0

Ok after i got rid of this other malware/virus. I see this other person having the same problem http://ask.metafilter.com/81308/Why-does-my-desktop-keep-crashing . It starts at boot time but usually when i open up ie explorer, opera it seems to close. If i go to CTRL+ALT+DEL menu to processes explorer.exe is still there. I can get it back for a while (i had to to get to this browser) by ending explorer.exe and going to file then run and typing in explorer. I posted all my logs in my last post for viruses and i'll pot them again here.


Thankyou in advance for your help.

I put large spaces in between each log because it was to cluttered =)

Malware Bytes Log

Malwarebytes' Anti-Malware 1.23
Database version: 985
Windows 5.0.2195 Service Pack 4

12:18:34 PM 7/24/2008
Malwarebytes Log

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 119794
Time elapsed: 2 hour(s), 19 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 6
Registry Keys Infected: 22
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 2
Files Infected: 35

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINNT\system32\frymmsjw.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\yayaAQiH.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\nnnooOfe.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\iefilter.dll (Trojan.FakeAlert) -> No action taken.
C:\WINNT\system32\btawwx.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\uspdxw.dll (Trojan.Vundo) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04d32989-deab-4c05-9163-7f06f490629e} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{04d32989-deab-4c05-9163-7f06f490629e} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{df292dd2-7551-4cac-af6e-00c4ba31fd4d} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{df292dd2-7551-4cac-af6e-00c4ba31fd4d} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{769d8280-a207-4eea-9963-f8b156c32855} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{769d8280-a207-4eea-9963-f8b156c32855} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnooofe (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{15c7d7ad-a87a-4c0d-9d8b-637fcd3488ef} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{4937d5d1-2039-409a-bd83-fec9b39b2356} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{caf9d798-c659-4b9b-8e19-ee27c3d04ee7} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{401f4b6b-3c36-4e8d-bc07-f46fc6d67d9a} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{401f4b6b-3c36-4e8d-bc07-f46fc6d67d9a} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\bhonew.bho (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\bhonew.bho.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\fdkowvbp.bosv (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\fdkowvbp.toolbar.1 (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\acf5173c (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{769d8280-a207-4eea-9963-f8b156c32855} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0\source (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\Microsoft (Backdoor.Bot) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\winnt\system32\yayaaqih -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\winnt\system32\yayaaqih -> No action taken.

Folders Infected:
C:\WINNT\privacy_danger (Trojan.FakeAlert) -> No action taken.
C:\WINNT\privacy_danger\images (Trojan.FakeAlert) -> No action taken.

Files Infected:
C:\WINNT\system32\yayaAQiH.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\HiQAayay.ini (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\HiQAayay.ini2 (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\uspdxw.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\frymmsjw.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\wjsmmyrf.ini (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\rtlfktcx.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\xctkfltr.ini (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\srltaapd.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\dpaatlrs.ini (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\nnnooOfe.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\iefilter.dll (Trojan.FakeAlert) -> No action taken.
C:\WINNT\system32\btawwx.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\Quick Batch File Compiler\Setup_ver1.113.0.exe (Trojan.FakeAlert) -> No action taken.
C:\Program Files\Quick Batch File Compiler\stubc.dll (Adware.Agent) -> No action taken.
C:\Program Files\Quick Batch File Compiler\wuick-batch-file-compiler-v-3.1.6.0-patch.exe (Trojan.FakeAlert) -> No action taken.
C:\WINNT\edgq.exe (Trojan.FakeAlert) -> No action taken.
C:\WINNT\system32\dtyhilky.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\ofvavbgl.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\owzooz.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\phxdiu.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\tgpspkqh.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\tkqipbmb.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\vmkfbz.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\wmbxytfy.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\vtUonlKB.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\privacy_danger\index.htm (Trojan.FakeAlert) -> No action taken.
C:\WINNT\privacy_danger\images\capt.gif (Trojan.FakeAlert) -> No action taken.
C:\WINNT\privacy_danger\images\danger.jpg (Trojan.FakeAlert) -> No action taken.
C:\WINNT\privacy_danger\images\down.gif (Trojan.FakeAlert) -> No action taken.
C:\WINNT\privacy_danger\images\spacer.gif (Trojan.FakeAlert) -> No action taken.
C:\WINNT\eqvwamkl.dll (Trojan.FakeAlert) -> No action taken.
C:\WINNT\fdkowvbp.dll (Trojan.FakeAlert) -> No action taken.
C:\WINNT\grswptdl.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Local Settings\Temp\CmdLineExt02.dll (Trojan.Agent) -> No action taken.


