PDA

View Full Version : Unable to access hard drives..



m3dic
20-01-2009, 07:15 PM
Okay, here's my problem.
I go into My Computer, double click on any of my drives, and then they do not open. But I can right click > explorer, and right click>open them fine. Also they now have an "Autoplay" function when I right click them. Isn't that for external HDD's only? At first I thought it wasn't working because I am using custom visual styles and icons, but after disabling them it does nothing. I had a friend and his external HDD around today, could that have done something?


Logfile of HijackThis v1.99.1
Scan saved at 7:12:01 p.m., on 20/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Stardock\Object Desktop\IconPackager\IconPackager.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\Documents and Settings\lovemelodiesnintendo\Desktop\HijackThis.e xe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MS32DLL] C:\WINDOWS\MS32DLL.dll.vbs
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\PROGRA~1\FREEDO~1\fdm.exe -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: PowerCam 2.0 Megapixel Monitor.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Blam
20-01-2009, 07:18 PM
You have a few nasties, tick these:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla

O4 - HKLM\..\Run: [MS32DLL] C:\WINDOWS\MS32DLL.dll.vbs

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Get MalwareBytesAntiMalware, update and scna, get Spywar Terminator too and do the same thing.

Post another log here when done

m3dic
20-01-2009, 07:20 PM
You have a few nasties, tick these:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla

O4 - HKLM\..\Run: [MS32DLL] C:\WINDOWS\MS32DLL.dll.vbs

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Get MalwareBytesAntiMalware, update and scna, get Spywar Terminator too and do the same thing.

Post another log here when done

What about Spy bot?

Blam
20-01-2009, 07:21 PM
Scan with that later, the two malware/spyware scanners I named are most effective

Speedy Gonzales
20-01-2009, 07:34 PM
And disable system restore and update hijackthis before you post another log

These entries maybe a bit suss

C:\WINDOWS\system32\wscript.exe

It looks like this is a windows file, but I've never seen it in a log

You can tick these then tick fix checked

Close browsers

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [MS32DLL] C:\WINDOWS\MS32DLL.dll.vbs

Then reboot, then get trojan remover below as well, update it then scan

Then select all options under utilities

If you use USB flash drives, DONT plug any into this PC (or any other computer, if its been connected to this), till this is fixed. This is how it spreads

m3dic
20-01-2009, 08:21 PM
Tests:

Spyware Terminator:

Logfile of Spyware Terminator v2.5.1.028 (db:3.001.019.000)
Scan Time: 20/01/2009 8:17:11 p.m. length: 99 s
Platform: WXP (5.1.0.2600)
User: Admin
Boot Mode: Normal
Scan type: Fast_Spyware_Scan
Scanned Objects: 44622 (Critical:2)
Filter: No System items, No Safe items, No Invalid items

Running Processes
nvsvc32.exe [NVIDIA Corporation] : C:\WINDOWS\system32\nvsvc32.exe
Mixer.exe [C-Media Electronic Inc. (www.cmedia.com.tw)] : C:\WINDOWS\Mixer.exe
foobar2000.exe : C:\Program Files\foobar2000\foobar2000.exe

Internet Settings
R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R - HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R - HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R - HKLM\System\CurrentControlSet\Services\Tcpip\Param eters, Domain =
R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Tel ephony, DomainName =

BHO
02 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - : C:\Program Files\Free Download Manager\iefdm2.dll

StartUps
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run , JMB36X IDE Setup : : C:\WINDOWS\JM\JMInsIDE.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run , 36X Raid Configurer : [JMicron Technology Corp.] : C:\WINDOWS\system32\JMRAIDSETUP.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run , C-Media Mixer : [C-Media Electronic Inc. (www.cmedia.com.tw)] : C:\WINDOWS\Mixer.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run , MS32DLL : : C:\WINDOWS\MS32DLL.dll.vbs

