Ultrad321

Members
  • Content Count

    20
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Ultrad321

  • Rank
    Member
  1. As a heads-up I run XP Professional x64 OS, so some things like ComboFix won't work with my x64 operating system b/c they are 32 only. for the past couple weeks my computer has basically been locked up by some malware. it keeps the most popular programs like IE and Windows Media Player,a nd most games from working, and it has affected the correct operation of dll's and prevented most installs from happening, and when I try to run programs that are isntalled like Word it just brings up a frozen installer. Now I have scanned with Spybot, F-Prot, Ad-Aware, and they either didn't get anything or "fixed it" but nothing changed. Trendmicro Housecall picked up a bunch of stuff and said it fixed it but nothing really changed. Less popular or non microsoft programs like Firefox (what I'm using now) and Quicktime, Itunes, etc. work however. SO at least a couple times I have thought I deleted the virtumonde files, but nothing changed after their deletion. Tried to install MBAM (changed the exe name multiple times with no avail) but I kept getting the Runtime error 0 Acceleration Grid,etc. and MBAM Runtime 404 error, a "CoCreateInstance failed; code 0x80040154. Class not registered." when the .ink files tried to install. So MBAM installs but these errors come up both during install and when I tryto run it. I have seen other people's topics where MBAM eliminated their problems so I hope to get it installed and let it have a crack. I have found some suspicious files like one related to a malware I got last year C:\WINDOWS\SysWOW64\Drivers\ylcgcuoq.dat and also wsil32.dll which i'm not sure about In addition, attempted install of Superantispyware gives the same cocreate instance error, and I have already tried a number of specific virtumonde fix programs. ONe other thing I want to mention is that My installer seems to be really messed up, nothing will install, always gives the error 1719 (problem with windows installer), or it gives me some thing about the permission settings not being right (though I am the sole administrator) PLEASE HELP! I have tried all I can by myself before bugging y'all with this problem, but I need some more experienced help with this now, so I'll roll out the logs. Gmer log GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2009-03-01 00:19:34 Windows 5.2.3790 Service Pack 2 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 285507792 ---- EOF - GMER 1.0.14 ---- HijackThis log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:23 AM, on 03/01/2009 Platform: Windows 2003 SP2 (WinNT 5.02.3790) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files (x86)\FSI\F-Prot\fpavupdm.exe C:\Program Files (x86)\Java\jre6\bin\jqs.exe C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\SysWOW64\PnkBstrA.exe C:\WINDOWS\SysWOW64\wwSecure.exe C:\Program Files (x86)\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\SysWOW64\ctfmon.exe C:\Program Files (x86)\FSI\F-Prot\F-Sched.exe C:\Program Files (x86)\Java\jre6\bin\jusched.exe C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe C:\Program Files (x86)\iPod\bin\iPodService.exe C:\Documents and Settings\Administrator\Desktop\system health tools\gmer.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 O1 - Hosts: be placed in the first column followed by the corresponding host name. O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file) O4 - HKLM\..\Run: [FRISK FP-Scheduler] "C:\Program Files (x86)\FSI\F-Prot\F-Sched.exe" STARTUP O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKCU\..\Run: [Aim6] "C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [Window Washer] C:\Program Files (x86)\Webroot\Washer\wwDisp.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?') O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?') O4 - HKUS\S-1-5-21-2712546392-667894355-3133765092-500\..\Run: [Aim6] "C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User '?') O4 - HKUS\S-1-5-21-2712546392-667894355-3133765092-500\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (User '?') O4 - HKUS\S-1-5-18\..\Run: [kffo] C:\PROGRA~2\COMMON~1\kffo\kffom.exe (User '?') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?') O4 - HKUS\.DEFAULT\..\Run: [kffo] C:\PROGRA~2\COMMON~1\kffo\kffom.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file) O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file) O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file) O15 - ESC Trusted Zone: http://runonce.msn.com O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - http://upload.facebook.com/controls/2008.1...kPhotoUploader5. cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/Facebo...toUploader3.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2004061...icro.com/housec all/xscan53.cab O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} - http://www.livemetallica.com/nugster/dlControl.CAB O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - http://driveragent.com/files/driveragent.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - (no file) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing) O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2saag.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing) O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing) O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files (x86)\FSI\F-Prot\fpavupdm.exe O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing) O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files (x86)\Java\jre6\bin\jqs.exe O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing) O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing) O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (file missing) O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing) O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing) O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe -- End of file - 8121 bytes Ad Aware Ad-Aware 2007 Build Log File Created on: 2009-03-01 23:11:40 Using Definitions File: C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\core.aawdef Computer name: DREWS-SGAMER Name of user performing scan: SYSTEM System information =========================== Number of processors: 1 Processor type: AMD Athlonâ„¢ 64 Processor 3200+ Memory Available: 25% Total Physical Memory: 1073094656 Bytes Available Physical Memory: 257556480 Bytes Total Page File Size: 3148898304 Bytes Available On Page File: 2420752384 Bytes Total Virtual Memory: 2147352576 Bytes Available Virtual Memory: 1772601344 Bytes OS: Microsoft Windows Server 2003 family Service Pack 2 (Build 3790) Ad-Aware 2007 Settings =========================== Skipping files larger than 1048576 kB Ignoring infections with lower TAI than: 3 Extended Ad-Aware 2007 Settings =========================== Unloading known modules during scan Ignoring spanned files when scanning cab archives Reanalyzing results after scanning before displaying