Author Topic: A Virus Was Found! (Read 22970 times)

naturallygay · « **Reply #15 on:** December 04, 2007, 06:48:42 PM »

this is what spyware doctor came up with
http://www.pctools.com/mrc/infections/id/Application.TrackingCookies
http://www.pctools.com/mrc/infections/id/SpamTool.Agent.U
http://www.pctools.com/mrc/infections/id/Trojan-PWS.Tanspy
http://www.pctools.com/mrc/infections/id/Trojan.Virtumonde
http://www.pctools.com/mrc/infections/id/Email-Worm.Zhelatin

naturallygay · « **Reply #16 on:** December 04, 2007, 06:51:45 PM »

Panda Anti-Rootkit didn't come up with anything.

oldman · « **Reply #17 on:** December 04, 2007, 07:15:29 PM »

We can have a deeper lok with these tools.

Download ComboFix from Here or Here to your Desktop.

Double click combofix.exe and follow the prompts.

When finished, it shall produce a log for you. Post that log and a DSS log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Run combofix first, then DSS and post/attach both logs.

naturallygay · « **Reply #18 on:** December 05, 2007, 12:34:06 AM »

combo fix's log
ComboFix 07-12-02.7 - End User 2007-12-04 18:25:21.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.542 [GMT -5:00]
Running from: C:\Documents and Settings\End User\My Documents\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-11-04 to 2007-12-04 )))))))))))))))))))))))))))))))
.

2007-12-04 12:56 . 2007-12-04 12:56   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-04 12:55 . 2007-12-04 17:07   <DIR>   d--------   C:\Program Files\SUPERAntiSpyware
2007-12-04 12:55 . 2007-12-04 12:55   <DIR>   d--------   C:\Documents and Settings\End User\Application Data\SUPERAntiSpyware.com
2007-12-04 12:40 . 2007-12-04 12:40   <DIR>   d--------   C:\Program Files\Trend Micro
2007-12-04 12:21 . 2007-12-04 12:21   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
2007-12-04 12:21 . 2007-12-04 12:21   1,409   --a------   C:\WINDOWS\QTFont.for
2007-12-04 12:19 . 2007-10-18 00:16   79,688   --a------   C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-04 12:19 . 2007-10-18 00:15   62,280   --a------   C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-04 12:19 . 2007-10-18 00:14   41,288   --a------   C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-04 12:19 . 2007-10-18 00:16   29,000   --a------   C:\WINDOWS\system32\drivers\kcom.sys
2007-12-04 12:18 . 2007-12-04 12:23   <DIR>   d--------   C:\Program Files\Spyware Doctor
2007-12-04 12:18 . 2007-12-04 12:18   <DIR>   d--------   C:\Documents and Settings\End User\Application Data\PC Tools
2007-12-04 12:18 . 2005-09-23 08:29   626,688   --a------   C:\WINDOWS\system32\msvcr80.dll
2007-11-30 14:53 . 2007-11-30 16:25   <DIR>   d--------   C:\suspect
2007-11-30 14:53 . 2007-11-30 14:53   <DIR>   d--------   C:\Documents and Settings\End User\Application Data\Grisoft
2007-11-30 14:52 . 2007-11-30 14:52   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-30 14:52 . 2007-05-30 07:10   10,872   --a------   C:\WINDOWS\system32\drivers\AvgAsCln.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-04 17:54   ---------   d-----w   C:\Program Files\Common Files\Wise Installation Wizard
2007-11-15 01:47   ---------   d-----w   C:\Documents and Settings\End User\Application Data\Xfire
2007-11-11 19:39   58,032   ----a-w   C:\Documents and Settings\End User\Application Data\GDIPFONTCACHEV1.DAT
2007-10-28 01:20   ---------   d-----w   C:\Program Files\SwiftSwitch
2007-10-25 12:55   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\SwiftSwitch
2007-10-23 16:39   ---------   d-----w   C:\Program Files\Java
2007-10-22 15:43   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2007-10-22 15:43   ---------   d-----w   C:\Program Files\Acclaim
2007-10-21 14:55   ---------   d-----w   C:\Documents and Settings\End User\Application Data\Snapfish
2007-10-19 17:09   ---------   d-----w   C:\Program Files\World of Warcraft
2007-10-09 00:05   ---------   d-s---w   C:\Program Files\Xfire
2007-09-06 10:09   801,144   ----a-w   C:\WINDOWS\system32\aswBoot.exe
2007-09-06 10:00   95,608   ----a-w   C:\WINDOWS\system32\AVASTSS.scr
2004-10-01 20:00   40,960   ----a-w   C:\Program Files\Uninstall_CDS.exe
2007-05-05 18:08   885,245   --sha-w   C:\WINDOWS\system32\qtutv.bak1
2007-05-16 20:03   957,345   --sha-w   C:\WINDOWS\system32\qtutv.bak2
2007-05-16 20:07   956,541   --sha-w   C:\WINDOWS\system32\qtutv.ini2
.

