24 replies to this topic

[desktop]

This is a bit of a cross-post from techsupportforums but with updated information and it seems many times with trojan infections people are recommended here.

A bit of into about my system. It is a laptop (so theres more processes than are probably needed on a desktop). I am running xp and use avg with kerio sunbelt.

I first noticed that something was wrong when I got a window (not in a browser) asking for me to install windows anti-virus and to agree to the terms and install. I then minimized and noticed my desktop background had changed to a image that looked like a window that said that I had been infected with two virus.

I unplugged my internet and proceeded to scan with avg. I got 6 results. I can post them all if thats preffered but otherwise will just type em here.

In a local temp file I had:
pqnofimc.exe (3444) This was listed as Trojan horse Agent.AADP

Next in my system32 folder I had 2 infections as blphct5sj0et5t.scr which also was the Agent.AADP

Still in the system32 folder were 2 infections as lphct5sj0et5t.exe as trojan horse Downloader.FraudLoad.N

And Last was a registry "with reference to" the previously mentioned exe in the Software/Microsoft/Windows/CurrentVersion/Run

I then rebooted and ran avg again but did not find anything else. After words I ran spybot s&d and then tried to run ad-aware but every time I get an error and cannot complete the scan.

I know I am still infected as I have a browser hijacker. I cannot access most sites. I can get to google but any results take me to incorrect websites.

My windows is a bit out of date, but at the moment I cant update as IE doesn't work properly. I am also unable to use bitdefeners virus scan.


Also, a note was I changed my background and the desktop that it changed, though im not entirely positive but at least similar, to "lphct5sj0et5t"

This could be insignificant, but I remember as I was running avg the second time around, as soon as the scan would start there would be a pop-up type thing to notify me the scan had started. This is normal but then right after I would get a notification that some avg process (cant exactly remember but it was avg) failed and the notification would close. I restarted and same thing happened whenever I would run the avg.

Here is the first hijack this log (before malware)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:19:15 PM, on 8/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Compal Electronics, INC\Sidewalker\CSWalker.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\system32\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe
O4 - HKLM\..\Run: [CASS] C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Smart Watch Dog] -C:\Program Files\Compal Electronics, INC\Smart Watchdog\SmartWD.exe
O4 - HKLM\..\Run: [Sidewalker] C:\Program Files\Compal Electronics, INC\Sidewalker\CSWalker.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - WWW Prefix:
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi....?1191615306546
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Smart Watchdog Service (Smart Watchdog) - Unknown owner - C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 8218 bytes




Malwarebytes' Anti-Malware 1.25
Database version: 1093
Windows 5.1.2600 Service Pack 2

8:26:27 PM 8/28/2008
mbam-log-08-28-2008 (20-26-23).txt

Scan type: Full Scan (C:\|)
Objects scanned: 150754
Time elapsed: 33 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{C1A4E2CE-A2F3-4EA9-A247-2D02170F40AF}\RP682\A0114232.scr (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\phct5sj0et5t.bmp (Trojan.FakeAlert) -> No action taken.






Post malware hijack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:57:14 AM, on 8/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Compal Electronics, INC\Sidewalker\CSWalker.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\system32\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe
O4 - HKLM\..\Run: [CASS] C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Smart Watch Dog] -C:\Program Files\Compal Electronics, INC\Smart Watchdog\SmartWD.exe
O4 - HKLM\..\Run: [Sidewalker] C:\Program Files\Compal Electronics, INC\Sidewalker\CSWalker.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - WWW Prefix:
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1191615306546
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Smart Watchdog Service (Smart Watchdog) - Unknown owner - C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 8394 bytes




Thanks

[rridgely]

Your going to have to fix the stuff that MBAM found. Run the scan again and this time have it delete the stuff it found.
Come back with a new log and a new hijackthis log.

[desktop]

Oops, my mistake. I actually already did that but forgot to post. After running the MBAM the first time it said it would delete on restart, so I restarted and scanned again. Ill post the log but the latest hijack log is after MBAM cleaning up.