results Trying to unload modules prior to removal Unloading Explorer if necessary during removal Let Windows remove files currently in use at next reboot Removing quarantined objects after restore Deactivating Ad-Watch during scans Writeprotecting system files after repairs Include info about ignored objects in log file Including basic settings in log file Including advanced settings in log file Including user and computer name in log file Create and save WebUpdate log file Databaseinfo =========================== Version number: 146 Build Number: 0 Build Date and Time: 2009/01/22 14:54:48 Scan Statistics =========================== Method: Smart Scan tracking cookies.............................: On Scan ADS filestreams..............................: On Item Scanned: 189436 Infections Detected: 7 Infections Ignored: 0 Scan detailed statistics =========================== Type Critical Total Process Scan....: 0 0 Registry Scan...: 0 0 Registry PE Scan: 0 0 Hosts File Scan.: 0 0 File Scan.......: 0 0 Folder Scan.....: 0 0 LSP Scan........: 0 0 ADS Scan........: 0 0 Cookie Scan.....: 4 4 File Hash Scan..: 0 0 Infections Found =========================== Family Id: 725 Name: Tracking Cookie Category: DataMiner TAI:3 Item Id: 409170 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Administrator\Cookies\index.dat adlegend.com PrefID / Item Id: 409170 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Administrator\Cookies\index.dat adlegend.com CSList / Item Id: 409363 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Administrator\Cookies\index.dat kontera.com cluid / Item Id: 409363 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Administrator\Cookies\index.dat kontera.com imprs / Family Id: 9999 Name: MRU Object Category: MRU Object TAI:0 Item Id: 1 Value: MRU Path: C:\Documents and Settings\Administrator\Recent Count: 149 Item Id: 2 Value: MRU Registry Key: S-1-5-21-2712546392-667894355-3133765092-500\Software\Microsoft\Search Assistant\ACMru\5603 Count: 9 Item Id: 3 Value: MRU Registry Key: S-1-5-21-2712546392-667894355-3133765092-500\Software\Microsoft\Internet Explorer\TypedURLs Count: 10 Items Ignored During Scan =========================== Listing of running processes =========================== C:\PROGRAM FILES (X86)\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE c:\program files (x86)\lavasoft\ad-aware 2007\aawservice.exe c:\windows\system32\ntdll.dll c:\windows\syswow64\kernel32.dll c:\program files (x86)\lavasoft\ad-aware 2007\ceapi.dll c:\windows\syswow64\advapi32.dll c:\windows\syswow64\rpcrt4.dll c:\windows\syswow64\secur32.dll c:\program files (x86)\lavasoft\ad-aware 2007\pkarchive84cb.dll c:\windows\syswow64\shell32.dll c:\windows\syswow64\msvcrt.dll c:\windows\syswow64\gdi32.dll c:\windows\syswow64\user32.dll c:\windows\syswow64\shlwapi.dll c:\windows\syswow64\ole32.dll c:\windows\syswow64\crypt32.dll c:\windows\syswow64\msasn1.dll c:\windows\syswow64\wldap32.dll c:\windows\system32\psapi.dll c:\windows\syswow64\version.dll c:\windows\syswow64\wininet.dll c:\windows\syswow64\normaliz.dll c:\windows\syswow64\iertutil.dll c:\program files (x86)\lavasoft\ad-aware 2007\update.dll c:\windows\system32\wsock32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\userenv.dll c:\windows\system32\imm32.dll c:\windows\winsxs\wow64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5fa17f4e\comctl32.dll c:\windows\system32\rsaenh.dll c:\windows\system32\mswsock.dll c:\windows\system32\dnsapi.dll c:\windows\system32\winrnr.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\rasadhlp.dll C:\PROGRAM FILES (X86)\FSI\F-PROT\FPAVUPDM.EXE c:\program files (x86)\fsi\f-prot\fpavupdm.exe c:\windows\system32\ntdll.dll c:\windows\syswow64\kernel32.dll c:\windows\system32\wsock32.dll c:\windows\system32\ws2_32.dll c:\windows\syswow64\msvcrt.dll c:\windows\system32\ws2help.dll c:\windows\syswow64\advapi32.dll c:\windows\syswow64\rpcrt4.dll c:\windows\syswow64\secur32.dll c:\windows\syswow64\wininet.dll c:\windows\syswow64\shlwapi.dll c:\windows\syswow64\gdi32.dll c:\windows\syswow64\user32.dll c:\windows\syswow64\normaliz.dll c:\windows\syswow64\iertutil.dll c:\windows\syswow64\ole32.dll c:\windows\syswow64\oleaut32.dll c:\windows\system32\imm32.dll c:\windows\winsxs\wow64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5fa17f4e\comctl32.dll c:\windows\syswow64\shell32.dll c:\windows\system32\rasapi32.dll c:\windows\system32\rasman.dll c:\windows\syswow64\netapi32.dll c:\windows\system32\tapi32.dll c:\windows\system32\rtutils.dll c:\windows\system32\winmm.dll c:\windows\syswow64\crypt32.dll c:\windows\syswow64\msasn1.dll c:\windows\system32\userenv.dll c:\windows\system32\msapsspc.dll c:\windows\system32\msvcrt40.dll c:\windows\system32\msnsspc.dll c:\windows\syswow64\msv1_0.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\psapi.dll c:\windows\system32\sensapi.dll c:\windows\system32\uxtheme.dll c:\windows\system32\mswsock.dll c:\windows\system32\rasadhlp.dll c:\windows\syswow64\urlmon.dll c:\windows\system32\dnsapi.dll c:\windows\system32\winrnr.dll c:\windows\syswow64\wldap32.dll c:\windows\system32\rsaenh.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JQS.EXE c:\program files (x86)\java\jre6\bin\jqs.exe c:\windows\system32\ntdll.dll c:\windows\syswow64\kernel32.dll c:\windows\system32\ws2_32.dll c:\windows\syswow64\msvcrt.dll c:\windows\system32\ws2help.dll c:\windows\syswow64\advapi32.dll c:\windows\syswow64\rpcrt4.dll c:\windows\syswow64\secur32.dll c:\windows\syswow64\ole32.dll c:\windows\syswow64\gdi32.dll c:\windows\syswow64\user32.dll c:\program files (x86)\java\jre6\bin\msvcr71.dll c:\windows\system32\imm32.dll c:\windows\system32\psapi.dll c:\windows\system32\pdh.dll c:\windows\syswow64\shlwapi.dll c:\windows\syswow64\comdlg32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.3790.3959_x-ww_78fcf8d0\comctl32.dll c:\windows\syswow64\shell32.dll c:\windows\syswow64\oleaut32.dll c:\windows\system32\odbc32.dll c:\windows\system32\odbcbcp.dll c:\windows\syswow64\version.dll c:\windows\syswow64\crypt32.dll c:\windows\syswow64\msasn1.dll c:\windows\winsxs\wow64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5fa17f4e\comctl32.dll c:\windows\system32\odbcint.dll c:\windows\system32\mswsock.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\perfos.dll c:\windows\system32\perfdisk.dll C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE c:\program files (x86)\common files\microsoft shared\vs7debug\mdm.exe c:\windows\system32\ntdll.dll c:\windows\syswow64\kernel32.dll c:\windows\syswow64\ole32.dll c:\windows\syswow64\msvcrt.dll c:\windows\syswow64\gdi32.dll c:\windows\syswow64\user32.dll c:\windows\syswow64\advapi32.dll c:\windows\syswow64\rpcrt4.dll c:\windows\syswow64\secur32.dll c:\windows\syswow64\oleaut32.dll c:\windows\syswow64\version.dll c:\windows\syswow64\shlwapi.dll c:\windows\system32\shimeng.dll c:\windows\system32\apphelp.dll c:\windows\apppatch\acwow64.dll c:\windows\system32\imm32.dll c:\windows\system32\psapi.