((((((((((((((((((((((((((((( snapshot@2007-12-04_17.22.47.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-04 23:18:19   16,384   ----atw   C:\WINDOWS\Temp\Perflib_Perfdata_678.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 20:07]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 08:42]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 20:07 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-02-13 08:05 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 20:07 C:\WINDOWS\system32\rundll32.exe]
"GameFace Messenger"="C:\Program Files\GameFace Messenger\GameFace.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 05:06]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 02:08 C:\WINDOWS\soundman.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"EPSON Stylus CX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.exe" [2005-02-08 04:00]
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2001-10-05 19:34]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2001-08-23 16:52]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-16 23:41]
"MoneyStartUp10.0"="C:\Program Files\Microsoft Money\System\Activation.exe" [2001-07-25 10:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

C:\Documents and Settings\End User\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2007-10-02 18:56:04]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-08-07 18:06:54]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkjigg]
jkkjigg.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

S1 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb32.sys
S3 P0630VID;Creative WebCam Live!;C:\WINDOWS\system32\DRIVERS\P0630Vid.sys
S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-08-31 12:47:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-04 18:29:25
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-04 18:30:34
C:\ComboFix2.txt ... 2007-12-04 17:24
.
   --- E O F ---

Spy Bouncer · « **Reply #19 on:** December 05, 2007, 12:59:36 AM »

Sorry for the offtopic but isn't your name a little unappropiate?

naturallygay · « **Reply #20 on:** December 05, 2007, 01:09:54 AM »

if you look at my other topic i explain it wasn't my choice?
when i signed up i never got the email useing my Hotmail address
so i got a friend to do it, and i'm not complaining as long as it works

wth would it matter to you anyways, keep it to your self.

naturallygay · « **Reply #21 on:** December 05, 2007, 01:15:35 AM »

anyways. this is my DSS log
Deckard's System Scanner v20071014.68
Run by End User on 2007-12-04 19:11:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
26: 2007-12-05 00:11:14 UTC - RP135 - Deckard's System Scanner Restore Point
25: 2007-12-04 22:12:39 UTC - RP134 - ComboFix created restore point
24: 2007-12-04 17:55:40 UTC - RP133 - Installed SUPERAntiSpyware Free Edition
23: 2007-12-02 19:33:18 UTC - RP132 - System Checkpoint
22: 2007-11-30 21:11:06 UTC - RP131 - System Checkpoint

-- First Restore Point --
1: 2007-09-06 10:56:20 UTC - RP110 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as End User.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:11:38 PM, on 12/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\End User\My Documents\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\End User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GameFace Messenger] C:\Program Files\GameFace Messenger\GameFace.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by144fd.bay144.hotmail.msn.com/resources/MsnPUpld.cab

naturallygay · « **Reply #22 on:** December 05, 2007, 01:20:50 AM »

