 [Resolved] Browser Locks Frequently |
Welcome Guest to What the Tech! ( Log In | Register ) We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)
  |
 Mar 29 2008, 01:17 AM
Post
#1
|
|
|
New Member  Group: New Member Posts: 14 Joined: 29-March 08 From: Bangkok, Thailand Member No.: 77,969 Operating System: Windows XP Pro SP2  |
My browser has been locking up quite frequently. Following is my HJT log: Logfile of HijackThis v1.99.1 Scan saved at 2:16:22 PM, on 3/29/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\DNHlp32.exe C:\Program Files\Cobian Backup 8\Cobian.exe C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Cobian Backup 8\cbInterface.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\AutoHook2002\AHook2002.exe C:\Program Files\MRU-Blaster\scheduler.exe C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [DNHelper32] C:\WINDOWS\system32\DNHlp32.exe O4 - HKLM\..\Run: [Cobian Backup 8] "C:\Program Files\Cobian Backup 8\Cobian.exe" O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /startup O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" O4 - HKLM\..\RunOnce: [MRUBlaster] C:\Program Files\MRU-Blaster\indexcleaner.exe -COOKIES O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: AutoHook2002.lnk = ? O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe Thanks |
 |
 
|
|
Apr 4 2008, 03:50 AM
Post
#2
|
|
 SuperMember  Group: Classroom Teacher Posts: 2,595 Joined: 3-March 07 From: GMT+7 Member No.: 68,406 Operating System: Vista/Ubuntu |
Hi Tippaporn,
Please open this page in your browser: http://www.bleepingcomputer.com/submit-mal....php?channel=32 Please fill in the link to topic field with a link to this topic Copy/paste the following into the Browse to the file you want to submit field: QUOTE C:\WINDOWS\system32\DNHlp32.exe Then press Send File, this will upload the file for analysisDownload Deckard's System Scanner (DSS) to your Desktop (right-click the link, select Save Target As..., select your Desktop and press Save)
Once complete, please post both DSS logs, you won't need to produce a new HijackThis log as DSS produces one for you. |
|
|
|
|
Apr 4 2008, 12:27 PM
Post
#3
|
|
|
New Member Group: New Member Posts: 14 Joined: 29-March 08 From: Bangkok, Thailand Member No.: 77,969 Operating System: Windows XP Pro SP2 |
Hi (ho) Silver (sorry, couldn't resist),
Following are both DSS logs. The file I uploaded to Bleeping Computer was successful. Just a bit of info on the DNHlp32.exe file - I was earlier suspicious of this file and Googled info on it. While most sites claimed it was a malicious and unnecessary file and recommended deleting it mention was also made that it might well be valid, too. I deleted it but then could not activate streaming video. So I rolled back to a previous system restore point to regain the file. If it is malicious in all cases then I asked myself why anti-malware software did not pick it up during scans. Do you know? Thanks, Silver. Pete BTW, not sure of your location but I'm out in Bangkok, Thailand so you're aware of the time difference. - - - Oh, I just checked and seems you're in my part of the world. Are you located near Bangkok, also? If so stop on by and we'll fix this little problem with the help of a few LEOs (Chang, if you prefer).  Deckard's System Scanner v20071014.68 Run by USER on 2008-04-04 23:23:13 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 57: 2008-04-04 16:23:26 UTC - RP182 - Deckard's System Scanner Restore Point 56: 2008-04-03 21:05:57 UTC - RP181 - System Checkpoint 55: 2008-04-02 20:21:24 UTC - RP180 - System Checkpoint 54: 2008-04-01 16:52:02 UTC - RP179 - System Checkpoint 53: 2008-03-31 06:40:30 UTC - RP178 - System Checkpoint -- First Restore Point -- 1: 2008-02-15 08:53:32 UTC - RP126 - Installed UNBRAKO AutoCAD Product Library Backed up registry hives. Performed disk cleanup. Total Physical Memory: 511 MiB (512 MiB recommended). -- HijackThis (run as USER.exe) ------------------------------------------------ Unable to find log (file not found); running clone. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-04-04 23:26:58 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\DNHlp32.exe C:\Program Files\Cobian Backup 8\Cobian.exe C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Grisoft\AVG7\avgamsvr.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Grisoft\AVG7\avgemc.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Canon\IJPLM\ijplmsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe C:\Program Files\Cobian Backup 8\cbInterface.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\AutoHook2002\AHook2002.exe C:\Program Files\MRU-Blaster\scheduler.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Documents and Settings\USER\Desktop\dss.