Shell Extensions
WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} - : C:\Program Files\WinRAR\rarext.dll
Desktop Explorer - {1CDB2949-8F65-4355-8456-263E7C208A5D} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll
- {1E9B04FB-F9E5-4718-997B-B8DA88302A47} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll
nView Desktop Context Menu - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll
AlcoholShellEx - {32020A01-506E-484D-A2A8-BE3CF17601C3} - [Alcohol Soft Development Team] : C:\Program Files\Alcohol Soft\Alcohol 120\AXShlEx.dll
Acrobat Elements Context Menu - {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} - [Adobe Systems Inc.] : C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll
WinZip - {E0D79304-84BE-11CE-9641-444553540000} - [WinZip Computing LP] : C:\Program Files\WinZip\WZSHLSTB.DLL
WinZip - {E0D79305-84BE-11CE-9641-444553540000} - [WinZip Computing LP] : C:\Program Files\WinZip\WZSHLSTB.DLL
WinZip - {E0D79306-84BE-11CE-9641-444553540000} - [WinZip Computing LP] : C:\Program Files\WinZip\WZSHLSTB.DLL
WinZip - {E0D79307-84BE-11CE-9641-444553540000} - [WinZip Computing LP] : C:\Program Files\WinZip\WZSHLSTB.DLL
7-Zip Shell Extension - {23170F69-40C1-278A-1000-000100020000} - [Igor Pavlov] : C:\Program Files\7-Zip\7-zip.dll

Shell Service Objects
- {IconPackager Repair} - [Stardock.net, Inc] : C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll

Services
23 - [Advanced Micro Devices] : C:\WINDOWS\system32\DRIVERS\AmdK8.sys
23 - [C-Media Inc] : C:\WINDOWS\system32\drivers\cmaudio.sys
23 - [JMicron] : C:\WINDOWS\system32\DRIVERS\JGOGO.sys
23 - [JMicron Technology Corp.] : C:\WINDOWS\system32\DRIVERS\jraid.sys
23 - : C:\WINDOWS\system32\DRIVERS\ASACPI.sys
23 - [NVIDIA Corporation] : C:\WINDOWS\system32\DRIVERS\nvata.sys
23 - [NVIDIA Corporation] : C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
23 - [NVIDIA Corporation] : C:\WINDOWS\system32\nvsvc32.exe
23 - [Digital Camera] : C:\WINDOWS\system32\Drivers\Ca533av.sys
23 - [USB BULK] : C:\WINDOWS\system32\Drivers\Bulk533.sys

