• Announcements

    • LS.Andy

      Support for other products than adaware, ad block, web protection and Web Companion   05/05/2017

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock

      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/
       
Sign in to follow this  
Followers 0
DarkFury

Vx2 Malware

26 posts in this topic

Every now and then I keep getting a VX2 Malware and a Wurlview Data Miner warning when I run AdAware 2007 from Windows Safe Mode...

 

I tell the program to delete these threats... however they seem to keep coming back (even though the program says everything is clear.... after doing a Full Scan.

 

Any suggestions on how to get rid of this malware for good?

Share this post


Link to post
Share on other sites

Hello DarkFury,

 

Could you please post your Ad-Aware scan log so that we can see exactly what items are being detected and where?

 

As Logs are stored in :

C:\Documents and Settings\USERNAME\Application Data\Lavasoft\Ad-aware\Logs\.

An easy way to get there is to

click Start,

click Run

And type in and press ENTER: %appdata%

then click Lavasoft

then Ad-Aware

and then Logs.

scroll down to find the latest one that you have

(by date & time)

and open it right Click select all

copy and then paste the contents of it here.

Share this post


Link to post
Share on other sites

Ok... I have a question before I do this.

 

I see 5 files in my C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\logs directory.

 

Ad-Aware update.log

AdAware event.log

update.log

Ad-Aware 20070705 18-42-40.log.xml

aaw2007log.xsl

 

Which files do you want me to post? Also, that 4th file looks suspicious with a .log.xml extension (don't wanna accidentally trigger a trojan if that is the case...)

 

I ran the last scan from Safe Mode, so that there aren't any files in the [username] Lavasoft directory (although I have run the program from Windows before.) I wonder if something cleaned those logs out of the system.

Share this post


Link to post
Share on other sites

It is this one:

Ad-Aware 20070705 18-42-40.log.xml

 

No, that isn't a virus it's the scan log. :D

 

Open it and then copy and paste in the results here. I don't think you can attach an xml file as an attachment

Share this post


Link to post
Share on other sites

Thank you... here is the log:

 

Scan Results

Ad-Aware 2007 Free Edition

Log File Created on:2007-07-0518:42:40

Using Definitions File:C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\core.aawdef

Computer name:KAPPA1

Name of user performing scan:SYSTEM

Name of user ordering scan:Jaryl

Scan completed successfully

 

System Information

File Verion Information

Ad-Aware 2007 Settings

Extended Ad-Aware 2007 Settings

Database Information

Scan Statistics

Scan Detailed Statistics

Infections Found

Listing of running processes

System Information

Number of processors:2

Processor type:Intel® Pentium® 4 CPU 3.40GHz

Memory Available:78%

Total Physical Memory:2146152448 Bytes

Available Physical Memory:1663991808 Bytes

Total Page File Size:3599659008 Bytes

Available On Page File:3322769408 Bytes

Total Virtual Memory:2147352576 Bytes

Available Virtual Memory:1997590528 Bytes

OS:Microsoft Windows XP 5.1 (Build 2600)

[to top]

File Verion Information

File Version

CEAPI.dll 7, 0, 1, 4

aawservice.exe 7, 0, 1, 4

Ad-Aware2007.exe 7.0.1.4

[to top]

Ad-Aware 2007 Settings

Skipping files larger than:1048576 Bytes

Ignoring infections with lower TAI than:3

Safe Mode:False

[to top]

Extended Ad-Aware 2007 Settings

Unload malicious processes and modules

Unload Modules

Let Windows remove files at Start-Up

Deactivate Ad-Watch

Re-analyze Scan Result

Update Definitions on startup

Delete Restored Items

Permanent Archive Caching

Write Protect System Files

Create Log file

Include basic settings

Include advanced settings

Include user and computer name

Environment information

Running processes

Running processes and modules

Include info about ignored objects in log file

Consider definitions File Outdated after x days

Proxy URL

Proxy Port

[to top]

Database Info

Version number:7

Build Number:0

Build Date and Time:2007/07/0501:55:33

[to top]

Scan Statistics

Method:Full

 

Items Scanned:242238

Infections Detected:5

Infections Removed:0

Infections Quarantined:0

Infections Ignored:0

[to top]

Scan Detailed Statistics

Type Critical Total

Process Scan 0 0

Registry Scan 2 2

Registry PE Scan 0 0

Hosts Scan 0 0

File Scan 0 0

Folder Scan 0 0

LSP Scan 0 0

ADS Scan 0 0

Cookie Scan 1 1

File Hash Scan 0 0

[to top]

Infections Found

Family Id Name Category TAI

776 VX2 Malware 10

[300016485] Root: HKU Path: S-1-5-19_Classes\\interface\{59ebb576-ceb0-42fa-9917-da6254a275ad}

 

1106 WurldMedia DataMiner 9

[300025356] Root: HKU Path: S-1-5-19_Classes\\interface\{67972704-3546-4e3d-ab46-e39dbae06123}

 

725 Tracking Cookie DataMiner 3

[600000416] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jaryl\Cookies\index.dat www.mediarevenue.net MAXID /

 

9999 MRU Object MRU Object 0

[1] MRU Path: C:\Documents and Settings\Jaryl\Recent Count: 12

[3] MRU Registry Key: S-1-5-21-484763869-1935655697-839522115-1002\Software\Microsoft\Internet Explorer\TypedURLs Count: 4

 

 

Quarantined Objects

Family Id Name Category TAI

 

Removed Objects

Family Id Name Category TAI

725 Tracking Cookie DataMiner 3

[600000416] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jaryl\Cookies\index.dat www.mediarevenue.net MAXID /

 

9999 MRU Object MRU Object 0

[1] MRU Path: C:\Documents and Settings\Jaryl\Recent Count: 12

[3] MRU Registry Key: S-1-5-21-484763869-1935655697-839522115-1002\Software\Microsoft\Internet Explorer\TypedURLs Count: 4

 

[to top]

Listing of Running Processes

C:\WINDOWS\SYSTEM32\SMSS.EXE

c:\windows\system32\smss.exe

c:\windows\system32\ntdll.dll

C:\WINDOWS\SYSTEM32\CSRSS.EXE

c:\windows\system32\csrss.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\csrsrv.dll

c:\windows\system32\basesrv.dll

c:\windows\system32\winsrv.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\sxs.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

C:\WINDOWS\SYSTEM32\WINLOGON.EXE

c:\windows\system32\winlogon.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\authz.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\nddeapi.dll

c:\windows\system32\profmap.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\psapi.dll

c:\windows\system32\regapi.dll

c:\windows\system32\secur32.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\version.dll

c:\windows\system32\winsta.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\imm32.dll

c:\windows\system32\msgina.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\odbc32.dll

c:\windows\system32\comdlg32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\odbcint.dll

c:\windows\system32\shsvcs.dll

c:\windows\system32\sfc.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\ole32.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\winscard.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\cscdll.dll

c:\windows\system32\wlnotify.dll

c:\windows\system32\winspool.drv

c:\windows\system32\mpr.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\wgalogon.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\cscui.dll

c:\windows\system32\mprapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\atl.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\xpsp2res.dll

C:\WINDOWS\SYSTEM32\SERVICES.EXE

c:\windows\system32\services.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\scesrv.dll

c:\windows\system32\authz.dll

c:\windows\system32\umpnpmgr.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\ncobjapi.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acadproc.dll

c:\windows\system32\imm32.dll

c:\windows\system32\secur32.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\version.dll

c:\windows\system32\eventlog.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\psapi.dll

c:\windows\system32\wtsapi32.dll

C:\WINDOWS\SYSTEM32\LSASS.EXE

c:\windows\system32\lsass.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\lsasrv.dll

c:\windows\system32\mpr.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\secur32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\samsrv.dll

c:\windows\system32\cryptdll.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\msprivs.dll

c:\windows\system32\kerberos.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\netlogon.dll

c:\windows\system32\w32time.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\schannel.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\wdigest.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\scecli.dll

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\rpcss.dll

c:\windows\system32\secur32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\termsrv.dll

c:\windows\system32\icaapi.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\authz.dll

c:\windows\system32\mstlsapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\atl.dll

c:\windows\system32\regapi.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\rpcss.dll

c:\windows\system32\secur32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\dhcpcsvc.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\secur32.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\wzcsvc.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\wmi.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\esent.dll

c:\windows\system32\atl.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\rastls.dll

c:\windows\system32\cryptui.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\mprapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\schannel.dll

c:\windows\system32\winscard.dll

c:\windows\system32\wkssvc.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\raschap.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\cryptsvc.dll

c:\windows\system32\certcli.dll

c:\windows\pchealth\helpctr\binaries\pchsvc.dll

c:\windows\system32\dmserver.dll

c:\windows\system32\netman.dll

c:\windows\system32\netshell.dll

c:\windows\system32\credui.dll

c:\windows\system32\wzcsapi.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\srsvc.dll

c:\windows\system32\powrprof.dll

c:\windows\system32\srvsvc.dll

c:\windows\system32\wbem\wmisvc.dll

c:\windows\system32\vssapi.dll

c:\windows\system32\ipnathlp.dll

c:\windows\system32\authz.dll

c:\windows\system32\winspool.drv

c:\windows\system32\browser.dll

c:\windows\system32\wbem\wbemprox.dll

c:\windows\system32\wbem\wbemcomn.dll

c:\windows\system32\wbem\wbemcore.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\wbem\esscli.dll

c:\windows\system32\wbem\fastprox.dll

c:\windows\system32\wbem\wbemsvc.dll

c:\windows\system32\wbem\wmiutils.dll

c:\windows\system32\wbem\repdrvfs.dll

c:\windows\system32\wbem\wmiprvsd.dll

c:\windows\system32\ncobjapi.dll

c:\windows\system32\wbem\wbemess.dll

c:\windows\system32\netcfgx.dll

c:\windows\system32\clusapi.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\dnsrslvr.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\lmhsvc.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