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HijackThis\USER.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [DNHelper32] C:\WINDOWS\system32\DNHlp32.exe O4 - HKLM\..\Run: [Cobian Backup 8] "C:\Program Files\Cobian Backup 8\Cobian.exe" O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /startup O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" O4 - HKLM\..\RunOnce: [MRUBlaster] C:\Program Files\MRU-Blaster\indexcleaner.exe -COOKIES O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user') O4 - Startup: AutoHook2002.lnk = ? O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Windows Desktop Search.lnk = ? O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\ijplmsvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- End of file - 12448 bytes -- File Associations ----------------------------------------------------------- .scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1" -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R2 dk2drv (DK2 WindowsNT Driver) - c:\windows\system32\drivers\dk2drv.sys <Not Verified; Data Encryption Systems Limited; DK2 DESkey> R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell> R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 IJPLMSVC (PIXMA Extended Survey Program) - c:\program files\canon\ijplm\ijplmsvc.exe <Not Verified; ; IJPLMSVC> R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)> R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution> S3 SolidWorks Licensing Service - "c:\program files\common files\solidworks shared\service\solidworkslicensing.exe" <Not Verified; SolidWorks; SolidWorks Licensing Service> -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: PCI Simple Communications Controller Device ID: PCI\VEN_8086&DEV_1040&SUBSYS_10008086&REV_00\4&2E98101C&0&50F0 Manufacturer: Name: PCI Simple Communications Controller PNP Device ID: PCI\VEN_8086&DEV_1040&SUBSYS_10008086&REV_00\4&2E98101C&0&50F0 Service: -- Files created between 2008-03-04 and 2008-04-04 ----------------------------- 2008-03-30 09:28:15 0 d-------- C:\Documents and Settings\USER\Application Data\Nokia Multimedia Player 2008-03-30 08:41:32 0 d-------- C:\Program Files\Common Files\PCSuite 2008-03-30 08:41:32 0 d-------- C:\Program Files\Common Files\Nokia 2008-03-30 08:40:02 0 d-------- C:\Program Files\PC Connectivity Solution 2008-03-30 08:21:24 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Suite 2008-03-30 08:21:01 0 d-------- C:\Documents and Settings\USER\Application Data\Nokia 2008-03-30 08:19:02 0 d-------- C:\Program Files\DIFX 2008-03-30 08:18:40 0 d-------- C:\Documents and Settings\USER\Application Data\PC Suite 2008-03-30 08:18:07 0 d------c- C:\WINDOWS\system32\DRVSTORE 2008-03-30 08:18:03 0 d-------- C:\Program Files\Nokia 2008-03-30 08:16:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Installations 2008-03-29 14:37:33 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-03-29 14:37:17 0 d-------- C:\Program Files\SUPERAntiSpyware 2008-03-29 14:37:17 0 d-------- C:\Documents and Settings\USER\Application Data\SUPERAntiSpyware.com 2008-03-29 14:33:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2008-03-29 11:22:02 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2008-03-29 11:07:06 0 d-------- C:\Program Files\SpywareBlaster 2008-03-29 09:47:43 0 dr-h----- C:\Documents and Settings\USER\Recent 2008-03-25 08:58:08 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-03-21 09:54:43 0 d-------- C:\Documents and Settings\USER\Application Data\Canon 2008-03-21 09:52:32 0 d-------- C:\Documents and Settings\All Users\Application Data\CanonIJPLM 2008-03-21 09:49:40 11776 --a------ C:\WINDOWS\system32\pmsbfn32.dll <Not Verified; ; PMSBFN32 Dynamic Link Library> 2008-03-21 09:49:23 0 d-------- C:\Program Files\Common Files\NewSoft 2008-03-21 09:48:55 0 d-------- C:\WINDOWS\system32\Color 2008-03-21 09:48:18 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield 2008-03-21 09:48:15 0 d-------- C:\Documents and Settings\USER\Application Data\ScanSoft 2008-03-21 09:48:06 0 d-------- C:\Program Files\Common Files\ScanSoft Shared 2008-03-21 09:44:06 0 d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ 2008-03-21 09:43:50 0 d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information 2008-03-20 18:44:24 0 d-------- C:\Program Files\NewSoft 2008-03-20 18:44:24 0 d-------- C:\Program Files\Common Files\PDFView 2008-03-20 18:43:01 0 d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft 2008-03-20 18:42:44 0 d-------- C:\Program Files\ScanSoft 2008-03-20 18:39:18 0 d-------- C:\Program Files\Common Files\CANON 2008-03-20 18:35:35 0 d--h----- C:\Program Files\CanonBJ 2008-03-20 18:32:45 0 