Threat Files
<Worm.VBS.Solow.b> : C:\WINDOWS\MS32DLL.dll.vbs

Advanced Files Report
%SYSDIR%\nvsvc32.exe [NVIDIA Corporation] [NVIDIA Driver Helper Service, Version 169.06] MD5=357CDE6C24EB15888E810C6D2787C238 SIZE=155716
%SYSDIR%\nvapi.dll [NVIDIA Corporation] [NVIDIA Windows drivers] MD5=05CFBD59DFFD6B2F2109A016B7F1ADD2 SIZE=385024
%PROGRAMFILES%\Stardock\Object Desktop\IconPackager\iprepair.dll [Stardock.net, Inc] [IconPackager for ObjectDesktop] MD5=3E9DFC0050BD86A08AAA247FA6BF0799 SIZE=65536
%SYSDIR%\nvshell.dll [NVIDIA Corporation] [NVIDIA Desktop Explorer, Version 111.29] MD5=5238E5928F3AC2FC0B5E79645C4AB5B5 SIZE=466944
%PROGRAMFILES%\WinZip\WZSHLSTB.DLL [WinZip Computing LP] [WinZip] MD5=C897E5F411D87BF5029F3126058882C4 SIZE=5120
%PROGRAMFILES%\WinRAR\rarext.dll MD5=3552CBED461D5309E86B640AD40C7F3E SIZE=120832
%PROGRAMFILES%\7-Zip\7-zip.dll [Igor Pavlov] [7-Zip] MD5=BF58D2BD6F8F22E2166E1D23AFEC8110 SIZE=70144
%PROGRAMFILES%\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll [Adobe Systems Inc.] [Adobe Acrobat Elements] MD5=8DFADBF07EDEF36EE825EA4B0B8B3029 SIZE=685696
%SYSDIR%\cmnprop.dll [C-Media Corporation] [CMI8738/CMI9738 Audio Device] MD5=6C04E2383A0B245AC42F64CD7F095CD0 SIZE=32768
%PROGRAMFILES%\MSN Messenger\MSIMG32.dll [Patchou] [Messenger Plus! Live] MD5=67DE23C7D320590168DAD1B59CF59F3A SIZE=59728
%PROGRAMFILES%\Messenger Plus! Live\MsgPlusLive.dll [Patchou] [Messenger Plus! Live] MD5=2F90405B21686A8A81B77B2824D95521 SIZE=3379024
%PROGRAMFILES%\Messenger Plus! Live\Detoured.dll MD5=6256684495C499B22DCDBA266E4F2494 SIZE=4096
%PROGRAMFILES%\Messenger Plus! Live\MsgPlusLiveRes.dll [Patchou] [Messenger Plus! Live] MD5=68262E065949567D7B38F4EC757B09E7 SIZE=1831248
%SYSDIR%\Dext533.ax [Microsoft Corporation (Sample)] [Platform SDK Sample Code] MD5=E6476FA2800D5A34798891167E6868AA SIZE=18944
%PROGRAMFILES%\Messenger Plus! Live\libsndfile.dll MD5=00742B11F1492D15A0A8FF25E36AB9BE SIZE=370688
%PROGRAMFILES%\Messenger Plus! Live\lame_enc.dll MD5=75430D2F8B2E204814247D62D9445CE4 SIZE=390656
%PROGRAMFILES%\foobar2000\foobar2000.exe [foobar2000 Application] MD5=BF7F62FF172490CD70F39A0E17F38B11 SIZE=1264128
%PROGRAMFILES%\foobar2000\shared.dll MD5=97310BEBD6D34EA518F203E7F08C2534 SIZE=146432
%PROGRAMFILES%\foobar2000\components\foo_notaskbar .dll MD5=4DC7FF8E0820073AB320C85F1E143B50 SIZE=81920
%PROGRAMFILES%\foobar2000\components\foo_ui_std.dl l MD5=778769425D6162A2DC3D1A0F00F7E5AE SIZE=849920
%PROGRAMFILES%\foobar2000\components\foo_albumlist .dll MD5=D7BAAC5EE68759F278BC2C8396358632 SIZE=423424
%PROGRAMFILES%\foobar2000\components\foo_input_std .dll MD5=0B9D46BD58A68A575B3B8EEC92DD5D54 SIZE=1285120
%PROGRAMFILES%\foobar2000\components\foo_rgscan.dl l MD5=FA7747BBD2F57882FA9D7D802BE13A76 SIZE=352768
%PROGRAMFILES%\foobar2000\components\foo_dsp_std.d ll MD5=6482737383C2FD173A888ED8C26A2A11 SIZE=278528
%PROGRAMFILES%\foobar2000\components\foo_playcount .dll MD5=0891F01E3C94093403D6EE10122009BA SIZE=155648
%PROGRAMFILES%\foobar2000\components\foo_converter .dll MD5=9D8F41705F565665F30D8E09D787585A SIZE=417792
%PROGRAMFILES%\foobar2000\components\foo_cdda.dll MD5=093FA66AB4FC0AFA81253BC8909BADA9 SIZE=239616
