Page 3 - Yet another...another "not a valid win32 program"(Resovled)

Dev Shed Forums Sponsor:

Stop making mediocre tutorials.The best tutorials are video! Camtasia Studio makes it easy to create engaging, buzz-building screen videos at any size, in any popular format. Download the free trial!

#31

March 23rd, 2008, 03:49 PM

kellte2

Registered User

Join Date: Mar 2008

Posts: 27

Time spent in forums: 4 h 22 m 3 sec
Reputation Power: 0

Quote:

Originally Posted by kellte2

I unchecked use proxy server for lan (at the bottom) and its working.

Prothos...I don't know what to say. You spent hours with me on Easter Sunday helping me through this terrible virus. Thank you very, very much. I am forever appreciative.

Have an excellent day.

One last thing...

Any idea how to reenable WZC?

I did a search on a potential solution...
"However, I did find such Protocol Service in the regedit, and I found out it was disabled (it was set to 4). So, in sum, I recommend you to go to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ndisuio
and check that the "Start" Value is set to 1, 2 or 3 (I set it to 1).

And this solved my problem, after a System Restart the Wireless Zero Config Service can be readily started."

Does that sound right? I don't want to make any changes until you weigh in on them...Thanks again.

#32

March 23rd, 2008, 05:10 PM

Porthos

Malware Warrior /AV forum Mod

Join Date: Nov 2006

Location: San Antonio Tx

Posts: 1,033

Time spent in forums: 1 Week 1 Day 17 h 27 m 54 sec
Reputation Power: 363

Run the scans that you could not run before post the results.

__________________
O'Neill: "So, we basically saved your whole planet, right?"
Chancellor: "Yes."
O'Neill: "Are you, therefore, indebted to us in any modest way?"
Chancellor: "I suppose that is the case."
O'Neill: "So how 'bout the blueprints to build one of those ion cannons?"
Chancellor: "You have been told our policy. That has not changed."

#33

March 23rd, 2008, 07:23 PM

kellte2

Registered User

Join Date: Mar 2008

Posts: 27

Time spent in forums: 4 h 22 m 3 sec
Reputation Power: 0

Quote:

Originally Posted by Porthos

Run the scans that you could not run before post the results.

BitDefender Online Scanner

Scan report generated at: Sun, Mar 23, 2008 - 19:55:50

Scan path: C:\;D:\;

Statistics

Time

01:34:15

Files

262112

Folders

9693

Boot Sectors

2

Archives

16746

Packed Files

11026

Results

Identified Viruses

1

Infected Files

1

Suspect Files

0

Warnings

0

Disinfected

0

Deleted Files

1

Engines Info

Virus Definitions

1021899

Engine build

AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins

16

Archive plugins

41

Unpack plugins

7

E-mail plugins

6

System plugins

5

Scan Settings

First Action

Disinfect

Second Action

Delete

Heuristics

Yes

Enable Warnings

Yes

Scanned Extensions

*;

Exclude Extensions

Scan Emails

Yes

Scan Archives

Yes

Scan Packed

Yes

Scan Files

Yes

Scan Boot

Yes

Scanned File

Status

C:\Documents and Settings\All Users\DRM\IndivBox.key

Clean

C:\Documents and Settings\All Users\DRM\migration.log

Clean

C:\Documents and Settings\All Users\DRM\v2ksndv.bla

Clean

C:\Documents and Settings\All Users\DRM\v3ks.bla

Clean

C:\Documents and Settings\All Users\DRM\v3ks.sec

Clean

C:\Documents and Settings\All Users\Favorites\

Clean

C:\Documents and Settings\All Users\ntuser.dat

Clean

C:\Documents and Settings\All Users\ntuser.dat.LOG

Clean

C:\Documents and Settings\All Users\Start Menu\

Clean

C:\Documents and Settings\All Users\Start Menu\desktop.ini

Clean

C:\Documents and Settings\All Users\Start Menu\Microsoft Update.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\New Office Document.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Open Office Document.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Access IBM\

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Access IBM\Access IBM Message Center.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Access IBM\Battery MaxiMiser Wizard.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Access IBM\IBM Access Connections.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Accessibility\

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Accessibility\Accessibility Wizard.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Accessibility\desktop.ini

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Calculator.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\desktop.ini