d-------- C:\Program Files\Canon 2008-03-14 18:35:04 691545 --a------ C:\WINDOWS\unins000.exe 2008-03-14 12:58:35 0 --a------ C:\WINDOWS\ativpsrm.bin 2008-03-14 09:55:23 0 d-------- C:\WINDOWS\network diagnostic 2008-03-14 09:46:31 0 d-------- C:\WINDOWS\system32\ReinstallBackups 2008-03-14 09:43:47 0 d-------- C:\Documents and Settings\All Users\Application Data\AcrobatInstall 2008-03-07 17:38:44 0 d-------- C:\Documents and Settings\USER\Application Data\Screaming Bee 2008-03-07 17:28:06 0 d-------- C:\Program Files\Common Files\Screaming Bee 2008-03-07 17:16:46 0 d-------- C:\Program Files\Screaming Bee -- Find3M Report --------------------------------------------------------------- 2008-04-04 23:27:09 0 d-------- C:\Documents and Settings\USER\Application Data\Skype 2008-04-04 22:27:32 0 d-------- C:\Documents and Settings\USER\Application Data\SolidWorks 2008-04-04 20:27:20 0 d-------- C:\Documents and Settings\USER\Application Data\skypePM 2008-04-04 12:26:40 0 d-------- C:\Documents and Settings\USER\Application Data\AVG7 2008-03-30 11:32:52 1076606 --a------ C:\Documents and Settings\USER\Application Data\NMM-MetaData.db 2008-03-30 08:41:32 0 d-------- C:\Program Files\Common Files 2008-03-29 14:36:12 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-03-29 09:49:13 0 d-------- C:\Program Files\SpywareGuard 2008-03-21 09:48:05 0 d-------- C:\Program Files\Common Files\InstallShield 2008-03-20 18:44:23 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-03-14 18:35:04 5532 --a------ C:\WINDOWS\unins000.dat 2008-03-14 12:53:17 0 d-------- C:\Program Files\Java 2008-03-12 18:12:29 0 d-------- C:\Program Files\DWGeditor 2008-03-07 01:13:20 0 d-------- C:\Program Files\SolidWorks 2008-02-29 10:10:15 0 d-------- C:\Program Files\Common Files\Skype 2008-02-19 18:06:15 0 d-------- C:\Program Files\AutoHook2002 2008-02-18 11:25:52 0 d-------- C:\Program Files\AutoHook2K 2008-02-15 15:55:26 0 d-------- C:\Program Files\UNBRAKO Library 2008-02-14 04:14:08 0 d-------- C:\Documents and Settings\USER\Application Data\Adobe 2008-02-14 04:12:05 0 d-------- C:\Program Files\Common Files\Adobe -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Ptipbmf"="ptipbmf.dll" [06/20/2003 08:06 PM C:\WINDOWS\system32\ptipbmf.dll] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [12/09/2003 12:35 PM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM] "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [09/08/2006 12:19 AM] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/21/2007 01:13 PM] "DNHelper32"="C:\WINDOWS\system32\DNHlp32.exe" [10/20/2005 09:50 PM] "Cobian Backup 8"="C:\Program Files\Cobian Backup 8\Cobian.exe" [03/21/2007 12:35 AM] "SmartDefrag"="C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [07/27/2007 09:39 PM] "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [05/10/2007 10:46 PM] "CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [05/15/2007 08:01 AM] "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [04/04/2007 08:50 AM] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [10/25/2006 09:03 AM] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [02/04/2007 12:02 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [02/01/2008 05:22 PM] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [11/01/2007 03:24 PM] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:56 AM] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/29/2008 04:03 PM] "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [12/10/2007 10:12 AM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce] "MRUBlaster"=C:\Program Files\MRU-Blaster\indexcleaner.exe -COOKIES [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog C:\Documents and Settings\USER\Start Menu\Programs\Startup\ AutoHook2002.lnk - C:\Documents and Settings\USER\Application Data\Microsoft\Installer\{92636699-1133-453C-8D73-7ED6645FB9BF}\_DBD49373F8A1_40C9_9DFD_445210316E38.exe [2/18/2008 7:15:20 PM] MRU-Blaster Scheduler.lnk - C:\Program Files\MRU-Blaster\scheduler.exe [7/19/2003 4:48:42 PM] MRU-Blaster Silent Clean.lnk - C:\Program Files\MRU-Blaster\mrublaster.exe [3/28/2004 3:07:48 PM] SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [8/29/2003 7:05:35 PM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [3/27/2006 5:44:08 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "LinkResolveIgnoreLinkInfo"=0 (0x0) "NoResolveSearch"=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "LinkResolveIgnoreLinkInfo"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [03/14/2006 08:11 AM 233472] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{baf2f900-edc8-11dc-aad3-000ea65ecef7}] AutoRun\command- wscript.exe .\.vbs open\command- wscript.exe .