%PROGRAMFILES%\foobar2000\components\foo_msnalt.dl l MD5=85E1C4EB071A5392B52DF1D1AD1ECEF0 SIZE=94208
%SYSDIR%\Macromed\Flash\NPSWF32.dll [Adobe Systems, Inc.] [Shockwave Flash] MD5=58F41CA8F9C2014709F9547B2B81A468 SIZE=3695008
deskpan.dll
%PROGRAMFILES%\Alcohol Soft\Alcohol 120\AXShlEx.dll [Alcohol Soft Development Team] [Alcohol ShellEx] MD5=0C1D3CA7D2C8A48AB01DFA958E150169 SIZE=387584
%SYSDIR%\DRIVERS\AmdK8.sys [Advanced Micro Devices] [AMD Processor Driver] MD5=0A4D13B388C814560BD69C3A496ECFA8 SIZE=36864
%SYSDIR%\svchost.exe -k netsvcs
%SYSDIR%\drivers\cmaudio.sys [C-Media Inc] [C-Media Audio Driver (WDM)] MD5=21D32A883613739D206166EC1AE561F1 SIZE=370382
%SYSDIR%\svchost -k DcomLaunch
%SYSDIR%\svchost.exe -k NetworkService
%SYSDIR%\DRIVERS\JGOGO.sys [JMicron] [SCSI Port upper filter driver] MD5=C995C0E8B4503FAC38793BB0236AD246 SIZE=6912
%SYSDIR%\DRIVERS\jraid.sys [JMicron Technology Corp.] [JMicron JMB36X RAID Driver] MD5=C341318BEAE24FA4042C5F8C64CB38B6 SIZE=44416
%SYSDIR%\svchost.exe -k LocalService
%SYSDIR%\DRIVERS\ASACPI.sys [ATK0110 ACPI Utility] MD5=D48659BB24C48345D926ECB45C1EBDF5 SIZE=5810
%SYSDIR%\DRIVERS\nvata.sys [NVIDIA Corporation] [NVIDIA nForce(TM) IDE Driver] MD5=4D6C6B46B3EDF6F2E219A86B61D104AE SIZE=105344
%SYSDIR%\DRIVERS\nvnetbus.sys [NVIDIA Corporation] [NVNETBUS] MD5=57B669F9234604A350174B86764444B0 SIZE=19968
%SYSDIR%\svchost -k rpcss
%SYSDIR%\svchost.exe -k imgsvc
%SYSDIR%\Drivers\Ca533av.sys [Digital Camera] [Digital Camera Driver] MD5=CB767B4677E95AB30C9634ACC7E8539D SIZE=514929
%SYSDIR%\Drivers\Bulk533.sys [USB BULK] [Platform SDK Sample Code] MD5=0C28DD9EC68CCB6E95D49BFD24FD2C11 SIZE=10986
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\ACE.dll [Adobe Systems Incorporated] [ACE] MD5=CC954BD96AC969F9CDCC34E0349570DE SIZE=845824
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\AGM.dll [Adobe Systems Incorporated] [AGM] MD5=0B6A7C548C07EE28AFE05E6ABB96CD2E SIZE=5345280
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\Adobe DNG Converter.exe [Adobe Systems Incorporated] [Adobe DNG Converter] MD5=740F204E91A64455C60C7866664E742F SIZE=6183088
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\AdobeLM_libFNP.dll [Macrovision Europe Ltd.] [FLEXnet Publisher (32 bit)] MD5=1D6BFFBC5CDDA17E4812288FC5C5CE22 SIZE=2531328
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\AdobeUpdater.dll [Adobe Systems Incorporated] [Adobe Updater Library] MD5=88EAB5C445EB10829513D076B4E3675A SIZE=496128
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\BIB.dll [Adobe Systems Incorporated] [BIB] MD5=AF000DDB9802F88C3E40FA8378B835F7 SIZE=276480
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\FNP_Act_Installer.dll [Macrovision Europe Ltd.] [FLEXnet Publisher (32 bit)] MD5=6F2E09108202E5EB008C69488FAFD27C SIZE=934400
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\MPS.dll [Adobe Systems Incorporated] [MPS] MD5=63FFF89A754FC2B2D9DC37320B04547B SIZE=3798016
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\OperaMgr.dll [Adobe Systems Incorporated] [Adobe Opera Manager] MD5=DE0C3BB21AA525F07786BD748D6BD6DB SIZE=73728