Eset Log

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3293 (20080723)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=a4b65fb3fa61494aa594bd3a8ae61562
# end=finished
# remove_checked=true
# unwanted_checked=false
# utc_time=2008-07-24 06:06:01
# local_time=2008-07-24 02:06:01 (-0500, Eastern Daylight Time)
# country="United States"
# osver=5.0.2195 NT Service Pack 4
# scanned=344217
# found=13
# scan_time=6325
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-5a78fdfd-319987fa.zip multiple infiltrations (deleted) 00000000000000000000000000000000
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-5a78fdfd-319987fa.zip »ZIP »BnnnnBaa.class Java/ClassLoader trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-5a78fdfd-319987fa.zip »ZIP »VaannnaaBaa.class Java/ClassLoader trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-5a78fdfd-319987fa.zip »ZIP »Dnnny.class Java/Exploit.Bytverify trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-5a78fdfd-319987fa.zip »ZIP »Bnnnnn.class Java/ClassLoader.AS trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-5a78fdfd-319987fa.zip »ZIP »Den.class Java/Exploit.Bytverify trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-5a78fdfd-319987fa.zip »ZIP »Din.class Java/Exploit.Bytverify trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-5a78fdfd-319987fa.zip »ZIP »Dun.class Java/Exploit.Bytverify trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Program Files\Quick Batch File Compiler\stubc.dll probably a variant of Win32/Agent trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Quick Batch File Compiler\wuick-batch-file-compiler-v-3.1.6.0-patch.exe Win32/Adware.IeDefender.NGJ application (unable to clean - deleted) 00000000000000000000000000000000
C:\WINNT\system32\iefilter.dll Win32/Adware.IeDefender.NGJ application (unable to clean - deleted (after the next restart)) 00000000000000000000000000000000
D:\Josh from C\MapleStory\AncientFixed.rar Win32/Jeefo.A virus (deleted) 00000000000000000000000000000000
D:\Josh from C\MapleStory\AncientFixed.rar »RAR »AncientFixed.exe Win32/Jeefo.A virus (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

HiJackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:19 PM, on 8/24/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\VTTimer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hamachi\hamachi.exe
D:\Josh from C\Xfire\xfire.exe
C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Desktop\dss.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\DOCUME~1\ADMINI~1.COR\Desktop\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {2D63DFB8-719C-4B43-8E2F-7593657BA76A} - C:\WINNT\system32\pmnkKcYQ.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {769D8280-A207-4EEA-9963-F8B156C32855} - C:\WINNT\system32\nnnooOfe.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: (no name) - {C1D2F57A-9944-435E-A16F-CA98B29D8884} - C:\WINNT\system32\yayaAQiH.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: fdkowvbp - {A976B7DF-9CDC-436C-A5BA-D0CD8CB4A8AA} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [acf5173c] rundll32.exe "C:\WINNT\system32\arjekrfa.dll",b
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: Xfire.lnk = D:\Josh from C\Xfire\xfire.exe
O4 - Global Startup: GetRight.lnk = C:\Program Files\GetRight\GetRight.exe
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: nnnooOfe - C:\WINNT\SYSTEM32\nnnooOfe.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - ALWIL Software - (no file)
O23 - Service: AVG8 WatchDog (avg8wd) - ALWIL Software - (no file)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 6820 bytes

Main.txt (DSS LOG)

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-08-24 12:47:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 87% (more than 75%).
Total Physical Memory: 224 MiB (256 MiB recommended).