C:\WINDOWS\EXPLORER.EXE

c:\windows\explorer.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\shell32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\browseui.dll

c:\windows\system32\shdocvw.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\cryptui.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\version.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\apphelp.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\cscui.dll

c:\windows\system32\cscdll.dll

c:\windows\system32\themeui.dll

c:\windows\system32\secur32.dll

c:\windows\system32\msimg32.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\msutb.dll

c:\windows\system32\msctf.dll

c:\windows\system32\linkinfo.dll

c:\windows\system32\ntshrui.dll

c:\windows\system32\atl.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\psapi.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\mlang.dll

c:\windows\system32\winsta.dll

c:\windows\system32\msi.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\mpr.dll

c:\windows\system32\drprov.dll

c:\windows\system32\ntlanman.dll

c:\windows\system32\netui0.dll

c:\windows\system32\netui1.dll

c:\windows\system32\netrap.dll

c:\windows\system32\samlib.dll

c:\windows\system32\davclnt.dll

C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE

c:\program files\lavasoft\ad-aware 2007\aawservice.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\program files\lavasoft\ad-aware 2007\ceapi.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\program files\lavasoft\ad-aware 2007\pkarchive84cb.dll

c:\windows\system32\shell32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\ole32.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\psapi.dll

c:\windows\system32\version.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\program files\lavasoft\ad-aware 2007\update.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\mswsock.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

C:\WINDOWS\SYSTEM32\WBEM\WMIPRVSE.EXE

c:\windows\system32\wbem\wmiprvse.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\wbem\wbemcomn.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\wbem\fastprox.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\secur32.dll

c:\windows\system32\ncobjapi.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\wbem\wbemprox.dll

c:\windows\system32\wbem\wbemsvc.dll

c:\windows\system32\wbem\wmiutils.dll

c:\windows\system32\licwmi.dll

c:\windows\system32\wbem\framedyn.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\licdll.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\wbem\cimwin32.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\cfgmgr32.dll

c:\windows\system32\wmi.dll

C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AD-AWARE2007.EXE

c:\program files\lavasoft\ad-aware 2007\ad-aware2007.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\comdlg32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shell32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\inetmib1.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\snmpapi.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\mprapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\atl.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\samlib.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\version.dll

c:\windows\system32\mpr.dll

c:\windows\system32\winmm.dll

c:\windows\system32\oleacc.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\uxtheme.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\cscui.dll

c:\windows\system32\cscdll.dll

c:\windows\system32\olepro32.dll

c:\windows\system32\secur32.dll

Share this post


Link to post
Share on other sites

Thanks!

 

These are not active infections, but rather some trace items in the registry. Odd that nothing else was found with it - let me research what this find is.

 

The MRU's you can ignore - in fact they are not threats but can be useful so I would suggest you tweak the scanning and choose to leave the MRU's (most recently used lists) off.

 

These are what I want to look at a little closer:

 

Family Id Name Category TAI

776 VX2 Malware 10

[300016485] Root: HKU Path: S-1-5-19_Classes\\interface\{59ebb576-ceb0-42fa-9917-da6254a275ad}

 

1106 WurldMedia DataMiner 9

[300025356] Root: HKU Path: S-1-5-19_Classes\\interface\{67972704-3546-4e3d-ab46-e39dbae06123}

 

725 Tracking Cookie DataMiner 3

[600000416] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jaryl\Cookies\index.dat www.mediarevenue.net MAXID /

 

Those last two are coming from a cookie and finding the reference in the cookies index.dat - not a threat either really but let me investigate some more on this.

 

You do not have an active infection going there so you can rest easy on that.

Share this post


Link to post
Share on other sites
You do not have an active infection going there so you can rest easy on that.

Thank you so much.... that is sure a relief!!!!

 

Seeing that VX2 alert pop up twice (I attempted to remove it previously about 2 weeks ago...) just made me nervous.... and reading out on the web, folks have been talking about it's ability to mask itself and re-write it's code to a different name in order to avoid detection and cleaning.

 

This is what got me so spooked about this malware....

Share this post


Link to post
Share on other sites
Thank you so much.... that is sure a relief!!!!

 

Seeing that VX2 alert pop up twice (I attempted to remove it previously about 2 weeks ago...) just made me nervous.... and reading out on the web, folks have been talking about it's ability to mask itself and re-write it's code to a different name in order to avoid detection and cleaning.

 

This is what got me so spooked about this malware....

Yes, I can see why you would be worried. That is also the reason I wanted to assure you that those few keys alone do not signify either an active infection nor, with no other signs of that particular malware present, that this machine had a prior infection either.

 

I found another thread in here reporting the exact same

http://www.lavasoftsupport.com/index.php?showtopic=10191

and this makes me wonder if there is a legit software out there that is using the same CSLID identifier. That is a VERY rare occurrence but can happen.

 

See this example

http://www.lavasoftsupport.com/index.php?showtopic=5288

 

I've been doing malware removal since 1999 and am quite familiar with Vx2 and related infections. You do not have any other signs of it (and those would show in different areas) other than these couple of keys so I'm suspecting something else causing the alert. There are NO associated files present either - files are the root of any infection (not registry keys) - so those keys alone cannot infect your machine.

 

My suggestion is to put those on "ignore" for now while we investigate.

 

In trying to pin down exactly what is using those keys - could you please run these two free diagnostic tools to generate a log I can review? This will give a little more info about what is running on your system.

 

1. Download ComboFix from Here to your Desktop.

  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

.........................

2. Deckard’s System Scanner

http://www.techsupportforum.com/sectools/Deckard/dss.exe

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.

 

 

1. Close all applications and windows.

2. Double-click on dss.exe to run it, and follow the prompts.

3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized[/size]

4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post in your reply

Share this post


Link to post
Share on other sites

ComboFix Log:

 

"Jaryl" - 2007-07-09 2:00:58 - ComboFix 07-07-09.3 - Service Pack 2

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\DOCUME~1\Jaryl\APPLIC~1.\macromedia\Flash Player\#SharedObjects\BBMR5YNH\www.broadcaster.com

C:\DOCUME~1\Jaryl\APPLIC~1.\macromedia\Flash Player\#SharedObjects\BBMR5YNH\www.broadcaster.com\played_list.sol

C:\DOCUME~1\Jaryl\APPLIC~1.\macromedia\Flash Player\#SharedObjects\BBMR5YNH\www.broadcaster.com\video_queue.sol

C:\DOCUME~1\Jaryl\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com

C:\DOCUME~1\Jaryl\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol

 

 

((((((((((((((((((((((((( Files Created from 2007-06-09 to 2007-07-09 )))))))))))))))))))))))))))))))

 

 

2007-07-09 01:59 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-07-04 09:08 <DIR> d-------- C:\Program Files\Prime95

2007-06-26 22:53 <DIR> d-------- C:\Program Files\Lavalys

2007-06-26 17:03 <DIR> d-------- C:\DOCUME~1\Jaryl\APPLIC~1\U3

2007-06-24 22:08 1,018,772 --a------ C:\WINDOWS\system32\nvucode.bin

2007-06-20 19:26 <DIR> d-------- C:\DOCUME~1\Jaryl\APPLIC~1\DivX

2007-06-20 19:25 36,624 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys

2007-06-20 19:25 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys

2007-06-20 19:25 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

2007-06-20 19:25 129,784 --------- C:\WINDOWS\system32\pxafs.dll

2007-06-20 19:25 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe

2007-06-20 19:25 116,472 --------- C:\WINDOWS\system32\pxcpyi64.exe

2007-06-20 19:25 <DIR> d-------- C:\Program Files\DivX

2007-06-18 00:54 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll

2007-06-18 00:53 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys

2007-06-17 22:35 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys

2007-06-17 22:35 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys

2007-06-17 22:35 <DIR> d-------- C:\WINDOWS\system32\Futuremark

2007-06-17 22:35 <DIR> d-------- C:\Program Files\Futuremark

2007-06-17 00:49 69,632 --a------ C:\WINDOWS\system32\KemXML.dll

2007-06-17 00:49 163,840 --a------ C:\WINDOWS\system32\kemutb.dll

2007-06-17 00:49 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll

2007-06-17 00:49 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll

2007-06-17 00:49 <DIR> d-------- C:\DOCUME~1\Jaryl\APPLIC~1\Logitech

2007-06-17 00:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogiShrd

2007-06-17 00:48 <DIR> d-------- C:\Program Files\Logitech

2007-06-17 00:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech

2007-06-16 22:28 <DIR> d-------- C:\Program Files\Windows Media Connect 2

2007-06-16 22:26 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2007-06-16 22:26 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2007-06-13 00:26 <DIR> d-------- C:\WINDOWS\pss

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-07-09 03:17:07 -------- d-----w C:\Program Files\City of Heroes

2007-07-07 20:13:47 384 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000003-00000000-0000000C-00001102-00000004-20021102}.dat

2007-07-07 20:13:47 384 ----a-w C:\WINDOWS\system32\DVCState-{00000003-00000000-0000000C-00001102-00000004-20021102}.dat

