Virutmonde

[parkenddes]

it started just over a week ago, was on the computer and then the internet connection went, couln't get back on so ran SpyBot and it found this Virtumonde

Also found out that my login for the internet was being changed to "intertaccess" with a password, when changed back to my own I can connect to the internet but after so long it change back

I've looked and other reports on this site but don't have the software you're ataking about, can you help please

Des D'Arcy (parkenddes)

 

[Blade81]

Hi

Download and install TrendMicro HijackThis
* Once installed open HijackThis by clicking Start > Programs > HijackThis and click the button labeled
Do a system scan only

* Click the scan button in the lower left hand corner of the interface and HijackThis will quickly scan your system.
* Once the scan is complete the scan button will now read save log. Click this button to save the log file to your PC. Once you select where you would like to save the file it will open in your systems default text editor. Typically this application is Notepad. Post the log here.

 

[parkenddes]

I'm running the Highjack and when I click on save log file it just exits the program

 

[Blade81]

Hi

Rename HijackThis.exe -> whatever.exe and then try again.

 

[parkenddes]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:08:33, on 09/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\USB Product Driver v2.12r012\shwicon.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Program Files\Trend Micro\HijackThis\whatever.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: (no name) - {0CF5D165-517E-48B6-B3C7-3054A24F8BF6} - C:\WINDOWS\system32\awtqrsqn.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {2C526413-AFBF-49B7-9EF5-CE3AB6370864} - (no file)
O2 - BHO: (no name) - {3D9D07E0-2656-4336-95E9-733FEA24E841} - (no file)
O2 - BHO: (no name) - {514A5C49-0C7D-42c3-A71B-38864A269B7A} - C:\WINDOWS\system32\bujyowws.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {c0e5994e-e766-6aaa-5ce4-fe282b155d16} - {61d551b2-82ef-4ec5-aaa6-667ee4995e0c} - C:\WINDOWS\system32\jkgqgtvo.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {94814CB6-E62F-4C26-BA75-3E40310FA0DB} - (no file)
O2 - BHO: (no name) - {987608C3-54B3-4AA0-99CB-935148625FFB} - C:\WINDOWS\system32\rqRJCRLC.dll (file missing)
O2 - BHO: (no name) - {9C3095F4-6AE2-4527-ABCF-419EBE28E5AB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: (no name) - {C46AAC56-A4C5-474F-9796-43E9F90B6719} - C:\WINDOWS\system32\opnopMcA.dll
O2 - BHO: (no name) - {FAE97DD7-985C-47DA-BC01-6E4117E6727D} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [ShowIcon_Justrams_USB Product Driver v2.12r012] "C:\Program Files\USB Product Driver v2.12r012\shwicon.exe" -t"Justrams\USB Product Driver v2.12r012"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [BM07ee5701] Rundll32.exe "C:\WINDOWS\system32\rdvnlhpe.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-20\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-18 Startup: Tiscali Broadband.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: Tiscali Broadband.lnk = ? (User 'Default user')
O4 - Startup: AutorunsDisabled
O4 - Startup: Tiscali Broadband.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {245637BB-3A58-49A2-A7AB-F4A63B67652E} (PrinterDetector40.PrinterDetector) - http://www.mymemory.co.uk/detector/PrinterDetector40.ocx
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1121902082609
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://212.248.234.26/activex/AxisCamControl.cab
O16 - DPF: {924C1588-90C3-4910-B6CA-D57A1C0418FE} (YbUploadFavsCtl Class) - http://uk.bookmarks.yahoo.com/YbConvFav.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (Tiscali Music Downloads) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.89_20060727.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F021C4DE-F77C-4857-ABFA-AE72EFE53D3B}: NameServer = 212.139.132.24 212.139.132.25
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O20 - Winlogon Notify: awtqrsqn - C:\WINDOWS\SYSTEM32\awtqrsqn.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

--
End of file - 17549 bytes

 

[Blade81]

Hi

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

If you have problems with Combofix usage, see here

 

[parkenddes]

