Files\CCleaner
2008-05-24 20:46:04 0 d-------- C:\WINDOWS\system32\appmgmt
2008-05-24 18:13:57 0 d-------- C:\Program Files\MSN Messenger
2008-05-24 18:13:56 0 d-------- C:\Program Files\MessengerDiscovery
2008-05-24 03:49:39 0 d-------- C:\Documents and Settings\DominicB\Application Data\Nero
2008-05-24 03:44:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-05-23 22:40:08 0 d-------- C:\Program Files\DVD Decrypter
2008-05-23 16:03:38 0 d-------- C:\Documents and Settings\DominicB\Application Data\ImgBurn
2008-05-23 16:02:46 0 d-------- C:\Program Files\ImgBurn
2008-05-23 04:10:33 0 d-------- C:\Documents and Settings\DominicB\Application Data\dvdcss
2008-05-23 03:57:03 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-05-23 03:57:02 0 d-------- C:\Program Files\DVD Shrink
2008-05-22 06:32:24 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-22 06:23:48 0 d-------- C:\WINDOWS\system32\URTTemp
2008-05-22 05:52:03 0 d-------- C:\Program Files\Kasparov Chessmate
2008-05-22 05:51:46 0 d-------- C:\Program Files\ReflexiveArcade
2008-05-22 04:02:09 0 d-------- C:\WINDOWS\Sun
2008-05-22 04:02:09 0 d-------- C:\Documents and Settings\DominicB\Application Data\Sun
2008-05-22 03:59:38 0 d-------- C:\Program Files\Java
2008-05-22 03:56:39 0 d-------- C:\Program Files\Common Files\Java
2008-05-20 15:19:36 0 d-------- C:\Program Files\Dell
2008-05-20 15:19:18 16128 --a------ C:\WINDOWS\system32\drivers\APPDRV.SYS <Not Verified; Dell Inc; Application Driver>
2008-05-20 15:19:13 0 d-------- C:\Documents and Settings\DominicB\Application Data\InstallShield
2008-05-16 20:00:59 0 d-------- C:\Program Files\CoreFTP
2008-05-16 18:25:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Last.fm
2008-05-16 18:22:16 0 d-------- C:\Program Files\Last.fm
2008-05-16 16:03:33 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-16 16:01:57 0 d-------- C:\WINDOWS\system32\LogFiles
2008-05-16 16:01:57 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-16 03:09:34 0 d-------- C:\Documents and Settings\DominicB\Application Data\vlc
2008-05-16 03:08:31 0 d-------- C:\Program Files\VideoLAN
2008-05-16 00:43:06 0 d-------- C:\Program Files\BabasChess
2008-05-15 23:31:44 0 d-------- C:\Program Files\Real Alternative
2008-05-15 23:31:44 0 d-------- C:\Documents and Settings\DominicB\Application Data\Real
2008-05-15 23:31:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Real
2008-05-15 22:51:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-15 22:51:21 0 d-------- C:\Program Files\QuickTime Alternative
2008-05-15 19:40:59 164352 --a------ C:\WINDOWS\system32\unrar.dll
2008-05-15 19:40:56 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-05-15 19:40:56 159839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-05-15 19:40:56 755027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-15 19:40:56 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-15 19:40:56 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-15 19:40:55 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-15 19:40:55 682496 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-15 19:40:54 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-05-15 14:55:23 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-05-15 14:53:35 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-15 14:53:35 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-15 14:53:35 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-15 14:53:34 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-15 14:53:34 1474560 --a------ C:\WINDOWS\system32\nview.dll
2008-05-15 14:53:34 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-15 14:53:34 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-15 14:53:34 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-05-15 14:52:04 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2008-05-15 14:51:46 0 d-------- C:\nVidia Forceware
2008-05-14 17:16:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-05-14 17:16:23 0 d-------- C:\Program Files\StuffPlug3
2008-05-14 16:36:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-05-14 16:36:21 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-14 14:21:02 0 d-------- C:\Documents and Settings\DominicB\Application Data\Macromedia
2008-05-14 14:21:02 0 d-------- C:\Documents and Settings\DominicB\Application Data\Adobe
2008-05-14 13:18:49 0 d-------- C:\Program Files\Messenger Plus! Live
2008-05-14 13:16:33 0 d-------- C:\Documents and Settings\DominicB\Application Data\WinRAR
2008-05-14 13:10:57 0 d-------- C:\WINDOWS\WinRAR
2008-05-14 13:09:39 0 d-------- C:\Documents and Settings\DominicB\Contacts
2008-05-14 11:33:39 0 d-------- C:\Program Files\uTorrent
2008-05-14 11:33:28 0 d-------- C:\Documents and Settings\DominicB\Application Data\uTorrent
2008-05-14 04:50:54 73728 --a------ C:\WINDOWS\system32\CavEmLSP.dll <Not Verified; COMODO; Comodo AntiVirus.>
2008-05-14 04:49:28 102400 --a------ C:\WINDOWS\system32\drivers\cavasm.sys <Not Verified; Comodo Inc.; Comodo Anti-Viruspyware>
2008-05-14 02:46:00 0 d-------- C:\Program Files\SigmaTel
2008-05-14 02:45:59 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-14 02:03:41 0 d-------- C:\Program Files\CONEXANT
2008-05-13 18:34:56 0 d-------- C:\Program Files\IDT
2008-05-13 18:00:46 0 d-------- C:\WINDOWS\Prefetch
2008-05-13 17:45:47 0 d-------- C:\WINDOWS\system32\scripting
2008-05-13 17:45:46 0 d-------- C:\WINDOWS\system32\en
2008-05-13 17:45:46 0 d-------- C:\WINDOWS\system32\bits
2008-05-13 17:45:46 0 d-------- C:\WINDOWS\l2schemas
2008-05-13 17:44:27 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-13 17:42:38 0 d-------- C:\WINDOWS\network diagnostic
2008-05-13 17:41:22 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-05-12 21:24:38 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-12 21:24:06 0 d-------- C:\Program Files\Windows Live
2008-05-12 21:23:56 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-12 17:53:49 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-05-12 17:42:13 0 d-------- C:\WINDOWS\CSC
2008-05-12 17:39:12 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2008-05-12 17:33:27 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-05-12 17:33:27 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-12 17:33:27 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-12 17:33:26 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-12 17:33:26 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-12 17:33:26 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-12 17:33:26 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-05-12 17:33:26 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-05-12 17:33:26 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-05-12 17:33:26 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-05-12 17:33:26 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-12 17:33:26 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-05-12 17:33:26 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-12 17:33:25 1835008 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-12 15:56:06 0 d-------- C:\Documents and Settings\DominicB\dwhelper
2008-05-12 02:14:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-05-12 02:13:41 0 d-------- C:\WINDOWS\system32\PreInstall
2008-05-12 02:11:32 0 d--h----- C:\WINDOWS\$hf_mig$
2008-05-12 01:04:03 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-05-12 01:02:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-12 00:35:52 0 d--hs---- C:\Documents and Settings\DominicB\UserData
2008-05-12 00:32:11 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-05-12 00:31:40 0 d-------- C:\WINDOWS\SHELLNEW
2008-05-12 00:28:11 0 dr-h----- C:\MSOCache
2008-05-11 23:07:07 81984 --a------ C:\WINDOWS\system32\bdod.bin
2008-05-11 23:03:34 0 d-------- C:\Documents and Settings\DominicB\Application Data\Bitdefender
2008-05-11 23:01:45 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-05-11 22:57:01 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-11 22:56:47 0 d-------- C:\Documents and Settings\DominicB\Application Data\Mozilla
2008-05-11 22:55:46 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 5
2008-05-11 20:06:20 0 d-------- C:\Documents and Settings\DominicB\Application Data\Comodo
2008-05-11 20:06:18 0 d-------- C:\Program Files\COMODO
2008-05-11 08:35:19 0 d-------- C:\Documents and Settings\DominicB\Application Data\Intel
2008-05-11 08:35:09 21275 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0>
2008-05-11 08:34:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-05-11 08:34:37 0 d-------- C:\Program Files\Intel
2008-05-11 08:29:16 0 d-------- C:\WINDOWS\nview
2008-05-11 08:28:54 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-11 08:25:19 0 d-------- C:\Program Files\DIFX
2008-05-11 08:25:11 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-05-11 03:56:21 0 d--hs---- C:\WINDOWS\Installer
2008-05-11 03:56:20 0 d-------- C:\Program Files\Common Files\ODBC
2008-05-11 03:56:17 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-05-11 03:56:16 0 dr------- C:\Program Files
2008-05-11 03:56:16 0 d-------- C:\Program Files\Common Files
2008-05-11 03:55:53 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-05-11 03:55:53 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-05-11 03:55:53 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-05-11 03:55:53 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-05-11 03:55:53 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-05-11 03:55:53 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-05-11 03:55:53 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-05-11 03:55:53 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-05-11 03:55:53 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-05-11 03:55:53 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-05-11 03:55:53 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-05-11 03:55:53 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-05-11 03:55:53 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-05-11 03:55:53 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-05-11 03:55:53 0 dr------- C:\Documents and Settings\All Users\Documents
2008-05-11 03:55:53 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-05-11 03:55:41 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-05-11 03:55:41 0 d-------- C:\WINDOWS\system32\CatRoot
2008-05-11 03:55:36 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-05-11 03:55:36 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-05-11 03:55:35 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-05-11 03:55:35 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-05-11 03:55:10 0 d--hs---- C:\System Volume Information
2008-05-11 03:55:10 0 d-------- C:\Documents and Settings
2008-05-11 03:46:58 0 d-------- C:\WINDOWS
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\WinSxS
2008-05-11 03:46:58 0 dr------- C:\WINDOWS\Web
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\twain_32
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\wins
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\wbem
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\usmt
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\spool
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\ShellExt
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\Setup
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\ras
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\oobe
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\npp
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\mui
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\inetsrv
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\IME
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\icsxml
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\ias
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\export
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\drivers
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-05-11 03:46:58 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\dhcp
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\config
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\3076
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\2052
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\1054
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\1042
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\1041
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\1037
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\1033
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\1031
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\1028
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\1025
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\security
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Resources
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\repair
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Provisioning
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\PeerNet
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\pchealth
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\mui
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\msapps
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\msagent
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Media
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\java
2008-05-11 03:46:58 0 d--h----- C:\WINDOWS\inf
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\ime
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Help
2008-05-11 03:46:58 0 dr--s---- C:\WINDOWS\Fonts
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\ehome
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Driver Cache
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\dell
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Debug
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Cursors
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Connection Wizard
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Config
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\AppPatch
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\addins
2008-05-11 02:18:49 0 d-------- C:\Documents and Settings\DominicB\Application Data\Identities
2008-05-11 02:18:43 0 d--h----- C:\Documents and Settings\DominicB\Templates
2008-05-11 02:18:43 0 dr------- C:\Documents and Settings\DominicB\Start Menu
2008-05-11 02:18:43 0 dr-h----- C:\Documents and Settings\DominicB\SendTo
2008-05-11 02:18:43 0 d--h----- C:\Documents and Settings\DominicB\PrintHood
2008-05-11 02:18:43 4194304 --ah----- C:\Documents and Settings\DominicB\NTUSER.DAT
2008-05-11 02:18:43 0 d--h----- C:\Documents and Settings\DominicB\NetHood
2008-05-11 02:18:43 0 dr------- C:\Documents and Settings\DominicB\My Documents
2008-05-11 02:18:43 0 d--h----- C:\Documents and Settings\DominicB\Local Settings
2008-05-11 02:18:43 0 dr------- C:\Documents and Settings\DominicB\Favorites
2008-05-11 02:18:43 0 d-------- C:\Documents and Settings\DominicB\Desktop
2008-05-11 02:18:43 0 d--hs---- C:\Documents and Settings\DominicB\Cookies
2008-05-11 02:18:43 0 dr-h----- C:\Documents and Settings\DominicB\Application Data
2008-05-11 02:17:44 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-05-11 02:17:42 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-05-11 02:17:41 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-05-11 02:17:41 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-05-11 02:17:41 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-05-11 02:17:41 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-05-11 02:17:41 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-05-11 02:09:45 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-05-11 02:09:45 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-05-11 02:09:45 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-05-11 02:09:45 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-05-11 02:09:45 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-05-11 02:06:38 0 d-------- C:\WINDOWS\system32\xircom
2008-05-11 02:06:38 0 d-------- C:\Program Files\microsoft frontpage
2008-05-11 02:06:27 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-05-11 02:06:27 0 d-------- C:\DELL
2008-05-11 02:06:15 0 -rahs---- C:\MSDOS.SYS
2008-05-11 02:06:15 0 -rahs---- C:\IO.SYS
2008-05-11 02:06:15 0 --a------ C:\CONFIG.SYS
2008-05-11 02:06:15 0 --a------ C:\AUTOEXEC.BAT
2008-05-11 02:05:25 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-05-11 02:05:18 0 dr------- C:\WINDOWS\Offline Web Pages
2008-05-11 02:05:18 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-05-11 02:05:10 0 d--h----- C:\Program Files\WindowsUpdate
2008-05-11 02:04:51 0 d-------- C:\WINDOWS\system32\DirectX
2008-05-11 02:04:17 0 d---s---- C:\WINDOWS\Tasks
2008-05-11 02:04:16 0 d-------- C:\Program Files\Common Files\MSSoap
2008-05-11 02:04:12 0 d-------- C:\WINDOWS\srchasst
2008-05-11 02:04:11 0 d-------- C:\WINDOWS\system32\Macromed
2008-05-11 02:04:01 0 d-------- C:\Program Files\Movie Maker
2008-05-11 02:03:53 0 d-------- C:\WINDOWS\system32\Restore
2008-05-11 02:03:14 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-11 02:02:57 0 d-------- C:\WINDOWS\Registration
2008-05-11 02:02:50 0 d-------- C:\Program Files\Online Services
2008-05-11 02:02:44 0 d-------- C:\Program Files\Messenger
2008-05-11 02:02:40 0 d-------- C:\Program Files\MSN Gaming Zone
2008-05-11 02:01:56 0 d-------- C:\Program Files\Windows NT
2008-05-11 02:01:53 0 d-------- C:\WINDOWS\system32\MsDtc
2008-05-11 02:01:51 0 d-------- C:\WINDOWS\system32\Com

