[Resolved] Red Biohazard(Your Privacy Is In Danger) Background &a

Computer forums for help with removing malicious software (malware) and improving computer security

Welcome Guest to What the Tech! ( Log In | Register ) We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)

What the Tech > Spyware / Malware / Virus Removal > HijackThis™ Logs and Infections Removal

[Resolved] Red Biohazard(Your Privacy Is In Danger) Background &a

Options

880320 View Member Profile	Aug 26 2008, 05:53 PM Post #1
New Member Group: New Member Posts: 5 Joined: 26-August 08 Member No.: 81,228 Operating System: XP Sp3	Hi, I managed to aquire this beastly little virus some how and I have grown fed up with my computer buzzing incessantly (I don't believe this is directly linked to the virus, the internal hard drive has been doing this intermittently, although only since the virus has it been on constantly. I don't believe that my hdd should be making this sound though.) and having popups and porn links all over. Any help that you could give will be greatly appreciated. I currently have Trend Micro Internet Security, and Spyhunter 3. They are the basic freeware ones. I'm not sure Spyhunter is even working. One thing I am curious about is I had my external hard drive attached when things first headed south. It is currently powered down but I am wondering if the virus could possibly have gotten to it and stored itself on the drive. The HJT log below is with the external hard drive turned off. If you think there is a chance that it was infected I can post up another HJT log with the drive on as well as performing the online scan again but this time with the drive included. So far I have tried to remove it by using bitdefender online scan and it seems to have helped the problem a bit, at least now I can type without the window going inactive every 3 seconds as well as I have regained access to my taskmanager. (This scan was just of the computer with the external hdd off - the external hdd hasn't been scanned at all. I haven't wanted to risk turning it on again in case it is ok and I infect it when I turn it on to scan it) That is pretty much the extent of what I have done so far, here is my HJT log below. Logfile of HijackThis v1.99.1 Scan saved at 17:05: VIRUS ALERT!, on 8/26/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe C:\WINDOWS\system32\bgsvcgen.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\WINDOWS\SYSTEM32\Ati2evxx.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDll32.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe C:\WINDOWS\system32\lphcpcej0e997.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\MSA\MSA.exe C:\Windows\System32\VIE32.exe C:\Windows\System32\VIE33.exe C:\Windows\System32\VIE34.exe C:\Windows\System32\VIE35.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\DOCUME~1\Owner\LOCALS~1\Temp\22.tmp.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Owner\Local Settings\Temp\.ttE.tmp C:\DOCUME~1\Owner\LOCALS~1\Temp\c.exe C:\Program Files\Windows Media Player\WMPNetwk.