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\HyperTerminal.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\Network Connections.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\Network Setup Wizard.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\New Connection Wizard.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\Remote Desktop Connection.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\desktop.ini

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Entertainment\

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Entertainment\desktop.ini

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Entertainment\Sound Recorder.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Entertainment\Volume Control.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Paint.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Scanner and Camera Wizard.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Activate Windows.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Backup.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Character Map.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\desktop.ini

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Disk Defragmenter.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Scheduled Tasks.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Security Center.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\System Information.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\System Restore.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\WordPad.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Component Services.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Computer Management.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\desktop.ini

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Event Viewer.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Local Security Policy.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Performance.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Adobe\

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Adobe\Adobe Download Manager\

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Adobe\Adobe Download Manager\Adobe Download Manager.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Adobe\ExtendScript Toolkit.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Help Center.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ImageReady CS2.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop CS2.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 7.0.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Stock Photos.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\AIM\

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\AIM\AIM 6.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\AIM\Uninstall AIM.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\AIM\Visit AIM.com.url

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\AIM Facebook\

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\AIM Facebook\Uninstall.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\AIM Facebook\Website.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\AOL Instant Messenger\

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\AOL Instant Messenger\AIM.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\AOL Instant Messenger\License.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\AOL Instant Messenger\Uninstall AIM.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\AVG 7.5\

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\AVG 7.5\AVG Control Center.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\AVG 7.5\AVG Test Center.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\AVG 7.5\AVG Virus Vault.lnk

Clean

C:\Documents and Settings\All Users\Start Menu\Programs\AVG 7.5\Uninstall AVG.lnk

Clean

C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\6.0\62\70a93cfe-4796c9b8

Infected with: Trojan.Exploit.Java.Gimsh.A

C:\Documents and Settings\Tom\Application Data\Sun\Java\Deployment\cache\6.0\62\70a93cfe-4796c9b8

Deleted

#34

March 23rd, 2008, 08:31 PM

Porthos

Malware Warrior /AV forum Mod

Join Date: Nov 2006

Location: San Antonio Tx

Posts: 1,033

Time spent in forums: 1 Week 1 Day 17 h 27 m 54 sec
Reputation Power: 363

Just as a precaution

Please download and install SUPERAntiSpyware from HERE
• Load SUPERAntiSpyware and click the Check for Updates button.
• Once the update has finished, exit SUPERAntiSpyware. Please do NOT run a scan yet!

IMPORTANT: Do NOT open any other windows or programs while SUPERAntiSpyware is scanning, it may interfere with the scanning process.
• Open SUPERAntiSpyware and click the Scan your Computer button.
• Check Perform Complete Scan and then click Next.
• SUPERAntiSpyware will now scan your computer and when it’s finished it will list all the infections it has found.
• Make sure that they all have a check next to them, and then click Next.
• Click Finish and you will be taken back to the main interface.
• It could be possible that it will ask you to reboot your computer in order to delete some files after reboot.
• I'll need a log afterwards of what has been found.
• To get the log, click Preferences and then click the Statistics/Logs tab. Click the dated log and press View Log and a text file will appear.
• Please post the results of the SUPERAntiSpyware login your next reply.

After all of that.
Run this online virus scan: Active Scan
* You will need to download an ActiveX Control to run the scan. Should you encounter a prompt saying "Click here to use this control", click there.

* After scanning, you'll see an option to create a log afer the scan has finished. Click the See Report button then click the Save Report button. It will be saved with the name activescan.txt .

When done post
HJT log
another combo fix log
superantispyware log
and the activescan.txt

#35

March 23rd, 2008, 08:59 PM

kellte2

Registered User

Join Date: Mar 2008

Posts: 27

Time spent in forums: 4 h 22 m 3 sec
Reputation Power: 0

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/23/2008 at 09:58 PM

Application Version : 4.0.1154

Core Rules Database Version : 3423
Trace Rules Database Version: 1415

Scan type : Quick Scan
Total Scan Time : 00:08:25

Memory items scanned : 448
Memory threats detected : 0
Registry items scanned : 385
Registry threats detected : 0
File items scanned : 4356
File threats detected : 1

Adware.Tracking Cookie
C:\Documents and Settings\Tom\Cookies\tom@2o7[1].txt

#36

March 23rd, 2008, 09:13 PM

kellte2

Registered User

Join Date: Mar 2008

Posts: 27

Time spent in forums: 4 h 22 m 3 sec
Reputation Power: 0

ComboFix 08-03-22.1 - Tom 2008-03-23 22:00:13.4 - NTFSx86
Running from: C:\Documents and Settings\Tom\Desktop\MyCombo.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-24 to 2008-03-24 )))))))))))))))))))))))))))))))
.