-- Find3M Report ---------------------------------------------------------------

2008-05-11 03:55:53 62 --ahs---- C:\Documents and Settings\DominicB\Application Data\desktop.ini

-- Registry Dump ---------------------------------------------------------------

-- End of Deckard's System Scanner: finished at 2008-05-25 22:00:11 ------------

Rorschach112 · May 25, 2008

Hello

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Reboot and post a new DSS log

Harro · May 25, 2008

Off the top Rorschach112 you're living up to your title. You really are a Security Warrior and you've put a good dent in this thing.

Startup was fine. No 0xc0000005 error. My system tray loaded programs and explorer.exe loaded on its own accord.

The mbam log after an "immediate" reboot. Not sure if you still want to see it but I'll post it anyway.

Malwarebytes' Anti-Malware 1.12
Database version: 785

Scan type: Quick Scan
Objects scanned: 35765
Time elapsed: 3 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\__c0092120.dat (Trojan.Agent) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent) -> Data: c:\windows\system32\__c0092120.dat -> Delete on reboot.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0092120.dat (Trojan.Agent) -> Delete on reboot.

The followup dss.exe log: (Also there are lots of exe's trying to access cmd.exe.)

Deckard's System Scanner v20071014.68
Run by DominicB on 2008-05-25 22:20:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as DominicB.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:20:32 PM, on 5/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\Program Files\Comodo\Comodo AntiVirus\Cavaud.exe
C:\Documents and Settings\DominicB\Desktop\dss.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\TRENDM~1\HIJACK~1\DominicB.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: localhost virtumonde.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1210516761031
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1210591786625
O17 - HKLM\System\CCS\Services\Tcpip\..\{052E4CBC-216D-4501-B664-C1E496BCE180}: NameServer = 61.9.133.193,61.9.134.49
O17 - HKLM\System\CS1\Services\Tcpip\..\{052E4CBC-216D-4501-B664-C1E496BCE180}: NameServer = 61.9.133.193,61.9.134.49
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 7718 bytes