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\program files (x86)\common files\microsoft shared\vs7debug\msdbg2.dll c:\windows\syswow64\netapi32.dll c:\windows\winsxs\wow64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5fa17f4e\comctl32.dll C:\WINDOWS\SYSWOW64\PNKBSTRA.EXE c:\windows\syswow64\pnkbstra.exe c:\windows\system32\ntdll.dll c:\windows\syswow64\kernel32.dll c:\windows\syswow64\wsock32.dll c:\windows\syswow64\ws2_32.dll c:\windows\syswow64\msvcrt.dll c:\windows\syswow64\ws2help.dll c:\windows\syswow64\advapi32.dll c:\windows\syswow64\rpcrt4.dll c:\windows\syswow64\secur32.dll c:\windows\syswow64\user32.dll c:\windows\syswow64\gdi32.dll c:\windows\syswow64\shell32.dll c:\windows\syswow64\shlwapi.dll c:\windows\syswow64\wintrust.dll c:\windows\syswow64\crypt32.dll c:\windows\syswow64\msasn1.dll c:\windows\syswow64\imagehlp.dll c:\windows\system32\imm32.dll c:\windows\winsxs\wow64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5fa17f4e\comctl32.dll c:\windows\system32\mswsock.dll c:\windows\syswow64\ole32.dll c:\windows\syswow64\hnetcfg.dll c:\windows\system32\wshtcpip.dll C:\WINDOWS\SYSWOW64\WWSECURE.EXE c:\windows\syswow64\wwsecure.exe c:\windows\system32\ntdll.dll c:\windows\syswow64\kernel32.dll c:\windows\syswow64\user32.dll c:\windows\syswow64\gdi32.dll c:\windows\syswow64\advapi32.dll c:\windows\syswow64\rpcrt4.dll c:\windows\syswow64\secur32.dll c:\windows\syswow64\oleaut32.dll c:\windows\syswow64\msvcrt.dll c:\windows\syswow64\ole32.dll c:\windows\syswow64\version.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.3790.3959_x-ww_78fcf8d0\comctl32.dll c:\windows\system32\imm32.dll c:\windows\syswow64\uxtheme.dll c:\windows\syswow64\sxs.dll c:\windows\syswow64\xpsp2res.dll c:\windows\syswow64\clbcatq.dll c:\windows\syswow64\comres.dll C:\WINDOWS\SYSWOW64\CTFMON.EXE c:\windows\syswow64\ctfmon.exe c:\windows\system32\ntdll.dll c:\windows\syswow64\kernel32.dll c:\windows\syswow64\msvcrt.dll c:\windows\syswow64\advapi32.dll c:\windows\syswow64\rpcrt4.dll c:\windows\syswow64\secur32.dll c:\windows\syswow64\user32.dll c:\windows\syswow64\gdi32.dll c:\windows\syswow64\msctf.dll c:\windows\syswow64\msutb.dll c:\windows\system32\imm32.dll c:\windows\syswow64\uxtheme.dll c:\windows\syswow64\apphelp.dll c:\windows\system32\msctfime.ime c:\windows\system32\ole32.dll C:\PROGRAM FILES (X86)\FSI\F-PROT\F-SCHED.EXE c:\program files (x86)\fsi\f-prot\f-sched.exe c:\windows\system32\ntdll.dll c:\windows\syswow64\kernel32.dll c:\windows\system32\mfc42.dll c:\windows\syswow64\msvcrt.dll c:\windows\syswow64\user32.dll c:\windows\syswow64\gdi32.dll c:\windows\syswow64\advapi32.dll c:\windows\syswow64\rpcrt4.dll c:\windows\syswow64\secur32.dll c:\windows\syswow64\ole32.dll c:\windows\syswow64\oleaut32.dll c:\windows\syswow64\wininet.dll c:\windows\syswow64\shlwapi.dll c:\windows\syswow64\normaliz.dll c:\windows\syswow64\iertutil.dll c:\windows\system32\wsock32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\odbc32.dll c:\windows\winsxs\wow64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5fa17f4e\comctl32.dll c:\windows\syswow64\shell32.dll c:\windows\syswow64\comdlg32.dll c:\windows\system32\imm32.dll c:\windows\system32\odbcint.dll c:\program files (x86)\fsi\f-prot\schedeng.dll c:\windows\system32\uxtheme.dll c:\windows\syswow64\msctf.dll c:\windows\system32\apphelp.dll c:\windows\system32\msctfime.ime C:\PROGRAM FILES (X86)\JAVA\JRE6\BIN\JUSCHED.EXE c:\program files (x86)\java\jre6\bin\jusched.exe c:\windows\system32\ntdll.dll c:\windows\syswow64\kernel32.dll c:\windows\syswow64\advapi32.dll c:\windows\syswow64\rpcrt4.dll c:\windows\syswow64\secur32.dll c:\windows\syswow64\gdi32.dll c:\windows\syswow64\user32.dll c:\windows\syswow64\wininet.dll c:\windows\syswow64\msvcrt.dll c:\windows\syswow64\shlwapi.dll c:\windows\syswow64\normaliz.dll c:\windows\syswow64\iertutil.dll c:\windows\syswow64\ole32.dll c:\windows\syswow64\shell32.dll c:\windows\syswow64\oleaut32.dll c:\windows\system32\imm32.dll c:\windows\winsxs\wow64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5fa17f4e\comctl32.dll c:\windows\system32\uxtheme.dll c:\windows\syswow64\msctf.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\rasapi32.dll c:\windows\system32\rasman.dll c:\windows\syswow64\netapi32.dll c:\windows\system32\tapi32.dll c:\windows\system32\rtutils.dll c:\windows\system32\winmm.dll c:\windows\syswow64\crypt32.dll c:\windows\syswow64\msasn1.dll c:\windows\system32\userenv.dll c:\windows\syswow64\msapsspc.dll c:\windows\system32\msvcrt40.dll c:\windows\syswow64\msnsspc.dll c:\windows\syswow64\msv1_0.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\psapi.dll c:\windows\system32\sensapi.dll c:\windows\system32\mswsock.dll c:\windows\system32\rasadhlp.dll c:\windows\system32\dnsapi.dll c:\windows\system32\winrnr.dll c:\windows\syswow64\wldap32.dll c:\windows\system32\rsaenh.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\dhcpcsvc.dll c:\windows\system32\netman.dll c:\windows\system32\netshell.dll c:\windows\system32\credui.dll c:\windows\system32\atl.dll c:\windows\system32\clusapi.dll c:\windows\system32\mprapi.dll c:\windows\system32\activeds.dll c:\windows\system32\adsldpc.dll c:\windows\system32\samlib.dll c:\windows\system32\setupapi.dll c:\windows\system32\wzcsvc.dll c:\windows\system32\wmi.dll c:\windows\system32\wtsapi32.dll c:\windows\system32\winsta.dll c:\windows\system32\esent.dll c:\windows\system32\wzcsapi.dll c:\windows\syswow64\urlmon.dll C:\PROGRAM FILES (X86)\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE c:\program files (x86)\common files\real\update_ob\realsched.exe c:\windows\system32\ntdll.dll c:\windows\syswow64\kernel32.dll c:\windows\syswow64\ole32.dll c:\windows\syswow64\msvcrt.dll c:\windows\syswow64\gdi32.dll c:\windows\syswow64\user32.dll c:\windows\syswow64\advapi32.dll c:\windows\syswow64\rpcrt4.dll c:\windows\syswow64\secur32.dll c:\windows\syswow64\version.dll c:\windows\system32\imm32.dll c:\windows\syswow64\shell32.dll c:\windows\syswow64\shlwapi.dll c:\windows\winsxs\wow64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5fa17f4e\comctl32.dll c:\windows\system32\uxtheme.dll c:\windows\syswow64\msctf.dll c:\windows\system32\setupapi.dll c:\windows\system32\apphelp.dll c:\windows\system32\msctfime.ime c:\windows\system32\xpsp2res.dll c:\windows\system32\clbcatq.dll c:\windows\syswow64\oleaut32.dll c:\windows\system32\comres.dll c:\windows\system32\ntmarta.dll c:\windows\syswow64\wldap32.dll c:\windows\system32\samlib.dll C:\PROGRAM FILES (X86)\IPOD\BIN\IPODSERVICE.EXE c:\program files (x86)\ipod\bin\ipodservice.exe c:\windows\system32\ntdll.dll c:\windows\syswow64\kernel32.dll c:\windows\system32\cfgmgr32.dll c:\windows\system32\setupapi.dll c:\windows\syswow64\msvcrt.dll c:\windows\syswow64\advapi32.dll c:\windows\syswow64\rpcrt4.dll c:\windows\syswow64\secur32.dll c:\windows\syswow64\gdi32.dll c:\windows\syswow64\user32.dll c:\windows\syswow64\version.dll c:\windows\syswow64\ole32.dll c:\windows\syswow64\oleaut32.dll c:\windows\system32\imm32.dll