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\Program Files\Trend Micro\Internet Security\TmProxy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://gategq.com/gatevc.php?pn=srch0p6total7s2 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: qalkfxor - {18C388BB-5014-4906-AE38-E62BA5AA7387} - C:\WINDOWS\qalkfxor.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [EPSON Stylus CX5200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX5200" /O6 "USB001" /M "Stylus CX5200" O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [RAMDrive] "C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe" O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe O4 - HKLM\..\Run: [lphcpcej0e997] C:\WINDOWS\system32\lphcpcej0e997.exe O4 - HKLM\..\Run: [\VIE27.exe] C:\Windows\System32\VIE27.exe O4 - HKLM\..\Run: [\VIE28.exe] C:\Windows\System32\VIE28.exe O4 - HKLM\..\Run: [\VIE2B.exe] C:\Windows\System32\VIE2B.exe O4 - HKLM\..\Run: [\VIE2C.exe] C:\Windows\System32\VIE2C.exe O4 - HKLM\..\Run: [\SUE33.exe] C:\Windows\SUE33.exe O4 - HKLM\..\Run: [Antivirus] C:\Program Files\MSA\MSA.exe O4 - HKLM\..\Run: [\VIE8.exe] C:\Windows\System32\VIE8.exe O4 - HKLM\..\Run: [\VIE7.exe] C:\Windows\System32\VIE7.exe O4 - HKLM\..\Run: [\VIE9.exe] C:\Windows\System32\VIE9.exe O4 - HKLM\..\Run: [\VIEA.exe] C:\Windows\System32\VIEA.exe O4 - HKLM\..\Run: [\VIE32.exe] C:\Windows\System32\VIE32.exe O4 - HKLM\..\Run: [\VIE33.exe] C:\Windows\System32\VIE33.exe O4 - HKLM\..\Run: [\VIE34.exe] C:\Windows\System32\VIE34.exe O4 - HKLM\..\Run: [\VIE35.exe] C:\Windows\System32\VIE35.exe O4 - HKLM\..\Run: [\VIE5.exe] C:\Windows\System32\VIE5.exe O4 - HKLM\..\Run: [\VIE6.exe] C:\Windows\System32\VIE6.exe O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Somefox] C:\DOCUME~1\Owner\LOCALS~1\Temp\22.tmp.exe O4 - HKCU\..\Run: [\VIE27.exe] C:\Windows\System32\VIE27.exe O4 - HKCU\..\Run: [\VIE28.exe] C:\Windows\System32\VIE28.exe O4 - HKCU\..\Run: [\VIE2B.exe] C:\Windows\System32\VIE2B.exe O4 - HKCU\..\Run: [\VIE2C.exe] C:\Windows\System32\VIE2C.exe O4 - HKCU\..\Run: [\SUE33.exe] C:\Windows\SUE33.exe O4 - HKCU\..\Run: [Antivirus] C:\Program Files\MSA\MSA.exe O4 - HKCU\..\Run: [\VIE8.exe] C:\Windows\System32\VIE8.exe O4 - HKCU\..\Run: [\VIE7.exe] C:\Windows\System32\VIE7.exe O4 - HKCU\..\Run: [\VIE9.exe] C:\Windows\System32\VIE9.exe O4 - HKCU\..\Run: [\VIEA.exe] C:\Windows\System32\VIEA.exe O4 - HKCU\..\Run: [\VIE32.exe] C:\Windows\System32\VIE32.exe O4 - HKCU\..\Run: [\VIE33.exe] C:\Windows\System32\VIE33.exe O4 - HKCU\..\Run: [\VIE34.exe] C:\Windows\System32\VIE34.exe O4 - HKCU\..\Run: [\VIE35.exe] C:\Windows\System32\VIE35.exe O4 - HKCU\..\Run: [\VIE5.exe] C:\Windows\System32\VIE5.exe O4 - HKCU\..\Run: [\VIE6.exe] C:\Windows\System32\VIE6.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Exif Launcher 2.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by119w.bay119.mail.live.com/mail/re...es/MsnPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Unknown owner - C:\Program Files\Trend Micro\BM\TMBMSRV.exe" /service (file missing) O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