-- Files created between 2008-04-25 and 2008-05-25 -----------------------------

2008-05-25 22:09:49 0 d-------- C:\Documents and Settings\DominicB\Application Data\Malwarebytes
2008-05-25 22:09:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-25 22:09:31 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-25 16:52:35 0 d-------- C:\327882R2FWJFW
2008-05-25 16:35:36 0 dr-hs---- C:\cmdcons
2008-05-25 16:35:31 0 d-------- C:\WINDOWS\setup.pss
2008-05-25 16:34:45 0 d-------- C:\WINDOWS\setupupd
2008-05-25 03:22:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-25 03:22:06 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-25 02:47:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-05-25 02:47:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-05-25 02:45:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-05-24 23:40:10 0 d-------- C:\Program Files\Windows Live Safety Center
2008-05-24 23:10:11 0 d-------- C:\Program Files\Trend Micro
2008-05-24 23:07:55 0 d-------- C:\Program Files\Ad-Aware
2008-05-24 23:07:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-24 23:07:06 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-24 22:46:22 0 dr-h----- C:\Documents and Settings\DominicB\Recent
2008-05-24 22:30:37 0 d-------- C:\Program Files\Windows Defender
2008-05-24 22:27:19 0 d-------- C:\Program Files\CCleaner
2008-05-24 20:46:04 0 d-------- C:\WINDOWS\system32\appmgmt
2008-05-24 18:13:57 0 d-------- C:\Program Files\MSN Messenger
2008-05-24 18:13:56 0 d-------- C:\Program Files\MessengerDiscovery
2008-05-24 03:49:39 0 d-------- C:\Documents and Settings\DominicB\Application Data\Nero
2008-05-24 03:44:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-05-23 22:40:08 0 d-------- C:\Program Files\DVD Decrypter
2008-05-23 16:03:38 0 d-------- C:\Documents and Settings\DominicB\Application Data\ImgBurn
2008-05-23 16:02:46 0 d-------- C:\Program Files\ImgBurn
2008-05-23 04:10:33 0 d-------- C:\Documents and Settings\DominicB\Application Data\dvdcss
2008-05-23 03:57:03 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-05-23 03:57:02 0 d-------- C:\Program Files\DVD Shrink
2008-05-22 06:32:24 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-22 06:23:48 0 d-------- C:\WINDOWS\system32\URTTemp
2008-05-22 05:52:03 0 d-------- C:\Program Files\Kasparov Chessmate
2008-05-22 05:51:46 0 d-------- C:\Program Files\ReflexiveArcade
2008-05-22 04:02:09 0 d-------- C:\WINDOWS\Sun
2008-05-22 04:02:09 0 d-------- C:\Documents and Settings\DominicB\Application Data\Sun
2008-05-22 03:59:38 0 d-------- C:\Program Files\Java
2008-05-22 03:56:39 0 d-------- C:\Program Files\Common Files\Java
2008-05-20 15:19:36 0 d-------- C:\Program Files\Dell
2008-05-20 15:19:18 16128 --a------ C:\WINDOWS\system32\drivers\APPDRV.SYS <Not Verified; Dell Inc; Application Driver>
2008-05-20 15:19:13 0 d-------- C:\Documents and Settings\DominicB\Application Data\InstallShield
2008-05-16 20:00:59 0 d-------- C:\Program Files\CoreFTP
2008-05-16 18:25:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Last.fm
2008-05-16 18:22:16 0 d-------- C:\Program Files\Last.fm
2008-05-16 16:03:33 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-16 16:01:57 0 d-------- C:\WINDOWS\system32\LogFiles
2008-05-16 16:01:57 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-16 03:09:34 0 d-------- C:\Documents and Settings\DominicB\Application Data\vlc
2008-05-16 03:08:31 0 d-------- C:\Program Files\VideoLAN
2008-05-16 00:43:06 0 d-------- C:\Program Files\BabasChess
2008-05-15 23:31:44 0 d-------- C:\Program Files\Real Alternative
2008-05-15 23:31:44 0 d-------- C:\Documents and Settings\DominicB\Application Data\Real
2008-05-15 23:31:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Real
2008-05-15 22:51:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-15 22:51:21 0 d-------- C:\Program Files\QuickTime Alternative
2008-05-15 19:40:59 164352 --a------ C:\WINDOWS\system32\unrar.dll
2008-05-15 19:40:56 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-05-15 19:40:56 159839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-05-15 19:40:56 755027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-15 19:40:56 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-15 19:40:56 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-15 19:40:55 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-15 19:40:55 682496 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-15 19:40:54 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-05-15 14:55:23 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-05-15 14:53:35 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-15 14:53:35 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-15 14:53:35 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-15 14:53:34 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-15 14:53:34 1474560 --a------ C:\WINDOWS\system32\nview.dll
2008-05-15 14:53:34 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-15 14:53:34 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-15 14:53:34 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-05-15 14:52:04 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2008-05-15 14:51:46 0 d-------- C:\nVidia Forceware
2008-05-14 17:16:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-05-14 17:16:23 0 d-------- C:\Program Files\StuffPlug3
2008-05-14 16:36:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-05-14 16:36:21 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-14 14:21:02 0 d-------- C:\Documents and Settings\DominicB\Application Data\Macromedia
2008-05-14 14:21:02 0 d-------- C:\Documents and Settings\DominicB\Application Data\Adobe
2008-05-14 13:18:49 0 d-------- C:\Program Files\Messenger Plus! Live
2008-05-14 13:16:33 0 d-------- C:\Documents and Settings\DominicB\Application Data\WinRAR
2008-05-14 13:10:57 0 d-------- C:\WINDOWS\WinRAR
2008-05-14 13:09:39 0 d-------- C:\Documents and Settings\DominicB\Contacts
2008-05-14 11:33:39 0 d-------- C:\Program Files\uTorrent
2008-05-14 11:33:28 0 d-------- C:\Documents and Settings\DominicB\Application Data\uTorrent
2008-05-14 04:50:54 73728 --a------ C:\WINDOWS\system32\CavEmLSP.dll <Not Verified; COMODO; Comodo AntiVirus.>
2008-05-14 04:49:28 102400 --a------ C:\WINDOWS\system32\drivers\cavasm.sys <Not Verified; Comodo Inc.; Comodo Anti-Viruspyware>
2008-05-14 02:46:00 0 d-------- C:\Program Files\SigmaTel
2008-05-14 02:45:59 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-14 02:03:41 0 d-------- C:\Program Files\CONEXANT
2008-05-13 18:34:56 0 d-------- C:\Program Files\IDT
2008-05-13 18:00:46 0 d-------- C:\WINDOWS\Prefetch
2008-05-13 17:45:47 0 d-------- C:\WINDOWS\system32\scripting
2008-05-13 17:45:46 0 d-------- C:\WINDOWS\system32\en
2008-05-13 17:45:46 0 d-------- C:\WINDOWS\system32\bits
2008-05-13 17:45:46 0 d-------- C:\WINDOWS\l2schemas
2008-05-13 17:44:27 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-13 17:42:38 0 d-------- C:\WINDOWS\network diagnostic
2008-05-13 17:41:22 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-05-12 21:24:38 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-12 21:24:06 0 d-------- C:\Program Files\Windows Live
2008-05-12 21:23:56 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-12 17:53:49 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-05-12 17:42:13 0 d-------- C:\WINDOWS\CSC
2008-05-12 17:39:12 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2008-05-12 17:33:27 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-05-12 17:33:27 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-12 17:33:27 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-12 17:33:26 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-12 17:33:26 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-12 17:33:26 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-12 17:33:26 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-05-12 17:33:26 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-05-12 17:33:26 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-05-12 17:33:26 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-05-12 17:33:26 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-12 17:33:26 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-05-12 17:33:26 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-12 17:33:25 1835008 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-12 15:56:06 0 d-------- C:\Documents and Settings\DominicB\dwhelper
2008-05-12 02:14:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-05-12 02:13:41 0 d-------- C:\WINDOWS\system32\PreInstall
2008-05-12 02:11:32 0 d--h----- C:\WINDOWS\$hf_mig$
2008-05-12 01:04:03 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-05-12 01:02:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-12 00:35:52 0 d--hs---- C:\Documents and Settings\DominicB\UserData
2008-05-12 00:32:11 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-05-12 00:31:40 0 d-------- C:\WINDOWS\SHELLNEW
2008-05-12 00:28:11 0 dr-h----- C:\MSOCache
2008-05-11 23:07:07 81984 --a------ C:\WINDOWS\system32\bdod.bin
2008-05-11 23:03:34 0 d-------- C:\Documents and Settings\DominicB\Application Data\Bitdefender
2008-05-11 23:01:45 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-05-11 22:57:01 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-11 22:56:47 0 d-------- C:\Documents and Settings\DominicB\Application Data\Mozilla
2008-05-11 22:55:46 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 5