c:\program files (x86)\ipod\bin\ipodservice.resources\en.lproj\ipodservicelocalized.dll c:\program files (x86)\ipod\bin\ipodservice.resources\ipodservice.dll c:\windows\system32\xpsp2res.dll c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\windows\system32\uxtheme.dll c:\windows\syswow64\wintrust.dll c:\windows\syswow64\crypt32.dll c:\windows\syswow64\msasn1.dll c:\windows\syswow64\imagehlp.dll C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE c:\program files (x86)\mozilla firefox\firefox.exe c:\windows\system32\ntdll.dll c:\windows\syswow64\kernel32.dll c:\program files (x86)\mozilla firefox\xul.dll c:\program files (x86)\mozilla firefox\sqlite3.dll c:\program files (x86)\mozilla firefox\mozcrt19.dll c:\windows\syswow64\msvcrt.dll c:\program files (x86)\mozilla firefox\js3250.dll c:\program files (x86)\mozilla firefox\nspr4.dll c:\windows\syswow64\advapi32.dll c:\windows\syswow64\rpcrt4.dll c:\windows\syswow64\secur32.dll c:\windows\system32\wsock32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\winmm.dll c:\windows\syswow64\user32.dll c:\windows\syswow64\gdi32.dll c:\program files (x86)\mozilla firefox\smime3.dll c:\program files (x86)\mozilla firefox\nss3.dll c:\program files (x86)\mozilla firefox\nssutil3.dll c:\program files (x86)\mozilla firefox\plc4.dll c:\program files (x86)\mozilla firefox\plds4.dll c:\program files (x86)\mozilla firefox\ssl3.dll c:\windows\syswow64\shell32.dll c:\windows\syswow64\shlwapi.dll c:\windows\syswow64\ole32.dll c:\windows\syswow64\version.dll c:\windows\system32\winspool.drv c:\windows\syswow64\comdlg32.dll c:\windows\winsxs\wow64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5fa17f4e\comctl32.dll c:\windows\system32\imm32.dll c:\windows\system32\msimg32.dll c:\windows\system32\usp10.dll c:\windows\syswow64\oleaut32.dll c:\program files (x86)\mozilla firefox\xpcom.dll c:\windows\system32\dbghelp.dll c:\windows\system32\uxtheme.dll c:\windows\syswow64\msctf.dll c:\windows\system32\setupapi.dll c:\windows\system32\apphelp.dll c:\windows\system32\msctfime.ime c:\windows\system32\clbcatq.dll c:\windows\system32\comres.dll c:\program files (x86)\mozilla firefox\components\browserdirprovider.dll c:\windows\system32\mswsock.dll c:\windows\system32\hnetcfg.dll c:\windows\system32\wshtcpip.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\psapi.dll c:\windows\system32\dnsapi.dll c:\windows\system32\winrnr.dll c:\windows\syswow64\wldap32.dll c:\windows\system32\xpsp2res.dll c:\program files (x86)\mozilla firefox\components\brwsrcmp.dll c:\windows\syswow64\netapi32.dll c:\windows\system32\urlmon.dll c:\windows\syswow64\iertutil.dll c:\windows\system32\userenv.dll c:\windows\system32\rsaenh.dll c:\program files (x86)\mozilla firefox\softokn3.dll c:\program files (x86)\mozilla firefox\nssdbm3.dll c:\program files (x86)\mozilla firefox\freebl3.dll c:\program files (x86)\mozilla firefox\nssckbi.dll c:\windows\system32\rasadhlp.dll c:\windows\syswow64\wintrust.dll c:\windows\syswow64\crypt32.dll c:\windows\syswow64\msasn1.dll c:\windows\syswow64\imagehlp.dll c:\windows\system32\wdmaud.drv c:\windows\system32\msacm32.drv c:\windows\system32\msacm32.dll c:\windows\system32\midimap.dll c:\windows\system32\ntshrui.dll c:\windows\system32\linkinfo.dll C:\PROGRAM FILES (X86)\LAVASOFT\AD-AWARE 2007\AD-AWARE2007.EXE c:\program files (x86)\lavasoft\ad-aware 2007\ad-aware2007.exe c:\windows\system32\ntdll.dll c:\windows\syswow64\kernel32.dll c:\windows\syswow64\user32.dll c:\windows\syswow64\gdi32.dll c:\windows\syswow64\advapi32.dll c:\windows\syswow64\rpcrt4.dll c:\windows\syswow64\secur32.dll c:\windows\system32\imm32.dll c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.3790.3959_x-ww_78fcf8d0\comctl32.dll c:\windows\syswow64\comdlg32.dll c:\windows\syswow64\msvcrt.dll c:\windows\syswow64\shlwapi.dll c:\windows\syswow64\shell32.dll c:\windows\winsxs\wow64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5fa17f4e\comctl32.dll c:\windows\syswow64\oleaut32.dll c:\windows\syswow64\ole32.dll c:\windows\system32\ws2_32.dll c:\windows\system32\ws2help.dll c:\windows\system32\inetmib1.dll c:\windows\system32\iphlpapi.dll c:\windows\system32\psapi.dll c:\windows\system32\snmpapi.dll c:\windows\system32\mprapi.dll c:\windows\system32\activeds.dll c:\windows\system32\adsldpc.dll c:\windows\syswow64\netapi32.dll c:\windows\syswow64\wldap32.dll c:\windows\system32\credui.dll c:\windows\system32\atl.dll c:\windows\system32\rtutils.dll c:\windows\system32\samlib.dll c:\windows\system32\setupapi.dll c:\windows\syswow64\version.dll c:\windows\syswow64\mpr.dll c:\windows\system32\winmm.dll c:\windows\system32\oleacc.dll c:\windows\system32\msvcp60.dll c:\windows\system32\uxtheme.dll c:\windows\syswow64\msctf.dll c:\windows\system32\apphelp.dll c:\windows\system32\msctfime.ime c:\windows\system32\olepro32.dll c:\windows\system32\drprov.dll c:\windows\system32\ntlanman.dll c:\windows\system32\netui0.dll c:\windows\system32\netui1.dll c:\windows\system32\davclnt.dll c:\windows\system32\userenv.dll End of Scan Section =========================== Quarantined Infections =========================== Browser: Internet Explorer Cookie: C:\Documents and Settings\Administrator\Cookies\index.dat adlegend.com PrefID /, Belonging to Tracking Cookie Browser: Internet Explorer Cookie: C:\Documents and Settings\Administrator\Cookies\index.dat adlegend.com CSList /, Belonging to Tracking Cookie Browser: Internet Explorer Cookie: C:\Documents and Settings\Administrator\Cookies\index.dat kontera.com cluid /, Belonging to Tracking Cookie Browser: Internet Explorer Cookie: C:\Documents and Settings\Administrator\Cookies\index.dat kontera.com imprs /, Belonging to Tracking Cookie MRU Path: C:\Documents and Settings\Administrator\Recent Count: 149, Belonging to MRU Object MRU Registry Key: S-1-5-21-2712546392-667894355-3133765092-500\Software\Microsoft\Search Assistant\ACMru\5603 Count: 9, Belonging to MRU Object MRU Registry Key: S-1-5-21-2712546392-667894355-3133765092-500\Software\Microsoft\Internet Explorer\TypedURLs Count: 10, Belonging to MRU Object End of Quarantined Infections =========================== Deckard's System Scanner Deckard's System Scanner v20071014.68 Run by Administrator on 2009-03-01 00:25:21 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Administrator.exe) --------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:25 AM, on 03/01/2009 Platform: Windows 2003 SP2 (WinNT 5.02.3790) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files (x86)\FSI\F-Prot\fpavupdm.exe C:\Program Files (x86)\Java\jre6\bin\jqs.exe C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\SysWOW64\PnkBstrA.exe C:\WINDOWS\SysWOW64\wwSecure.exe C:\Program Files (x86)\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\SysWOW64\ctfmon.exe C:\Program Files (x86)\FSI\F-Prot\F-Sched.exe C:\Program Files (x86)\Java\jre6\bin\jusched.exe C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe C:\Program Files (x86)\iPod\bin\iPodService.exe C:\Documents and Settings\Administrator\Desktop\system health tools\gmer.