-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:19 PM, on 8/24/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\VTTimer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hamachi\hamachi.exe
D:\Josh from C\Xfire\xfire.exe
C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Desktop\dss.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\DOCUME~1\ADMINI~1.COR\Desktop\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {2D63DFB8-719C-4B43-8E2F-7593657BA76A} - C:\WINNT\system32\pmnkKcYQ.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {769D8280-A207-4EEA-9963-F8B156C32855} - C:\WINNT\system32\nnnooOfe.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: (no name) - {C1D2F57A-9944-435E-A16F-CA98B29D8884} - C:\WINNT\system32\yayaAQiH.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: fdkowvbp - {A976B7DF-9CDC-436C-A5BA-D0CD8CB4A8AA} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [acf5173c] rundll32.exe "C:\WINNT\system32\arjekrfa.dll",b
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: Xfire.lnk = D:\Josh from C\Xfire\xfire.exe
O4 - Global Startup: GetRight.lnk = C:\Program Files\GetRight\GetRight.exe
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: nnnooOfe - C:\WINNT\SYSTEM32\nnnooOfe.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - ALWIL Software - (no file)
O23 - Service: AVG8 WatchDog (avg8wd) - ALWIL Software - (no file)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 6820 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 GBDevice - c:\winnt\system32\drivers\gbdevice.sys <Not Verified; Roxio, Inc.; GoBack>
R0 GoBack2K - c:\winnt\system32\drivers\goback2k.sys <Not Verified; Roxio, Inc.; GoBack>
R0 viamraid - c:\winnt\system32\drivers\viamraid.sys <Not Verified; VIA Technologies inc,.ltd; VIA RAID driver>
R2 GBFSHook - c:\winnt\system32\drivers\gbfshook.sys <Not Verified; Roxio, Inc.; GoBack>
R2 npkcrypt - d:\josh from c\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R3 viagfx - c:\winnt\system32\drivers\vtmini.sys <Not Verified; Copyright (C) VIA/S3 Graphics Co, Ltd.; UniChrome(Pro) IGP Driver>

S3 Pcouffin (Low level access layer for CD devices) - c:\winnt\system32\drivers\pcouffin.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 GBPoll - c:\program files\roxio\goback\gbpoll.exe <Not Verified; Roxio, Inc.; GoBack>

S2 avg8emc (AVG8 E-mail Scanner) -
S2 avg8wd (AVG8 WatchDog) -
S2 NetCM (Network Connection Manager) -
S2 PowerManager (Power Manager) -


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1106&DEV_3104&SUBSYS_18981019&REV_86\3&61AAA01&0&84
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1106&DEV_3104&SUBSYS_18981019&REV_86\3&61AAA01&0&84
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_0C041019&REV_80\3&61AAA01&0&8E
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_0C041019&REV_80\3&61AAA01&0&8E
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-07-23 17:00:01 446 --a------ C:\WINNT\Tasks\RegCure Program Check.job
2008-07-17 10:06:20 380 --a------ C:\WINNT\Tasks\RegCure.job
2008-07-15 18:19:04 284 --a------ C:\WINNT\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-07-24 and 2008-08-24 -----------------------------

2008-08-24 12:48:02 94848 --a------ C:\WINNT\system32\arjekrfa.dll
2008-08-24 12:47:32 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_37c.dat
2008-08-24 12:47:20 347 --ahs---- C:\WINNT\system32\QYcKknmp.ini2
2008-08-24 12:47:14 323584 --a------ C:\WINNT\system32\pmnkKcYQ.dll
2008-08-23 14:02:14 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_22c.dat
2008-08-23 13:34:48 0 d-------- C:\Program Files\Trend Micro
2008-08-23 13:22:39 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_3a0.dat
2008-08-22 13:25:27 0 d-------- C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\Adersoft
2008-08-22 13:25:13 0 d-------- C:\Program Files\Vbsedit
2008-08-22 12:32:00 0 d-------- C:\Xfire
2008-07-24 12:20:05 0 d-------- C:\DrWatson
2008-07-24 00:14:05 0 d-------- C:\Program Files\EsetOnlineScanner