2008-05-11 20:06:20 0 d-------- C:\Documents and Settings\DominicB\Application Data\Comodo
2008-05-11 20:06:18 0 d-------- C:\Program Files\COMODO
2008-05-11 08:35:19 0 d-------- C:\Documents and Settings\DominicB\Application Data\Intel
2008-05-11 08:35:09 21275 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0>
2008-05-11 08:34:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-05-11 08:34:37 0 d-------- C:\Program Files\Intel
2008-05-11 08:29:16 0 d-------- C:\WINDOWS\nview
2008-05-11 08:28:54 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-11 08:25:19 0 d-------- C:\Program Files\DIFX
2008-05-11 08:25:11 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-05-11 03:56:21 0 d--hs---- C:\WINDOWS\Installer
2008-05-11 03:56:20 0 d-------- C:\Program Files\Common Files\ODBC
2008-05-11 03:56:17 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-05-11 03:56:16 0 dr------- C:\Program Files
2008-05-11 03:56:16 0 d-------- C:\Program Files\Common Files
2008-05-11 03:55:53 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-05-11 03:55:53 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-05-11 03:55:53 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-05-11 03:55:53 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-05-11 03:55:53 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-05-11 03:55:53 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-05-11 03:55:53 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-05-11 03:55:53 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-05-11 03:55:53 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-05-11 03:55:53 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-05-11 03:55:53 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-05-11 03:55:53 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-05-11 03:55:53 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-05-11 03:55:53 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-05-11 03:55:53 0 dr------- C:\Documents and Settings\All Users\Documents
2008-05-11 03:55:53 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-05-11 03:55:41 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-05-11 03:55:41 0 d-------- C:\WINDOWS\system32\CatRoot
2008-05-11 03:55:36 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-05-11 03:55:36 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-05-11 03:55:35 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-05-11 03:55:35 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-05-11 03:55:10 0 d--hs---- C:\System Volume Information
2008-05-11 03:55:10 0 d-------- C:\Documents and Settings
2008-05-11 03:46:58 0 d-------- C:\WINDOWS
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\WinSxS
2008-05-11 03:46:58 0 dr------- C:\WINDOWS\Web
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\twain_32
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\wins
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\wbem
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\usmt
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\spool
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\ShellExt
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\Setup
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\ras
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\oobe
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\npp
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\mui
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\inetsrv
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\IME
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\icsxml
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\ias
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\export
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\drivers
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-05-11 03:46:58 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\dhcp
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\config
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\3076
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\2052
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\1054
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\1042
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\1041
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\1037
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\1033
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\1031
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\1028
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\1025
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\security
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Resources
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\repair
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Provisioning
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\PeerNet
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\pchealth
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\mui
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\msapps
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\msagent
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Media
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\java
2008-05-11 03:46:58 0 d--h----- C:\WINDOWS\inf
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\ime
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Help
2008-05-11 03:46:58 0 dr--s---- C:\WINDOWS\Fonts
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\ehome
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Driver Cache
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\dell
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Debug
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Cursors
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Connection Wizard
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Config
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\AppPatch
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\addins
2008-05-11 02:18:49 0 d-------- C:\Documents and Settings\DominicB\Application Data\Identities
2008-05-11 02:18:43 0 d--h----- C:\Documents and Settings\DominicB\Templates
2008-05-11 02:18:43 0 dr------- C:\Documents and Settings\DominicB\Start Menu
2008-05-11 02:18:43 0 dr-h----- C:\Documents and Settings\DominicB\SendTo
2008-05-11 02:18:43 0 d--h----- C:\Documents and Settings\DominicB\PrintHood
2008-05-11 02:18:43 4194304 --ah----- C:\Documents and Settings\DominicB\NTUSER.DAT
2008-05-11 02:18:43 0 d--h----- C:\Documents and Settings\DominicB\NetHood
2008-05-11 02:18:43 0 dr------- C:\Documents and Settings\DominicB\My Documents
2008-05-11 02:18:43 0 d--h----- C:\Documents and Settings\DominicB\Local Settings
2008-05-11 02:18:43 0 dr------- C:\Documents and Settings\DominicB\Favorites
2008-05-11 02:18:43 0 d-------- C:\Documents and Settings\DominicB\Desktop
2008-05-11 02:18:43 0 d--hs---- C:\Documents and Settings\DominicB\Cookies
2008-05-11 02:18:43 0 dr-h----- C:\Documents and Settings\DominicB\Application Data
2008-05-11 02:17:44 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-05-11 02:17:42 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-05-11 02:17:41 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-05-11 02:17:41 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-05-11 02:17:41 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-05-11 02:17:41 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-05-11 02:17:41 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-05-11 02:09:45 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-05-11 02:09:45 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-05-11 02:09:45 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-05-11 02:09:45 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-05-11 02:09:45 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-05-11 02:06:38 0 d-------- C:\WINDOWS\system32\xircom
2008-05-11 02:06:38 0 d-------- C:\Program Files\microsoft frontpage
2008-05-11 02:06:27 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-05-11 02:06:27 0 d-------- C:\DELL
2008-05-11 02:06:15 0 -rahs---- C:\MSDOS.SYS
2008-05-11 02:06:15 0 -rahs---- C:\IO.SYS
2008-05-11 02:06:15 0 --a------ C:\CONFIG.SYS
2008-05-11 02:06:15 0 --a------ C:\AUTOEXEC.BAT
2008-05-11 02:05:25 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-05-11 02:05:18 0 dr------- C:\WINDOWS\Offline Web Pages
2008-05-11 02:05:18 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-05-11 02:05:10 0 d--h----- C:\Program Files\WindowsUpdate
2008-05-11 02:04:51 0 d-------- C:\WINDOWS\system32\DirectX
2008-05-11 02:04:17 0 d---s---- C:\WINDOWS\Tasks
2008-05-11 02:04:16 0 d-------- C:\Program Files\Common Files\MSSoap
2008-05-11 02:04:12 0 d-------- C:\WINDOWS\srchasst
2008-05-11 02:04:11 0 d-------- C:\WINDOWS\system32\Macromed
2008-05-11 02:04:01 0 d-------- C:\Program Files\Movie Maker
2008-05-11 02:03:53 0 d-------- C:\WINDOWS\system32\Restore
2008-05-11 02:03:14 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-11 02:02:57 0 d-------- C:\WINDOWS\Registration
2008-05-11 02:02:50 0 d-------- C:\Program Files\Online Services
2008-05-11 02:02:44 0 d-------- C:\Program Files\Messenger
2008-05-11 02:02:40 0 d-------- C:\Program Files\MSN Gaming Zone
2008-05-11 02:01:56 0 d-------- C:\Program Files\Windows NT
2008-05-11 02:01:53 0 d-------- C:\WINDOWS\system32\MsDtc
2008-05-11 02:01:51 0 d-------- C:\WINDOWS\system32\Com