ComboFix 08-06-08.8 - Des 2008-06-09 19:27:03.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.152 [GMT 1:00]
Running from: C:\Documents and Settings\Des\Desktop\Combo-Fix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM07ee5701.xml
C:\WINDOWS\bobsaver.exe
C:\WINDOWS\bobsaver.scr
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\AcMponpo.ini
C:\WINDOWS\system32\AcMponpo.ini2
C:\WINDOWS\system32\awtqrsqn.dll
C:\WINDOWS\system32\BLlTwyxx.ini
C:\WINDOWS\system32\BLlTwyxx.ini2
C:\WINDOWS\system32\btmqniht.dll
C:\WINDOWS\system32\bujyowws.dll
C:\WINDOWS\system32\CLRCJRqr.ini
C:\WINDOWS\system32\CLRCJRqr.ini2
C:\WINDOWS\system32\cvglmqre.dll
C:\WINDOWS\system32\dfailrrh.dll
C:\WINDOWS\system32\dgiiQqss.ini
C:\WINDOWS\system32\dgiiQqss.ini2
C:\WINDOWS\system32\dgohkwtj.dll
C:\WINDOWS\system32\DLoVxGgh.ini
C:\WINDOWS\system32\DLoVxGgh.ini2
C:\WINDOWS\system32\dmgfcpne.dll
C:\WINDOWS\system32\domxojkv.dll
C:\WINDOWS\system32\fwkwcqtl.dll
C:\WINDOWS\system32\jadlboda.dll
C:\WINDOWS\system32\jkgqgtvo.dll
C:\WINDOWS\system32\kljhxars.dll
C:\WINDOWS\system32\ltqcwkwf.ini
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MmmnWvut.ini
C:\WINDOWS\system32\MmmnWvut.ini2
C:\WINDOWS\system32\mtgyfldh.dll
C:\WINDOWS\system32\nhmeeidg.dll
C:\WINDOWS\system32\ogckfrba.dll
C:\WINDOWS\system32\opllyydk.dll
C:\WINDOWS\system32\opnopMcA.dll
C:\WINDOWS\system32\oyatxewo.dll
C:\WINDOWS\system32\puusjrqw.dll
C:\WINDOWS\system32\qedudsfa.dll
C:\WINDOWS\system32\qviedrek.ini
C:\WINDOWS\system32\rdvnlhpe.dll
C:\WINDOWS\system32\thinqmtb.ini
C:\WINDOWS\system32\uftngfod.ini
C:\WINDOWS\system32\vbsocmys.dll
C:\WINDOWS\system32\vbycpkaq.ini
C:\WINDOWS\system32\vilcwcxy.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-09 to 2008-06-09 )))))))))))))))))))))))))))))))
.

2008-06-09 20:13 . 2008-06-09 20:13 <DIR> d--hs---- C:\Documents and Settings\TEMP
2008-06-09 18:38 . 2008-06-09 18:38 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-08 04:20 . 2008-06-08 04:20 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-06-07 17:38 . 2008-06-07 17:38 <DIR> d-------- C:\Kontiki
2008-06-05 00:34 . 2008-06-05 00:34 0 --a------ C:\WINDOWS\vpc32.INI
2008-06-04 20:38 . 2008-06-09 20:14 <DIR> d-------- C:\Program Files\Symantec AntiVirus
2008-06-03 22:33 . 2008-06-03 22:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-03 22:33 . 2008-06-03 22:33 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-03 02:20 . 2008-06-03 02:20 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-05-31 21:24 . 2008-05-31 21:24 154 --a------ C:\WINDOWS\adidsl.ini
2008-05-31 21:24 . 2008-05-31 21:24 21 --a------ C:\WINDOWS\Fast800.ini
2008-05-31 21:23 . 2008-05-31 21:23 <DIR> d-------- C:\Program Files\SAGEM
2008-05-26 19:30 . 2004-02-05 11:52 53,248 --a------ C:\WINDOWS\setFireWall.exe
2008-05-26 19:30 . 2003-12-05 15:09 2,238 --a------ C:\WINDOWS\tiscali04.ico
2008-05-26 18:50 . 2003-01-30 13:46 28,672 -ra------ C:\WINDOWS\system32\adinst32.dll
2008-05-26 18:45 . 2008-05-31 21:24 184 --a------ C:\setuplog.exe
2008-05-26 16:44 . 2008-05-26 18:44 <DIR> d-------- C:\Program Files\Tiscali Broadband
2008-05-26 16:44 . 2004-01-23 12:51 2,238 --a------ C:\WINDOWS\TiscaliHelp04.ico
2008-05-10 20:24 . 2008-05-25 14:06 <DIR> d-------- C:\Program Files\McDonaldsFairies
2008-05-10 20:13 . 2008-05-25 14:07 <DIR> d-------- C:\Program Files\McDonaldsDragons