O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: jkkjigg - jkkjigg.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ENDUSE~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 9557 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 asuskbnt (Enhanced Display Driver Helper Service) - c:\windows\system32\drivers\atkkbnt.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Help driver For Keyboard Service.>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 EIO - c:\windows\system32\drivers\eio.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT>
R3 catchme - c:\docume~1\enduse~1\locals~1\temp\catchme.sys (file missing)
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S1 asusgsb (ASUS Virtual Video Capture Device Driver) - c:\windows\system32\drivers\asusgsb32.sys (file missing)
S3 Video3D (ASUS Video3D Service) - c:\windows\system32\drivers\video3d32.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ATKKeyboardService (ATK Keyboard Service) - c:\windows\atkkbservice.exe <Not Verified; ASUSTeK COMPUTER INC.; ASUS Keyboard Service>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: EPSON Scanner
Device ID: USB\VID_04B8&PID_0818&MI_00\6&34371DD0&0&0000
Manufacturer:
Name: EPSON Scanner
PNP Device ID: USB\VID_04B8&PID_0818&MI_00\6&34371DD0&0&0000
Service:

-- Scheduled Tasks -------------------------------------------------------------

2007-08-31 07:47:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2007-11-04 and 2007-12-04 -----------------------------

2007-12-04 12:56:34 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-04 12:55:50 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-12-04 12:55:49 0 d-------- C:\Documents and Settings\End User\Application Data\SUPERAntiSpyware.com
2007-12-04 12:40:05 0 d-------- C:\Program Files\Trend Micro
2007-12-04 12:18:56 0 d-------- C:\Program Files\Spyware Doctor
2007-12-04 12:18:56 0 d-------- C:\Documents and Settings\End User\Application Data\PC Tools
2007-11-30 14:53:35 0 d-------- C:\suspect
2007-11-30 14:53:00 0 d-------- C:\Documents and Settings\End User\Application Data\Grisoft
2007-11-30 14:52:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

-- Find3M Report ---------------------------------------------------------------

2007-12-04 12:54:25 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-14 20:47:48 0 d-------- C:\Documents and Settings\End User\Application Data\Xfire
2007-11-11 14:39:10 58032 --a------ C:\Documents and Settings\End User\Application Data\GDIPFONTCACHEV1.DAT
2007-10-27 20:20:20 0 d-------- C:\Program Files\SwiftSwitch
2007-10-23 11:39:59 0 d-------- C:\Program Files\Java
2007-10-22 10:43:39 0 d-------- C:\Program Files\Acclaim
2007-10-22 10:43:38 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-21 09:55:11 0 d-------- C:\Documents and Settings\End User\Application Data\Snapfish
2007-10-19 12:09:50 0 d-------- C:\Program Files\World of Warcraft
2007-10-10 16:32:09 0 d-------- C:\Documents and Settings\End User\Application Data\Help
2007-10-08 19:05:57 0 d---s---- C:\Program Files\Xfire

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [02/13/2006 08:05 AM]
"nwiz"="nwiz.exe" [02/13/2006 08:05 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [02/13/2006 08:05 AM]
"GameFace Messenger"="C:\Program Files\GameFace Messenger\GameFace.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [09/06/2007 05:06 AM]
"SoundMan"="SOUNDMAN.EXE" [01/11/2006 02:08 AM C:\WINDOWS\soundman.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"EPSON Stylus CX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.exe" [02/08/2005 04:00 AM]
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [10/05/2001 07:34 PM]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [08/23/2001 04:52 PM]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [08/16/2001 11:41 PM]
"MoneyStartUp10.0"="C:\Program Files\Microsoft Money\System\Activation.exe" [07/25/2001 10:00 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/2006 06:58 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/30/2006 09:36 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 12:11 AM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 10:09 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 02:06 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [11/02/2007 05:24 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 08:07 PM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 11:54 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/28/2007 08:42 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM]

C:\Documents and Settings\End User\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [10/2/2007 6:56:04 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [8/7/2001 6:06:54 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkjigg]
jkkjigg.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

-- End of Deckard's System Scanner: finished at 2007-12-04 19:12:33 ------------

naturallygay · « **Reply #23 on:** December 05, 2007, 01:21:39 AM »

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 Processor 3500+
Percentage of Memory in Use: 44%
Physical Memory (total/avail): 1023.48 MiB / 566.2 MiB
Pagefile Memory (total/avail): 2460.67 MiB / 1788.34 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.33 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 38.28 GiB total, 7.73 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6E040L0 - 38.29 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 38.28 GiB - C:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
UpdatesDisableNotify is set.
AntivirusOverride is set.