-- Find3M Report ---------------------------------------------------------------

2008-05-11 03:55:53 62 --ahs---- C:\Documents and Settings\DominicB\Application Data\desktop.ini

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [12/28/2005 07:55 PM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [12/28/2005 07:56 PM]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [04/03/2007 12:48 AM]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [03/26/2007 11:49 PM]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [05/24/2008 12:44 PM]
"cnfgCav"="C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe" [05/14/2008 04:48 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/18/2007 12:55 AM]
"nwiz"="nwiz.exe" [12/18/2007 12:55 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/18/2007 12:55 AM]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [05/14/2007 02:23 PM]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [05/10/2007 10:22 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 10:12 AM]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sockspy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\tuvVOheD

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

-- End of Deckard's System Scanner: finished at 2008-05-25 22:25:17 ------------

Rorschach112 · May 25, 2008

Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O1 - Hosts: localhost virtumonde.com

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

Backup Your Registry with ERUNT

Please use the following link and scroll down to ERUNT and download it.
http://aumha.org/freeware/freeware.php
For version with the Installer:
Use the setup program to install ERUNT on your computer
For the zipped version:
Unzip all the files into a folder of your choice.

Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

Now we need to fix your problems by making a .reg file. Copy the code below into a Notepad file. Name the file as fix.reg, change the "Save as Type" to "All files" and save it on the desktop.