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-09 19:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2008-06-09 19:08 --------- d-----w C:\Documents and Settings\Des\Application Data\Free Download Manager
2008-06-04 19:40 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-06-04 19:40 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-04 19:40 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-06-04 19:40 --------- d-----w C:\Program Files\Symantec
2008-06-04 19:38 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-04 19:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-04 19:33 --------- d-----w C:\Program Files\Oberon Media
2008-06-04 19:31 --------- d-----w C:\Program Files\Yahoo!
2008-06-01 13:26 --------- d-----w C:\Program Files\Norton Security Scan
2008-05-31 20:24 23 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2008-05-31 20:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-31 11:49 --------- d-----w C:\Program Files\Replay Media Catcher
2008-05-26 19:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-20 19:30 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-12 18:02 --------- d-----w C:\Documents and Settings\Yvonne\Application Data\Free Download Manager
2008-05-03 10:32 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-30 17:21 --------- d-----w C:\Program Files\BitTorrent
2008-04-26 19:40 --------- d-----w C:\Documents and Settings\Yvonne\Application Data\BitTorrent
2008-04-19 16:45 --------- d-----w C:\Program Files\Kiwee Toolbar2
2008-04-19 16:44 --------- d-----w C:\Program Files\MSN Messenger
2008-04-19 10:55 --------- d-----w C:\Documents and Settings\Yvonne\Application Data\PlayFirst
2008-04-19 10:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-04-19 10:54 --------- d-----w C:\Program Files\Common Files\Oberon Media
2008-04-15 19:49 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-13 08:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-04-10 00:43 --------- d-----w C:\Program Files\Ulead Systems
2008-02-17 11:29 3,955,352 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
2008-02-17 11:26 411,248 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
2006-10-29 18:05 3,638 ----a-w C:\Program Files\favicon.ico
2005-02-25 21:41 116,312 ----a-w C:\Documents and Settings\Yvonne\Application Data\GDIPFONTCACHEV1.DAT
2004-11-17 22:26 116,312 ----a-w C:\Documents and Settings\Des\Application Data\GDIPFONTCACHEV1.DAT
2004-10-23 19:21 284 ----a-w C:\Documents and Settings\Des\Application Data\ViewerApp.dat
2004-10-04 18:23 35,969,278 ----a-w C:\Program Files\NIS71000IN.exe
2003-11-05 00:02 217,329 ----a-w C:\Documents and Settings\Des\gspot221.exe
2003-10-16 19:51 390,312 ----a-w C:\Documents and Settings\Des\setupscreenhunterfree.exe
2003-10-12 21:17 2,835,552 ----a-w C:\Documents and Settings\Des\PlusPAD.exe
2003-10-02 20:15 1,044,168 ----a-w C:\Documents and Settings\Des\VBRun60sp5.exe
2003-09-26 20:28 5,787,083 ----a-w C:\Documents and Settings\Des\klickwizard_v2.exe
2003-09-18 19:12 3,326,820 ----a-w C:\Documents and Settings\Des\klitekpp242e.exe
2003-08-21 20:32 143,040 ----a-w C:\Documents and Settings\Des\FixBlast.exe
2003-07-07 22:32 628,746 ----a-w C:\Documents and Settings\Des\cubebuster.exe
2003-06-16 00:09 1,540,293 ----a-w C:\Documents and Settings\All Users\aaw6.exe
2003-06-13 23:18 4,808,199 ----a-w C:\Documents and Settings\All Users\DjVuWebBrowserPlugin.exe
2003-06-09 21:10 3,563,166 ----a-w C:\Documents and Settings\All Users\klcodec203b.exe
2003-06-09 21:03 3,005,176 ----a-w C:\Documents and Settings\All Users\klitekpp210b3e.exe
2003-05-30 22:38 1,722,883 ----a-w C:\Documents and Settings\All Users\nopopupin.exe
2003-05-28 23:39 1,736,232 ----a-w C:\Documents and Settings\All Users\PDivXNG311.exe
2003-05-28 22:22 7,168 ----a-w C:\Program Files\vdremote.dll
2003-05-28 22:22 6,656 ----a-w C:\Program Files\vdicmdrv.dll
2003-05-28 22:22 16,384 ----a-w C:\Program Files\auxsetup.exe
2003-05-28 22:21 74,195 ----a-w C:\Program Files\VirtualDub.vdhelp
2003-05-28 22:21 69,370 ----a-w C:\Program Files\VirtualDub.vdi
2003-05-28 22:21 507,904 ----a-w C:\Program Files\VirtualDub.exe
2003-05-28 22:21 5,120 ----a-w C:\Program Files\vdsvrlnk.dll
2003-05-27 22:19 616,631 ----a-w C:\Documents and Settings\All Users\Popup_Blocker.exe
2003-05-26 23:05 11,047,248 ----a-w C:\Documents and Settings\All Users\QuickTimeInstaller.zip
2003-05-25 15:20 792,506 ----a-w C:\Documents and Settings\All Users\regcln41.exe
2003-05-22 21:53 4,237,264 ----a-w C:\Documents and Settings\All Users\setupneoaudio-cnet.exe
2003-05-18 19:50 2,955,952 ----a-w C:\Documents and Settings\All Users\ymsgruk.exe
2003-05-17 13:05 2,438,895 ----a-w C:\Documents and Settings\Des\efc_pc_screensaver_1052866890.exe
2003-05-17 13:02 1,427,620 ----a-w C:\Documents and Settings\Des\davey_install_1.0.exe
2003-05-09 18:37 770,048 ----a-w C:\Documents and Settings\Des\winmx331.exe
2003-05-09 00:51 6,285,328 ----a-w C:\Documents and Settings\Des\Update_OMG2210.exe
2003-05-09 00:46 9,892,744 ----a-w C:\Documents and Settings\Des\OpenMGSetup31.exe
2003-05-08 22:55 2,474,314 ----a-w C:\Documents and Settings\Des\csetup_neonapster.exe
2003-02-22 00:09 18,321 ----a-w C:\Program Files\copying
2003-03-12 04:16 307,200 ----a-w C:\Program Files\internet explorer\plugins\djvu0407.dll
2003-03-12 04:16 303,104 ----a-w C:\Program Files\internet explorer\plugins\djvu0409.dll
2003-03-12 04:16 311,296 ----a-w C:\Program Files\internet explorer\plugins\djvu040c.dll
2003-03-12 04:16 299,008 ----a-w C:\Program Files\internet explorer\plugins\djvu0411.dll
2003-03-12 04:16 303,104 ----a-w C:\Program Files\internet explorer\plugins\djvu0412.dll
2003-03-12 04:16 290,816 ----a-w C:\Program Files\internet explorer\plugins\djvu0804.dll
2003-03-12 04:15 122,880 ----a-w C:\Program Files\internet explorer\plugins\DjVuCntl.dll
2003-01-13 10:20 278,528 ------w C:\Program Files\internet explorer\plugins\PanoViewer.dll
1999-04-30 15:00 98,304 ------w C:\Program Files\internet explorer\plugins\UPjpeg.dll
2007-03-09 08:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{987608C3-54B3-4AA0-99CB-935148625FFB}]
C:\WINDOWS\system32\rqRJCRLC.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-08 19:21 68856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VCSPlayer"="C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" [2003-05-05 13:47 299008]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-12-24 03:33 188416]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 21:05 339968]
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [2002-08-20 10:29 40960]
"ShowIcon_Justrams_USB Product Driver v2.12r012"="C:\Program Files\USB Product Driver v2.12r012\shwicon.exe" [2003-12-11 19:54 73728]
"ATIModeChange"="Ati2mdxx.exe" [2002-08-15 23:19 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-21 20:35 77824]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54 127022]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 18:31 61440]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 18:32 155648]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 19:26 52896]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 20:33 125168]
"adiras"="adiras.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:56 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 08:56 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-05-31 21:23:44 962663]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]
awtqrsqn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.iac2"= C:\PROGRA~1\REPLAY~1\iac25_32.ax
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\dvacm.acm
"msacm.msnaudio"= msnaudio.acm