LDTate View Member Profile	Sep 1 2008, 07:31 PM Post #2
Forum God Group: Root Admin Posts: 39,364 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	Stay with this topic until I give you the all clean post. You might want to print these instructions out. I suggest you do this: Double-click My Computer. Click the Tools menu, and then click Folder Options. Click the View tab. Clear "Hide file extensions for known file types." Under the "Hidden files" folder, select "Show hidden files and folders." Clear "Hide protected operating system files." Click Apply, and then click OK. Please do not delete anything unless instructed to. Please download ATF Cleaner by Atribune. Download - ATF Cleaner» Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. (If you use FireFox or the Opera browser To keep saved passwords, click No at the prompt.) It's normal after running ATF cleaner that the PC will be slower to boot the first time or two. Next: Please download Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select Perform quick scan, then click Scan. When the scan is complete, click OK, then Show Results to view the results. Be sure that everything is checked, and click Remove Selected . When completed, a log will open in Notepad. Please save it to a convenient location and post the results. Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot. Also "copy/paste" a new HijackThis log file into this thread. Also please describe how your computer behaves at the moment.

880320 View Member Profile	Sep 1 2008, 09:30 PM Post #3
New Member Group: New Member Posts: 5 Joined: 26-August 08 Member No.: 81,228 Operating System: XP Sp3	Hi, Thanks for the speedy response. I have accomplished the two things you instructed me to do and the computer seems to be running fairly well so far. The red background is finally gone and instead there is a folder view of what it says is my Internet Explorer folder instead. There are no program tabs on my start bar to indicate that I have that folder open though so I am a bit confused as to why it is there instead of my typical desktop pic. I have tried changing it back but to no avail. One thing that I did notice as the comp shutdown to remove the items on the delete on reboot list was a little window that flashed up just before it finished shutting down, it was saying something about win32 and virtumonde or something. I didn't really have a chance to see it because it was gone immediately but I though I might mention it. Here are the logs you asked for: Logfile of HijackThis v1.99.1 Scan saved at 9:17:59 PM, on 9/1/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe C:\WINDOWS\system32\bgsvcgen.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\WINDOWS\SYSTEM32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\uTorrent\uTorrent.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\Program Files\Trend Micro\Internet Security\TmProxy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://gategq.com/gatevc.php?pn=srch0p6total7s2 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by119w.bay119.mail.live.com/mail/re...es/MsnPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Unknown owner - C:\Program Files\Trend Micro\BM\TMBMSRV.exe" /service (file missing) O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe Malwarebytes' Anti-Malware 1.25 Database version: 1103 Windows 5.1.2600 Service Pack 3 9:00:37 PM 9/1/2008 mbam-log-09-01-2008 (21-00-37).txt Scan type: Quick Scan Objects scanned: 42663 Time elapsed: 5 minute(s), 39 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 15 Registry Values Infected: 10 Registry Data Items Infected: 20 Folders Infected: 3 Files Infected: 44 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{2e94e090-6554-4076-97a0-bc0ebe5cd9b2} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{ade410f2-0722-420f-8b03-9a874f23a3bc} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{18c388bb-5014-4906-ae38-e62ba5aa7387} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\qalkfxor.bpqk (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\qalkfxor.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explsbsm.exelper Objects (Trojan.Zlob) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0\source (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{18c388bb-5014-4906-ae38-e62ba5aa7387} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> Delete on reboot. HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\backupwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page\Start Page (Hijack.Homepage) -> Bad: (http://lookanddiscover.com/) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76477-OEM-0058895-78333) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (h:mm:ss tt) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\etbr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\HG70DUX1\4683lt[1].exe (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\JLBH4EGF\sp-vc-sap[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\privacy_danger\index.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\privacy_danger\images\capt.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\privacy_danger\images\danger.jpg (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\privacy_danger\images\down.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\privacy_danger\images\spacer.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter\0.exe (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter\1.exe (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter\1.ico (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter\2.exe (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter\2.ico (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter\3.exe (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter\4.exe (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Program Files\MSA\MSA.exe (Rogue.MSAntivirus) -> Quarantined and deleted successfully. C:\Program Files\MSA\msa0.dat (Rogue.MSAntivirus) -> Quarantined and deleted successfully. C:\Program Files\MSA\msa1.dat (Rogue.MSAntivirus) -> Quarantined and deleted successfully. C:\Program Files\MSA\MSA.cpl (Rogue.MSAntivirus) -> Quarantined and deleted successfully. C:\WINDOWS\system32\MSA.cpl (Rogue.MSAntivirus) -> Quarantined and deleted successfully. C:\Program Files\outlook\p.zip (Worm.Alcra) -> Quarantined and deleted successfully. C:\WINDOWS\rvoelbxt.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\qalkfxor.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lphcpcej0e997.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\phcpcej0e997.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sysrest32.exe (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Desktop\PORN & CUMSHOTS.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Desktop\TEEN PORN SEX.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Desktop\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Desktop\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Desktop\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Favorites\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Favorites\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully. Thanks, K

LDTate View Member Profile	Sep 2 2008, 05:33 AM Post #4
Forum God Group: Root Admin Posts: 39,364 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	http://forums.whatthetech.com/We_do_not_support_t91501.html P2P programs 1.Click Start > Settings > Control Panel. 2.Next, open Add/Remove Programs and remove if listed: uTorrent Next: Download ComboFix from Here or Here to your Desktop. Note: In the event you already have Combofix, please delete it from your desktop and download this new version . It is important that it is saved directly to your desktop -------------------------------------------------------------------- Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix. WARNING: IF you have not already done so Combofix will disconnect your machine from the Internet when it starts Please do not re-connect your machine back to the Internet until Combofix has completely finished. -------------------------------------------------------------------- Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ** *If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections. Give it atleast 20-30 minutes to finish if needed.