2008-03-23 21:48 . 2008-03-23 21:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-23 21:47 . 2008-03-23 21:47 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-23 21:47 . 2008-03-23 21:47 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-23 21:47 . 2008-03-23 21:47 <DIR> d-------- C:\Documents and Settings\Tom\Application Data\SUPERAntiSpyware.com
2008-03-23 18:18 . 2008-03-23 19:55 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-03-23 13:04 . 2008-03-23 13:04 <DIR> d-------- C:\Documents and Settings\Tom\DoctorWeb
2008-03-23 12:40 . 2008-03-23 22:07 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-03-23 11:20 . 2008-03-23 11:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-23 11:20 . 2008-03-23 11:20 <DIR> d-------- C:\bytes' Anti-Malware
2008-03-23 11:16 . 2008-03-23 12:14 <DIR> d-------- C:\HJT
2008-03-23 00:05 . 2008-03-23 00:06 8,704 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-03-22 23:50 . 2008-03-22 23:50 <DIR> d-------- C:\Documents and Settings\Tom\Application Data\Malwarebytes
2008-03-22 23:35 . 2008-03-22 23:35 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-22 23:31 . 2008-03-22 23:33 <DIR> d-------- C:\sysclean
2008-03-19 11:45 . 2008-03-19 13:31 <DIR> d-------- C:\Documents and Settings\Tom\Application Data\Move Networks
2008-03-12 21:31 . 2008-03-12 21:31 <DIR> d-------- C:\Program Files\DNA
2008-03-12 21:31 . 2008-03-23 22:05 <DIR> d-------- C:\Documents and Settings\Tom\Application Data\DNA
2008-03-02 19:43 . 2008-03-02 19:45 <DIR> d-------- C:\Documents and Settings\Tom\Application Data\SecondLife
2008-02-26 01:48 . 2008-03-09 04:53 <DIR> d-------- C:\Program Files\Dvd-cloner
2008-02-25 21:22 . 2008-02-25 21:22 <DIR> d-------- C:\Program Files\iPod

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-23 19:46 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-03-23 08:00 --------- d-----w C:\Documents and Settings\Tom\Application Data\AVG7
2008-03-23 06:41 --------- d-----w C:\Program Files\eMule
2008-03-23 04:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-03-20 04:20 --------- d-----w C:\Program Files\Safari
2008-03-19 13:05 --------- d-----w C:\Program Files\Java
2008-03-17 02:16 --------- d-----w C:\Documents and Settings\Tom\Application Data\BitTorrent
2008-03-13 01:31 --------- d-----w C:\Program Files\BitTorrent_DNA
2008-03-13 01:31 --------- d-----w C:\Documents and Settings\Tom\Application Data\BitTorrent DNA
2008-02-28 22:58 --------- d-----w C:\Program Files\AIM
2008-02-26 01:23 --------- d-----w C:\Program Files\iTunes
2008-02-26 01:20 --------- d-----w C:\Program Files\QuickTime
2008-01-09 19:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
.