[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8070:TCP"= 8070:TCP:BitComet 8070 TCP
"8070:UDP"= 8070:UDP:BitComet 8070 UDP
"60002:TCP"= 60002:TCP:BitComet 60002 TCP
"60002:UDP"= 60002:UDP:BitComet 60002 UDP
"8826:TCP"= 8826:TCP:BitComet 8826 TCP
"8826:UDP"= 8826:UDP:BitComet 8826 UDP

R0 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 13:52]
R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2003-06-16 16:07]
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 12:17]
R3 STAC97NA;SigmaTel 3D Environmental Audio;C:\WINDOWS\system32\drivers\stac97na.sys [2002-09-20 18:42]
R3 STAC97NH;STAC97NH;C:\WINDOWS\system32\drivers\stac97nh.sys [2002-09-20 18:43]
S3 MXBULK;DualCam Still, MXBulk3.Sys;C:\WINDOWS\system32\Drivers\MXBulk3.sys [2002-01-22 15:01]
S3 MXCap;DSC-06 Video Camera;C:\WINDOWS\system32\DRIVERS\MXCap3.sys [2002-04-17 18:35]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2006-10-30 13:46]
S3 V90drv;v90drv;C:\WINDOWS\system32\DRIVERS\v90drv.sys [2001-11-29 16:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6254de80-cdb7-11db-9d3f-4d6564696130}]
\Shell\AutoRun\command - E:\setupSNK.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-09 20:15:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