\.vbs -- Hosts ----------------------------------------------------------------------- 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 8081 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2008-04-04 23:29:46 ------------ Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel® Pentium® 4 CPU 3.20GHz CPU 1: Intel® Pentium® 4 CPU 3.20GHz Percentage of Memory in Use: 72% Physical Memory (total/avail): 510.73 MiB / 142.78 MiB Pagefile Memory (total/avail): 1760.96 MiB / 1093.91 MiB Virtual Memory (total/avail): 2047.88 MiB / 1921.57 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 38.09 GiB total, 16.51 GiB free. D: is Fixed (FAT32) - 36.74 GiB total, 7.16 GiB free. E: is Fixed (FAT32) - 36.94 GiB total, 24.23 GiB free. F: is CDROM (No Media) G: is CDROM (No Media) \\.\PHYSICALDRIVE0 - ST3120026AS - 111.79 GiB - 3 partitions \PARTITION0 (bootable) - Installable File System - 38.09 GiB - C: \PARTITION1 - Extended w/Extended Int 13 - 73.7 GiB - D: - E: -- Security Center ------------------------------------------------------------- AUOptions is set to notify before install. Windows Internal Firewall is enabled. FirstRunDisabled is set. AV: AVG 7.5.519 v7.5.519 (Grisoft) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe" "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe" "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe" "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\USER\Application Data CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=PETER ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\USER LOGONSERVER=\\PETER NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\PROGRA~1\COMMON~1\AUTODE~1 PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0209 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\USER\LOCALS~1\Temp TMP=C:\DOCUME~1\USER\LOCALS~1\Temp USERDOMAIN=PETER USERNAME=USER USERPROFILE=C:\Documents and Settings\USER windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- USER (admin) -- Add/Remove Programs --------------------------------------------------------- --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf ACDSee 6.0 PowerPack --> MsiExec.exe /I{271B64EE-3E1B-4381-A8FE-012390050492} Ad-Aware 2007 --> MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe Acrobat 8.1.1 Professional --> msiexec /I {AC76BA86-1033-F400-7760-000000000003} Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Advanced WindowsCare 2.51 Personal --> "C:\Program Files\IObit\Advanced WindowsCare V2\unins000.exe" ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean AusLogics Disk Defrag --> "C:\Program Files\AusLogics Disk Defrag\unins000.exe" AusLogics Registry Defrag --> "C:\Program Files\AusLogics Registry Defrag\unins000.exe" AutoCAD 2000 --> C:\WINDOWS\uninst.exe -fC:\PROGRA~1\ACAD2000\DeIsL1.isu -c"C:\PROGRA~1\ACAD2000\unacad.dll AutoCAD 2000 Migration Assistance --> C:\WINDOWS\uninst.exe -f"C:\Program Files\ACAD2000\migration\DeIsL1.isu" AutoCAD Mechanical 2008 --> C:\Program Files\Autodesk\ACADM 2008\Setup\Setup.exe /P {5783F2D7-6005-0409-0002-0060B0CE6BBA} /M ACM Autodesk Design Review 2008 --> MsiExec.exe /I{FCF3DFF4-CB33-4343-9878-DEEC6D131DF8} Autodesk WHIP! (Release 4.0-102) --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Autodesk WHIP!\DeIsL1.isu" AutoDWG DWG to PDF Converter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C65D81C3-3FC2-4B01-B515-7C6F805886BC}\Setup.exe" AutoHook2002 --> MsiExec.exe /X{92636699-1133-453C-8D73-7ED6645FB9BF} AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL Canon MP Navigator EX 1.0 --> "C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.ini Canon MX300 series --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX300_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX300_series /L0x0009 Canon My Printer --> C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini Canon Utilities Easy-PhotoPrint EX --> C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini Canon Utilities Solution Menu --> C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" Cobian Backup 8 --> C:\Program Files\Cobian Backup 8\cbUninstall.exe COSMOSMotion 2007 SP0 --> MsiExec.exe /I{9BE2AFE1-617E-478F-9BE5-DABB63B4380A} COSMOSWorks 2007 SP0 --> MsiExec.exe /I{AF2D85EE-D6F9-4E7B-B9FA-BBB9BCA9A01E} DK2 Drivers v 6.21.0.169 --> C:\WINDOWS\system32\DK2UInst.exe DWGeditor --> MsiExec.exe /X{F5125699-C01A-4ED8-BD3A-265DF29859FE} EasyBlank --> MsiExec.exe /I{4503A97F-68FB-4F98-A4E1-BF6F8A1653F8} eDrawings 2007 --> MsiExec.exe /I{75FEB085-179F-4C85-B0E4-B517D2160750} EVEREST Home Edition v2.20 --> "C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe" Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll" IObit SmartDefrag Beta3.1 --> "C:\Program