Code:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,00,\
00

Then double click on the fix.reg file, when it prompts to merge click "Yes".

Reboot and post a new DSS log and tell me how your PC is running

Harro · May 25, 2008

Followed all those steps successfully.

Computer is running much better. The updates warning was still there on startup. I went to turn it back on and after giving the pc 5 seconds to think up it it did so where previously it said that it was unable to do so.

cmd.exe attempts to access swreg.exe and sed.exe. Probably stupidly I allow it.

The dss.exe log upon reboot:

Deckard's System Scanner v20071014.68
Run by DominicB on 2008-05-25 22:48:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as DominicB.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:51 PM, on 5/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Comodo\Comodo AntiVirus\Cavaud.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Documents and Settings\DominicB\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\DominicB.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [cnfgCav] "C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1210516761031
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1210591786625
O17 - HKLM\System\CCS\Services\Tcpip\..\{052E4CBC-216D-4501-B664-C1E496BCE180}: NameServer = 61.9.133.193,61.9.134.49
O17 - HKLM\System\CS1\Services\Tcpip\..\{052E4CBC-216D-4501-B664-C1E496BCE180}: NameServer = 61.9.133.193,61.9.134.49
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 7538 bytes

-- Files created between 2008-04-25 and 2008-05-25 -----------------------------

2008-05-25 22:09:49 0 d-------- C:\Documents and Settings\DominicB\Application Data\Malwarebytes
2008-05-25 22:09:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-25 22:09:31 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-25 16:52:35 0 d-------- C:\327882R2FWJFW
2008-05-25 16:35:36 0 dr-hs---- C:\cmdcons
2008-05-25 16:35:31 0 d-------- C:\WINDOWS\setup.pss
2008-05-25 16:34:45 0 d-------- C:\WINDOWS\setupupd
2008-05-25 03:22:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-25 03:22:06 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-25 02:47:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-05-25 02:47:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-05-25 02:45:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-05-24 23:40:10 0 d-------- C:\Program Files\Windows Live Safety Center
2008-05-24 23:10:11 0 d-------- C:\Program Files\Trend Micro
2008-05-24 23:07:55 0 d-------- C:\Program Files\Ad-Aware
2008-05-24 23:07:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-24 23:07:06 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-24 22:46:22 0 dr-h----- C:\Documents and Settings\DominicB\Recent
2008-05-24 22:30:37 0 d-------- C:\Program Files\Windows Defender
2008-05-24 22:27:19 0 d-------- C:\Program Files\CCleaner
2008-05-24 20:46:04 0 d-------- C:\WINDOWS\system32\appmgmt
2008-05-24 18:13:57 0 d-------- C:\Program Files\MSN Messenger
2008-05-24 18:13:56 0 d-------- C:\Program Files\MessengerDiscovery
2008-05-24 03:49:39 0 d-------- C:\Documents and Settings\DominicB\Application Data\Nero
2008-05-24 03:44:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-05-23 22:40:08 0 d-------- C:\Program Files\DVD Decrypter
2008-05-23 16:03:38 0 d-------- C:\Documents and Settings\DominicB\Application Data\ImgBurn
2008-05-23 16:02:46 0 d-------- C:\Program Files\ImgBurn
2008-05-23 04:10:33 0 d-------- C:\Documents and Settings\DominicB\Application Data\dvdcss
2008-05-23 03:57:03 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-05-23 03:57:02 0 d-------- C:\Program Files\DVD Shrink
2008-05-22 06:32:24 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-22 06:23:48 0 d-------- C:\WINDOWS\system32\URTTemp
2008-05-22 05:52:03 0 d-------- C:\Program Files\Kasparov Chessmate
2008-05-22 05:51:46 0 d-------- C:\Program Files\ReflexiveArcade
2008-05-22 04:02:09 0 d-------- C:\WINDOWS\Sun
2008-05-22 04:02:09 0 d-------- C:\Documents and Settings\DominicB\Application Data\Sun
2008-05-22 03:59:38 0 d-------- C:\Program Files\Java
2008-05-22 03:56:39 0 d-------- C:\Program Files\Common Files\Java
2008-05-20 15:19:36 0 d-------- C:\Program Files\Dell
2008-05-20 15:19:18 16128 --a------ C:\WINDOWS\system32\drivers\APPDRV.SYS <Not Verified; Dell Inc; Application Driver>
2008-05-20 15:19:13 0 d-------- C:\Documents and Settings\DominicB\Application Data\InstallShield
2008-05-16 20:00:59 0 d-------- C:\Program Files\CoreFTP
2008-05-16 18:25:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Last.fm
2008-05-16 18:22:16 0 d-------- C:\Program Files\Last.fm
2008-05-16 16:03:33 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-16 16:01:57 0 d-------- C:\WINDOWS\system32\LogFiles
2008-05-16 16:01:57 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-16 03:09:34 0 d-------- C:\Documents and Settings\DominicB\Application Data\vlc
2008-05-16 03:08:31 0 d-------- C:\Program Files\VideoLAN
2008-05-16 00:43:06 0 d-------- C:\Program Files\BabasChess
2008-05-15 23:31:44 0 d-------- C:\Program Files\Real Alternative
2008-05-15 23:31:44 0 d-------- C:\Documents and Settings\DominicB\Application Data\Real
2008-05-15 23:31:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Real
2008-05-15 22:51:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-15 22:51:21 0 d-------- C:\Program Files\QuickTime Alternative
2008-05-15 19:40:59 164352 --a------ C:\WINDOWS\system32\unrar.dll
2008-05-15 19:40:56 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-05-15 19:40:56 159839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-05-15 19:40:56 755027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-15 19:40:56 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-15 19:40:56 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-15 19:40:55 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-15 19:40:55 682496 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-15 19:40:54 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-05-15 14:55:23 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-05-15 14:53:35 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-15 14:53:35 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-15 14:53:35 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-15 14:53:34 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-15 14:53:34 1474560 --a------ C:\WINDOWS\system32\nview.dll
2008-05-15 14:53:34 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-15 14:53:34 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-15 14:53:34 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-05-15 14:52:04 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2008-05-15 14:51:46 0 d-------- C:\nVidia Forceware
2008-05-14 17:16:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-05-14 17:16:23 0 d-------- C:\Program Files\StuffPlug3
2008-05-14 16:36:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-05-14 16:36:21 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-14 14:21:02 0 d-------- C:\Documents and Settings\DominicB\Application Data\Macromedia
2008-05-14 14:21:02 0 d-------- C:\Documents and Settings\DominicB\Application Data\Adobe
2008-05-14 13:18:49 0 d-------- C:\Program Files\Messenger Plus! Live
2008-05-14 13:16:33 0 d-------- C:\Documents and Settings\DominicB\Application Data\WinRAR
2008-05-14 13:10:57 0 d-------- C:\WINDOWS\WinRAR
2008-05-14 13:09:39 0 d-------- C:\Documents and Settings\DominicB\Contacts
2008-05-14 11:33:39 0 d-------- C:\Program Files\uTorrent
2008-05-14 11:33:28 0 d-------- C:\Documents and Settings\DominicB\Application Data\uTorrent
2008-05-14 04:50:54 73728 --a------ C:\WINDOWS\system32\CavEmLSP.dll <Not Verified; COMODO; Comodo AntiVirus.>
2008-05-14 04:49:28 102400 --a------ C:\WINDOWS\system32\drivers\cavasm.sys <Not Verified; Comodo Inc.; Comodo Anti-Viruspyware>
2008-05-14 02:46:00 0 d-------- C:\Program Files\SigmaTel
2008-05-14 02:45:59 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-14 02:03:41 0 d-------- C:\Program Files\CONEXANT
2008-05-13 18:34:56 0 d-------- C:\Program Files\IDT
2008-05-13 18:00:46 0 d-------- C:\WINDOWS\Prefetch
2008-05-13 17:45:47 0 d-------- C:\WINDOWS\system32\scripting
2008-05-13 17:45:46 0 d-------- C:\WINDOWS\system32\en
2008-05-13 17:45:46 0 d-------- C:\WINDOWS\system32\bits
2008-05-13 17:45:46 0 d-------- C:\WINDOWS\l2schemas
2008-05-13 17:44:27 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-13 17:42:38 0 d-------- C:\WINDOWS\network diagnostic
2008-05-13 17:41:22 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-05-12 21:24:38 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-12 21:24:06 0 d-------- C:\Program Files\Windows Live
2008-05-12 21:23:56 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-12 17:53:49 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-05-12 17:42:13 0 d-------- C:\WINDOWS\CSC
2008-05-12 17:39:12 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2008-05-12 17:33:27 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-05-12 17:33:27 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-12 17:33:27 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-12 17:33:26 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-12 17:33:26 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-12 17:33:26 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-12 17:33:26 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-05-12 17:33:26 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-05-12 17:33:26 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-05-12 17:33:26 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-05-12 17:33:26 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-12 17:33:26 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-05-12 17:33:26 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-12 17:33:25 1835008 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-12 15:56:06 0 d-------- C:\Documents and Settings\DominicB\dwhelper
2008-05-12 02:14:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-05-12 02:13:41 0 d-------- C:\WINDOWS\system32\PreInstall
2008-05-12 02:11:32 0 d--h----- C:\WINDOWS\$hf_mig$