-- Find3M Report ---------------------------------------------------------------

2008-08-24 12:48:22 0 d-------- C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\Hamachi
2008-08-22 16:38:51 0 d-------- C:\Program Files\GetRight
2008-07-24 12:36:56 832650 ---h----- C:\WINNT\ShellIconCache
2008-07-24 12:19:43 0 d-------- C:\Program Files\Quick Batch File Compiler
2008-07-23 22:51:40 0 d-------- C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\Malwarebytes
2008-07-23 22:51:39 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-23 17:48:41 0 d-------- C:\Program Files\Batch File Compiler Professional Edition v4.0 DEMO
2008-07-23 17:23:10 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_238.dat
2008-07-23 17:20:46 0 d-------- C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\uTorrent
2008-07-23 14:04:29 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_3ac.dat
2008-07-23 13:01:52 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_228.dat
2008-07-23 00:55:33 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_210.dat
2008-07-22 23:47:13 33152 -----n--- C:\WINNT\system32\nnnooOfe.dll
2008-07-22 20:48:17 57344 --a------ C:\WINNT\uneng.exe <Not Verified; Roxio; Roxio Update Wizard>
2008-07-22 20:48:17 0 d-a------ C:\Program Files\Common Files
2008-07-22 20:48:17 0 d-a------ C:\Program Files\Common Files\Adaptec Shared
2008-07-21 23:01:11 0 d-------- C:\Program Files\BOTS
2008-07-21 18:11:43 0 d-------- C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\Xfire
2008-07-21 17:31:46 0 d-------- C:\Program Files\IzPack
2008-07-21 17:17:07 0 d-------- C:\Program Files\Launch4j
2008-07-17 18:19:15 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_1264.dat
2008-07-17 17:48:31 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_218.dat
2008-07-17 13:21:47 0 d-------- C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\Video DVD Maker FREE
2008-07-17 13:21:05 0 d-------- C:\Program Files\Video DVD Maker
2008-07-16 18:53:44 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-16 13:20:44 0 d-------- C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\MP3Rocket
2008-07-16 10:13:05 0 d-------- C:\Program Files\wise DVD Creator 8.0
2008-07-15 18:19:03 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_3d8.dat
2008-07-15 17:13:23 0 d-a------ C:\Program Files\iPod
2008-07-15 16:53:45 0 d-------- C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\Apple Computer
2008-07-15 16:52:37 0 d-a------ C:\Program Files\iTunes
2008-07-15 15:40:29 0 d-------- C:\Program Files\FinalBurner
2008-07-15 15:07:05 0 d-------- C:\Program Files\007DVD
2008-07-15 13:20:10 0 d-------- C:\Program Files\Apple Software Update
2008-07-15 13:01:39 0 d-a------ C:\Program Files\QuickTime
2008-07-15 12:57:25 0 d-------- C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\vlc
2008-07-15 12:55:57 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_440.dat
2008-07-15 12:54:08 0 d-------- C:\Program Files\VideoLAN
2008-07-15 10:43:53 0 d-------- C:\Program Files\MP3 Rocket
2008-07-15 10:42:47 0 d-a------ C:\Program Files\Java
2008-07-15 10:41:25 0 d-------- C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\Sun
2008-07-13 13:12:26 0 d-a------ C:\Program Files\Common Files\Pure Networks Shared
2008-07-08 15:14:18 0 d-------- C:\Program Files\DAEMON Tools Toolbar
2008-07-08 15:14:18 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-07-08 15:10:09 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_214.dat
2008-07-08 15:07:44 0 d-------- C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\DAEMON Tools
2008-07-08 13:06:59 0 d-------- C:\Program Files\uTorrent
2008-06-30 14:05:45 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_1fc.dat
2008-06-29 22:34:19 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_1f8.dat
2008-06-23 08:52:47 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_200.dat
2008-06-22 14:51:45 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_204.dat
2008-05-30 14:01:24 80896 --a------ C:\WINNT\system32\dxdllreg.exe <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>
2008-05-25 17:02:06 47 --a------ C:\WINNT\system32\setpath.bat
2008-05-24 22:30:13 2147483647 --ahs---- C:\gobackio.bin
2008-05-24 21:32:43 15012 --a------ C:\WINNT\system32\emptyregdb.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2D63DFB8-719C-4B43-8E2F-7593657BA76A}]
08/24/08 12:47p 323584 --a------ C:\WINNT\system32\pmnkKcYQ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{769D8280-A207-4EEA-9963-F8B156C32855}]
07/22/08 11:47p 33152 --------- C:\WINNT\system32\nnnooOfe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1D2F57A-9944-435E-A16F-CA98B29D8884}]
C:\WINNT\system32\yayaAQiH.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{32099AAC-C132-4136-9E9A-4E364A424E17}"= C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [07/08/08 11:59a 683464]