Files\IObit\IObit SmartDefrag\unins000.exe" Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Merriam-Webster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E935B41A-F632-4DCD-95D7-0EF67992650A}\setup.exe" Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9} MRU-Blaster v1.5 (Database 3/28/2004) --> "C:\Program Files\MRU-Blaster\unins000.exe" MSVC80_x86 --> MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27} MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} MyProduct --> C:\Program Files\MyProduct\Uninstal.exe Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL Nokia Connectivity Cable Driver --> MsiExec.exe /X{0A3D3C54-2EC0-4D67-B265-FF17926E6D67} Nokia PC Suite --> C:\Documents and Settings\All Users\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Nokia_PC_Suite_rel_6_85_14_1_eng.exe Nokia PC Suite --> MsiExec.exe /I{29466F9C-7C6A-419C-B301-F440FAF78760} PathCopyEx --> MsiExec.exe /I{6C08FEE6-0D11-4C07-9037-2CEB4FD01134} PC Connectivity Solution --> MsiExec.exe /I{BA084E7C-8ABA-4670-BDE8-B85E689A5C1B} PDF to DWG Converter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{547C9628-C490-48AB-94F4-7F2495562930}\Setup.exe" Photobucket Uploader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6EE0E6FB-156F-47CF-8CA1-91EF3D0F9F06}\Setup.exe" -l0x9 PIXMA Extended Survey Program --> C:\Program Files\Canon\IJPLM\SETUP.EXE -R PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall Presto! PageManager 7.15.16 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}\PMSetup.exe" -l0x9 anythinganything -removeonly ScanSoft OmniPage SE 4 --> MsiExec.exe /I{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3} Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} SolidWorks 2007 SP0 --> MsiExec.exe /I{95FCA50A-CF7D-457E-AF69-F058F8BC2844} SolidWorks Explorer 2007 sp0 --> MsiExec.exe /I{559FAB96-A0CD-4105-A02F-1C21DEBCEF89} SolidWorks Installation Manager --> MsiExec.exe /X{26621E14-A45B-45CD-9ED9-7A0A9B585DB4} Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe" Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe" SpywareBlaster 4.0 --> "C:\Program Files\SpywareBlaster\unins000.exe" SpywareGuard v2.2 --> "C:\Program Files\SpywareGuard\unins000.exe" SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} ThinkingRock2 --> "C:\Program Files\ThinkingRock2\uninstall.exe" UNBRAKO AutoCAD Product Library --> MsiExec.exe /X{DC87578E-4CB7-4515-9115-B13254CFEF31} Unlocker 1.8.5 --> C:\Program Files\Unlocker\uninst.exe VISI-Series : VISI-Series Release 14.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E772B94-1799-409B-9D4A-AEE56E305328}\setup.exe" -l0x9 -removeonly Winamp --> MsiExec.exe /I{556C9B0C-9BAC-48AC-AC3E-41326A4356F8} Windows Desktop Search --> "C:\WINDOWS\$NtUninstallKB911993-V2$\spuninst\spuninst.exe" Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_5E1541AFF1E1EA3554CE566743CCAD323ED1C108\nokbtmdm.inf Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_1EB5F2E6F54A6BEDE9F436D1BA5D830FC71739BE\nokbtmdm.inf Windows Driver Package - Nokia Modem (10/12/2007 3.6) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_0A5D98F754C6588B2E3DDE89DDEF097075ADFFB7\nokia_bluetooth.inf WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall -- Application Event Log ------------------------------------------------------- Event Record #/Type2747 / Error Event Submitted/Written: 04/04/2008 00:18:29 PM Event ID/Source: 1000 / Application Error Event Description: Faulting application iexplore.exe, version 7.0.6000.16608, faulting module googletoolbar2.dll, version 4.0.1601.4978, fault address 0x000013e6. Processing media-specific event for [iexplore.exe!ws!] Event Record #/Type2746 / Error Event Submitted/Written: 04/04/2008 00:17:38 PM Event ID/Source: 1 / Google_Toolbar Event Description: Google Toolbar error dump created. ID: 9437248. Local file: C:\DOCUME~1\USER\LOCALS~1\Temp\Google_Toolbar4.0.1601.4978_big080404-121726.dmp. Event Record #/Type2739 / Warning Event Submitted/Written: 04/03/2008 05:48:22 PM Event ID/Source: 1524 / Userenv Event Description: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use. Event Record #/Type2720 / Warning Event Submitted/Written: 04/01/2008 01:22:44 AM Event ID/Source: 1524 / Userenv Event Description: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use. Event Record #/Type2712 / Error Event Submitted/Written: 03/30/2008 09:48:16 AM Event ID/Source: 1000 / Application Error Event Description: Faulting application explorer.exe, version 6.0.2900.3156, faulting module msvbvm60.dll, version 6.0.96.90, fault address 0x000d68a3. Processing media-specific event for [explorer.exe!ws!] -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type550 / Error Event