Malwarebytes' Anti-Malware 1.25
Database version: 1093
Windows 5.1.2600 Service Pack 2

11:25:24 PM 8/28/2008
mbam-log-08-28-2008 (23-25-24).txt

Scan type: Full Scan (C:\|)
Objects scanned: 127217
Time elapsed: 49 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[rridgely]

Thats fine then. I only know what I see in the logs.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
  
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
  
• Select the first option, to run Windows in Safe Mode, then press Enter.
  
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
  
• Type Y to begin the cleanup process.
  
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  
• Press any Key and it will restart the PC.
  
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  
• Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

[desktop]

Prior to running sdfix I noticed that I had access to the internet again. I was able to update avg and tried to run bitdefender's virus scan. For some reason it wasn't updating properly so I began to run panda's online virus scanner and I noticed 2 infections with only 10% done. I stopped to run this and am currently running bitdefenders and will post results of that scan in the AM.

Thank you for all the help so far.

Edit: Latest hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56:27 PM, on 8/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Compal Electronics, INC\Sidewalker\CSWalker.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\system32\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe
O4 - HKLM\..\Run: [CASS] C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Smart Watch Dog] -C:\Program Files\Compal Electronics, INC\Smart Watchdog\SmartWD.exe
O4 - HKLM\..\Run: [Sidewalker] C:\Program Files\Compal Electronics, INC\Sidewalker\CSWalker.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - WWW Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1191615306546
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Smart Watchdog Service (Smart Watchdog) - Unknown owner - C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 8895 bytes

[desktop]

bitdefender came up negative. I am running panda's scan again and will post those results later. AVG has found 3 threats though, all in the same directory

C:/System Volume Information/_restore{C1A4E2CE-A2F3-4EA9-A247-2D02170F40AF}\RP684\

Then the files were:

A0114243.dll Dropper.Bravix.A
A0114247.dll Dropper.Bravix.A
A0114248.sys Downloader.FraudLoad.U

edit:

here are the results on panda's active scan.

MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00003428 adware/memorywatcher Adware No 0 Yes No hkey_classes_root\vbrad.trayicon
00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp.zip
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\WINDOWS\system32\config\systemprofile\Cookies\owner@doubleclick[1].txt
00139535 Application/Processor HackTools No 0 Yes No C:\SDFix\apps\Process.exe

[rridgely]

Ok you can either run scans until the end of time or follow my instructions.
I want the log from sdfix and a new hijackthis log.

[desktop]

shoot, i knew i forgot something. I ran both and just forgot to post. That last hijack log I posted was post sdfix but heres the latest anyway.


SDFix: Version 1.220
Run by me on Fri 08/29/2008 at 10:15 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-29 22:27:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:7062ba59
"s2"=dword:1a7b730c
"h0"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:eb,7b,46,b7,7b,50,10,e2,27,19,07,7b,d7,03,67,8d,aa,85,3b,45,52,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000002
"hdf12"=hex:d5,8d,34,ad,49,81,ae,8f,78,cf,49,21,6b,11,0e,ea,a1,12,89,44,db,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,98,57,cd,40,e3,0e,13,4d,50,de,4a,55,1c,2e,5a,ae,be,..
"hdf12"=hex:b2,3b,2d,b5,22,ff,f9,45,72,93,4a,cd,43,bb,2b,b7,c8,7c,0f,92,52,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:0a,d6,8c,39,27,62,42,1b,d3,45,1a,cf,40,57,51,b4,3c,1b,3e,17,31,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002]
"a0"=hex:20,01,00,00,54,9f,af,40,95,eb,9c,ed,b4,bb,a2,39,29,96,e7,6e,39,..
"hdf12"=hex:49,ff,d7,9e,bb,0f,f0,fb,c5,d0,c4,17,e1,4a,ee,2b,3e,82,06,9e,d3,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0]
"hdf12"=hex:9c,3d,0a,3c,20,ed,f0,86,10,87,82,ec,69,8c,18,59,55,35,66,13,0c,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:96,05,37,d9,35,0d,6a,d9,b3,93,e8,ac,e7,30,c1,d6,69,48,90,37,b3,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\tdssserv.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:eb,7b,46,b7,7b,50,10,e2,27,19,07,7b,d7,03,67,8d,aa,85,3b,45,52,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000002
"hdf12"=hex:d5,8d,34,ad,49,81,ae,8f,78,cf,49,21,6b,11,0e,ea,a1,12,89,44,db,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,98,57,cd,40,e3,0e,13,4d,50,de,4a,55,1c,2e,5a,ae,be,..
"hdf12"=hex:b2,3b,2d,b5,22,ff,f9,45,72,93,4a,cd,43,bb,2b,b7,c8,7c,0f,92,52,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:0a,d6,8c,39,27,62,42,1b,d3,45,1a,cf,40,57,51,b4,3c,1b,3e,17,31,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002]
"a0"=hex:20,01,00,00,54,9f,af,40,95,eb,9c,ed,b4,bb,a2,39,29,96,e7,6e,39,..
"hdf12"=hex:49,ff,d7,9e,bb,0f,f0,fb,c5,d0,c4,17,e1,4a,ee,2b,3e,82,06,9e,d3,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0]
"hdf12"=hex:9c,3d,0a,3c,20,ed,f0,86,10,87,82,ec,69,8c,18,59,55,35,66,13,0c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:96,05,37,d9,35,0d,6a,d9,b3,93,e8,ac,e7,30,c1,d6,69,48,90,37,b3,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tdssserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\tdssserv.sys"