2008-05-12 01:04:03 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-05-12 01:02:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-12 00:35:52 0 d--hs---- C:\Documents and Settings\DominicB\UserData
2008-05-12 00:32:11 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-05-12 00:31:40 0 d-------- C:\WINDOWS\SHELLNEW
2008-05-12 00:28:11 0 dr-h----- C:\MSOCache
2008-05-11 23:07:07 81984 --a------ C:\WINDOWS\system32\bdod.bin
2008-05-11 23:03:34 0 d-------- C:\Documents and Settings\DominicB\Application Data\Bitdefender
2008-05-11 23:01:45 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-05-11 22:57:01 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-11 22:56:47 0 d-------- C:\Documents and Settings\DominicB\Application Data\Mozilla
2008-05-11 22:55:46 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 5
2008-05-11 20:06:20 0 d-------- C:\Documents and Settings\DominicB\Application Data\Comodo
2008-05-11 20:06:18 0 d-------- C:\Program Files\COMODO
2008-05-11 08:35:19 0 d-------- C:\Documents and Settings\DominicB\Application Data\Intel
2008-05-11 08:35:09 21275 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0>
2008-05-11 08:34:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-05-11 08:34:37 0 d-------- C:\Program Files\Intel
2008-05-11 08:29:16 0 d-------- C:\WINDOWS\nview
2008-05-11 08:28:54 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-11 08:25:19 0 d-------- C:\Program Files\DIFX
2008-05-11 08:25:11 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-05-11 03:56:21 0 d--hs---- C:\WINDOWS\Installer
2008-05-11 03:56:20 0 d-------- C:\Program Files\Common Files\ODBC
2008-05-11 03:56:17 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-05-11 03:56:16 0 dr------- C:\Program Files
2008-05-11 03:56:16 0 d-------- C:\Program Files\Common Files
2008-05-11 03:55:53 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-05-11 03:55:53 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-05-11 03:55:53 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-05-11 03:55:53 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-05-11 03:55:53 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-05-11 03:55:53 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-05-11 03:55:53 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-05-11 03:55:53 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-05-11 03:55:53 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-05-11 03:55:53 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-05-11 03:55:53 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-05-11 03:55:53 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-05-11 03:55:53 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-05-11 03:55:53 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-05-11 03:55:53 0 dr------- C:\Documents and Settings\All Users\Documents
2008-05-11 03:55:53 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-05-11 03:55:41 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-05-11 03:55:41 0 d-------- C:\WINDOWS\system32\CatRoot
2008-05-11 03:55:36 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-05-11 03:55:36 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-05-11 03:55:35 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-05-11 03:55:35 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-05-11 03:55:10 0 d--hs---- C:\System Volume Information
2008-05-11 03:55:10 0 d-------- C:\Documents and Settings
2008-05-11 03:46:58 0 d-------- C:\WINDOWS
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\WinSxS
2008-05-11 03:46:58 0 dr------- C:\WINDOWS\Web
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\twain_32
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\wins
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\wbem
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\usmt
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\spool
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\ShellExt
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\Setup
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\ras
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\oobe
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\npp
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\mui
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\inetsrv
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\IME
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\icsxml
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\ias
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\export
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\drivers
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-05-11 03:46:58 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\dhcp
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\config
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\3076
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\2052
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\1054
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\1042
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\1041
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\1037
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\1033
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\1031
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\1028
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system32\1025
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\system
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\security
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Resources
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\repair
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Provisioning
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\PeerNet
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\pchealth
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\mui
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\msapps
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\msagent
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Media
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\java
2008-05-11 03:46:58 0 d--h----- C:\WINDOWS\inf
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\ime
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Help
2008-05-11 03:46:58 0 dr--s---- C:\WINDOWS\Fonts
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\ehome
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Driver Cache
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\dell
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Debug
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Cursors
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Connection Wizard
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\Config
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\AppPatch
2008-05-11 03:46:58 0 d-------- C:\WINDOWS\addins
2008-05-11 02:18:49 0 d-------- C:\Documents and Settings\DominicB\Application Data\Identities
2008-05-11 02:18:43 0 d--h----- C:\Documents and Settings\DominicB\Templates
2008-05-11 02:18:43 0 dr------- C:\Documents and Settings\DominicB\Start Menu
2008-05-11 02:18:43 0 dr-h----- C:\Documents and Settings\DominicB\SendTo
2008-05-11 02:18:43 0 d--h----- C:\Documents and Settings\DominicB\PrintHood
2008-05-11 02:18:43 4194304 --ah----- C:\Documents and Settings\DominicB\NTUSER.DAT
2008-05-11 02:18:43 0 d--h----- C:\Documents and Settings\DominicB\NetHood
2008-05-11 02:18:43 0 dr------- C:\Documents and Settings\DominicB\My Documents
2008-05-11 02:18:43 0 d--h----- C:\Documents and Settings\DominicB\Local Settings
2008-05-11 02:18:43 0 dr------- C:\Documents and Settings\DominicB\Favorites
2008-05-11 02:18:43 0 d-------- C:\Documents and Settings\DominicB\Desktop
2008-05-11 02:18:43 0 d--hs---- C:\Documents and Settings\DominicB\Cookies
2008-05-11 02:18:43 0 dr-h----- C:\Documents and Settings\DominicB\Application Data
2008-05-11 02:17:44 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-05-11 02:17:42 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-05-11 02:17:41 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-05-11 02:17:41 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-05-11 02:17:41 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-05-11 02:17:41 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-05-11 02:17:41 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-05-11 02:09:45 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-05-11 02:09:45 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-05-11 02:09:45 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-05-11 02:09:45 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-05-11 02:09:45 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-05-11 02:06:38 0 d-------- C:\WINDOWS\system32\xircom
2008-05-11 02:06:38 0 d-------- C:\Program Files\microsoft frontpage
2008-05-11 02:06:27 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-05-11 02:06:27 0 d-------- C:\DELL
2008-05-11 02:06:15 0 -rahs---- C:\MSDOS.SYS
2008-05-11 02:06:15 0 -rahs---- C:\IO.SYS
2008-05-11 02:06:15 0 --a------ C:\CONFIG.SYS
2008-05-11 02:06:15 0 --a------ C:\AUTOEXEC.BAT
2008-05-11 02:05:25 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-05-11 02:05:18 0 dr------- C:\WINDOWS\Offline Web Pages
2008-05-11 02:05:18 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-05-11 02:05:10 0 d--h----- C:\Program Files\WindowsUpdate
2008-05-11 02:04:51 0 d-------- C:\WINDOWS\system32\DirectX
2008-05-11 02:04:17 0 d---s---- C:\WINDOWS\Tasks
2008-05-11 02:04:16 0 d-------- C:\Program Files\Common Files\MSSoap
2008-05-11 02:04:12 0 d-------- C:\WINDOWS\srchasst
2008-05-11 02:04:11 0 d-------- C:\WINDOWS\system32\Macromed
2008-05-11 02:04:01 0 d-------- C:\Program Files\Movie Maker
2008-05-11 02:03:53 0 d-------- C:\WINDOWS\system32\Restore
2008-05-11 02:03:14 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-11 02:02:57 0 d-------- C:\WINDOWS\Registration
2008-05-11 02:02:50 0 d-------- C:\Program Files\Online Services
2008-05-11 02:02:44 0 d-------- C:\Program Files\Messenger
2008-05-11 02:02:40 0 d-------- C:\Program Files\MSN Gaming Zone
2008-05-11 02:01:56 0 d-------- C:\Program Files\Windows NT
2008-05-11 02:01:53 0 d-------- C:\WINDOWS\system32\MsDtc
2008-05-11 02:01:51 0 d-------- C:\WINDOWS\system32\Com