2007-07-05 02:16:41 -------- d-----w C:\Program Files\EPSON Print CD

2007-07-04 05:10:29 -------- d-----w C:\Program Files\Norton SystemWorks

2007-06-30 00:28:34 -------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-06-25 03:17:36 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE

2007-06-25 03:17:36 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe

2007-06-18 04:54:07 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll

2007-06-18 04:52:45 -------- d--h--w C:\Program Files\InstallShield Installation Information

2007-06-17 04:49:10 -------- d-----w C:\Program Files\Common Files\Logitech

2007-06-11 01:27:49 -------- d-----w C:\DOCUME~1\Jaryl\APPLIC~1\EPSON

2007-06-08 06:33:38 -------- d-----w C:\Program Files\Lavasoft

2007-06-08 06:33:08 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2007-06-08 06:32:28 -------- d-----w C:\DOCUME~1\Jaryl\APPLIC~1\Lavasoft

2007-06-05 03:54:37 -------- d-----w C:\Program Files\PerformanceTest

2007-06-05 03:48:43 -------- d-----w C:\Program Files\CheckIt

2007-06-05 03:44:45 -------- d-----w C:\DOCUME~1\Jaryl\APPLIC~1\Symantec

2007-06-05 03:38:15 -------- d-----w C:\Program Files\Symantec

2007-06-04 20:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys

2007-06-04 20:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys

2007-06-04 20:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys

2007-05-31 06:45:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2007-05-31 06:44:55 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll

2007-05-31 06:44:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll

2007-05-31 06:44:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll

2007-05-31 06:44:54 740,442 ----a-w C:\WINDOWS\system32\DivX.dll

2007-05-30 06:48:40 -------- d-----w C:\Program Files\SpywareBlaster

2007-05-24 06:12:22 -------- d-----w C:\Program Files\CohTest

2007-05-24 00:33:23 -------- d-----w C:\Program Files\CoH Hero Builder

2007-05-23 03:09:10 -------- d-----w C:\Program Files\ColorCop

2007-05-23 02:38:34 -------- d-----w C:\DOCUME~1\Jaryl\APPLIC~1\OfficeUpdate12

2007-05-23 02:38:14 -------- d-----w C:\Program Files\Microsoft Works

2007-05-23 02:28:52 -------- d-----w C:\Program Files\Common Files\L&H

2007-05-23 02:28:14 -------- d-----w C:\Program Files\Microsoft.NET

2007-05-22 03:55:00 -------- d-----w C:\Program Files\WS_FTP

2007-05-21 03:00:22 -------- d-----w C:\Program Files\NEC DISPLAY SOLUTIONS

2007-05-20 00:01:25 -------- d-----w C:\Program Files\HeroStats

2007-05-20 00:00:48 -------- d-----w C:\DOCUME~1\Jaryl\APPLIC~1\InstallShield

2007-05-18 23:16:03 -------- d-----w C:\DOCUME~1\Jaryl\APPLIC~1\InterTrust

2007-05-17 05:05:10 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2

2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll

2007-05-16 11:32:29 -------- d-----w C:\Program Files\Executive Software

2007-05-16 11:13:32 -------- d-----w C:\Program Files\NoteTab Pro

2007-05-16 04:28:00 -------- d-----w C:\DOCUME~1\Jaryl\APPLIC~1\Ventrilo

2007-05-16 04:25:38 -------- d-----w C:\Program Files\Ventrilo

2007-05-16 03:45:21 -------- d-----w C:\DOCUME~1\Jaryl\APPLIC~1\Ideazon

2007-05-16 03:44:39 -------- d-----w C:\Program Files\Ideazon

2007-05-16 03:23:30 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat

2007-05-16 02:51:56 10,344 ----a-w C:\WINDOWS\system32\drivers\symlcbrd.sys

2007-05-16 01:18:01 -------- d-----w C:\DOCUME~1\Jaryl\APPLIC~1\Creative

2007-05-16 01:16:29 -------- d-----w C:\Program Files\Creative

2007-05-16 01:12:19 184 ----a-w C:\WINDOWS\system32\e000001.dat

2007-05-16 00:48:22 -------- d-----w C:\Program Files\Saitek

2007-05-16 00:41:28 -------- d-----w C:\Program Files\EPSON

2007-05-16 00:38:12 -------- d-----w C:\Program Files\NewSoft

2007-05-16 00:37:28 -------- d-----w C:\Program Files\ABBYY FineReader 6.0 Sprint

2007-05-16 00:36:27 -------- d-----w C:\Program Files\ArcSoft

2007-05-16 00:33:54 -------- d-----w C:\Program Files\Common Files\InstallShield

2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll

2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2007-04-23 00:02:34 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll

2007-04-23 00:02:34 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll

2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2007-04-23 00:02:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll

2007-04-23 00:02:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll

2007-04-23 00:02:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll

2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll

2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll

2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll

2007-04-23 00:01:46 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe

2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll

2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll

2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll

2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll

2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll

2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe

2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

2007-04-17 03:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll

2007-04-17 03:43:40 208,248 ----a-w C:\WINDOWS\system32\muweb.dll

2007-04-13 20:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe

2007-04-11 19:33:20 1,419,024 ----a-w C:\WINDOWS\system32\WdfCoInstaller01005.dll

2007-04-11 19:32:22 56,080 ----a-w C:\WINDOWS\KHALMNPR.Exe

2007-04-11 16:04:16 524,288 ----a-w C:\WINDOWS\opuc.dll

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

2006-10-23 00:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

2005-05-31 02:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}]

2007-04-02 20:19 140912 --a------ C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WINDVDPatch"="CTHELPER.EXE" [2003-10-06 02:57 C:\WINDOWS\system32\CTHELPER.EXE]

"nwiz"="nwiz.exe" [2006-10-22 13:22 C:\WINDOWS\system32\nwiz.exe]

"HPWNTOOLBOX"="C:\Program Files\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe" [2004-07-01 18:47]

"Agent"="C:\Program Files\CyberLink\PowerVCRII\Agent.exe" [2002-10-01 16:57]

"Remote_Agent"="C:\Program Files\CyberLink\PowerVCRII\RemoteAgent.exe" [2002-10-07 11:35]

"EEventManager"="C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 15:09]

"Profiler"="C:\Program Files\Saitek\Software\Profiler.exe" [2004-10-20 13:47]

"SaiSmart"="C:\Program Files\Saitek\Software\SaiSmart.exe" [2004-10-20 13:48]

"SaiMfd"="C:\Program Files\Saitek\Software\SaiMfd.exe" [2004-10-20 13:06]

"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 11:43]

"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 02:00]

"CTHelper"="CTHELPER.EXE" [2003-10-06 02:57 C:\WINDOWS\system32\CTHELPER.EXE]

"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 19:06]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-09-17 03:27]

"Norton Ghost 10.0"="C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe" [2007-04-10 13:01]

"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 C:\WINDOWS\KHALMNPR.Exe]

"Zboard"="C:\Program Files\Ideazon\ZEngine\Zboard.exe" [2007-04-03 20:46]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RemoteCenter"="C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 17:35]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoViewOnDrive"=0 (0x0)

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WdfLoadGroup]

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\P]

AutoRun\command- P:\LaunchU3.exe -a

 

 

Contents of the 'Scheduled Tasks' folder

2007-05-26 05:01:00 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Jaryl.job

2007-06-25 16:00:02 C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job

2007-07-09 04:00:00 C:\WINDOWS\tasks\Symantec Drmc.job

 

**************************************************************************

 

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-09 02:03:01

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-07-09 2:03:51

C:\ComboFix-quarantined-files.txt ... 2007-07-09 02:03

 

--- E O F ---

 

 

 

====================================================================================

 

HijackThis Log:

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 2:06:38 AM, on 7/9/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Executive Software\DiskeeperLite\DKService.exe

C:\WINDOWS\System32\GEARSec.exe

C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\VProSvc.exe

C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe

C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE

C:\Program Files\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe

C:\Program Files\CyberLink\PowerVCRII\Agent.exe

C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE

C:\Program Files\Saitek\Software\Profiler.exe

C:\Program Files\Saitek\Software\SaiSmart.exe

C:\Program Files\Saitek\Software\SaiMfd.exe

C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Ideazon\ZEngine\Zboard.exe

C:\WINDOWS\explorer.exe

C:\Program Files\internet explorer\iexplore.exe

E:\Downloads\hijack this\Version 2\HiJackThis_v2.exe

C:\WINDOWS\system32\cmd.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [HPWNTOOLBOX] C:\Program Files\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe "-i"

O4 - HKLM\..\Run: [Agent] C:\Program Files\CyberLink\PowerVCRII\Agent.exe

O4 - HKLM\..\Run: [Remote_Agent] C:\Program Files\CyberLink\PowerVCRII\RemoteAgent.exe

O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe

O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe

O4 - HKLM\..\Run: [saiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe

O4 - HKLM\..\Run: [saiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [sBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe"

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121326235311

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1179877208967

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe

O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\VProSvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 10106 bytes

Share this post


Link to post
Share on other sites

Deckard Scanner logs:

 

Main:

 

Deckard's System Scanner v20070708.52

Run by Jaryl on 2007-07-09 at 02:11:13

Computer is in Normal Mode.

--------------------------------------------------------------------------------

 

-- System Restore --------------------------------------------------------------

 

Successfully created a Deckard's System Scanner Restore Point.