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG08.00.00.01WORKSTATION"="FBFA2F7F0CE2DDD6A5E1EC1C3851BABF170B629CE5D07172F2B8561C778AA165D199CB4B276
F8B009352FE853F90AE320A8B2AF4AAF0C028E6FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127B
ECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A9C6AECB7A5
D1407A9C6AECB7A5D1407A9C6AECB7A5D1407C1FB8A24DA02E5B8DA29580ABEE30F4A965AD8E8A4CE
13B80187E5F60DD658E340646EC0BD5BB8E3A7AC9ABB19F3AE79D83D802188B49455FAFCEB95753BF
5ACF712B32ED891E81ED2EBA2354E5C0060859EEC4D46E0C94F7A09B4D63A4B5B3C864BA23279DAF2
1004928BC9874922C5ED3028EE7E91912997035B87117CC96E6C2D868612011817C4A1F03E0DF8F52
24377C179751D0E19CF9480675AD7C5D910A7B1D8B8E3DDC2046E764F503FA2A41FCDCB55116AA789
033EC7AD94F995C33B7E77CCA5F30D57932141AC638212AEFBE15CDDDF76081AF451D781649447291
948B1773938B3CE2B3679767CBEF1D3B8350E648FD19F1B4F75DC8094ED29393D72BBE1F2C9A1D463
FE4FC6F503B35F999D81ABF52022161E24863B115E51579CBB778B7AD9EC4ABBA072A650730FCD454
4D6EB8819054251AE0938EAD3969A8FB7496699A7ED42179399172E467DD1C728B6D1E58A83113D35
9B6F564F95CF554F99D63C0C42073B24FD0956C63DCE101ACAFC4C539D231BAF79CE2D652F750EBCD
339766F4B9451745D64B25450E171BF4101A0E8174F8669E1B56BBF06BE3E91EAD9FDD02E9B6AF678
045362FCD424934DE669D175A10180997AB29B829451AF527BAB415400F6F596B7EBF84DAB4263A52
9D3AC85D66DE768E4C84B529114508353FDE9E9DACD8E0141D0B2909A4DCF063AAEA7D4E2946598B3
9432E30537FEF80D1702E078A83184587E3ED60B26CFAAFBEE8838E924157B96A3CBEC72D09A36C43
C59EDD927A272A81460F61C96ACD847AB27C549AA65643328236492D9D83E8ED8D18A32CB7A2250D3
6E8C1EC784D4E7A16FD88E9E992AA2F45B06CFAFBE1A6E786273EAFB276C6225557396CA496B9DAF6
2107AD5C7A7F105A8534A14AA565F4E142AA183E9AEE61292503F92C0699D5B1350868FD93E2173D3
90552CCA8250318673250FD4CA57CA3C07067503220FCAABBDDB6A91D127033CC4F78124362298EA5
97BB15327A3A1F6438BB000EC8D4B6647D7EAFD48EA17513C6D828D87AA248829DA61212C2F8C7FF2
A5E27824AACA94190FF8880FCA399887277EB2133496B772327A4E47502824C65E0F82A5E8DF9927C
6E2E91417152CFAC6AB937B7C54690CA139C06BD1B2C9B7F39C07D4C041EF29F9D7B34C957D39ADA4
A404E2B6661E8DFB41310EF38E667C5557C5181FC8219A56EB46AE00667F7D4CE42CF388FC6D55CB9
72CA767C28495AA6ECE5AE2F94F39"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"="C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe:*:Enabled:tvprunner"
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"="C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"="C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe:*:Enabled:Sunbelt Kerio Firewall GUI"
"F:\\Gears of War\\Binaries\\WarGame-G4WLive.exe"="F:\\Gears of War\\Binaries\\WarGame-G4WLive.exe:*:Enabled:Gears of War"
"F:\\r6v2\\Binaries\\R6Vegas2_Game.exe"="F:\\r6v2\\Binaries\\R6Vegas2_Game.exe:*:Enabled:Tom Clancy's Rainbow Six Vegas 2"
"F:\\r6v2\\Binaries\\R6Vegas2_Launcher.exe"="F:\\r6v2\\Binaries\\R6Vegas2_Launcher.exe:*:Enabled:Tom Clancy's Rainbow Six Vegas 2 Update"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :



Files with Hidden Attributes :

Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 7 Jul 2008 2,156,368 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Mon 9 Oct 2006 56 ..SHR --- "C:\WINDOWS\system32\1BD74E0A03.sys"
Mon 9 Oct 2006 1,890 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Fri 3 Nov 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 28 Aug 2008 198 A..H. --- "C:\WINDOWS\Temp\Free Download Manager\tic6.tmp"
Tue 26 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp"
Sat 3 Nov 2007 22,482 ...HR --- "C:\Documents and Settings\me\Application Data\SecuROM\UserData\securom_v7_01.bak"
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\me\Application Data\U3\temp\Launchpad Removal.exe"
Tue 13 Mar 2007 27,136 ...H. --- "C:\Documents and Settings\me\My Documents\Homework\Eng 131\~WRL0004.tmp"
Mon 12 Mar 2007 27,136 ...H. --- "C:\Documents and Settings\me\My Documents\Homework\Eng 131\~WRL2560.tmp"
Thu 8 Mar 2007 27,136 ...H. --- "C:\Documents and Settings\me\My Documents\Homework\Eng 131\~WRL3451.tmp"
Sun 15 Jun 2008 24,576 ...H. --- "C:\Documents and Settings\me\My Documents\Homework\Phys 216\~WRL0005.tmp"
Tue 17 Jun 2008 31,744 ...H. --- "C:\Documents and Settings\me\My Documents\Homework\Phys 216\~WRL1299.tmp"
Mon 16 Jun 2008 25,088 ...H. --- "C:\Documents and Settings\me\My Documents\Homework\Phys 216\~WRL1609.tmp"
Mon 16 Jun 2008 45,056 ...H. --- "C:\Documents and Settings\me\My Documents\Homework\Phys 216\~WRL1614.tmp"
Sun 15 Jun 2008 24,064 ...H. --- "C:\Documents and Settings\me\My Documents\Homework\Phys 216\~WRL1689.tmp"
Tue 17 Jun 2008 31,232 ...H. --- "C:\Documents and Settings\me\My Documents\Homework\Phys 216\~WRL2045.tmp"
Tue 17 Jun 2008 30,720 ...H. --- "C:\Documents and Settings\me\My Documents\Homework\Phys 216\~WRL2213.tmp"
Mon 16 Jun 2008 52,736 ...H. --- "C:\Documents and Settings\me\My Documents\Homework\Phys 216\~WRL2541.tmp"
Sun 15 Jun 2008 31,232 ...H. --- "C:\Documents and Settings\me\My Documents\Homework\Phys 216\~WRL2899.tmp"
Mon 16 Jun 2008 28,672 ...H. --- "C:\Documents and Settings\me\My Documents\Homework\Phys 216\~WRL3055.tmp"
Mon 16 Jun 2008 29,184 ...H. --- "C:\Documents and Settings\me\My Documents\Homework\Phys 216\~WRL3088.tmp"
Tue 17 Jun 2008 31,744 ...H. --- "C:\Documents and Settings\me\My Documents\Homework\Phys 216\~WRL3303.tmp"
Sun 15 Jun 2008 24,576 ...H. --- "C:\Documents and Settings\me\My Documents\Homework\Phys 216\~WRL3325.tmp"
Tue 17 Jun 2008 30,208 ...H. --- "C:\Documents and Settings\me\My Documents\Homework\Phys 216\~WRL3373.tmp"
Tue 17 Jun 2008 30,720 ...H. --- "C:\Documents and Settings\me\My Documents\Homework\Phys 216\~WRL3550.tmp"
Tue 17 Jun 2008 30,720 ...H. --- "C:\Documents and Settings\me\My Documents\Homework\Phys 216\~WRL3708.tmp"
Fri 3 Nov 2006 4,348 ...H. --- "C:\Documents and Settings\me\My Documents\My Music\License Backup\drmv1key.bak"
Fri 3 Nov 2006 20 A..H. --- "C:\Documents and Settings\me\My Documents\My Music\License Backup\drmv1lic.bak"
Fri 3 Nov 2006 400 ...H. --- "C:\Documents and Settings\me\My Documents\My Music\License Backup\drmv2key.bak"
Fri 3 Nov 2006 1,536 A..H. --- "C:\Documents and Settings\me\My Documents\My Music\License Backup\drmv2lic.bak"