C:\WINDOWS\explorer.exe [2920] 0x82797738

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-06-09 20:42:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-09 19:41:40

Pre-Run: 19,831,627,776 bytes free
Post-Run: 21,297,373,184 bytes free

268 --- E O F --- 2008-05-30 19:19:58


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:49:12, on 09/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\USB Product Driver v2.12r012\shwicon.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {987608C3-54B3-4AA0-99CB-935148625FFB} - C:\WINDOWS\system32\rqRJCRLC.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [ShowIcon_Justrams_USB Product Driver v2.12r012] "C:\Program Files\USB Product Driver v2.12r012\shwicon.exe" -t"Justrams\USB Product Driver v2.12r012"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-20\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-18 Startup: Tiscali Broadband.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: Tiscali Broadband.lnk = ? (User 'Default user')
O4 - Startup: AutorunsDisabled
O4 - Startup: Tiscali Broadband.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {245637BB-3A58-49A2-A7AB-F4A63B67652E} (PrinterDetector40.PrinterDetector) - http://www.mymemory.co.uk/detector/PrinterDetector40.ocx
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager.egg.com/Pinsafe/accounttracking.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1121902082609
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://212.248.234.26/activex/AxisCamControl.cab
O16 - DPF: {924C1588-90C3-4910-B6CA-D57A1C0418FE} (YbUploadFavsCtl Class) - http://uk.bookmarks.yahoo.com/YbConvFav.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (Tiscali Music Downloads) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.89_20060727.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F021C4DE-F77C-4857-ABFA-AE72EFE53D3B}: NameServer = 212.139.132.24 212.139.132.25
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

--
End of file - 16789 byt

 

[Blade81]

Hi



Start hjt, do a system scan, check:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - Startup: AutorunsDisabled
O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolba...lerControl.cab
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)

Close browsers and other windows. Click fix checked.

Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\Windows\System32\djfxjptv.ini
C:\Windows\System32\skieoyom.ini
C:\Windows\System32\keygen.exe
C:\Windows\System32\Command_and_Conquer_Generals_No-CD_Crack.zip
C:\Windows\System32\RUNME.bat
C:\lssxyqr.exe
C:\Windows\zeqbqwp.sys
C:\wwoaje.exe
C:\1707564815

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{987608C3-54B3-4AA0-99CB-935148625FFB}]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]

Save this as
CFScript

Refering to the picture above, drag CFScript into Combo-Fix.exe
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, click Yes.

• The program will launch and start to download the latest definition files.
• Once the scanner is installed and the definitions downloaded, click Next.
• Now click on Scan Settings and select the following:

Scan using the following Anti-Virus database:​

• Extended (If available, otherwise Standard)

Scan Options:​

• Scan Archives
• Scan Mail Bases

• Click OK.
• Under
  select a target to scan
  , select My Computer.
• The scan will take a while so be patient and let it run. As it scans your machine very deeply it could take hours to complete, Kaspersky suggests running it during a time of low activity.

Once the scan is complete:

• Click on the Save as Text button.
• Save the file to your desktop.
• Copy and paste that information into your next post if the AV content will fit into one post only. Post a fresh hjt log (without forgetting above meantioned ComboFix resultant log) too.

Note for Internet Explorer 7 users: If at any time you have trouble with the Accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.

If having a problme doing the above

Make sure that your Internet security settings are set to default values.

To set default security settings for Internet Explorer:

* Open Internet Explorer.
* Go to the Tools menu, then choose Internet Options.
* Click on the Security tab.
* Make sure that all four item (Internet, Local intranet, Trusted sites, and Restricted sites) are set to their default settings.

 

[parkenddes]

ComboFix 08-06-08.8 - Des 2008-06-09 21:29:13.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.204 [GMT 1:00]
Running from: C:\Documents and Settings\Des\Desktop\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\Des\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\1707564815
C:\lssxyqr.exe
C:\Windows\System32\Command_and_Conquer_Generals_No-CD_Crack.zip
C:\Windows\System32\djfxjptv.ini
C:\Windows\System32\keygen.exe
C:\Windows\System32\RUNME.bat
C:\Windows\System32\skieoyom.ini
C:\Windows\zeqbqwp.sys
C:\wwoaje.exe
.