880320 View Member Profile	Sep 2 2008, 05:33 PM Post #5
New Member Group: New Member Posts: 5 Joined: 26-August 08 Member No.: 81,228 Operating System: XP Sp3	I removed uTorrent and ran Combofix, I did not see the win 32/virtumonde screen flash up this time. Here are the logs you requested: ComboFix 08-09-01.03 - Owner 2008-09-02 16:21:27.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.632 [GMT -6:00] Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\6S69853J\bin.clearspring.com C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\6S69853J\bin.clearspring.com\clearspring.sol C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\6S69853J\interclick.com C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\6S69853J\interclick.com\ud.sol C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol C:\Program Files\outlook C:\WINDOWS\system32\actskn43.ocx C:\WINDOWS\system32\bszip.dll C:\WINDOWS\system32\mdm.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_sysrest.sys ((((((((((((((((((((((((( Files Created from 2008-08-02 to 2008-09-02 ))))))))))))))))))))))))))))))) . 2008-09-01 20:51 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-26 21:33 . 2008-08-26 21:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-08-26 21:33 . 2008-08-26 21:33 1,409 --a------ C:\WINDOWS\QTFont.for 2008-08-25 17:09 . 2008-08-25 19:01 <DIR> d-------- C:\WINDOWS\BDOSCAN8 2008-08-25 16:40 . 2008-08-24 05:08 <DIR> d-------- C:\SDFix 2008-08-24 23:02 . 2008-08-24 23:12 <DIR> d-------- C:\Program Files\APC 2008-08-24 22:47 . 2008-08-22 17:22 3,262 --a------ C:\WINDOWS\system32\2.ico 2008-08-24 22:36 . 2008-09-01 21:00 <DIR> d-------- C:\Program Files\MSA 2008-08-24 22:36 . 2008-08-22 17:22 3,262 --a------ C:\WINDOWS\system32\1.ico 2008-08-24 22:02 . 2008-08-24 22:02 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Canneverbe_Limited 2008-08-24 21:59 . 2008-08-24 21:59 <DIR> d-------- C:\Program Files\CDBurnerXP 2008-08-19 03:20 . 2008-06-13 05:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-08-18 21:49 . 2008-08-18 21:49 <DIR> d-------- C:\WINDOWS\system32\scripting 2008-08-18 21:49 . 2008-08-18 21:49 <DIR> d-------- C:\WINDOWS\system32\en 2008-08-18 21:49 . 2008-08-18 21:49 <DIR> d-------- C:\WINDOWS\system32\bits 2008-08-18 21:49 . 2008-08-18 21:49 <DIR> d-------- C:\WINDOWS\l2schemas 2008-08-18 21:44 . 2008-08-18 21:49 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-08-18 21:35 . 2008-08-18 21:35 <DIR> d-------- C:\WINDOWS\EHome 2008-08-18 19:35 . 2008-04-13 18:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll 2008-08-18 19:34 . 2004-08-03 22:41 1,309,184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys 2008-08-18 19:33 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys 2008-08-18 19:32 . 2008-04-13 18:11 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll 2008-08-12 15:07 . 2008-04-11 13:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-11 06:43 . 2008-08-11 06:43 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\vlc 2008-08-10 23:19 . 2008-08-10 23:19 <DIR> d-------- C:\Program Files\VideoLAN . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-02 02:51 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware 2008-08-25 03:11 --------- d-----w C:\Program Files\Incomplete 2008-08-17 21:01 17,144 ----a-w C:\WINDOWS\system32\drivers\mbam.sys 2008-08-01 12:10 --------- d-----w C:\Program Files\Common Files\Adobe 2008-08-01 12:04 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM 2008-08-01 04:31 --------- d-----w C:\Program Files\Apple Software Update 2008-08-01 04:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2008-07-31 03:46 --------- d-----w C:\Program Files\Java 2008-07-29 04:05 --------- d-----w C:\Program Files\DivX 2008-07-19 01:08 36,368 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys 2008-07-19 01:08 205,328 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys 2008-07-19 00:51 1,195,448 ----a-w C:\WINDOWS\system32\drivers\vsapint.sys 2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i420vfw.dll "VIDC.ACDV"= ACDV.dll "vidc.yv12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher 2.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher 2.lnk backup=C:\WINDOWS\pss\Exif Launcher 2.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VIA RAID TOOL.lnk backup=C:\WINDOWS\pss\VIA RAID TOOL.