((((((((((((((((((((((((((((( snapshot@2008-03-23_ 0.55.10.85 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-23 04:31:25 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB915865\update\update.exe
+ 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB915865\update\update.exe
+ 2008-03-23 22:19:44 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2008-03-23 22:19:44 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2008-03-23 22:19:44 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2008-03-23 22:19:46 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2008-01-09 19:01:48 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2008-01-09 19:01:48 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2008-03-23 22:19:47 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2008-03-23 22:19:45 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
+ 2008-01-09 19:01:48 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
+ 2008-01-09 19:01:48 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
- 2006-11-08 02:01:06 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2007-08-13 22:52:06 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2008-03-24 01:47:57 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-03-24 01:47:57 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
- 2006-11-07 08:26:44 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
+ 2007-08-13 22:39:20 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
- 2004-08-04 12:00:00 35,328 ------w C:\WINDOWS\system32\corpol.dll
+ 2007-08-13 22:42:54 17,408 ----a-w C:\WINDOWS\system32\corpol.dll
- 2006-11-07 08:26:44 71,680 -c--a-w C:\WINDOWS\system32\dllcache\admparse.dll
+ 2007-08-13 22:39:20 71,680 -c--a-w C:\WINDOWS\system32\dllcache\admparse.dll
- 2004-08-04 12:00:00 35,328 -c----w C:\WINDOWS\system32\dllcache\corpol.dll
+ 2007-08-13 22:42:54 17,408 -c--a-w C:\WINDOWS\system32\dllcache\corpol.dll
- 2006-11-08 02:03:36 33,792 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
+ 2007-08-13 22:54:10 33,792 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
- 2006-10-17 16:44:36 60,416 -c--a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
+ 2007-08-13 22:18:02 60,416 -c--a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
- 2006-10-17 17:04:50 69,120 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-08-13 22:44:02 69,120 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2006-10-17 17:06:00 78,336 -c--a-w C:\WINDOWS\system32\dllcache\ieencode.dll
+ 2007-08-13 22:45:18 78,336 -c--a-w C:\WINDOWS\system32\dllcache\ieencode.dll
- 2006-11-08 02:03:36 191,488 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-08-13 22:54:10 191,488 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2006-11-07 08:26:42 55,296 -c--a-w C:\WINDOWS\system32\dllcache\iesetup.dll
+ 2007-08-13 22:39:12 55,296 -c--a-w C:\WINDOWS\system32\dllcache\iesetup.dll
- 2006-10-17 16:57:58 36,352 -c--a-w C:\WINDOWS\system32\dllcache\imgutil.dll
+ 2007-08-13 22:36:06 36,352 -c--a-w C:\WINDOWS\system32\dllcache\imgutil.dll
- 2006-11-07 08:26:24 92,672 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2007-08-13 22:39:02 92,672 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2006-10-17 17:00:00 491,520 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-08-13 22:38:04 491,520 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2006-10-17 17:05:10 40,960 -c--a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
+ 2007-08-13 22:44:18 40,960 -c--a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
- 2006-10-17 16:56:10 45,568 -c--a-w C:\WINDOWS\system32\dllcache\mshta.exe
+ 2007-08-13 22:32:30 45,568 -c--a-w C:\WINDOWS\system32\dllcache\mshta.exe
- 2006-10-17 16:28:56 48,128 -c--a-w C:\WINDOWS\system32\dllcache\mshtmler.dll
+ 2007-08-13 22:01:12 48,128 -c--a-w C:\WINDOWS\system32\dllcache\mshtmler.dll
- 2006-11-08 02:03:36 156,160 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
+ 2007-08-13 22:54:10 156,160 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
- 2006-11-08 02:03:36 413,696 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2007-08-13 22:54:10 413,696 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
- 2006-10-17 17:06:00 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
+ 2007-08-13 22:45:18 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
- 2006-11-08 02:03:36 191,488 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-08-13 22:54:10 191,488 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2006-11-07 08:26:42 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2007-08-13 22:39:12 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
- 2007-12-06 11:00:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2007-08-13 22:39:10 13,312 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2006-11-08 02:03:36 180,736 ------w C:\WINDOWS\system32\ieui.dll
+ 2007-08-13 22:54:10 180,736 ----a-w C:\WINDOWS\system32\ieui.dll
- 2006-10-17 16:57:58 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
+ 2007-08-13 22:36:06 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
- 2006-11-07 08:26:24 92,672 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2007-08-13 22:39:02 92,672 ----a-w C:\WINDOWS\system32\inseng.dll
- 2006-10-17 17:00:00 491,520 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-08-13 22:38:04 491,520 ----a-w C:\WINDOWS\system32\jscript.dll
- 2006-10-17 17:05:10 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
+ 2007-08-13 22:44:18 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
- 2006-10-17 16:58:32 12,288 ------w C:\WINDOWS\system32\msfeedssync.exe
+ 2007-08-13 22:36:40 12,288 ----a-w C:\WINDOWS\system32\msfeedssync.exe
- 2006-10-17 16:56:10 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
+ 2007-08-13 22:32:30 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
- 2006-10-17 16:28:56 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
+ 2007-08-13 22:01:12 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
- 2006-11-08 02:03:36 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
+ 2007-08-13 22:54:10 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
- 2006-11-08 02:03:36 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2007-08-13 22:54:10 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
- 2006-10-17 17:05:58 206,336 ------w C:\WINDOWS\system32\WinFXDocObj.exe
+ 2007-08-13 22:45:16 206,336 ----a-w C:\WINDOWS\system32\WinFXDocObj.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-08-18 09:53 50528]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"RealPlayer"="C:\Program Files\Real\RealOne Player\realplay.exe" [2007-01-22 23:31 1003520]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-03-12 21:31 287040]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 16:35 67112]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-04-27 03:33 243248]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11 1388544]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 13:41 860160]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2007-02-06 22:00 344064]
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 11:19 94208]
"TpShocks"="TpShocks.exe" [2007-09-28 14:28 181544 C:\WINDOWS\system32\TpShocks.exe]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-02 23:00 856064]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2007-07-05 19:07 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-05 19:07 512000]
"BMMGAG"="C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2005-04-20 02:38 110592]
"BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE" [2005-04-20 02:38 20480]
"BMMMONWND"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2005-04-20 02:38 396288]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-20 02:38 208896]
"TP4EX"="tp4ex.exe" [2005-10-17 02:11 65536 C:\WINDOWS\system32\TP4EX.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57 30208]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 11:09 49152]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-23 00:58 579072]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 17:22 3739648]
"QCTRAY"="C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE" [2005-02-01 04:07 741376]
"QCWLICON"="C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2005-02-01 04:07 86016]
"eFax 4.3"="C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 13:21 116224]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-23 00:58 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-01-25 02:16:19 24576]
eFax 4.3.lnk - C:\Program Files\eFax Messenger 4.3\J2GTray.exe [2008-01-04 12:07:10 629248]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
QConGina.dll 2005-02-01 04:07 262144 C:\WINDOWS\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2005-11-30 21:16 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\bytes' Anti-Malware\\mbam.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8100:TCP"= 8100:TCP:Apache