((((((((((((((((((((((((( Files Created from 2008-05-09 to 2008-06-09 )))))))))))))))))))))))))))))))
.

2008-06-09 20:13 . 2008-06-09 20:13 <DIR> d--hs---- C:\Documents and Settings\TEMP
2008-06-09 18:38 . 2008-06-09 18:38 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-08 04:20 . 2008-06-08 04:20 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-06-07 17:38 . 2008-06-07 17:38 <DIR> d-------- C:\Kontiki
2008-06-05 00:34 . 2008-06-05 00:34 0 --a------ C:\WINDOWS\vpc32.INI
2008-06-04 20:38 . 2008-06-09 20:14 <DIR> d-------- C:\Program Files\Symantec AntiVirus
2008-06-03 22:33 . 2008-06-03 22:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-03 22:33 . 2008-06-03 22:33 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-03 02:20 . 2008-06-03 02:20 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-05-31 21:24 . 2008-05-31 21:24 154 --a------ C:\WINDOWS\adidsl.ini
2008-05-31 21:24 . 2008-05-31 21:24 21 --a------ C:\WINDOWS\Fast800.ini
2008-05-31 21:23 . 2008-05-31 21:23 <DIR> d-------- C:\Program Files\SAGEM
2008-05-26 19:30 . 2004-02-05 11:52 53,248 --a------ C:\WINDOWS\setFireWall.exe
2008-05-26 19:30 . 2003-12-05 15:09 2,238 --a------ C:\WINDOWS\tiscali04.ico
2008-05-26 18:50 . 2003-01-30 13:46 28,672 -ra------ C:\WINDOWS\system32\adinst32.dll
2008-05-26 18:45 . 2008-05-31 21:24 184 --a------ C:\setuplog.exe
2008-05-26 16:44 . 2008-05-26 18:44 <DIR> d-------- C:\Program Files\Tiscali Broadband
2008-05-26 16:44 . 2004-01-23 12:51 2,238 --a------ C:\WINDOWS\TiscaliHelp04.ico
2008-05-10 20:24 . 2008-05-25 14:06 <DIR> d-------- C:\Program Files\McDonaldsFairies
2008-05-10 20:13 . 2008-05-25 14:07 <DIR> d-------- C:\Program Files\McDonaldsDragons