 

 

-- Last 5 Restore Point(s) --

43: 2007-07-09 06:11:17 UTC - RP142 - Deckard's System Scanner Restore Point

42: 2007-07-08 03:59:22 UTC - RP141 - System Checkpoint

41: 2007-07-07 02:10:37 UTC - RP140 - System Checkpoint

40: 2007-07-06 00:27:25 UTC - RP139 - System Checkpoint

39: 2007-07-04 07:23:19 UTC - RP138 - System Checkpoint

 

 

-- First Restore Point --

1: 2007-05-19 23:52:16 UTC - RP100 - Removed VidiotMaps Map Overlay

 

 

Backed up registry hives.

 

Performed disk cleanup.

 

 

-- HijackThis Clone ------------------------------------------------------------

 

Emulating logfile of HijackThis v1.99.1

Scan saved at 2007-07-09 02:12:28

Platform: Windows XP Service Pack 2 (5.01.2600)

MSIE: Internet Explorer (7.00.6000.16473)

 

Running processes:

C:\WINDOWS\system32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\WINDOWS\system32\CTSVCCDA.EXE

C:\Program Files\Executive Software\DiskeeperLite\DKService.exe

C:\WINDOWS\system32\gearsec.exe

C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVAPSVC.EXE

C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\VProSvc.exe

C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMNTOR.EXE

C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I2H1.EXE

C:\Program Files\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe

C:\Program Files\CyberLink\PowerVCRII\agent.exe

C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAJA.EXE

C:\Program Files\Saitek\Software\Profiler.exe

C:\Program Files\Saitek\Software\SaiSmart.exe

C:\Program Files\Saitek\Software\SaiMfd.exe

C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Ideazon\ZEngine\Zboard.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Jaryl\Desktop\dss.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NAVSHEXT.DLL

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [HPWNTOOLBOX] C:\Program Files\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe "-i"

O4 - HKLM\..\Run: [Agent] C:\Program Files\CyberLink\PowerVCRII\Agent.exe

O4 - HKLM\..\Run: [Remote_Agent] C:\Program Files\CyberLink\PowerVCRII\RemoteAgent.exe

O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe

O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe

O4 - HKLM\..\Run: [saiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe

O4 - HKLM\..\Run: [saiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [sBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe"

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)

O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/e/7.../OGAControl.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc2.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121326235311

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1179877208967

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab

O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc4.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL

O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll

O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL

O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL

O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE

O23 - Service: Diskeeper - Executive Software International, Inc. - "C:\Program Files\Executive Software\DiskeeperLite\DKService.exe"

O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe

 

 

-- File Associations -----------------------------------------------------------

 

All associations okay.

 

 

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

 

R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys

R2 ALIEHCD (ALi PCI to USB Enhanced Host Controller) - c:\windows\system32\drivers\aliehci.sys <Not Verified; ALi Corporation; ALi Ehci Host Controller Driver>

R2 BCMNTIO - c:\program files\checkit\diagnostics\bcmntio.sys

R2 MAPMEM - c:\program files\checkit\diagnostics\mapmem.sys

R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft® ASPI Shell>

R3 aliroothub (USB 2.0 Root Hub) - c:\windows\system32\drivers\alirthub.sys <Not Verified; ALi Corporation; ALi Roothub Driver for USB2.0>

R3 SaiMini - c:\windows\system32\drivers\saimini.sys <Not Verified; Saitek; Configuration Software>

R3 SaiNtBus - c:\windows\system32\drivers\saintbus.sys <Not Verified; Saitek; Configuration Software>

 

S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>

S3 EverestDriver (Lavalys EVEREST Kernel Driver) - c:\program files\lavalys\everest home edition\kerneld.wnt

S3 SDdriver - c:\windows\system32\drivers\sddriver.sys <Not Verified; Symantec Corporation; Norton Speed Disk>

 

 

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

 

R2 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>

R2 Diskeeper - "c:\program files\executive software\diskeeperlite\dkservice.exe" <Not Verified; Executive Software International, Inc.; Diskeeper Disk Defragmenter>

R2 GEARSecurity - c:\windows\system32\gearsec.exe <Not Verified; GEAR Software; gearsec>

R2 Speed Disk service - c:\progra~1\norton~1\norton~3\speedd~1\nopdb.exe <Not Verified; Symantec Corporation; Norton Speed Disk>

 

 

-- Scheduled Tasks -------------------------------------------------------------

 

2007-07-09 00:00:00 308 --a------ C:\WINDOWS\Tasks\Symantec Drmc.job

2007-06-25 12:00:02 292 --a------ C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job

2007-05-26 01:01:00 548 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Jaryl.job

 

 

-- Files created between 2007-06-09 and 2007-07-09 -----------------------------

 

2007-07-04 09:08:29 0 d-------- C:\Program Files\Prime95

2007-06-26 22:53:46 0 d-------- C:\Program Files\Lavalys

2007-06-26 17:03:37 0 d-------- C:\Documents and Settings\Jaryl\Application Data\U3

2007-06-24 22:08:00 1018772 --a------ C:\WINDOWS\system32\nvucode.bin

2007-06-20 19:26:29 0 d-------- C:\Documents and Settings\Jaryl\Application Data\DivX

2007-06-20 19:25:17 0 d-------- C:\Program Files\DivX

2007-06-18 00:54:07 262144 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>

2007-06-18 00:53:26 5632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys <Not Verified; EnTech Taiwan; EnTech.sys>

2007-06-17 22:35:21 0 d-------- C:\WINDOWS\system32\Futuremark

2007-06-17 22:35:21 3972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys

2007-06-17 22:35:21 21664 --a------ C:\WINDOWS\system32\drivers\Entech.sys <Not Verified; EnTech Taiwan; PowerStrip>

2007-06-17 22:35:02 0 d-------- C:\Program Files\Futuremark

2007-06-17 00:49:54 0 d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd

2007-06-17 00:49:51 0 d-------- C:\Documents and Settings\Jaryl\Application Data\Logitech

2007-06-17 00:49:12 69632 --a------ C:\WINDOWS\system32\KemXML.dll <Not Verified; Logitech Inc.; Logitech SetPoint>

2007-06-17 00:49:12 110592 --a------ C:\WINDOWS\system32\KemWnd.dll <Not Verified; Logitech Inc.; Logitech SetPoint>

2007-06-17 00:49:12 135168 --a------ C:\WINDOWS\system32\KemUtil.dll <Not Verified; Logitech Inc.; Logitech SetPoint>

2007-06-17 00:49:12 163840 --a------ C:\WINDOWS\system32\kemutb.dll <Not Verified; Logitech Inc.; Logitech SetPoint>

2007-06-17 00:48:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech

2007-06-17 00:48:51 0 d-------- C:\Program Files\Logitech

2007-06-16 22:28:23 0 d-------- C:\Program Files\Windows Media Connect 2

2007-06-16 22:26:13 0 d-------- C:\WINDOWS\system32\LogFiles

2007-06-16 22:26:13 0 d-------- C:\WINDOWS\system32\drivers\UMDF

2007-06-13 00:26:44 0 d-------- C:\WINDOWS\pss

 

 

-- Find3M Report ---------------------------------------------------------------

 

2007-07-08 23:17:07 0 d-------- C:\Program Files\City of Heroes

2007-07-07 22:57:34 32 --a------ C:\Documents and Settings\Jaryl\Application Data\cntp.ini

2007-07-07 16:13:47 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000003-00000000-0000000C-00001102-00000004-20021102}.dat

2007-07-07 16:13:47 384 --a------ C:\WINDOWS\system32\DVCState-{00000003-00000000-0000000C-00001102-00000004-20021102}.dat

2007-07-04 22:16:41 0 d-------- C:\Program Files\EPSON Print CD

2007-07-04 01:10:29 0 d-------- C:\Program Files\Norton SystemWorks

2007-06-29 20:28:34 0 d-------- C:\Program Files\Common Files\Symantec Shared

2007-06-18 00:54:07 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL Library>

2007-06-18 00:52:45 0 d--h----- C:\Program Files\InstallShield Installation Information

2007-06-17 00:49:10 0 d-------- C:\Program Files\Common Files\Logitech

2007-06-10 21:27:49 0 d-------- C:\Documents and Settings\Jaryl\Application Data\EPSON

2007-06-08 02:33:38 0 d-------- C:\Program Files\Lavasoft

2007-06-08 02:33:08 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-06-08 02:32:28 0 d-------- C:\Documents and Settings\Jaryl\Application Data\Lavasoft

2007-06-05 23:23:51 0 d-------- C:\Program Files\Common Files\Adobe

2007-06-04 23:54:37 0 d-------- C:\Program Files\PerformanceTest

2007-06-04 23:48:43 0 d-------- C:\Program Files\CheckIt

2007-06-04 23:44:45 0 d-------- C:\Documents and Settings\Jaryl\Application Data\Symantec

2007-06-04 23:38:15 0 d-------- C:\Program Files\Symantec

2007-05-31 02:44:55 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>

2007-05-31 02:44:54 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>

2007-05-31 02:44:54 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>

2007-05-31 02:44:54 740442 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>

2007-05-30 02:48:40 0 d-------- C:\Program Files\SpywareBlaster

2007-05-24 02:12:22 0 d-------- C:\Program Files\CohTest

2007-05-23 20:33:23 0 d-------- C:\Program Files\CoH Hero Builder

2007-05-22 23:09:10 0 d-------- C:\Program Files\ColorCop

2007-05-22 22:38:34 0 d-------- C:\Documents and Settings\Jaryl\Application Data\OfficeUpdate12