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Documents and Settings\Administrator\Desktop\system health tools\dss.exe C:\PROGRA~2\TRENDM~1\HIJACK~1\ADMINI~1.EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 O1 - Hosts: be placed in the first column followed by the corresponding host name. O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file) O4 - HKLM\..\Run: [FRISK FP-Scheduler] "C:\Program Files (x86)\FSI\F-Prot\F-Sched.exe" STARTUP O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKCU\..\Run: [Aim6] "C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [Window Washer] C:\Program Files (x86)\Webroot\Washer\wwDisp.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?') O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?') O4 - HKUS\S-1-5-21-2712546392-667894355-3133765092-500\..\Run: [Aim6] "C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User '?') O4 - HKUS\S-1-5-21-2712546392-667894355-3133765092-500\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (User '?') O4 - HKUS\S-1-5-18\..\Run: [kffo] C:\PROGRA~2\COMMON~1\kffo\kffom.exe (User '?') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?') O4 - HKUS\.DEFAULT\..\Run: [kffo] C:\PROGRA~2\COMMON~1\kffo\kffom.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file) O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file) O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file) O15 - ESC Trusted Zone: http://runonce.msn.com O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/Facebo...toUploader3.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} - http://www.livemetallica.com/nugster/dlControl.CAB O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - http://driveragent.com/files/driveragent.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - (no file) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing) O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2saag.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing) O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing) O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files (x86)\FSI\F-Prot\fpavupdm.exe O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing) O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files (x86)\Java\jre6\bin\jqs.exe O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing) O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing) O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (file missing) O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing) O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing) O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe -- End of file - 8180 bytes -- Files created between 2009-02-01 and 2009-03-01 ----------------------------- 2009-02-28 22:19:43 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2009-02-28 21:08:27 0 d-------- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2009-02-16 20:16:38 0 d-------- C:\VundoFix Backups 2009-02-16 02:51:29 0 d-------- C:\Documents and Settings\Administrator\.housecall6.6 2009-02-15 01:07:42 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI 2009-02-15 00:34:09 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI(4) 2009-02-02 22:57:09 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI(3) 2009-02-02 22:40:32 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI(2) -- Find3M Report --------------------------------------------------------------- 2009-02-28 22:18:59 0 d-------- C:\Program Files (x86)\Common Files\Wise Installation Wizard 2009-02-16 21:43:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla 2009-02-16 20:16:37 0 d-------- C:\Program Files (x86)\zips of games 2009-02-15 11:46:19 0 d-------- C:\Program Files (x86)\GameSpy Arcade 2009-02-15 01:07:14 0 d-------- C:\Program Files (x86)\ATI Technologies 2009-02-10 21:41:16 0 d-------- C:\Program Files (x86)\botf 2009-02-08 23:00:45 0 d--h----- C:\Program Files (x86)\InstallShield Installation Information 2009-02-02 23:12:27 0 d-------- C:\Program Files (x86)\CyberLink 2009-01-18 00:32:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Bioshock 2009-01-08 21:35:04 0 d-------- C:\Program Files (x86)\ubernesv3rev2 2008-12-07 22:39:06 8812 --ah----- C:\WINDOWS\system32\repefeji -- Registry Dump --------------------------------------------------------------- -- End of Deckard's System Scanner: finished at 2009-03-01 00:25:41 ------------
  2. ran the scan from the first menu popup asking me to scan. it warned it found rootkit activity. it found a hidden process that it labeled red. it does not specifify the process, but i think it is our old friend ylcgquoc. i will await futher instructions. here is the log of the scan that i was able to run, even though i dont thinkis the full scan or exactly the one you wanted, but its all i could get. if that hidden process is ylcquoc i hope this program can kill it. GMER 1.0.13.12551 - http://www.gmer.net Rootkit scan 2007-12-13 23:26:10 Windows 5.2.3790 Service Pack 2 ---- Kernel code sections - GMER 1.0.13 ---- ? \WINDOWS\system32\BOOTVID.dll The system cannot find the file specified. ? \WINDOWS\system32\DRIVERS\1394BUS.SYS The system cannot find the file specified. ? \WINDOWS\system32\DRIVERS\CLASSPNP.SYS The system cannot find the file specified. ? \WINDOWS\system32\DRIVERS\PCIIDEX.SYS The system cannot find the file specified. ? \WINDOWS\system32\DRIVERS\WMILIB.SYS The system cannot find the file specified. ? \WINDOWS\system32\hal.dll The system cannot find the file specified. ? \WINDOWS\system32\KDCOM.DLL The system cannot find the file specified. ? \WINDOWS\system32\ntoskrnl.exe The system cannot find the file specified. ? ACPI.sys The system cannot find the file specified. ? atapi.sys The system cannot find the file specified. ? crcdisk.sys The system cannot find the file specified. ? disk.sys The system cannot find the file specified. ? dmio.sys The system cannot find the file specified. ? dmload.sys The system cannot find the file specified. ? fltmgr.sys The system cannot find the file specified. ? ftdisk.sys The system cannot find the file specified. ---- Processes - GMER 1.0.13 ---- Process hidden process (*** hidden *** ) 16781312 ---- Kernel code sections - GMER 1.0.13 ---- ? isapnp.sys The system cannot find the file specified. ? KSecDD.sys The system cannot find the file specified. ? MountMgr.sys The system cannot find the file specified. ? Mup.sys The system cannot find the file specified. ? NDIS.sys The system cannot find the file specified. ? Ntfs.sys The system cannot find the file specified. ? nvata64.sys The system cannot find the file specified. ? nvatabus.sys The system cannot find the file specified. ? ohci1394.sys The system cannot find the file specified. ? PartMgr.sys The system cannot find the file specified. ? pci.sys The system cannot find the file specified. ? pciide.sys The system cannot find the file specified. ? sr.sys The system cannot find the file specified. ? System32\ati2cqag.dll The system cannot