AV: avast! antivirus 4.7.1043 [VPS 071204-1] v4.7.1043 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\End User\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=END-BBB3460D3A2
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\End User
LOGONSERVER=\\END-BBB3460D3A2
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem"
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 95 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=5f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ENDUSE~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ENDUSE~1\LOCALS~1\Temp
USERDOMAIN=END-BBB3460D3A2
USERNAME=End User
USERPROFILE=C:\Documents and Settings\End User
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

End User (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2Moons --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1BD67531-A957-4592-9743-A2761BB4AC28}\setup.exe" -l0x9 -removeonly
Adobe Flash Player 9 --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
ASUS Enhanced Display Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}\setup.exe" -l0x9 -removeonly
ASUS nVIDIA Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{3C3B2C97-0DAB-482F-9C95-6610827210E3} /l1033
ASUS Utilities --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{43C67D92-F56E-4729-8673-9A2D5A6036F8} /l1033
ASUS VideoSecurity Online --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7A529246-912F-4C40-A82A-E608DB702FD7}
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Axis & Allies --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{47836B39-2465-4F39-9D7E-52F70A1C3D72}\SETUP.EXE" -l0x9
Battlefield 2(TM) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
Call of Duty(R) 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l1033
Creative WebCam Live! Driver (1.01.01.0730) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script Pd0630.uns -unsext NT -plugin P0630Pin.dll -pluginres P0630Pin.crl
DVD Solution --> "C:\Program Files\Uninstall_CDS.exe"
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
iPod for Windows 2005-09-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC} /l1033
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Microsoft Encarta Encyclopedia Standard 2002 --> MsiExec.exe /I{01001202-823E-46CD-A70E-BEE818F97169}
Microsoft Money 2002 --> MsiExec.exe /I{E7298FD5-1386-11D5-8D6C-0050DAD32D95}
Microsoft Money 2002 System Pack --> MsiExec.exe /I{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}
Microsoft Picture It! Photo 2002 --> MsiExec.exe /I{C769A271-7E1C-48F9-B331-474600DD4C06}
Microsoft Streets and Trips 2002 --> MsiExec.exe /I{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}
Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 2002 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2002\Setup\Launcher.exe D:\
Microsoft Works 6.0 --> MsiExec.exe /I{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{C3A439E4-7303-491F-A678-CEA36A87D517}
Multimedia Launcher --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Drivers --> C:\WINDOWS\system32\nvuide.exe UninstallGUI
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\SETUP.EXE" -l0x9 -removeonly
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Solid State ION Internet Explorer Plugin --> C:\WINDOWS\system32\SolidStateNetworks\SolidStateION\soliduninstall.exe /Uninstall activex
Spyware Doctor 5.1 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SwiftSwitch --> C:\Program Files\SwiftSwitch\Uninstal.exe
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
XviD MPEG-4 Video Codec --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_XviD 132 C:\WINDOWS\INF\xvid.inf
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe

-- Application Event Log -------------------------------------------------------

Event Record #/Type8951 / Success
Event Submitted/Written: 12/04/2007 06:37:03 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

naturallygay · « **Reply #24 on:** December 05, 2007, 01:23:37 AM »

Event Record #/Type8940 / Warning
Event Submitted/Written: 12/04/2007 01:00:37 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}', feature 'Complete' failed during request for component '{CECF782A-47F5-4A92-A336-C3E20145E8DE}'

Event Record #/Type8939 / Warning
Event Submitted/Written: 12/04/2007 01:00:37 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}', feature 'Complete', component '{B2B6EDF3-22B8-47B3-8358-4D1976F0949D}' failed. The resource 'C:\Program Files\SUPERAntiSpyware\Quarantine\' does not exist.