-- Find3M Report ---------------------------------------------------------------

2008-05-11 03:55:53 62 --ahs---- C:\Documents and Settings\DominicB\Application Data\desktop.ini

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [12/28/2005 07:55 PM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [12/28/2005 07:56 PM]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [04/03/2007 12:48 AM]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [03/26/2007 11:49 PM]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [05/24/2008 12:44 PM]
"cnfgCav"="C:\Program Files\Comodo\Comodo AntiVirus\CMain.exe" [05/14/2008 04:48 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/18/2007 12:55 AM]
"nwiz"="nwiz.exe" [12/18/2007 12:55 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/18/2007 12:55 AM]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [05/14/2007 02:23 PM]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [05/10/2007 10:22 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 10:12 AM]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sockspy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

-- End of Deckard's System Scanner: finished at 2008-05-25 22:52:48 ------------

Harro · May 25, 2008

Putting the computer into standby is fixed (in that it doesn't come out of standby 10 seconds later).

Harro · May 25, 2008

Is that the end of it?

Rorschach112 · May 25, 2008

Your logs are clean

Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

Make sure you have an Internet Connection.
Double-click OTMoveIt2.exe to run it.
Click on the CleanUp! button
A list of tool components used in the Cleanup of malware will be downloaded.
If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
Click Yes to beging the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure

Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.

Harro · May 25, 2008

Thanks so good through all of that. The computer is running fine and I have installed those programs/made those changes.

You were brilliant.

I have a couple of questions:

Are you guys part of the spybot cause and how does the site stay afloat? I'm keen to make a donation (if you do accept donations then maybe you should have some text to end with suggesting a donation at the end of a fixed issue).

What is the virtumonde spyware, where did it originate and why is there not one solution? It seems very time consuming for you guys.

Once again, thanks so much.

Rorschach112 · May 25, 2008

Are you guys part of the spybot cause and how does the site stay afloat?

I have no idea how the site stays afloat, I am sure it costs a bit of money

I'm keen to make a donation (if you do accept donations then maybe you should have some text to end with suggesting a donation at the end of a fixed issue).

There is a donate button at the top right of the screen, we are happy doing this for free thats why we don't mention donating in the end of our posts

What is the virtumonde spyware, where did it originate and why is there not one solution? It seems very time consuming for you guys.

It is a piece of malware that causes a lot of headaches, loads of pop ups, and can really damage PC's. There is no solution cause the infection is constantly changing. There are hundreds of different types of Vundo infections that are already covered by VundoFix, unfortunately there are more new ones each day. That is why we cant just say "run this program and you will be fine", we have to use a manual fix to remove it

Hope that helps, any other questions ?

Harro · May 26, 2008

That's great.

Thanks mate.

Rorschach112 · May 26, 2008

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.

Virtumonde

New member

Retired Security Volunteer

New member

New member

New member

New member

New member

Retired Security Volunteer

New member

Retired Security Volunteer

New member

Retired Security Volunteer

New member

New member

New member

Retired Security Volunteer

New member

Retired Security Volunteer

New member

Retired Security Volunteer