2007-05-22 22:38:14 0 d-------- C:\Program Files\Microsoft Works

2007-05-22 22:28:52 0 d-------- C:\Program Files\Common Files\L&H

2007-05-22 22:28:14 0 d-------- C:\Program Files\Microsoft.NET

2007-05-21 23:55:00 0 d-------- C:\Program Files\WS_FTP

2007-05-20 23:00:22 0 d-------- C:\Program Files\NEC DISPLAY SOLUTIONS

2007-05-19 20:01:25 0 d-------- C:\Program Files\HeroStats

2007-05-19 20:00:48 0 d-------- C:\Documents and Settings\Jaryl\Application Data\InstallShield

2007-05-18 19:16:03 0 d-------- C:\Documents and Settings\Jaryl\Application Data\InterTrust

2007-05-18 07:45:03 0 d-------- C:\Documents and Settings\Jaryl\Application Data\Adobe

2007-05-17 01:05:10 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2

2007-05-16 07:32:29 0 d-------- C:\Program Files\Executive Software

2007-05-16 07:13:32 0 d-------- C:\Program Files\NoteTab Pro

2007-05-16 00:28:00 0 d-------- C:\Documents and Settings\Jaryl\Application Data\Ventrilo

2007-05-16 00:25:38 0 d-------- C:\Program Files\Ventrilo

2007-05-15 23:45:21 0 d-------- C:\Documents and Settings\Jaryl\Application Data\Ideazon

2007-05-15 23:44:39 0 d-------- C:\Program Files\Ideazon

2007-05-15 23:23:30 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat

2007-05-15 21:18:01 0 d-------- C:\Documents and Settings\Jaryl\Application Data\Creative

2007-05-15 21:16:29 0 d-------- C:\Program Files\Creative

2007-05-15 21:16:26 99 --a------ C:\WINDOWS\È

2007-05-15 21:12:19 184 --a------ C:\WINDOWS\system32\e000001.dat

2007-05-15 20:48:22 0 d-------- C:\Program Files\Saitek

2007-05-15 20:41:28 0 d-------- C:\Program Files\EPSON

2007-05-15 20:38:12 0 d-------- C:\Program Files\NewSoft

2007-05-15 20:37:28 0 d-------- C:\Program Files\ABBYY FineReader 6.0 Sprint

2007-05-15 20:36:27 0 d-------- C:\Program Files\ArcSoft

2007-05-15 20:33:54 0 d-------- C:\Program Files\Common Files\InstallShield

2007-04-22 20:15:29 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2007-04-22 20:02:34 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>

2007-04-22 20:02:34 73728 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>

2007-04-22 20:01:47 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll

2007-04-13 16:19:52 7680 --a------ C:\WINDOWS\system32\lsdelete.exe

2007-04-11 12:04:16 524288 --a------ C:\WINDOWS\opuc.dll <Not Verified; Microsoft Corporation; 2007 Microsoft Office system>

 

 

-- Registry Dump ---------------------------------------------------------------

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll

{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"WINDVDPatch"="CTHELPER.EXE"

"nwiz"="nwiz.exe /install"

"HPWNTOOLBOX"="C:\\Program Files\\Hewlett-Packard\\hp business inkjet 1200 series\\Toolbox\\HPWNTBX.exe \"-i\""

"Agent"="C:\\Program Files\\CyberLink\\PowerVCRII\\Agent.exe"

"Remote_Agent"="C:\\Program Files\\CyberLink\\PowerVCRII\\RemoteAgent.exe"

"EEventManager"="C:\\Program Files\\EPSON\\Creativity Suite\\Event Manager\\EEventManager.exe"

"Profiler"="C:\\Program Files\\Saitek\\Software\\Profiler.exe"

"SaiSmart"="C:\\Program Files\\Saitek\\Software\\SaiSmart.exe"

"SaiMfd"="C:\\Program Files\\Saitek\\Software\\SaiMfd.exe"

"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2ZS\\Surround Mixer\\CTSysVol.exe /r"

"CTDVDDET"="C:\\Program Files\\Creative\\SBAudigy2ZS\\DVDAudio\\CTDVDDet.EXE"

"CTHelper"="CTHELPER.EXE"

"SBDrvDet"="C:\\Program Files\\Creative\\SB Drive Det\\SBDrvDet.exe /r"

"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""

"Norton Ghost 10.0"="\"C:\\Program Files\\Norton SystemWorks\\Norton Ghost\\Agent\\GhostTray.exe\""

"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE"

"Zboard"="C:\\Program Files\\Ideazon\\ZEngine\\Zboard.exe"

"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"RemoteCenter"="C:\\Program Files\\Creative\\MediaSource\\RemoteControl\\RCMan.EXE"

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoViewOnDrive"=dword:00000000

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

 

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa

Authentication Packages REG_MULTI_SZ msv1_0\

Security Packages REG_MULTI_SZ kerberosmsv1_0schannelwdigest\

Notification Packages REG_MULTI_SZ scecli\

 

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WdfLoadGroup

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\

NetworkService REG_MULTI_SZ DnsCache\

rpcss REG_MULTI_SZ RpcSs\

imgsvc REG_MULTI_SZ StiSvc\

termsvcs REG_MULTI_SZ TermService\

HTTPFilter REG_MULTI_SZ HTTPFilter\

DcomLaunch REG_MULTI_SZ DcomLaunchTermService\

WudfServiceGroup REG_MULTI_SZ WUDFSvc\

 

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\P]

Shell\AutoRun\command P:\LaunchU3.exe -a

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_CATCHME

 

 

-- End of Deckard's System Scanner: finished at 2007-07-09 at 02:13:20 ---------

 

 

 

====================================================================================

 

Extra:

 

Deckard's System Scanner v20070708.52

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------

 

-- System Information ----------------------------------------------------------

 

Microsoft Windows XP Professional (build 2600) SP 2.0

Architecture: X86; Language: English

 

CPU 0: Intel® Pentium® 4 CPU 3.40GHz

CPU 1: Intel® Pentium® 4 CPU 3.40GHz

Percentage of Memory in Use: 29%

Physical Memory (total/avail): 2046.73 MiB / 1437.53 MiB

Pagefile Memory (total/avail): 3432.91 MiB / 2902.52 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1977.02 MiB

 

A: is Removable (No Media)

C: is Fixed (NTFS) - 69.24 GiB total, 46.86 GiB free.

D: is Fixed (NTFS) - 372.61 GiB total, 167.89 GiB free.

E: is Fixed (NTFS) - 157.01 GiB total, 121.26 GiB free.

F: is Fixed (NTFS) - 189.92 GiB total, 168.81 GiB free.

G: is Fixed (NTFS) - 152.66 GiB total, 48.67 GiB free.

H: is Fixed (NTFS) - 232.88 GiB total, 46.03 GiB free.

I: is CDROM (No Media)

J: is CDROM (No Media)

K: is Removable (No Media)

L: is Removable (No Media)

M: is Removable (No Media)

N: is Removable (No Media)

O: is Removable (No Media)

 

 

-- Security Center -------------------------------------------------------------

 

AUOptions is scheduled to auto-install.

Windows Internal Firewall is disabled.

 

FW: Norton Internet Worm Protection v2006 (Symantec)

FW: ZoneAlarm Firewall v7.0.337.000 (Check Point, LTD.)

AV: Norton AntiVirus v2005 (Symantec Corporation)

 

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 

-- Environment Variables -------------------------------------------------------

 

ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\Jaryl\Application Data

CLIENTNAME=Console

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=KAPPA1

ComSpec=C:\WINDOWS\system32\cmd.exe

DiskeeperIcon=C:\Program Files\Executive Software\DiskeeperLite\

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\Jaryl

LOGONSERVER=\\KAPPA1

NUMBER_OF_PROCESSORS=2

OS=Windows_NT

Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier";C:\Program Files\Executive Software\DiskeeperLite\

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel

PROCESSOR_LEVEL=15

PROCESSOR_REVISION=0209

ProgramFiles=C:\Program Files

PROMPT=$P$G

SESSIONNAME=Console

sfxname=C:\Documents and Settings\Jaryl\Desktop\ComboFix.exe

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\Jaryl\LOCALS~1\Temp

TMP=C:\DOCUME~1\Jaryl\LOCALS~1\Temp

tvdumpflags=8

USERDOMAIN=KAPPA1

USERNAME=Jaryl

USERPROFILE=C:\Documents and Settings\Jaryl

windir=C:\WINDOWS

 

 

-- User Profiles ---------------------------------------------------------------

 

Jaryl (admin)

 

 

-- Add/Remove Programs ---------------------------------------------------------

 

--> "C:\Program Files\Creative\SBAudigy2ZS\Program\Ctzapxx.EXE" /W /U /S

--> "C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S

--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9 /remove

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9 /remove

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9 /remove

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5933921D-4253-40B6-B4D9-B7D680F1B6EC}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5933921D-4253-40B6-B4D9-B7D680F1B6EC}\setup.exe" -l0x9 /remove

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9 /remove

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 /remove

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72A810B1-EE62-455A-A086-E1C9FEDE7F29}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72A810B1-EE62-455A-A086-E1C9FEDE7F29}\setup.exe" -l0x9 /remove

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9 /remove

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9 /remove

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9 /remove

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9 /remove

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9 /remove

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3549608-69D3-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3549608-69D3-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9 /remove

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9 /remove

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x9 /remove

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

3DMark03 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF35F637-72B9-43BE-A281-06EB2854393A}\Setup.exe" -l0x9

3DMark06 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\101\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}\setup.exe" -l0x9 -removeonly