find the file specified. ? System32\ati2dvag.dll The system cannot find the file specified. ? System32\ati3duag.dll The system cannot find the file specified. ? System32\atikvmag.dll The system cannot find the file specified. ? System32\atiokax2.dll The system cannot find the file specified. ? System32\ativvaxx.dll The system cannot find the file specified. ? System32\drivers\afd.sys The system cannot find the file specified. ? system32\DRIVERS\amdk8.sys The system cannot find the file specified. ? system32\DRIVERS\arp1394.sys The system cannot find the file specified. ? system32\DRIVERS\atinavt2.sys The system cannot find the file specified. ? system32\DRIVERS\audstub.sys The system cannot find the file specified. ? system32\DRIVERS\BdaSup.SYS The system cannot find the file specified. ? System32\Drivers\Beep.SYS The system cannot find the file specified. ? system32\DRIVERS\CdaC15BA.sys The system cannot find the file specified. ? system32\DRIVERS\CdaD10BA.sys The system cannot find the file specified. ? System32\Drivers\Cdfs.SYS The system cannot find the file specified. ? system32\DRIVERS\cdrom.sys The system cannot find the file specified. ? System32\drivers\Dxapi.sys The system cannot find the file specified. ? System32\drivers\dxg.sys The system cannot find the file specified. ? system32\DRIVERS\fdc.sys The system cannot find the file specified. ? System32\Drivers\Fips.SYS The system cannot find the file specified. ? System32\Drivers\Fs_Rec.SYS The system cannot find the file specified. ? System32\Drivers\HTTP.sys The system cannot find the file specified. ? system32\DRIVERS\i8042prt.sys The system cannot find the file specified. ? system32\DRIVERS\imapi.sys The system cannot find the file specified. ? system32\DRIVERS\ipnat.sys The system cannot find the file specified. ? system32\DRIVERS\ipsec.sys The system cannot find the file specified. ? system32\DRIVERS\kbdclass.sys The system cannot find the file specified. ? system32\drivers\kmixer.sys The system cannot find the file specified. ? system32\drivers\ks.sys The system cannot find the file specified. ? system32\drivers\ksthunk.sys The system cannot find the file specified. ? System32\Drivers\mnmdd.SYS The system cannot find the file specified. ? system32\DRIVERS\mouclass.sys The system cannot find the file specified. ? system32\DRIVERS\mrxdav.sys The system cannot find the file specified. ? system32\DRIVERS\mrxsmb.sys The system cannot find the file specified. ? System32\Drivers\Msfs.SYS The system cannot find the file specified. ? system32\DRIVERS\msgpc.sys The system cannot find the file specified. ? system32\DRIVERS\mssmbios.sys The system cannot find the file specified. ? system32\DRIVERS\ndistapi.sys The system cannot find the file specified. ? system32\DRIVERS\ndisuio.sys The system cannot find the file specified. ? system32\DRIVERS\ndiswan.sys The system cannot find the file specified. ? System32\Drivers\NDProxy.SYS The system cannot find the file specified. ? system32\DRIVERS\netbios.sys The system cannot find the file specified. ? system32\DRIVERS\netbt.sys The system cannot find the file specified. ? system32\DRIVERS\nic1394.sys The system cannot find the file specified. ? System32\Drivers\Npfs.SYS The system cannot find the file specified. ? System32\Drivers\Null.SYS The system cannot find the file specified. ? system32\drivers\nvapu64.sys The system cannot find the file specified. ? system32\drivers\nvarm64.sys The system cannot find the file specified. ? system32\drivers\nvax64.sys The system cannot find the file specified. ? system32\DRIVERS\NVENETFD.sys The system cannot find the file specified. ? system32\drivers\nvmcp64.sys The system cannot find the file specified. ? system32\DRIVERS\nvnetbus.sys The system cannot find the file specified. ? system32\DRIVERS\NVNRM.SYS The system cannot find the file specified. ? system32\DRIVERS\NVSNPU.SYS The system cannot find the file specified. ? system32\drivers\portcls.sys The system cannot find the file specified. ? system32\DRIVERS\psched.sys The system cannot find the file specified. ? system32\DRIVERS\ptilink.sys The system cannot find the file specified. ? system32\DRIVERS\rasacd.sys The system cannot find the file specified. ? system32\DRIVERS\rasl2tp.sys The system cannot find the file specified. ? system32\DRIVERS\raspppoe.sys The system cannot find the file specified. ? system32\DRIVERS\raspptp.sys The system cannot find the file specified. ? system32\DRIVERS\raspti.sys The system cannot find the file specified. ? system32\DRIVERS\rdbss.sys The system cannot find the file specified. ? System32\DRIVERS\RDPCDD.sys The system cannot find the file specified. ? system32\DRIVERS\rdpdr.sys The system cannot find the file specified. ? system32\DRIVERS\redbook.sys The system cannot find the file specified. ? system32\DRIVERS\secdrv.sys The system cannot find the file specified. ? system32\DRIVERS\srv.sys The system cannot find the file specified. ? system32\DRIVERS\swenum.sys The system cannot find the file specified. ? system32\drivers\sysaudio.sys The system cannot find the file specified. ? system32\DRIVERS\tcpip.sys The system cannot find the file specified. ? system32\DRIVERS\TDI.SYS The system cannot find the file specified. ? system32\DRIVERS\termdd.sys The system cannot find the file specified. ? system32\DRIVERS\USBD.SYS The system cannot find the file specified. ? system32\DRIVERS\usbehci.sys The system cannot find the file specified. ? system32\DRIVERS\usbhub.sys The system cannot find the file specified. ? system32\DRIVERS\usbohci.sys The system cannot find the file specified. ? system32\DRIVERS\USBPORT.SYS The system cannot find the file specified. ? System32\drivers\vga.sys The system cannot find the file specified. ? system32\DRIVERS\VIDEOPRT.SYS The system cannot find the file specified. ? system32\DRIVERS\wanarp.sys The system cannot find the file specified. ? system32\DRIVERS\watchdog.sys The system cannot find the file specified. ? system32\drivers\wdmaud.sys The system cannot find the file specified. ? System32\win32k.sys The system cannot find the file specified. ? volsnap.sys The system cannot find the file specified. ---- EOF - GMER 1.0.13 ----
  3. i pretty much have tonight only for a while to work on the computer, cuz after that i will be gone on christmas break for pretty much almost 2 months. so if we cant get it fixed tonight i will just come back here the next time i can, i hope i am not all forgotten by then. anyway, gmer gives me a message: Loaded GMER's driver version is incompatible with the currently running GMER application. you need to stop the driver with the command "net stop gmer" or restart your computer i have tried both, restarting jsust brings the messsage up again, and i checked the boxes you said after clicking away that messsage, and for some reason the firs box comes unchecked, the only way i have the option to scan is to do it on the first messsage that pops up. so i will try that. it is detecting a hidden process though.