Event Record #/Type8937 / Error
Event Submitted/Written: 12/04/2007 00:22:22 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16544, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type8928 / Success
Event Submitted/Written: 12/03/2007 07:30:00 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type35564 / Error
Event Submitted/Written: 12/04/2007 05:04:14 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The wincom32 service failed to start due to the following error:
%%2

Event Record #/Type35547 / Error
Event Submitted/Written: 12/04/2007 00:13:34 PM
Event ID/Source: 1003 / System Error
Event Description:
Error code 1000008e, parameter1 c0000005, parameter2 00000000, parameter3 b9da8b84, parameter4 00000000.

Event Record #/Type35521 / Error
Event Submitted/Written: 12/04/2007 00:13:03 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The wincom32 service failed to start due to the following error:
%%2

Event Record #/Type35516 / Warning
Event Submitted/Written: 12/03/2007 08:22:46 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type35486 / Error
Event Submitted/Written: 12/03/2007 07:29:41 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The wincom32 service failed to start due to the following error:
%%2

-- End of Deckard's System Scanner: finished at 2007-12-04 19:12:33 ------------

DavidR · « **Reply #25 on:** December 05, 2007, 01:29:48 AM »

Quote from: naturallygay on December 05, 2007, 01:09:54 AM

if you look at my other topic i explain it wasn't my choice?
when i signed up i never got the email useing my Hotmail address
so i got a friend to do it, and i'm not complaining as long as it works

wth would it matter to you anyways, keep it to your self.

If you wish, you can change your screen name from your Profile (button at the top of every page) details.

naturallygay · « **Reply #26 on:** December 05, 2007, 01:43:03 AM »

Quote from: DavidR on December 05, 2007, 01:29:48 AM

If you wish, you can change your screen name from your Profile (button at the top of every page) details.

lol Ty

Lisandro · « **Reply #27 on:** December 05, 2007, 01:53:28 AM »

Welcome Andrew. Now you've got a name

naturallygay · « **Reply #28 on:** December 05, 2007, 02:00:18 AM »

and i'm a Jr member

oldman · « **Reply #29 on:** December 05, 2007, 02:56:04 AM »

Open HJT, run a system scan only and place a check mark next to these lines

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O20 - Winlogon Notify: jkkjigg - jkkjigg.dll (file missing)

If you have a desktop popup that you don't want check the following line also. IF it's something you want then just leave it.

O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ENDUSE~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

close all browsers/windows and click fix. close HJT

Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled.

Copy and paste all the text in the quote box below into Notepad.

Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" . Using your mouse, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown at the bottom of this post.

Quote

File::
C:\WINDOWS\system32\qtutv.bak1
C:\WINDOWS\system32\qtutv.bak2
C:\WINDOWS\system32\qtutv.ini2

This will start ComboFix again.Close all browser/windows first.

After reboot, (in case it asks to reboot), rename combofix.exe to somthing else, whaterever you want. Run it and post that log. (example andrew.exe)

Everything is well hidden, except for a bit of vundo.

Author Topic: A Virus Was Found! (Read 22970 times)

naturallygay

Re: A Virus Was Found!

naturallygay

Re: A Virus Was Found!

oldman

Re: A Virus Was Found!

naturallygay

Re: A Virus Was Found!

Spy Bouncer

Re: A Virus Was Found!

naturallygay

Re: A Virus Was Found!

naturallygay

Re: A Virus Was Found!

naturallygay

Re: A Virus Was Found!

naturallygay

Re: A Virus Was Found!

naturallygay

Re: A Virus Was Found!

DavidR

Re: A Virus Was Found!

naturallygay

Re: A Virus Was Found!

Lisandro

Re: A Virus Was Found!

naturallygay

Re: A Virus Was Found!

oldman

Re: A Virus Was Found!