ABBYY FineReader 6.0 Sprint --> MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}

Ad-Aware 2007 --> MsiExec.exe /X{0E6AB9FC-76C2-431B-9C06-6C1CFFFEA8EB}

Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"

Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"

Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}

Ahead Nero Burning ROM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

ALi USB2.0 Driver --> C:\WINDOWS\system32\UnUSB20.EXE RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8E1DCD15-C9F1-49CE-807B-198C8241EB6B}\Setup.exe" -uninst

ArcSoft PhotoImpression 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}\SETUP.EXE" -l0x9

ASUS TV880 Tuner Drivers --> C:\WINDOWS\atvunist.exe

ccCommon --> MsiExec.exe /I{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}

CDDRV_Installer --> MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}

CheckIt Diagnostics --> C:\PROGRA~1\CheckIt\DIAGNO~1\UNWISE.EXE C:\PROGRA~1\CheckIt\DIAGNO~1\INSTALL.LOG

City of Villains/City of Heroes (remove only) --> "C:\Program Files\City of Heroes\uninstall.exe"

Color Cop v5.1 --> "C:\Program Files\ColorCop\unins000.exe"

Connection Keep Alive --> MsiExec.exe /I{77364F85-6219-4CB8-AAA0-6D53368D683D}

Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x9 /remove

Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x9 /remove

Diskeeper Lite --> MsiExec.exe /X{A3F60446-48FB-48A8-B5FC-BB3430AEF806}

DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC

DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER

DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER

DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER

DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN

DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"

Easy Thumbnails (Remove only) --> "C:\Program Files\Easy Thumbnails\unins000.exe"

EPSON Attach To Email --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG

EPSON Copy Utility 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\setup.exe" -l0x9 -UnInstall

EPSON Event Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48F22622-1CC2-4A83-9C1E-644DD96F832D}\Setup.exe" -l0x9 -u

EPSON File Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x9 UNINST

EPSON Print CD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\setup.exe" -l0x9 -SYSTEM

EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R

EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r

EPSON Scan Assistant --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u

EPSON SPR340 User's Guide --> C:\Program Files\epson\guide\spr340_e\uninstall.exe

EVEREST Home Edition v2.20 --> "C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"

Hero Builder Setup --> MsiExec.exe /I{1CE181E0-DB37-43C8-97B1-AA50356E7ACE}

HijackThis 2.0.0 --> E:\Downloads\hijack this\HijackThis.exe /uninstall

Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

HP Business Inkjet 1200 --> C:\Program Files\Hewlett-Packard\hp business inkjet 1200 series\Installer\setup.exe /x

HP Business Inkjet 1200 --> msiexec /x{D0FDE53C-30CE-4432-9809-756E1A6CEF44}

HP PrecisionScan LT Software --> C:\SCANJET\PrecisionScanLT\uninstal.exe C:\SCANJET\PrecisionScanLT\uninstal.cfg

Indeo® software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Intel\Indeo\Uninst.isu" -c"C:\Program Files\Intel\Indeo\SavedSystemFiles\indounin.dll"

Intel® PRO Network Adapters and Drivers --> Prounstl.exe

Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}

KhalInstallWrapper --> MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719}

LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U

Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe -runfromtemp -l0x0009 -removeonly

Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"

Microsoft Office Publisher 2003 --> MsiExec.exe /I{91190409-6000-11D3-8CFE-0150048383C9}

Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}

Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}

MSRedist --> MsiExec.exe /I{D1725BDB-BA2B-4503-A8CB-F5C835D743FA}

NAVShortcut --> MsiExec.exe /I{F325CF11-27CE-4872-8022-6E9EB27DF24F}

NEC DISPLAY SOLUTIONS: Monitor Installer --> C:\Program Files\NEC DISPLAY SOLUTIONS\Drivers\Uninstall.exe

NETGEAR Print Server Software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NETGEAR Print Server\Uninst.isu"

Norton AntiVirus 2006 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}

Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}

Norton Ghost 10.0 --> MsiExec.exe /X{32F720F5-2D0D-4245-A2B0-9EB3CECF8101}

Norton Protection Center --> MsiExec.exe /I{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}

Norton SystemWorks --> MsiExec.exe /I{9E23C48E-5483-4971-BA50-089F2FABCD66}

Norton SystemWorks 2006 Premier --> MsiExec.exe /I{B9807C3D-B3DD-41B7-8321-53DDB3A3A888}

Norton SystemWorks 2006 Premier (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{B9807C3D-B3DD-41B7-8321-53DDB3A3A888}.exe" /X

Norton Utilities --> MsiExec.exe /I{6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}

Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}

NoteTab Pro (Remove only) --> "C:\Program Files\NoteTab Pro\unins000.exe"

NSW_DRM_COLLECTION --> MsiExec.exe /I{900B1884-2D6F-4a70-A3C7-C3F4DA873FDB}

NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI

PerformanceTest v6.0 --> "C:\Program Files\PerformanceTest\unins000.exe"

PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninst

PowerQuest PartitionMagic 7.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E5007FA-DA5E-4EDD-BDE5-14D128D66887}\setup.exe"

PowerVCR II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0BA5720-E189-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall

Presto! BizCard 4.1 Eng --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NewSoft\BizCard 4.1 Eng\Uninst.isu" -c"C:\WINDOWS\StiRegstEng.dll"

Prime95 --> "C:\Program Files\Prime95\Uninstall.exe" "C:\Program Files\Prime95\install.log"

Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Sound Blaster Audigy 2 ZS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E2514D9-DC24-4634-B348-61F3EF0F1628}\SETUP.EXE" -l0x9

Sound Blaster Live! Web 2K/XP --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FCAADB8-EB1B-11D6-AB2D-0090271A23A2}\Setup.exe" -l0x9

SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}

Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}

Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"

SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"

SST Programming Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{03ADCA1C-BCF0-4B12-AFCF-8EBF2CB3AB07}\setup.exe" AddRem

SWiSH v2.0 --> C:\WINDOWS\unvise32.exe C:\Program Files\SWiSH v2.0\uninstal.log

Symantec KB-DocID:2003093015493306 --> MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}

Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}

VidiotMaps Map Overlay --> C:\Program Files\InstallShield Installation Information\{932CA775-636B-40D4-9FCF-5D9C12C4235B}\setup.exe -runfromtemp -l0x0009

Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Z Engine --> MsiExec.exe /X{64E47A5F-B3C4-476A-9100-2D006BD1FFB4}

ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

 

 

-- End of Deckard's System Scanner: finished at 2007-07-09 at 02:13:20 ---------

Share this post


Link to post
Share on other sites

So anything come up with this?

 

I posted the files you requested. :(

 

Thanks for all the help so far.

Share this post


Link to post
Share on other sites

The VX2 and WurldMeia virus notices came back again today...

 

VX2virus.jpg

 

 

Unfortunately, the log file was lost as I accidentally hit the "run scan again" button.... AdAware 2007 says it cleaned the file, however I suspect that it is evading detection the second time around.

 

Any findings on your end?

Edited by DarkFury

Share this post


Link to post
Share on other sites

Ran another scan.. and the VX2 showed up again. This time, I captured the log file. So it does look like the VX2 is hiding when it says it has been cleaned.

 

Here is my latest log scan file.

 

 

====================================

 

Scan Results

Ad-Aware 2007 Free Edition

Log File Created on:2007-07-1415:08:06

Using Definitions File:C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\core.aawdef

Computer name:KAPPA1

Name of user performing scan:SYSTEM

Name of user ordering scan:Jaryl

Scan completed successfully

 

System Information

File Version Information

Ad-Aware 2007 Settings

Extended Ad-Aware 2007 Settings

Database Information

Scan Statistics

Scan Detailed Statistics

Infections Found

Listing of running processes

System Information

Number of processors:2

Processor type:Intel® Pentium® 4 CPU 3.40GHz

Memory Available:79%

Total Physical Memory:2146152448 Bytes

Available Physical Memory:1676763136 Bytes

Total Page File Size:3599659008 Bytes

Available On Page File:3329327104 Bytes

Total Virtual Memory:2147352576 Bytes

Available Virtual Memory:1999683584 Bytes

OS:Microsoft Windows XP 5.1 (Build 2600)

[to top]

File Verion Information

File Version

CEAPI.dll 7, 0, 1, 5

aawservice.exe 7, 0, 1, 5

Ad-Aware2007.exe 7.0.1.5

[to top]

Ad-Aware 2007 Settings

Skipping files larger than:1048576 Bytes

Ignoring infections with lower TAI than:3

Safe Mode:False

[to top]

Extended Ad-Aware 2007 Settings

Unload malicious processes and modules

Unload Modules

Let Windows remove files at Start-Up

Deactivate Ad-Watch

Re-analyze Scan Result

Update Definitions on startup

Delete Restored Items

Write Protect System Files

Play a sound if scan locates an infection

Create Log file

Include basic settings

Include advanced settings

Include user and computer name

Environment information

Running processes

Running processes and modules

Include info about ignored objects in log file

Notify when Definitions File is Outdated

Consider definitions File Outdated after x days

Proxy URL

Proxy Port

[to top]

Database Info

Version number:8

Build Number:0

Build Date and Time:2007/07/0903:54:24

[to top]

Scan Statistics

Method:Full

 

Items Scanned:249206

Infections Detected:7

Infections Removed:0

Infections Quarantined:0

Infections Ignored:0

[to top]