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-09 20:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2008-06-09 20:19 --------- d-----w C:\Documents and Settings\Des\Application Data\Free Download Manager
2008-06-04 19:40 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-06-04 19:40 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-06-04 19:40 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-04 19:40 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-06-04 19:40 --------- d-----w C:\Program Files\Symantec
2008-06-04 19:38 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-04 19:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-04 19:33 --------- d-----w C:\Program Files\Oberon Media
2008-06-04 19:31 --------- d-----w C:\Program Files\Yahoo!
2008-06-01 13:26 --------- d-----w C:\Program Files\Norton Security Scan
2008-05-31 20:24 23 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2008-05-31 20:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-31 11:49 --------- d-----w C:\Program Files\Replay Media Catcher
2008-05-26 19:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-20 19:30 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-12 18:02 --------- d-----w C:\Documents and Settings\Yvonne\Application Data\Free Download Manager
2008-05-03 10:32 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-30 17:21 --------- d-----w C:\Program Files\BitTorrent
2008-04-26 19:40 --------- d-----w C:\Documents and Settings\Yvonne\Application Data\BitTorrent
2008-04-19 16:45 --------- d-----w C:\Program Files\Kiwee Toolbar2
2008-04-19 16:44 --------- d-----w C:\Program Files\MSN Messenger
2008-04-19 10:55 --------- d-----w C:\Documents and Settings\Yvonne\Application Data\PlayFirst
2008-04-19 10:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-04-19 10:54 --------- d-----w C:\Program Files\Common Files\Oberon Media
2008-04-15 19:49 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-13 08:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-04-10 00:43 --------- d-----w C:\Program Files\Ulead Systems
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-02-17 11:29 3,955,352 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
2008-02-17 11:26 411,248 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
2006-10-29 18:05 3,638 ----a-w C:\Program Files\favicon.ico
2005-02-25 21:41 116,312 ----a-w C:\Documents and Settings\Yvonne\Application Data\GDIPFONTCACHEV1.DAT
2004-11-17 22:26 116,312 ----a-w C:\Documents and Settings\Des\Application Data\GDIPFONTCACHEV1.DAT
2004-10-23 19:21 284 ----a-w C:\Documents and Settings\Des\Application Data\ViewerApp.dat
2004-10-04 18:23 35,969,278 ----a-w C:\Program Files\NIS71000IN.exe
2003-11-05 00:02 217,329 ----a-w C:\Documents and Settings\Des\gspot221.exe
2003-10-16 19:51 390,312 ----a-w C:\Documents and Settings\Des\setupscreenhunterfree.exe
2003-10-12 21:17 2,835,552 ----a-w C:\Documents and Settings\Des\PlusPAD.exe
2003-10-02 20:15 1,044,168 ----a-w C:\Documents and Settings\Des\VBRun60sp5.exe
2003-09-26 20:28 5,787,083 ----a-w C:\Documents and Settings\Des\klickwizard_v2.exe
2003-09-18 19:12 3,326,820 ----a-w C:\Documents and Settings\Des\klitekpp242e.exe
2003-08-21 20:32 143,040 ----a-w C:\Documents and Settings\Des\FixBlast.exe
2003-07-07 22:32 628,746 ----a-w C:\Documents and Settings\Des\cubebuster.exe
2003-06-16 00:09 1,540,293 ----a-w C:\Documents and Settings\All Users\aaw6.exe
2003-06-13 23:18 4,808,199 ----a-w C:\Documents and Settings\All Users\DjVuWebBrowserPlugin.exe
2003-06-09 21:10 3,563,166 ----a-w C:\Documents and Settings\All Users\klcodec203b.exe
2003-06-09 21:03 3,005,176 ----a-w C:\Documents and Settings\All Users\klitekpp210b3e.exe
2003-05-30 22:38 1,722,883 ----a-w C:\Documents and Settings\All Users\nopopupin.exe
2003-05-28 23:39 1,736,232 ----a-w C:\Documents and Settings\All Users\PDivXNG311.exe
2003-05-28 22:22 7,168 ----a-w C:\Program Files\vdremote.dll
2003-05-28 22:22 6,656 ----a-w C:\Program Files\vdicmdrv.dll
2003-05-28 22:22 16,384 ----a-w C:\Program Files\auxsetup.exe
2003-05-28 22:21 74,195 ----a-w C:\Program Files\VirtualDub.vdhelp
2003-05-28 22:21 69,370 ----a-w C:\Program Files\VirtualDub.vdi
2003-05-28 22:21 507,904 ----a-w C:\Program Files\VirtualDub.exe
2003-05-28 22:21 5,120 ----a-w C:\Program Files\vdsvrlnk.dll
2003-05-27 22:19 616,631 ----a-w C:\Documents and Settings\All Users\Popup_Blocker.exe
2003-05-26 23:05 11,047,248 ----a-w C:\Documents and Settings\All Users\QuickTimeInstaller.zip
2003-05-25 15:20 792,506 ----a-w C:\Documents and Settings\All Users\regcln41.exe
2003-05-22 21:53 4,237,264 ----a-w C:\Documents and Settings\All Users\setupneoaudio-cnet.exe
2003-05-18 19:50 2,955,952 ----a-w C:\Documents and Settings\All Users\ymsgruk.exe
2003-05-17 13:05 2,438,895 ----a-w C:\Documents and Settings\Des\efc_pc_screensaver_1052866890.exe
2003-05-17 13:02 1,427,620 ----a-w C:\Documents and Settings\Des\davey_install_1.0.exe
2003-05-09 18:37 770,048 ----a-w C:\Documents and Settings\Des\winmx331.exe
2003-05-09 00:51 6,285,328 ----a-w C:\Documents and Settings\Des\Update_OMG2210.exe
2003-05-09 00:46 9,892,744 ----a-w C:\Documents and Settings\Des\OpenMGSetup31.exe
2003-05-08 22:55 2,474,314 ----a-w C:\Documents and Settings\Des\csetup_neonapster.exe
2003-02-22 00:09 18,321 ----a-w C:\Program Files\copying
2003-03-12 04:16 307,200 ----a-w C:\Program Files\internet explorer\plugins\djvu0407.dll
2003-03-12 04:16 303,104 ----a-w C:\Program Files\internet explorer\plugins\djvu0409.dll
2003-03-12 04:16 311,296 ----a-w C:\Program Files\internet explorer\plugins\djvu040c.dll
2003-03-12 04:16 299,008 ----a-w C:\Program Files\internet explorer\plugins\djvu0411.dll
2003-03-12 04:16 303,104 ----a-w C:\Program Files\internet explorer\plugins\djvu0412.dll
2003-03-12 04:16 290,816 ----a-w C:\Program Files\internet explorer\plugins\djvu0804.dll
2003-03-12 04:15 122,880 ----a-w C:\Program Files\internet explorer\plugins\DjVuCntl.dll
2003-01-13 10:20 278,528 ------w C:\Program Files\internet explorer\plugins\PanoViewer.dll
1999-04-30 15:00 98,304 ------w C:\Program Files\internet explorer\plugins\UPjpeg.dll
2007-03-09 08:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-08 19:21 68856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VCSPlayer"="C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" [2003-05-05 13:47 299008]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-12-24 03:33 188416]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 21:05 339968]
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [2002-08-20 10:29 40960]
"ShowIcon_Justrams_USB Product Driver v2.12r012"="C:\Program Files\USB Product Driver v2.12r012\shwicon.exe" [2003-12-11 19:54 73728]
"ATIModeChange"="Ati2mdxx.exe" [2002-08-15 23:19 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-21 20:35 77824]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54 127022]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 18:31 61440]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 18:32 155648]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 19:26 52896]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 20:33 125168]
"adiras"="adiras.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:56 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 08:56 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-05-31 21:23:44 962663]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.iac2"= C:\PROGRA~1\REPLAY~1\iac25_32.ax
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\dvacm.acm
"msacm.msnaudio"= msnaudio.acm