  4. sorry its taking me so long to reply but i have my last paper of the semester due wednesday after noon (today as of 2 hours ago) so i cant free up my compter to scan til then prolly like 3 or so. dont give up on me, just hang on till i can finish this paper
  5. One thing I have noticed is that my internet has become VERY slow, and my page file usage keeps increasing every day. could any of that have to do with all the fixer programs we have been using? a re they leaving processes going that are slowing things down? Or is that possibly the doings of ylcgcuoc.dat? any suggestions? made any progress?
  6. I don't mind waiting, i have a paper to finish writing anyway by recovery console do you mean system restore? if not then I'm not sure what your talking about. System restore is no option because the thing erased all my restore points prior to infection once it got on. Yeah I have had problems before with this, microsoft is pretty crappy about supporting it well or trying to do anything about compatibility, even though it is supposed to run anything 32 bit as well due to the WOW/(x86) stuff, but sometimes people jsut dont write programs considering us 64 bit people and stuff just doesnt work. I'll hang on till you find something new.
  7. well i tried it and the file is still there. I tried it a second time and I got the pending filename message. I did not receive it the first time, but did the second time. It remains after the second attempt. this is one persistant bug huh? we'll get it ; )
  8. the program installs fine, but then is unresponsive. double clicking on the icon brings up the hourglass for a second or less, but nothing happens. the unlocker option never shows up on the right click menu as the website says it will. trying in compatibility mode does nothing. downloaded and tried Emco Unlock IT which said the file was not being locked by any processes, which is wierd because the access denied message continues to come up. i might try a few of the other programs on the unlocker site's list to check multiple times to see if i can unlock the file
  9. It won't let me--access denied make sure file is not in use or write protected, etc.
  10. first time i tried it restarted and before loading up my desktop i received a blue screen of death talking about the nvata64 driver and something messing up, talking about beginning dump of physical memory, then i restarted and it loaded up fine, but with our friend ylcgcuoq.dat still infesting my machine. I am wary of trying it again should I? the HJT part worked fine, anyway. (knock on wood) my searches are no longer being redirected, but I am still very suspicious of ylcgcuoq.dat due to its successful resistance to being deleted. That BSOD scared me, i hoep this thing does not tear up my system as we try to remove it. here is the log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 04:37 PM, on 12/09/2007 Platform: Windows 2003 SP2 (WinNT 5.02.3790) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files (x86)\FSI\F-Prot\fpavupdm.exe C:\WINDOWS\SysWOW64\PnkBstrA.exe C:\WINDOWS\SysWOW64\wwSecure.exe C:\Program Files (x86)\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files (x86)\Webroot\Washer\wwDisp.exe C:\WINDOWS\SysWOW64\ctfmon.exe C:\Program Files (x86)\FSI\F-Prot\F-Sched.exe C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files (x86)\iPod\bin\iPodService.exe C:\Documents and Settings\Administrator\Desktop\OTMoveIt.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O1 - Hosts: be placed in the first column followed by the corresponding host name. O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [FRISK FP-Scheduler] "C:\Program Files (x86)\FSI\F-Prot\F-Sched.exe" STARTUP O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [CatalystRegistration] "C:\Program Files (x86)\ATI\CatalystRegistration\dolce.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [Window Washer] C:\Program Files (x86)\Webroot\Washer\wwDisp.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe /startupscan O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [kffo] C:\PROGRA~2\COMMON~1\kffo\kffom.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [kffo] C:\PROGRA~2\COMMON~1\kffo\kffom.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL O15 - ESC Trusted Zone: http://runonce.msn.com O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.livemetallica.com/nugster/dlControl.CAB O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing) O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2saag.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing) O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing) O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files (x86)\FSI\F-Prot\fpavupdm.exe O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing) O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing) O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing) O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing) O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing) O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe -- End of file - 7254 bytes
  11. One thing is that (before the deleting of these files, havent had any yet) i have noticed the popups returning--every once in a while the warning triangle would come up with "SCAN YOUR SYSTEM--NOW!", etc.) and i would click it to make it go away. here is how it went: C:\WINDOWS\SysWow64\dpvacmv.dll<---This file* (deleted) C:\WINDOWS\system32\udhrat.exe<---This file* (not present) C:\WINDOWS\system32\nljazrum.dat<---This file* (deleted) C:\WINDOWS\system32\audiosrva.dll<---This file* (deleted) C:\WINDOWS\SysWOW64\4vmxdpmgs.exe<---This file* (not present) C:\WINDOWS\system32\camaddin.dll<---This file* (not present) all good, 3 files deleted, 3 not present (two of which I had deleted earlier udhrat and 4vmx) except that C:\WINDOWS\SysWOW64\Drivers\ylcgcuoq.dat<---windows said that this file is in use (because it is not checked read only, it is not write protected) and won't let me delete it. I tried using hijack this' delete on reboot feature but it did not work. Also now that I have its actual location i tried to scan it to jottis, but it is being blocked--I know it is not 0 bytes because it is 19 kb. it somehow blocking its own scan and deletion. Don't want to count my chickens before they hatch, but after deleting those files i have not been redirected in my searches (knock on wood * * *). The internet still seems sluggish, but that probably is just ylcgcuoq and/or that new file from before. here is my HJT log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:43 PM, on 12/09/2007 Platform: Windows 2003 SP2 (WinNT 5.02.3790) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files (x86)\FSI\F-Prot\fpavupdm.exe C:\WINDOWS\SysWOW64\PnkBstrA.exe C:\WINDOWS\SysWOW64\wwSecure.exe C:\Program Files (x86)\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files (x86)\Webroot\Washer\wwDisp.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\SysWOW64\ctfmon.exe C:\Program Files (x86)\FSI\F-Prot\F-Sched.exe C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files (x86)\iPod\bin\iPodService.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O1 - Hosts: be placed in the first column followed by the corresponding host name. O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {10F02D85-BCB8-4AD4-BCA8-CBBA548FC64B} - C:\WINDOWS\SysWow64\dpvacmv.dll (file missing) O2 - BHO: (no name) - {293D6DCB-E93F-42F9-BB5B-A11EF759210C} - C:\WINDOWS\SysWow64\dpvacmv.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7BCD843D-31F6-493D-BDA9-BDC6F721542C} - C:\WINDOWS\SysWow64\dpvacmv.dll (file missing) O4 - HKLM\..\Run: [FRISK FP-Scheduler] "C:\Program Files (x86)\FSI\F-Prot\F-Sched.exe" STARTUP O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [CatalystRegistration] "C:\Program Files (x86)\ATI\CatalystRegistration\dolce.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [Window Washer] C:\Program Files (x86)\Webroot\Washer\wwDisp.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe /startupscan O4 - HKCU\..\Policies\Explorer\Run: [udhrat] C:\WINDOWS\system32\udhrat.exe O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [kffo] C:\PROGRA~2\COMMON~1\kffo\kffom.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [kffo] C:\PROGRA~2\COMMON~1\kffo\kffom.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL O15 - ESC Trusted Zone: http://runonce.msn.com O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.livemetallica.com/nugster/dlControl.CAB O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\camaddin.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing) O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2saag.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing) O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing) O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files (x86)\FSI\F-Prot\fpavupdm.exe O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing) O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing) O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing) O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing) O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing) O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe -- End of file - 7597 bytes