Scan Detailed Statistics

Type Critical Total

Process Scan 0 0

Registry Scan 2 2

Registry PE Scan 0 0

Hosts Scan 0 0

File Scan 0 0

Folder Scan 0 0

LSP Scan 0 0

ADS Scan 0 0

Cookie Scan 5 5

File Hash Scan 0 0

[to top]

Infections Found

Family Id Name Category TAI

776 VX2 Malware 10

[300016485] Root: HKU Path: S-1-5-19_Classes\\interface\{59ebb576-ceb0-42fa-9917-da6254a275ad}

 

1106 WurldMedia DataMiner 9

[300025356] Root: HKU Path: S-1-5-19_Classes\\interface\{67972704-3546-4e3d-ab46-e39dbae06123}

 

725 Tracking Cookie DataMiner 3

[600000415] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jaryl\Cookies\index.dat revsci.net NETID01 /

[600000415] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jaryl\Cookies\index.dat revsci.net NETSEGS_D05509 /

[600000437] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jaryl\Cookies\index.dat bizrate.com sessionid /

[600000437] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jaryl\Cookies\index.dat bizrate.com br /

[600000437] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jaryl\Cookies\index.dat bizrate.com _data /

 

 

Quarantined Objects

Family Id Name Category TAI

 

Removed Objects

Family Id Name Category TAI

725 Tracking Cookie DataMiner 3

[600000415] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jaryl\Cookies\index.dat revsci.net NETID01 /

[600000415] Browser: Internet Explorer Cookie: C:\Documents and Settings\Jaryl\Cookies\index.dat revsci.net NETSEGS_D05509 /

 

[to top]

Listing of Running Processes

C:\WINDOWS\SYSTEM32\SMSS.EXE

c:\windows\system32\smss.exe

c:\windows\system32\ntdll.dll

C:\WINDOWS\SYSTEM32\CSRSS.EXE

c:\windows\system32\csrss.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\csrsrv.dll

c:\windows\system32\basesrv.dll

c:\windows\system32\winsrv.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\sxs.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

C:\WINDOWS\SYSTEM32\WINLOGON.EXE

c:\windows\system32\winlogon.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\authz.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\nddeapi.dll

c:\windows\system32\profmap.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\psapi.dll

c:\windows\system32\regapi.dll

c:\windows\system32\secur32.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\version.dll

c:\windows\system32\winsta.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\imm32.dll

c:\windows\system32\msgina.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\odbc32.dll

c:\windows\system32\comdlg32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\odbcint.dll

c:\windows\system32\shsvcs.dll

c:\windows\system32\sfc.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\ole32.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\winscard.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\cscdll.dll

c:\windows\system32\wlnotify.dll

c:\windows\system32\winspool.drv

c:\windows\system32\mpr.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\wgalogon.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\cscui.dll

c:\windows\system32\mprapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\atl.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\xpsp2res.dll

C:\WINDOWS\SYSTEM32\SERVICES.EXE

c:\windows\system32\services.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\scesrv.dll

c:\windows\system32\authz.dll

c:\windows\system32\umpnpmgr.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\ncobjapi.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acadproc.dll

c:\windows\system32\imm32.dll

c:\windows\system32\secur32.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\version.dll

c:\windows\system32\eventlog.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\psapi.dll

c:\windows\system32\wtsapi32.dll

C:\WINDOWS\SYSTEM32\LSASS.EXE

c:\windows\system32\lsass.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\lsasrv.dll

c:\windows\system32\mpr.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\secur32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\samsrv.dll

c:\windows\system32\cryptdll.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\msprivs.dll

c:\windows\system32\kerberos.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\netlogon.dll

c:\windows\system32\w32time.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\schannel.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\wdigest.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\scecli.dll

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\rpcss.dll

c:\windows\system32\secur32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\termsrv.dll

c:\windows\system32\icaapi.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\authz.dll

c:\windows\system32\mstlsapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\atl.dll

c:\windows\system32\regapi.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\rpcss.dll

c:\windows\system32\secur32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\dhcpcsvc.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\secur32.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\wzcsvc.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\wmi.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\esent.dll

c:\windows\system32\atl.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\rastls.dll

c:\windows\system32\cryptui.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\mprapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\schannel.dll

c:\windows\system32\winscard.dll

c:\windows\system32\raschap.dll

c:\windows\system32\wkssvc.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\cryptsvc.dll

c:\windows\system32\certcli.dll

c:\windows\system32\dmserver.dll

c:\windows\pchealth\helpctr\binaries\pchsvc.dll

c:\windows\system32\srvsvc.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\netman.dll

c:\windows\system32\netshell.dll

c:\windows\system32\credui.dll

c:\windows\system32\wzcsapi.dll

c:\windows\system32\srsvc.dll

c:\windows\system32\powrprof.dll

c:\windows\system32\wbem\wmisvc.dll

c:\windows\system32\vssapi.dll

c:\windows\system32\ipnathlp.dll

c:\windows\system32\authz.dll

c:\windows\system32\winspool.drv

c:\windows\system32\browser.dll

c:\windows\system32\wbem\wbemcomn.dll

c:\windows\system32\wbem\wbemcore.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\wbem\esscli.dll

c:\windows\system32\wbem\fastprox.dll

c:\windows\system32\wbem\wmiutils.dll

c:\windows\system32\wbem\repdrvfs.dll

c:\windows\system32\wbem\wmiprvsd.dll

c:\windows\system32\ncobjapi.dll

c:\windows\system32\wbem\wbemess.dll

c:\windows\system32\wbem\ncprov.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\dnsrslvr.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\lmhsvc.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE

c:\program files\lavasoft\ad-aware 2007\aawservice.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\program files\lavasoft\ad-aware 2007\ceapi.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\program files\lavasoft\ad-aware 2007\pkarchive84cb.dll

c:\windows\system32\shell32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\ole32.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\psapi.dll

c:\windows\system32\version.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\program files\lavasoft\ad-aware 2007\update.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\mswsock.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

C:\WINDOWS\EXPLORER.EXE

c:\windows\explorer.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\shell32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\browseui.dll

c:\windows\system32\shdocvw.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\cryptui.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\version.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\apphelp.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\cscui.dll

c:\windows\system32\cscdll.dll

c:\windows\system32\themeui.dll

c:\windows\system32\secur32.dll

c:\windows\system32\msimg32.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\msutb.dll

c:\windows\system32\msctf.dll

c:\windows\system32\linkinfo.dll

c:\windows\system32\ntshrui.dll

c:\windows\system32\atl.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\psapi.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\mlang.dll

c:\windows\system32\winsta.dll

c:\windows\system32\msi.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\mslbui.dll

c:\windows\system32\mpr.dll

c:\windows\system32\drprov.dll

c:\windows\system32\ntlanman.dll

c:\windows\system32\netui0.dll

c:\windows\system32\netui1.dll

c:\windows\system32\netrap.dll

c:\windows\system32\samlib.dll

c:\windows\system32\davclnt.dll

c:\windows\system32\msisip.dll

c:\windows\system32\wshext.dll

c:\windows\system32\mfc42.dll

c:\windows\system32\comdlg32.dll

c:\progra~1\micros~2\office11\mcps.dll

C:\WINDOWS\SYSTEM32\CTFMON.EXE

c:\windows\system32\ctfmon.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msctf.dll

c:\windows\system32\msutb.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\msctfime.ime

C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AD-AWARE2007.EXE

c:\program files\lavasoft\ad-aware 2007\ad-aware2007.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\comdlg32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shell32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\inetmib1.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\snmpapi.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\mprapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\atl.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\samlib.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\version.dll

c:\windows\system32\mpr.dll

c:\windows\system32\winmm.dll

c:\windows\system32\oleacc.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\msctf.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\uxtheme.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\cscui.dll

c:\windows\system32\cscdll.dll

c:\windows\system32\olepro32.dll

c:\windows\system32\secur32.dll

c:\windows\system32\mslbui.dll

Share this post


Link to post
Share on other sites

Hello DarkFury,

 

You do NOT have an active Vx2 infection.

 

These are two registry keys that are using the same CSLID known to be used by Vx2, but we have searched your system thoroughly and only find these two keys which come back after you remove them.

 

(If you had Vx2 it would show on some of the logs we have generated here).

 

Supposing the case that perhaps these were leftovers from an old infection - they cannot do anything at the moment to your computer. However, that does not explain why they keep coming back as if they were,indeed, leftover from a prior infection they would be easily removed and not come back.

 

Vx2 is a well known nasty and you would not only have other signs but this particular one hasn't been actively infected computers for all of 2007 - I know this infection very well and have removed it manually from many PCs before the antispyware products were able to remove it. You do not have it at the present time, but this is a mystery as to why only those two keys are showing up (and why now?)

 

In a prior post, I linked one other thread in this forum that had the same symptoms and I found one more since then. Same thing - that PC here is not infected either (I've seen his logs too):

http://www.tek-tips.com/viewthread.cfm?qid...7898&page=1

 

I'm going to move this to the subforum for False Positives just so that the Research Team can take a look and let's get their input.

Share this post


Link to post
Share on other sites
Hello DarkFury,

 

You do NOT have an active Vx2 infection.

 

These are two registry keys that are using the same CSLID known to be used by Vx2, but we have searched your system thoroughly and only find these two keys which come back after you remove them.

 

(If you had Vx2 it would show on some of the logs we have generated here).

 

Supposing the case that perhaps these were leftovers from an old infection - they cannot do anything at the moment to your computer. However, that does not explain why they keep coming back as if they were,indeed, leftover from a prior infection they would be easily removed and not come back.