Finished!




--------------





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:23:03 PM, on 8/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Compal Electronics, INC\Sidewalker\CSWalker.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\system32\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe
O4 - HKLM\..\Run: [CASS] C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Smart Watch Dog] -C:\Program Files\Compal Electronics, INC\Smart Watchdog\SmartWD.exe
O4 - HKLM\..\Run: [Sidewalker] C:\Program Files\Compal Electronics, INC\Sidewalker\CSWalker.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - WWW Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1191615306546
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Smart Watchdog Service (Smart Watchdog) - Unknown owner - C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 8828 bytes

[rridgely]

Alright since the logs your posting are coming up clean(since you had run the scans more than once) its sort of hard for me to know exactly whats been removed. The hijackthis log you just posted looks ok except for one thing:

Run hijackthis and do a system scan. Check off the following item:

O13 - WWW Prefix:

Then press fix checked and exit hijackthis.

Now I want you to run the below scan and post back the log. I also want a progress report on how the machine is running.

Run Kaspersky WebScanner

• Please go HERE and click Kaspersky Online Scanner
  
• Read and Accept the Agreement
  
• You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  
• If you see a Windows dialog asking if you want to install this software, click the Install button.
  
• The program will launch and then begin downloading the latest definition files,
  
• When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
  
• Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
  
• Under "Please select a target to scan:", click My Computer to start the scan.
  
• When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.
  
• Paste kaspersky log onto forum.

[desktop]

It seems that the scan is having issues. I tried IE first and as it loaded it gave me an error saying "several java virtual machines running the same process caused an error" and thats as far as it gets. I then loaded up ff (older 2 release) and that started but it gets stuck updating the definition list.

As far as behavior, I still have functionality with the computer and since doing the MBAM scan I have been able to view most websites and do most things on the internet. I have not done anything involving a password or any information. But there are still hangups such as the one previously mentioned.

If it doesnt make some progress (currently stuck at 0% for 10 minutes) I will reboot and try again.

edit: a reboot and 30 minutes of waiting and the update on the database was still at 0%

[rridgely]

That scan is IE only. I'm not sure whats going on with the multiple java thing.
Try rebooting and starting it again like you said(it should only take a few minutes to get started).

[desktop]

ok, updated and scanning now. I didnt see any "extended database" though. Seems like the interface has changed a bit.

[desktop]

Still having issues with running the scan. I got it to run but I wasnt there at the time and was instructing by phone and I believe the settings were off. Ive been trying to scan again but I cannot update the database.