  12. ok heres whats happening. because of my 64 bit system i have to run avenger in compatability mode in the first place. Even so, everything goes normally until after it boots back up, when in the black dos program operation box it says a whole bunch of stuff about not having the right files, etc. it goes away after a few seconds and the log file is blank. and the offending items still show up on HJT. do you know why my avenger is messing up? is HJT capable of fixing these? new HTJ log just for the hell of it. something new is on there too i think--O4 - HKLM\..\Run: [ksrilaxa] C:\ctjekswn.bat--I dont recognize this one, it might be suspicious Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 04:28 AM, on 12/09/2007 Platform: Windows 2003 SP2 (WinNT 5.02.3790) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files (x86)\FSI\F-Prot\fpavupdm.exe C:\WINDOWS\SysWOW64\PnkBstrA.exe C:\WINDOWS\SysWOW64\wwSecure.exe C:\Program Files (x86)\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files (x86)\Webroot\Washer\wwDisp.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\SysWOW64\ctfmon.exe C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files (x86)\FSI\F-Prot\F-Sched.exe C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files (x86)\iPod\bin\iPodService.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O1 - Hosts: be placed in the first column followed by the corresponding host name. O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {10F02D85-BCB8-4AD4-BCA8-CBBA548FC64B} - C:\WINDOWS\SysWow64\dpvacmv.dll O2 - BHO: (no name) - {293D6DCB-E93F-42F9-BB5B-A11EF759210C} - C:\WINDOWS\SysWow64\dpvacmv.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7BCD843D-31F6-493D-BDA9-BDC6F721542C} - C:\WINDOWS\SysWow64\dpvacmv.dll O4 - HKLM\..\Run: [FRISK FP-Scheduler] "C:\Program Files (x86)\FSI\F-Prot\F-Sched.exe" STARTUP O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [CatalystRegistration] "C:\Program Files (x86)\ATI\CatalystRegistration\dolce.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [ksrilaxa] C:\ctjekswn.bat O4 - HKCU\..\Run: [Window Washer] C:\Program Files (x86)\Webroot\Washer\wwDisp.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe /startupscan O4 - HKCU\..\Policies\Explorer\Run: [udhrat] C:\WINDOWS\system32\udhrat.exe O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [kffo] C:\PROGRA~2\COMMON~1\kffo\kffom.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [kffo] C:\PROGRA~2\COMMON~1\kffo\kffom.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL O15 - ESC Trusted Zone: http://runonce.msn.com O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.livemetallica.com/nugster/dlControl.CAB O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\camaddin.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing) O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2saag.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing) O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing) O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files (x86)\FSI\F-Prot\fpavupdm.exe O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing) O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing) O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing) O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing) O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing) O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe -- End of file - 7653 bytes
  13. it keeps telling me that look2 me is not found. i tried actually going to the website and downloading the zip too, but it did not work either. I dont know if that means taht the look2me virus is not on my computer, or if the program doesnt work right , but here is my HJT log anyways. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:32 AM, on 12/09/2007 Platform: Windows 2003 SP2 (WinNT 5.02.3790) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files (x86)\FSI\F-Prot\fpavupdm.exe C:\WINDOWS\SysWOW64\PnkBstrA.exe C:\WINDOWS\SysWOW64\wwSecure.exe C:\Program Files (x86)\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files (x86)\AIM6\aim6.exe C:\Program Files (x86)\Webroot\Washer\wwDisp.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\SysWOW64\ctfmon.exe C:\Program Files (x86)\FSI\F-Prot\F-Sched.exe C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\ATI\CatalystRegistration\dolce.exe C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files (x86)\iPod\bin\iPodService.exe C:\Program Files (x86)\AIM6\aolsoftware.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O1 - Hosts: be placed in the first column followed by the corresponding host name. O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {10F02D85-BCB8-4AD4-BCA8-CBBA548FC64B} - C:\WINDOWS\SysWow64\dpvacmv.dll O2 - BHO: (no name) - {293D6DCB-E93F-42F9-BB5B-A11EF759210C} - C:\WINDOWS\SysWow64\dpvacmv.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7BCD843D-31F6-493D-BDA9-BDC6F721542C} - C:\WINDOWS\SysWow64\dpvacmv.dll O4 - HKLM\..\Run: [FRISK FP-Scheduler] "C:\Program Files (x86)\FSI\F-Prot\F-Sched.exe" STARTUP O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [CatalystRegistration] "C:\Program Files (x86)\ATI\CatalystRegistration\dolce.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [Aim6] "C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [Window Washer] C:\Program Files (x86)\Webroot\Washer\wwDisp.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe /startupscan O4 - HKCU\..\Policies\Explorer\Run: [udhrat] C:\WINDOWS\system32\udhrat.exe O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [kffo] C:\PROGRA~2\COMMON~1\kffo\kffom.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [kffo] C:\PROGRA~2\COMMON~1\kffo\kffom.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL O15 - ESC Trusted Zone: http://runonce.msn.com O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.livemetallica.com/nugster/dlControl.CAB O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\camaddin.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing) O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2saag.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing) O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing) O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files (x86)\FSI\F-Prot\fpavupdm.exe O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing) O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing) O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing) O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing) O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing) O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe -- End of file - 7790 bytes
  14. ok here are my results File: dpvacmv.dll Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) MD5: b9c228372922f8901791e9c11274d5c7 Packers detected: PE_PATCH.UPX, UPX Bit9 reports: File not found Scan taken on 09 Dec 2007 04:20:54 (GMT) A-Squared Found nothing AntiVir Found TR/Spy.BZub.NGP.7 ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found Trojan.Spy.Bzub.NGP ClamAV Found nothing CPsecure Found nothing Dr.Web Found Trojan.DownLoader.origin F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Ikarus Found Trojan-PWS.Win32.Lmir Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found BZub.ARU Panda Antivirus Found nothing Rising Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing udhrat.exe (note this was a problem file taht i got rid of last year, or so i thought, so the file itself might not still be on my comp) The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file File: nljazrum.dat Status: OK MD5: 343dcf82198435f175d4bf252c5b2fee Packers detected: - Bit9 reports: File not found Scanner results Scan taken on 09 Dec 2007 04:25:01 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Ikarus Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Rising Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing ylcgcuoq.dat The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file File: audiosrva.dll Status: INFECTED/MALWARE MD5: afb9102775751a5a2ad07fb25b971d89 Packers detected: - Bit9 reports: File not found Scanner results Scan taken on 09 Dec 2007 04:28:53 (GMT) A-Squared Found nothing AntiVir Found TR/Crypt.Morphine.Gen ArcaVir Found nothing Avast Found nothing AVG Antivirus Found Obfustat.ABPN BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Ikarus Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Rising Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing 4vmxdpmgs.exe (note I manually deleted this file earlier) The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file