[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8070:TCP"= 8070:TCP:BitComet 8070 TCP
"8070:UDP"= 8070:UDP:BitComet 8070 UDP
"60002:TCP"= 60002:TCP:BitComet 60002 TCP
"60002:UDP"= 60002:UDP:BitComet 60002 UDP
"8826:TCP"= 8826:TCP:BitComet 8826 TCP
"8826:UDP"= 8826:UDP:BitComet 8826 UDP

R0 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 13:52]
R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2003-06-16 16:07]
R3 STAC97NA;SigmaTel 3D Environmental Audio;C:\WINDOWS\system32\drivers\stac97na.sys [2002-09-20 18:42]
R3 STAC97NH;STAC97NH;C:\WINDOWS\system32\drivers\stac97nh.sys [2002-09-20 18:43]
S3 MXBULK;DualCam Still, MXBulk3.Sys;C:\WINDOWS\system32\Drivers\MXBulk3.sys [2002-01-22 15:01]
S3 MXCap;DSC-06 Video Camera;C:\WINDOWS\system32\DRIVERS\MXCap3.sys [2002-04-17 18:35]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2006-10-30 13:46]
S3 V90drv;v90drv;C:\WINDOWS\system32\DRIVERS\v90drv.sys [2001-11-29 16:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6254de80-cdb7-11db-9d3f-4d6564696130}]
\Shell\AutoRun\command - E:\setupSNK.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-09 21:34:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

C:\WINDOWS\explorer.exe [488] 0x825CA8C8

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-06-09 21:38:47
ComboFix-quarantined-files.txt 2008-06-09 20:37:40
ComboFix2.txt 2008-06-09 19:42:07

Pre-Run: 25,198,268,416 bytes free
Post-Run: 25,184,518,144 bytes free

211 --- E O F --- 2008-05-30 19:19:58

 

[parkenddes]

thanks I do Appreciate your help

but the kaspersky is too big to post please see messsage below

the text that you have entered is too long (190636 characters). Please shorten it to 64000 characters long.

how do i post it

 

[Blade81]

Hi

You could post it as an attachment (archive into zip file first). If it won't fit then you may upload it here and post back download link.

 

[parkenddes]

just to let you know that I have purchased Norton 360 Online and installed it on my PC

Des

 

[Blade81]

just to let you know that I have purchased Norton 360 Online and installed it on my PC

Des

Hi

Ok. How is that connected to that Kaspersky online scanner report I was asking for?

 

[parkenddes]

Hope that it's attached called Kaspersky.zip

 

[Blade81]

KASPERSKY ON-LINE SCANNER REPORT
Sunday, November 27, 2005 02:40:33
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 27/11/2005
Kaspersky Anti-Virus database records: 151922

Either your system clock is in wrong time or then you posted old report :laugh:

Could you please check that you've posted right log?

 

[parkenddes]

thats the only kaspersky file i have on my PC? should I do another one?

 

[Blade81]

Yes, please. Just to be curious did you run Kaspersky recently? It's a bid odd that the report was from year 2005.

 

[parkenddes]

I'll do one now, and no I've never done one before?

 

[parkenddes]

please see attached ZIP file ks110608.zip

 

[parkenddes]

Sorry never up load the file it's attached now