I noticed the computer takes much longer to both boot and shut down. Also when I restart, the computer does not re-boot itself. It seems to go into a 'standby' mode where the power button blinks. If I press the power button it then starts up (booting from bios and then to windows). So for some reason on reboot, it doesn't go from shutdown to restarting on its own.

Here is the kavscan results I managed to get though.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, August 31, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, August 31, 2008 04:46:52
Records in database: 1171597
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 117214
Threat name: 5
Infected objects: 4
Suspicious objects: 2
Duration of the scan: 02:13:09


File name / Threat name / Threats count
C:\Documents and Settings\me\Application Data\Thunderbird\Profiles\pts2evrh.default\Mail\pop.gmail.com\Trash Suspicious: Trojan-Spy.HTML.Fraud.gen 2
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.62 1
C:\Program Files\RealVNC\VNC4\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1
C:\Program Files\UltraVNC\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c 1
C:\Program Files\UltraVNC\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 1

The selected area was scanned.



edit: doesnt look like I can get another scan started. It just acts if I was using the wrong browser (it begins to update the database and just stays at 0% and 0kb)

edit2: would it be just a better idea to grab what I want and stick it on a external hdd and then wipe the computer and reinstall windows? do you believe that this infection will spread to the external with files (mostly documents and music)?

[rridgely]

Sorry about the spaced responses today, I've been busy.
Forget about kaspersky for now.

Download this file - combofix.exe and save it to your desktop.
Double click combofix.exe & follow the prompts.
When it's finished, it will produce a log of what it found. Please post the contents of that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running as it may cause it to stall

[desktop]

ComboFix 08-08-30.03 - me 2008-08-31 19:12:05.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1285 [GMT -7:00]
Running from: C:\Documents and Settings\me\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\me\Application Data\inst.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV
-------\Service_tdssserv


((((((((((((((((((((((((( Files Created from 2008-08-01 to 2008-09-01 )))))))))))))))))))))))))))))))
.