 

Vx2 is a well known nasty and you would not only have other signs but this particular one hasn't been actively infected computers for all of 2007 - I know this infection very well and have removed it manually from many PCs before the antispyware products were able to remove it. You do not have it at the present time, but this is a mystery as to why only those two keys are showing up (and why now?)

 

In a prior post, I linked one other thread in this forum that had the same symptoms and I found one more since then. Same thing - that PC here is not infected either (I've seen his logs too):

http://www.tek-tips.com/viewthread.cfm?qid...7898&page=1

 

I'm going to move this to the subforum for False Positives just so that the Research Team can take a look and let's get their input.

 

Hello,

My case is almost identical as this one described above.

If remember well time ago my PC was infected wit VX2 , successfully cleaned by SpyBot 1.4

Strange thing is that only Ad-Aware 2007 is detecting those two malware and no one of known AV, AA – can detect them.

I’ve noticed after first scan and “Remove†there is no any kind of confirmation this malware are removed. On the next scan during same session, Ad-Aware is not detecting those malware, only after re-boot they appear again.

Please revert as soon as possible what we can do.

Thanks,

Share this post


Link to post
Share on other sites

Hi morog!

 

 

Could you please post the complete log file from the Ad-Aware scan so I can have a look at it. I Would appreciate if it would be possible for you to also run a scan with RootkitRevealer, available here (http://download.sysinternals.com/Files/RootkitRevealer.zip), just to check that there are no hidden elements regenerating the detected items.

 

Regards,

 

 

Pekka

 

 

Lavasoft Research

Share this post


Link to post
Share on other sites

I too have the same indications of VX2 Malware and Wurld Media Data Mining. I have tried to quarantine the files and have tried to remove them. The VX2 keep regenerating every time i reboot my computer. The latest version of Doctor Spyware and Spybot Search and Destroy don't see these infections. Prior to seeing the VX2 i was seeing Malware TAI = 8 Local registry Adware.CDN with a registry entry Root:HKLM Path: software\microsoft\internet explorer\activexcompatibility\(9a578c98-3c2f-4630-890b-fc04196ef420)

Share this post


Link to post
Share on other sites

Hi jacko9!

 

 

Thanks for posting!

 

 

The registry key,

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9A578C98-3C2F-4630-890B-FC04196EF420}]

"Compatibility Flags"=dword:00000400

 

is an ActiveX kill bit.

 

Some other anti-spyware applications may in their "immunization" efforts add ActiveX kill bits to the registry to prevent malware from running, this is also done by "PC Tools Spyware Doctor". You may find more info about ActiveX kill bits here, (http://support.microsoft.com/kb/240797).

 

The Class identifier (CLSID), {9A578C98-3C2F-4630-890B-FC04196EF420}, is flagged as an Adware.CDN Object by Ad-Aware. This is also discussed here, (http://www.lavasoftsupport.com/index.php?showtopic=11208). It's an issue that will be corrected as of the next definition file release. Until then, to avoid having Ad-Aware detecting it again, you could put it on ignore.

 

About the detection of the VX2 and Wurld media objects, please follow the same advice as in the previous post (post 16).

 

 

Regards,

 

 

Pekka

 

 

Lavasoft Research

Share this post


Link to post
Share on other sites
Hi jacko9!

Thanks for posting!

The registry key,

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9A578C98-3C2F-4630-890B-FC04196EF420}]

"Compatibility Flags"=dword:00000400

 

is an ActiveX kill bit.

 

Some other anti-spyware applications may in their "immunization" efforts add ActiveX kill bits to the registry to prevent malware from running, this is also done by "PC Tools Spyware Doctor". You may find more info about ActiveX kill bits here, (http://support.microsoft.com/kb/240797).

 

The Class identifier (CLSID), {9A578C98-3C2F-4630-890B-FC04196EF420}, is flagged as an Adware.CDN Object by Ad-Aware. This is also discussed here, (http://www.lavasoftsupport.com/index.php?showtopic=11208). It's an issue that will be corrected as of the next definition file release. Until then, to avoid having Ad-Aware detecting it again, you could put it on ignore.

 

About the detection of the VX2 and Wurld media objects, please follow the same advice as in the previous post (post 16).

Regards,

Pekka

Lavasoft Research

 

Thank you Pekka,

 

I will add the latest log file with the VX2 reference. Forgive me if I hit the wrong buttons here I am a bit of a newbie.

Ad_Aware_7_29_2007.log

Share this post


Link to post
Share on other sites
Thank you Pekka,

 

I will add the latest log file with the VX2 reference. Forgive me if I hit the wrong buttons here I am a bit of a newbie.

 

I have downloaded and run Rootkit revealer RootkitReveal.txt

 

Forgive me if I am adding more information or duplicating items but, I am not quite familiar with this forum format. I think I have added the log file from my Ad-aware run and the file from the rootkit scan. If not please imform me with a hint as to where i may be going wrong in this forum.

 

Sorry for the trouble.

Ad_Aware_7_29_2007.log

Edited by jacko9

Share this post


Link to post
Share on other sites

Hi again jacko9!

 

 

Thanks for posting the log files!

 

 

 

There is no reference in the Ad-Aware scan logfile regarding the detection of VX2.

 

There was however an Adware.CDN object detected,

 

Family Id: 67 Name: Adware.CDN Category: Malware TAI:8

Item Id: 300028695 Value: Root: HKLM Path: software\microsoft\internet explorer\activex compatibility\{9a578c98-3c2f-4630-890b-fc04196ef420}

 

If the key looks like this in the registry:

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9A578C98-3C2F-4630-890B-FC04196EF420}]

"Compatibility Flags"=dword:00000400

 

Then it is an ActiveX kill bit, most likely generated by "PC Tools Spyware Doctor" that you have installed.

 

The result from the scan with RootkitReveiler looks ok.

 

 

Regards,

 

 

Pekka

 

 

Lavasoft Research

Share this post


Link to post
Share on other sites
Hi morog!

Could you please post the complete log file from the Ad-Aware scan so I can have a look at it. I Would appreciate if it would be possible for you to also run a scan with RootkitRevealer, available here (http://download.sysinternals.com/Files/RootkitRevealer.zip), just to check that there are no hidden elements regenerating the detected items.

 

Regards,

Pekka

Lavasoft Research

 

Thaks m'8,

Here you can find what you ask:

RootkitReveal.txt

Ad_Aware_log_file.txt

Share this post


Link to post
Share on other sites

Hi again morog!

 

Thanks for posting!

 

The scan detected only a most recently used (MRU) object.

The other items, VX2 and WurldMedia were ignored during scan.

 

 

-----------------------------------------------------------------

 

 

Infections Found

===========================

Family Id: 9999 Name: MRU Object Category: MRU Object TAI:0

Item Id: 1 Value: MRU Path: C:\Documents and Settings\momo\Recent Count: 12

 

Items Ignored During Scan

===========================

Family Id: 776 Name: VX2 Category: Malware TAI:10

Item Id: 300016485 Value: Root: HKU Path: S-1-5-20_Classes\\interface\{59ebb576-ceb0-42fa-9917-da6254a275ad}

Family Id: 1106 Name: WurldMedia Category: DataMiner TAI:9

Item Id: 300025356 Value: Root: HKU Path: S-1-5-20_Classes\\interface\{67972704-3546-4e3d-ab46-e39dbae06123}

 

Cleaned Infections

===========================

MRU Path: C:\Documents and Settings\momo\Recent Count: 12, Belonging to MRU Object

 

End of Cleaned Infections

===========================

 

 

-----------------------------------------------------------------

 

 

Please remove the VX2 and WurldMedia items from the ignore list and

update to the latest definition file and run a scan.

 

Your RootkitRevealer log file looked ok.

 

Regards,

 

 

Lavasoft Research

Share this post


Link to post
Share on other sites
Hi again morog!

 

Thanks for posting!

 

The scan detected only a most recently used (MRU) object.

The other items, VX2 and WurldMedia were ignored during scan.

-----------------------------------------------------------------

Infections Found

===========================

Family Id: 9999 Name: MRU Object Category: MRU Object TAI:0

Item Id: 1 Value: MRU Path: C:\Documents and Settings\momo\Recent Count: 12

 

Items Ignored During Scan

===========================

Family Id: 776 Name: VX2 Category: Malware TAI:10

Item Id: 300016485 Value: Root: HKU Path: S-1-5-20_Classes\\interface\{59ebb576-ceb0-42fa-9917-da6254a275ad}

Family Id: 1106 Name: WurldMedia Category: DataMiner TAI:9

Item Id: 300025356 Value: Root: HKU Path: S-1-5-20_Classes\\interface\{67972704-3546-4e3d-ab46-e39dbae06123}

 

Cleaned Infections

===========================

MRU Path: C:\Documents and Settings\momo\Recent Count: 12, Belonging to MRU Object

 

End of Cleaned Infections

===========================

-----------------------------------------------------------------

Please remove the VX2 and WurldMedia items from the ignore list and

update to the latest definition file and run a scan.

 

Your RootkitRevealer log file looked ok.

 

Regards,

Lavasoft Research

 

Thanks for reply Andy,

Done according your request and this is a new log file:

Ad_Aware_2007_log_file_02.08.07.txt

Share this post


Link to post
Share on other sites

Hi morog!

 

Thanks for posting the new scan log. OK, the good news is that the scan came up clear of any Vx2 and WurldMedia objects as expected! The only things detected are MRU's (Most Recently Used objects) which are nothing to worry about.

 

I'm pleased that everythings is back to normal again for you!

 

Regards,

 

Andy

Lavasoft Research

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0