[-HKEY_CLASSES_ROOT\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 12:05p C:\WINNT\system32\mobsync.exe]
"SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [05/03/02 10:40a]
"VTTimer"="VTTimer.exe" [03/08/05 03:33a C:\WINNT\system32\VTTimer.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/08 07:19p]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [01/08/08 05:20p]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [01/18/08 10:32a]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [03/14/07 03:43a]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/07 09:41a]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/14/06 04:24p]
"acf5173c"="C:\WINNT\system32\arjekrfa.dll" [08/24/08 12:48p]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [09/04/07 07:40p]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [07/08/08 12:22p]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Start Menu\Programs\Startup\
Hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [7/8/2008 12:24:43 PM]
Xfire.lnk - D:\Josh from C\Xfire\xfire.exe [7/15/2008 7:09:02 PM]

C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\
GetRight.lnk - C:\Program Files\GetRight\GetRight.exe [6/6/2008 11:29:38 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{769D8280-A207-4EEA-9963-F8B156C32855}"= C:\WINNT\system32\nnnooOfe.dll [07/22/08 11:47p 33152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnooOfe]
nnnooOfe.dll 07/22/08 11:47p 33152 C:\WINNT\system32\nnnooOfe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINNT\system32\pmnkKcYQ

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys]
@="driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"


-- End of Deckard's System Scanner: finished at 2008-08-24 12:49:24 ------------


Extra.txt (DSS LOG)

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows 2000 Professional (build 2195) SP 4.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) XP 2800+
Percentage of Memory in Use: 94%
Physical Memory (total/avail): 223.43 MiB / 11.72 MiB
Pagefile Memory (total/avail): 537.57 MiB / 187.39 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1955.68 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 38.09 GiB total, 21.43 GiB free.
D: is Fixed (FAT32) - 38.59 GiB total, 13.55 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - HDS728080PLAT20 - 76.69 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 38.09 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 38.6 GiB - D:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINNT
APPDATA=C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JOSH
ComSpec=C:\WINNT\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator.CORRINA-GFYHSR2
LOGONSERVER=\\JOSH
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Os2LibPath=C:\WINNT\system32\os2\dll;
Path=C:\WINNT\system32;C:\WINNT;C:\WINNT\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SystemDrive=C:
SystemRoot=C:\WINNT
TEMP=C:\DOCUME~1\ADMINI~1.COR\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1.COR\LOCALS~1\Temp
USERDOMAIN=JOSH
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator.CORRINA-GFYHSR2
windir=C:\WINNT