2008-08-29 22:06 . 2008-08-29 22:06 <DIR> d-------- C:\WINDOWS\ERUNT
2008-08-29 21:53 . 2008-08-29 22:39 <DIR> d-------- C:\SDFix
2008-08-29 21:47 . 2008-08-29 21:47 <DIR> d-------- C:\Program Files\Panda Security
2008-08-29 21:47 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-29 21:00 . 2008-08-30 08:26 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-08-28 19:52 . 2008-08-28 19:52 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-28 19:52 . 2008-08-28 19:52 <DIR> d-------- C:\Documents and Settings\me\Application Data\Malwarebytes
2008-08-28 19:52 . 2008-08-28 19:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-28 19:52 . 2008-08-17 15:05 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-28 19:52 . 2008-08-17 15:05 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-28 19:42 . 2008-08-28 19:42 <DIR> d-------- C:\Program Files\CCleaner
2008-08-26 21:17 . 2008-08-26 21:17 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-26 21:03 . 2008-08-26 21:10 <DIR> d-------- C:\ie-spyad_zo
2008-08-26 21:00 . 2008-08-26 21:14 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-08-26 09:59 . 2008-08-31 19:10 <DIR> d--h----- C:\$AVG8.VAULT$
2008-08-22 23:42 . 2008-08-22 23:43 <DIR> d-------- C:\Program Files\CDisplayEx
2008-08-18 13:57 . 2008-08-25 11:54 <DIR> d-------- C:\Program Files\Steam
2008-08-15 21:07 . 2008-08-31 13:13 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-15 21:07 . 2008-08-15 21:07 <DIR> d-------- C:\Program Files\AVG
2008-08-15 21:07 . 2008-08-26 09:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-15 21:07 . 2008-08-29 23:12 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-15 21:07 . 2008-08-15 21:07 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-15 21:07 . 2008-08-15 21:07 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-13 21:48 . 2008-08-13 21:48 <DIR> d-------- C:\Program Files\Startup Inspector for Windows
2008-08-13 21:48 . 2008-08-13 21:48 <DIR> d-------- C:\Program Files\Copy Handler
2008-08-09 10:13 . 2008-08-09 10:13 <DIR> d-------- C:\Program Files\Vuze
2008-08-09 10:13 . 2008-08-25 22:37 <DIR> d-------- C:\Documents and Settings\me\Application Data\Azureus
2008-08-09 10:13 . 2008-08-09 10:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-30 05:02 330 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-08-29 02:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-27 04:14 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-27 04:14 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-08-25 00:22 136,888 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-08-25 00:22 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-08-22 03:07 --------- d-----w C:\Program Files\mIRC
2008-08-20 04:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-18 06:14 --------- d-----w C:\Documents and Settings\me\Application Data\U3
2008-08-17 18:47 --------- d-----w C:\Program Files\Revo Uninstaller
2008-08-17 18:39 --------- d-----w C:\Documents and Settings\me\Application Data\Joost
2008-08-17 18:24 --------- d-----w C:\Program Files\ApexDC++
2008-08-14 04:07 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-10 17:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-10 17:04 --------- d-----w C:\Program Files\Lavasoft
2008-08-10 17:04 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-04 17:10 --------- d-----w C:\Program Files\Java
2008-07-15 02:48 --------- d-----w C:\Documents and Settings\me\Application Data\EVEMon
2008-07-13 04:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-07-10 17:23 --------- d-----w C:\Program Files\Driver Sweeper
2008-07-07 22:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-07-07 22:13 --------- d-----w C:\Documents and Settings\me\Application Data\Free Download Manager
2008-07-07 22:08 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-07-07 22:08 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-07-07 22:08 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-07-07 22:07 --------- d-----w C:\Program Files\Common Files\Logitech
2008-07-07 22:07 --------- d-----w C:\Program Files\Common Files\Logishrd
2008-07-07 22:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-04-18 20:12 22,328 ----a-w C:\Documents and Settings\me\Application Data\PnkBstrK.sys
2008-02-26 08:18 19,120 ----a-w C:\Documents and Settings\me\Application Data\GDIPFONTCACHEV1.DAT
2007-07-30 21:54 47,360 ----a-w C:\Documents and Settings\me\Application Data\pcouffin.sys
2007-01-04 00:37 1 ----a-w C:\Documents and Settings\me\SI.bin
2006-10-10 00:22 56 --sh--r C:\WINDOWS\system32\1BD74E0A03.sys
2006-10-10 00:22 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 05:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CASS"="C:\Program Files\Compal Electronics" [X]
"Smart Watch Dog"="-C:\Program Files\Compal Electronics" [X]
"Sidewalker"="C:\Program Files\Compal Electronics" [X]
"tsnp2std"="C:\WINDOWS\system32\tsnp2std.exe" [2006-03-31 19:52 126976]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2005-10-20 14:18 339968]
"KTPWare"="C:\Program Files\Elantech\ktp.exe" [2006-05-23 18:32 512000]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 00:38 802816]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 00:32 696320]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-26 20:06 8462336]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-29 23:12 1235736]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 17:44 16120832 C:\WINDOWS\RTHDCPL.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2006-05-23 18:30 88204 C:\WINDOWS\AGRSMMSG.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe]
"nwiz"="nwiz.exe" [2007-06-26 20:06 1626112 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-07-07 15:07:27 805392]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2006-04-19 12:08 49152 C:\Program Files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
2006-05-23 18:38 393216 C:\WINDOWS\system32\IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"vidc.ffds"= C:\Program Files\ffdshow\ffdshow.ax
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"vidc.CDVC"= cdvccodc.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-03-12 13:49 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2007-02-07 16:21 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-09 18:53 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OmniPass]
--a------ 2006-04-19 12:12 2084864 C:\Program Files\Softex\OmniPass\scureapp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 09:41 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2007-02-07 16:24 71216 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R0 Ramdisk;Ramdisk [ QSoft ];C:\WINDOWS\system32\DRIVERS\ramdisk.sys [2002-12-07 00:46]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-29 23:12]
R1 CPEB;CPEB;C:\WINDOWS\system32\drivers\CPEB.SYS [2006-02-23 18:21]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2006-07-18 12:02]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2006-07-18 12:02]
R1 PersonalSecureDrive;PersonalSecureDrive;C:\WINDOWS\system32\drivers\psd.sys [2006-05-23 18:37]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-29 23:12]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 23:12]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-15 21:07]
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-09-01 12:32]
R2 Smart Watchdog;Smart Watchdog Service;C:\Program Files\Compal Electronics, INC\Smart Watchdog\SWDsvc.exe [2006-03-24 12:15]
R2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS [2004-06-26 14:22]
R3 CamFilter;CamFilter;C:\WINDOWS\system32\Drivers\CamFilter.sys [2006-12-18 10:31]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2006-05-23 18:38]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2005-10-17 16:16]
S3 Ktp;Elantech Touchpad;C:\WINDOWS\system32\DRIVERS\Ktp.sys [2006-05-23 18:32]
S3 TridDev;Trident Device;C:\WINDOWS\system32\DRIVERS\Triddev.sys [2006-08-15 09:26]
S3 TridVid;Trident Analog plus Digital Video;C:\WINDOWS\system32\DRIVERS\TridVid.sys [2006-08-15 09:26]
S3 UXDCMN;UXDCMN;D:\UXDCMN.SYS []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{165bf8a4-3b25-11dd-b214-0016d410b565}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8060c26-658a-11dd-b25f-0016d410b565}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Copy Handler - (no file)
MSConfigStartUp-DAEMON Tools - C:\Program Files\DAEMON Tools\daemon.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\me\Application Data\Mozilla\Firefox\Profiles\69kp8992.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-31 19:23:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\TEMP\0e508b88-791d-4a73-89b8-cae29f8cc9bb.tmp