Submitted/Written: 04/04/2008 08:26:13 PM / 04/04/2008 08:26:32 PM Event ID/Source: 12294 / ati2mtag Event Description: CRT invalid display type Event Record #/Type513 / Error Event Submitted/Written: 04/04/2008 00:26:03 PM / 04/04/2008 00:26:22 PM Event ID/Source: 12294 / ati2mtag Event Description: CRT invalid display type Event Record #/Type496 / Warning Event Submitted/Written: 04/04/2008 07:29:35 AM Event ID/Source: 36 / W32Time Event Description: The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized. Event Record #/Type475 / Error Event Submitted/Written: 04/03/2008 05:49:50 PM / 04/03/2008 05:50:09 PM Event ID/Source: 12294 / ati2mtag Event Description: CRT invalid display type Event Record #/Type464 / Warning Event Submitted/Written: 04/02/2008 08:44:51 AM Event ID/Source: 36 / W32Time Event Description: The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized. -- End of Deckard's System Scanner: finished at 2008-04-04 23:29:46 ------------ This post has been edited by Tippaporn: Apr 4 2008, 03:17 PM |
|
|
|
|
Apr 4 2008, 08:42 PM
Post
#4
|
|
|
SuperMember Group: Classroom Teacher Posts: 2,595 Joined: 3-March 07 From: GMT+7 Member No.: 68,406 Operating System: Vista/Ubuntu |
Hi Tippaporn,
I'm in your part of the world but not close enough to take you up on the Leo/Chang offer, thanks anyway  Re DNHlp32.exe: This file appears to be legitimate software, however there are reports of a trojan with the same name and registry entry. Having said that, it looks like it is DRM dongle software, perhaps to protect the streaming video you mentioned. As you may already know, this type of software exists to prevent users accessing certain data except in the ways the publisher allows, and generally does not have a reputation for enhancing system stability. It sounds like it's something you use regularly, however if you do not require it now or in the future I recommend you remove it. The best way to remove this is via Start->Control Panel->Add/Remove Programs - the relevant entry is DK2 Drivers v 6.21.0.169 Please open Start->Control Panel->Add/Remove Programs, look down the list for JavaT 6 Update 3 - this is outdated and now a security risk, you already have the latest version installed (Java™ 6 Update 5) - don't remove that one It looks like Google Toolbar might be causing the browser problems: QUOTE Faulting application iexplore.exe, version 7.0.6000.16608, faulting module googletoolbar2.dll To confirm this I recommend you temporarily uninstall Google Toolbar for Internet Explorer via Start->Control Panel->Add/Remove ProgramsDownload Flash_Disinfector from here and save it to your desktop. Doubleclick on Flash_Disinfector.exe to run it and follow the prompts. You will be prompted to plug in your flash drive(s) - please do so When the program is finished a message box will appear - click OK and your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager, type in explorer.exe and press Enter - your desktop should now appear. Then please do an online scan with Kaspersky: Open Kaspersky Online Scanner in Internet Explorer using this link: http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html
Scan Mail Bases
Once complete, please post the Kaspersky report and a new HijackThis log. |
|
|
|
|
Apr 5 2008, 04:06 PM
Post
#5
|
|
|
New Member Group: New Member Posts: 14 Joined: 29-March 08 From: Bangkok, Thailand Member No.: 77,969 Operating System: Windows XP Pro SP2 |
Hi Silver, Following is the Kaspersky report. I cannot produce a new HJT log. Seems the alleged baddies stem from an Incredimail.exe installation file which I have saved but have never installed and a ComboFix.exe file which I had downloaded and run over a year ago following instructions from another anti-spyware forum. At that time I could not produce HJT logs. HJT would lock up whenever I attempted to scan. After very lengthy attempts the problem was never resolved. Since that time I had wiped my system clean (C:\ drive only). Is it coincidental that HJT is locking up again? This is the first instance where HJT once again locks up. I hope it's not the same issue this time!! I do not want to sacrifice streaming video so I did not uninstall DK2 Drivers v 6.21.0.169. Thanks, Pete Note: I thought that since DSS produced an HJT log it might be able to do so now - and it was successful, although it had to run a clone (?). So far it's beyond my understanding as to why DSS could accomplish an HJT log whereas it locks up when I do so. I tried to run HJT again after running DSS and it still locks up. In any case, I attached the HJT log and also the new DSS log in case it's helpful. One notable difference is that the "extra" text file was not produced this time around. Meaningful? ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Sunday, April 06, 2008 4:32:24 AM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 5/04/2008 Kaspersky Anti-Virus database records: 683559 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ Scan Statistics: Total number of scanned objects: 149859 Number of viruses found: 4 Number of infected objects: 7 Number of suspicious objects: 0 Duration of the scan process: 03:38:35 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Avg7\Log\emc.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\USER\Application Data\Skype\western.design\call256.dbb Object is locked skipped C:\Documents and Settings\USER\Application Data\Skype\western.design\callmember256.dbb Object is locked skipped C:\Documents and Settings\USER\Application Data\Skype\western.design\chat256.dbb Object is locked skipped C:\Documents and Settings\USER\Application Data\Skype\western.design\chat512.dbb Object is locked skipped C:\Documents and Settings\USER\Application Data\Skype\western.design\chatmember256.dbb Object is locked skipped C:\Documents and Settings\USER\Application Data\Skype\western.design\chatmsg1024.dbb Object is locked skipped C:\Documents and Settings\USER\Application Data\Skype\western.design\chatmsg2048.dbb Object is locked skipped C:\Documents and Settings\USER\Application Data\Skype\western.design\chatmsg256.dbb Object is locked skipped C:\Documents and Settings\USER\Application Data\Skype\western.design\chatmsg512.dbb Object is locked skipped C:\Documents and Settings\USER\Application Data\Skype\western.design\chatmsg8192.dbb Object is locked skipped C:\Documents and Settings\USER\Application Data\Skype\western.design\chatsync\0b\0ba6fc407135aa0b.dat Object is locked skipped C:\Documents and Settings\USER\Application Data\Skype\western.design\chatsync\9c\9cc05d36fc2108d9.dat Object is locked skipped C:\Documents and Settings\USER\Application Data\Skype\western.design\contactgroup256.dbb Object is locked skipped C:\Documents and Settings\USER\Application Data\Skype\western.design\dyncontent\bundle.dat Object is locked skipped C:\Documents and Settings\USER\Application Data\Skype\western.design\index2.dat Object is locked skipped C:\Documents and Settings\USER\Application Data\Skype\western.design\profile256.dbb Object is locked skipped C:\Documents and Settings\USER\Application Data\Skype\western.design\transfer1024.dbb Object is locked skipped C:\Documents and Settings\USER\Application Data\Skype\western.design\transfer256.dbb Object is locked skipped C:\Documents and Settings\USER\Application Data\Skype\western.design\transfer512.dbb Object is locked skipped C:\Documents and Settings\USER\Application Data\Skype\western.design\user1024.dbb Object is locked skipped C:\Documents and Settings\USER\Application Data\Skype\western.design\user16384.dbb Object is locked skipped C:\Documents and Settings\USER\Application Data\Skype\western.design\user256.dbb Object is locked skipped C:\Documents and Settings\USER\Application Data\Skype\western.design\user4096.dbb Object is locked skipped C:\Documents and Settings\USER\Application Data\Skype\western.design\voicemail256.dbb Object is locked skipped C:\Documents and Settings\USER\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-4-4-2008( 20-26-37 ).LOG Object is locked skipped C:\Documents and Settings\USER\Cookies\index.dat Object is locked skipped C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\GatherLogs\MyIndex\MyIndex.109.Crwl Object is locked skipped C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\GatherLogs\MyIndex\MyIndex.109.gthr Object is locked skipped C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Projects\MyIndex\Build\Indexer\CiFiles\0001000D.ci Object is locked skipped C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Projects\MyIndex\Build\Indexer\CiFiles\CiPT0000.000 Object is locked skipped C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Projects\MyIndex\Build\Indexer\CiFiles\INDEX.000 Object is locked skipped C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Projects\MyIndex\Build\Indexer\NlFiles\CiST0000.000 Object is locked skipped C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Projects\MyIndex\Build\Indexer\NlFiles\DocId.Map Object is locked skipped C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Projects\MyIndex\MyIndex.chk1.gthr Object is locked skipped C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Projects\MyIndex\MyIndex.chk2.gthr Object is locked skipped C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Projects\MyIndex\MyIndex.Ntfy11.gthr Object is locked skipped C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Properties\MSS.log