-- User Profiles ---------------------------------------------------------------

Administrator.CORRINA-GFYHSR2 (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINNT\$NtServicePackUninstall$\spuninst\spuninst.exe
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Flash Player ActiveX --> C:\WINNT\system32\Macromed\Flash\uninstall_activeX.exe
Alcatel SpeedTouch USB Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\Setup.exe" -Control_Panel
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Batch File Compiler Professional Edition v4.0 DEMO --> C:\Program Files\Batch File Compiler Professional Edition v4.0 DEMO\uninstall.exe
BOTS --> "C:\Program Files\InstallShield Installation Information\{22D56257-DE33-4C7D-817B-C2DE69FE953C}\setup.exe" -runfromtemp -l0x0009 -removeonly
CakeStory --> D:\Josh from C\MapleStory\Uninstal.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
DAEMON Tools Toolbar --> C:\Program Files\DAEMON Tools Toolbar\uninst.exe
ESET Online Scanner --> C:\WINNT\system32\OnlineScannerUninstaller.exe
GetRight --> "C:\Program Files\GetRight\unins000.exe"
Hamachi 1.0.2.5 --> C:\Program Files\Hamachi\uninstall.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hirc --> "C:\Program Files\Hirc\unins000.exe"
iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{54C0D94A-F467-4ABC-9D02-6E58748668D4} /l1033
IzPack 4.0.1 --> "C:\Program Files\Java\jre1.6.0_01\bin\javaw.exe" -jar "C:\Program Files\IzPack\uninstaller\uninstaller.jar"
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Launch4j 3.0.1 --> C:\Program Files\Launch4j\uninst.exe
LiveUpdate 1.7 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MapleStory --> MsiExec.exe /I{7A512A34-F4E8-43C4-BD80-43A022B31BF6}
Microsoft Internet Explorer 6 SP1 --> rundll32 C:\WINNT\system32\setupwbv.dll,IE6Maintenance C:\Program Files\Internet Explorer\IE Uninstall\W2KEXCP.EXE /u
Microsoft Office 2000 Small Business --> MsiExec.exe /I{00030409-78E1-11D2-B60F-006097C998E7}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MP3 Rocket --> C:\Program Files\MP3 Rocket\Uninstall.exe
Network Magic --> C:\Documents and Settings\All Users.WINNT\Application Data\Pure Networks\Setup\nmsetup.exe /uninstall
Quick Batch File Compiler 3.16 --> "C:\Program Files\Quick Batch File Compiler\unins000.exe"
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
RegCure 1.5.0.0 --> D:\Josh from C\RegCure\uninst.exe
Security Update for DirectX 9 (KB951698) --> "C:\WINNT\$NtUninstallKB951698_DX9$\spuninst\spuninst.exe"
Security Update for Windows 2000 (KB941569) --> "C:\WINNT\$NtUninstallKB941569$\spuninst\spuninst.exe"
Vbsedit --> MsiExec.exe /X{C8BC7F74-65A7-428F-80C6-D8034103781C}
VIA Rhine-Family Fast-Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VIA/S3G Display Driver --> C:\PROGRA~1\VIA\UChromeP\s3minset.exe /u C:\PROGRA~1\VIA\UChromeP\UChromeP.uns
Video DVD Maker v3.9.0.20 --> "C:\Program Files\Video DVD Maker\Uninstall.exe" "C:\Program Files\Video DVD Maker\install.log" -u
VideoLAN VLC media player 0.8.6i --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Warcraft III: All Products --> C:\WINNT\War3Unin.exe C:\WINNT\War3Unin.dat
Windows Media Player system update (9 Series) --> C:\PROGRA~1\WINDOW~2\setup_wm.exe /Uninstall
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Install Manager --> C:\WINNT\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

No Errors/Warnings found.


-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type1762 / Error
Event Submitted/Written: 08/24/2008 00:48:07 PM
Event ID/Source: 1000 / Dhcp
Event Description:
Your computer has lost the lease to its IP address 192.168.0.101 on the
Network Card with network address 00142A306FFB.

Event Record #/Type1761 / Warning
Event Submitted/Written: 08/24/2008 00:48:07 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00142A306FFB. The following
error occured:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type1760 / Error
Event Submitted/Written: 08/24/2008 00:45:37 PM / 08/24/2008 00:45:38 PM
Event ID/Source: 8003 / MRxSmb
Event Description:
The master browser has received a server announcement from the computer OWNER-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9153AB1E-30DC-4D11-.
The master browser is stopping or an election is being forced.

-- End of Deckard's System Scanner: finished at 2008-08-24 12:49:24 ------------


SmitFraud Log

SmitFraudFix v2.331

Scan done at 13:13:27.00, Sun 08/24/2008
Run from C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Desktop\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\VTTimer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hamachi\hamachi.exe
D:\Josh from C\Xfire\xfire.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator.CORRINA-GFYHSR2


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1.COR\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="about:Home"
"SubscribedURL"="about:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrsstx.dll"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINNT\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: VIA Rhine II Fast Ethernet Adapter
DNS Server Search Order: 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{FCDE184E-1B5C-414A-B4DC-F8A42796CF21}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FCDE184E-1B5C-414A-B4DC-F8A42796CF21}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{FCDE184E-1B5C-414A-B4DC-F8A42796CF21}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

2
Contributors
1
Reply
3
Views
9 Years
Discussion Span
Last Post by crunchie
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.