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Softex\OmniPass\opxpgina.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Softex\OmniPass\OmniServ.exe
C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTNA.exe
C:\Program Files\Compal Electronics, INC\Wireless Select Switch\Wireless Select Switch.exe
C:\Program Files\Compal Electronics, INC\Sidewalker\CSWalker.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
.
**************************************************************************
.
Completion time: 2008-08-31 19:36:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-01 02:35:35

Pre-Run: 10,208,006,144 bytes free
Post-Run: 10,207,191,040 bytes free

243

[desktop]

I did forget to ask in the last post, do you think it would be better just to wipe? Is there any risk in spreading to my external since I don't know how I got infected or do you believe this is beatable?

Oh and thank you for all the help

[rridgely]

Sorry for the lack of a reply. I was waiting on a second opinion from someone else but I guess their busy.
Anyway your computer has a nasty rootkit infection. The recommended source of action for this type of infection is to just reformat the computer and start over. As far as your data being safe on external I would say yes as long as you make sure you dont copy infected files over(stuff like music, docs, pictures should be fine).

I would make sure you have your AV running while you do this.

[desktop]

thank you for all the help, i truly appreciate it
i defiantly think its time to get a better av and firewall. I had been meaning to start using comodo anyway, but would you recommend avira or avast over avg? From the detection reports ive seen, avg is not as good as either.

again thank you.

[rridgely]

AVG is fine but if I was going to switch it would probably be Antivir.
Comodo is fine too but I like the built in windows firewall better. (no outbound protection but less hassle. Does work sufficiently to keep bad guys out though.)

[desktop]

So I have succesfully wiped my computer, but before I did I saved some files (mostly folders from my docs) to a new external hdd and then hooked it up to my old desktop. On the desktop I scanned the external with avg and another online scanner (kapersky or bitdefender maybe?) Anyway, both scans came out clean. But now when I turn on the computer it does not work.

I always end up with a black screen with a flashing white underscore in the top left curner however it some cases there are other random characters on the screen too.

Sometimes it goes straight to that screen, other times it goes to the pre-bios screen. Usually before the splash screen seen when quick-boot is disabled. However all the writing is skewed and theres are random characters and lines just completley wrong.

Then sometimes it has different colored symbols (music notes/smilies/etc) in various locations with the same black screen.


I am guessing the boot sector is corrupt, but I was just curious is this could at all be related to that possibly infected external hdd? I have had previous hdd failure issues with the computer so this is not totally unexpected, but it just seems to coincidental that I didn't at least ask.

Could an infection have done this type of damage to the computer?

Thanks