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] --a------ 2008-03-20 10:46 217544 C:\Program Files\Alcohol Soft\Alcohol 120\AxCmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] --a------ 2005-08-12 15:43 45056 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-04-13 18:12 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX5200] --a------ 2002-06-30 21:05 74752 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10IC2.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk] --a------ 2007-01-01 15:22 3739648 C:\Program Files\Google\Google Talk\googletalk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ink Monitor] --------- 2002-08-05 02:37 258116 C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2007-03-14 19:05 257088 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2008-04-13 18:12 1695232 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager] --a------ 2005-02-01 15:43 163840 C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-01-10 16:27 385024 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE] --------- 2002-02-04 23:32 53248 C:\Program Files\REGSHAVE\REGSHAVE.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite] --a------ 2008-06-19 16:48 851968 C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-11-29 20:45 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2006-03-08 00:33 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UfSeAgnt.exe] --a------ 2008-02-16 00:56 1398024 C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --------- 2006-10-18 21:05 204288 C:\Program Files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher] --a------ 2004-03-18 10:33 892928 C:\Program Files\Logitech\iTouch\iTouch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] --------- 2004-03-17 16:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\BitZip\\bitzip.exe"= "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;C:\Program Files\VMLaunch\BuddyVM.sys [2004-10-05 15872] R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2005-05-12 1287296] R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2004-03-03 14095] S3 95ffbc2d-e228-47db-bff9-e4d5ec6739f2;95ffbc2d-e228-47db-bff9-e4d5ec6739f2;D:\CDS300\cds300.dll [ ] S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2004-03-12 344928] S3 XDva064;XDva064;C:\WINDOWS\system32\XDva064.sys [ ] . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-Antivirus - C:\Program Files\MSA\MSA.exe MSConfigStartUp-lphcpcej0e997 - C:\WINDOWS\system32\lphcpcej0e997.exe MSConfigStartUp-RAMDrive - C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe MSConfigStartUp-Somefox - C:\DOCUME~1\Owner\LOCALS~1\Temp\22.tmp.exe MSConfigStartUp-sysrest32 - C:\WINDOWS\system32\sysrest32.exe MSConfigStartUp-Cmaudio - cmicnfg.cpl . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ppmos66j.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.ca/ig?hl=en FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll FF -: plugin - C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-02 16:40:01 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe C:\WINDOWS\system32\bgsvcgen.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\WINDOWS\system32\ati2evxx.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\Program Files\Trend Micro\Internet Security\TmProxy.exe . ************************************************************************ . Completion time: 2008-09-02 16:53:45 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-02 22:53:37 Pre-Run: 7,621,464,064 bytes free Post-Run: 7,616,233,472 bytes free 209 --- E O F --- 2008-08-27 04:25:45 Logfile of HijackThis v1.99.1 Scan saved at 5:28:46 PM, on 9/2/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe C:\WINDOWS\system32\bgsvcgen.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\WINDOWS\system32\Ati2evxx.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trend Micro\Internet Security\TmProxy.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://gategq.com/gatevc.php?pn=srch0p6total7s2 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU) O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by119w.bay119.mail.live.com/mail/re...es/MsnPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Unknown owner - C:\Program Files\Trend Micro\BM\TMBMSRV.exe" /service (file missing) O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe Thanks, K

LDTate