Object is locked skipped C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Properties\MSStmp.log Object is locked skipped C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Properties\RSApp.edb Object is locked skipped C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Properties\tmp.edb Object is locked skipped C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Desktop Search\Logs\MAPI.txt Object is locked skipped C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Desktop Search\Temp\rssgthrsvc\Ntf1.tmp Object is locked skipped C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Desktop Search\Temp\rssgthrsvc\Ntf2.tmp Object is locked skipped C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Desktop Search\Temp\rssgthrsvc\Perflib_Perfdata_228.dat Object is locked skipped C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\USER\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\USER\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\USER\Local Settings\History\History.IE5\MSHist012008040420080405\index.dat Object is locked skipped C:\Documents and Settings\USER\Local Settings\History\History.IE5\MSHist012008040520080406\index.dat Object is locked skipped C:\Documents and Settings\USER\Local Settings\Temp\IMG97.tmp Object is locked skipped C:\Documents and Settings\USER\Local Settings\Temp\~DF279A.tmp Object is locked skipped C:\Documents and Settings\USER\Local Settings\Temp\~DF3817.tmp Object is locked skipped C:\Documents and Settings\USER\Local Settings\Temp\~DF4EA0.tmp Object is locked skipped C:\Documents and Settings\USER\Local Settings\Temp\~DF9034.tmp Object is locked skipped C:\Documents and Settings\USER\Local Settings\Temp\~DF903F.tmp Object is locked skipped C:\Documents and Settings\USER\Local Settings\Temp\~DFA849.tmp Object is locked skipped C:\Documents and Settings\USER\Local Settings\Temp\~DFCB01.tmp Object is locked skipped C:\Documents and Settings\USER\Local Settings\Temp\~DFDE37.tmp Object is locked skipped C:\Documents and Settings\USER\Local Settings\Temp\~DFDE42.tmp Object is locked skipped C:\Documents and Settings\USER\Local Settings\Temp\~DFF732.tmp Object is locked skipped C:\Documents and Settings\USER\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\USER\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\USER\NTUSER.DAT Object is locked skipped C:\Documents and Settings\USER\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\USER\UserData\index.dat Object is locked skipped C:\Program Files\Cobian Backup 8\DB\log.txt Object is locked skipped C:\System Volume Information\_restore{6734019E-BE73-4D2F-995E-7050BE2A7733}\RP183\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\~Local Disk H\~All New Files\~C Drive\Incredimail\incredimail_install.exe Infected: not-a-virus:Downloader.Win32.ImLoader.d skipped E:\~C Drive\~Program Installation Files\Computer Maintenance and Utilities\ComboFix\combofix.exe/10 Infected: Trojan.BAT.Agent.al skipped E:\~C Drive\~Program Installation Files\Computer Maintenance and Utilities\ComboFix\combofix.exe/11 Infected: Trojan.WinREG.Qoologic skipped E:\~C Drive\~Program Installation Files\Computer Maintenance and Utilities\ComboFix\combofix.exe/5 Infected: Trojan.BAT.Agent.ak skipped E:\~C Drive\~Program Installation Files\Computer Maintenance and Utilities\ComboFix\combofix.exe QuickBatch: infected - 3 skipped E:\~C Drive\~Program Installation Files\Computer Maintenance and Utilities\ComboFix\combofix.exe UPX: infected - 3 skipped E:\~C Drive\~Program Installation Files\Computer Maintenance and Utilities\ComboFix\combofix.exe PE_Patch.UPX: infected - 3 skipped E:\System Volume Information\_restore{6734019E-BE73-4D2F-995E-7050BE2A7733}\RP183\change.log Object is locked skipped E:\Western Design\Customer Files\Lane Tool\Manufacture\3953\3953 Quote (04-04-08).xls Object is locked skipped E:\Western Design\Customer Files\Lane Tool\Manufacture\3953\3953 Quotes (04-05-08)\CWRDRFQ-APR-001(CHUAN WANG 2).xls Object is locked skipped E:\Western Design\Customer Files\Lane Tool\Manufacture\3953\3953 Quotes (04-05-08)\5104-246(HUAMEI).xls Object is locked skipped E:\Western Design\WD&M\Western Design & Mfg., Co., Ltd.xls Object is locked skipped Scan process completed. Logfile of HijackThis v1.99.1 Scan saved at 5:29:30 AM, on 4/6/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\WINDOWS\system32\DNHlp32.exe C:\Program Files\Cobian Backup 8\Cobian.exe C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe C:\Program Files\Skype\Phone\Skype.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe C:\Program Files\Cobian Backup 8\cbInterface.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\Program Files\PC Connectivity Solution\ |