R0 Shockprf;Shockprf;C:\WINDOWS\system32\DRIVERS\Apsx86.sys [2007-09-28 17:29]
R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\system32\DRIVERS\ApsHM86.sys [2007-09-28 17:28]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-02-01 04:07]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\drivers\IBMBLDID.SYS [2005-02-01 04:07]
R1 TPPWR;TPPWR;C:\WINDOWS\system32\drivers\Tppwr.sys [2005-04-20 02:38]
S3 QCNDISIF;QCNDISIF;C:\WINDOWS\system32\drivers\qcndisif.SYS [2005-02-01 04:07]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-19 13:38:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, (redacted)
Rootkit scan 2008-03-23 22:08:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tphklock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-03-23 22:11:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-24 02:11:49
ComboFix2.txt 2008-03-23 15:35:51
ComboFix3.txt 2008-03-23 06:30:19
ComboFix4.txt 2008-03-23 04:56:24
.
2008-03-12 07:06:23 --- E O F ---

#37

March 23rd, 2008, 09:14 PM

kellte2

Registered User

Join Date: Mar 2008

Posts: 27

Time spent in forums: 4 h 22 m 3 sec
Reputation Power: 0

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:14:02 PM, on 3/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\acs.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https=actsvr.comcastonline.com:8100;http=actsvr.comcastonline.com:8100;ftp=actsvr.comcastonline.com: 8100;gopher=actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cdn
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169597236407
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity3000unlimited.ea.com/us/guide/classic/simcityx/SimCityX.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Documents and Settings\Tom\Desktop\Power.DVD.7.Deluxe\RichVideo\RichVideo.exe (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 10572 bytes

#38

March 23rd, 2008, 10:22 PM

kellte2

Registered User

Join Date: Mar 2008

Posts: 27

Time spent in forums: 4 h 22 m 3 sec
Reputation Power: 0

Incident Status Location

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\bxtxmd9p.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\bxtxmd9p.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\bxtxmd9p.default\cookies.txt[.overture.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\bxtxmd9p.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\bxtxmd9p.default\cookies.txt[.go.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\bxtxmd9p.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\bxtxmd9p.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\bxtxmd9p.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\t8b7ma4t.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\t8b7ma4t.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\t8b7ma4t.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\t8b7ma4t.default\cookies.txt[.advertising.com/]