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\Photodownloader.exe [Adobe Systems Incorporated] [Adobe Photo Downloader] MD5=47714AEAFFAB5A29DE9EA08CB4A74C04 SIZE=4937904
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\Plug-Ins\ASEFormat.8bi MD5=B13A5EBEEDF948B99F4817A7E4750579 SIZE=290816
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\Plug-Ins\Cineon.8bi [Adobe Systems, Incorporated] [Adobe Photoshop CS3] MD5=81F9ACB9E9C30B6766CF21B775D51EB2 SIZE=29184
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\Plug-Ins\MMXCore.8BX [Adobe Systems, Incorporated] [Adobe Photoshop CS3] MD5=6E5259852ACB4E964FEBD7FA5B5F9216 SIZE=245760
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\adobe_personalization.dll [Adobe Systems Incorporated] [Adobe EPIC Personalization] MD5=157E5B28440B22797106EC574805E10B SIZE=346624
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\libagli18n28.dll [IBM Corporation and others] [International Components for Unicode] MD5=E110D3350932FD8F193AB3D8A75F51D4 SIZE=671744
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\libagluc28.dll [IBM Corporation and others] [International Components for Unicode] MD5=B9460E79EC16BE1416869EB13CE68D2C SIZE=589824
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\libmmd.dll [Intel Corporation] [Intel(r) C Compiler, Intel(r) C++ Compiler, Intel(r) Fortran Compiler] MD5=A8E9F6ED6912CE1B03A172DB99CC1823 SIZE=2797660
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\libmysqld.dll MD5=6A9DC6FB11A6BF111171AF8FADDC2809 SIZE=2748416
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\ols.dll [Adobe Systems Incorporated] [Adobe Online Services] MD5=EC903FC197E43A61EC1B7B3B3C025584 SIZE=290816
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\pspluginsupport.dll [Adobe Systems Incorporated] [Adobe Photo Downloader 4.0 component] MD5=AC6417E173833D9B0E6738CE1485F783 SIZE=114688
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\zlib.dll [ZLib.DLL] MD5=038F501695724FF0A44A0129DE8279DE SIZE=618496
%PROGRAMFILES%\Adobe\Adobe Device Central CS3\SCL.dll [Adobe Systems Incorporated] [Adobe SCL] MD5=70C98B718A3C72922A212C5762DC9F2A SIZE=1410048
%PROGRAMFILES%\Adobe\Adobe Stock Photos CS3\adobe_caps.dll [Adobe Systems Incorporated] [Adobe CAPS] MD5=C4A9FBE8B7D32E29880AE41738166C4B SIZE=220856
%COMMONFILES%\Adobe\Adobe Asset Services CS3\ARE.dll [Adobe Systems Incorporated] [ARE] MD5=8B507D67731B1C6244BD61E0E92621CD SIZE=319160
%COMMONFILES%\Adobe\Adobe Asset Services CS3\AXE8SharedExpat.dll [Adobe Systems Incorporated] [AXE8SharedExpat] MD5=EF6873EF162288CD053C31EFAAF366AD SIZE=167936
%COMMONFILES%\Adobe\Adobe Asset Services CS3\AdobeXMPFiles.dll [Adobe XMP Files] MD5=456D65C2543902E768CF6105386ABCBE SIZE=339968
%COMMONFILES%\Adobe\Adobe Asset Services CS3\BIB.dll [Adobe Systems Incorporated] [BIB] MD5=A864913759544CB26093B792206C0894 SIZE=282816
%COMMONFILES%\Adobe\Adobe Asset Services CS3\BIBUtils.dll [Adobe Systems Incorporated] [BIBUtils] MD5=2BD9F80EF217317935D9513320CF9CA6 SIZE=249552
%COMMONFILES%\Adobe\Adobe Asset Services CS3\Plug-Ins\Cineon.8bi [Adobe Systems, Incorporated] [Adobe Photoshop CS3] MD5=81F9ACB9E9C30B6766CF21B775D51EB2 SIZE=29184
%COMMONFILES%\Adobe\Adobe Asset Services CS3\Plug-Ins\FastCore.8BX [Adobe Systems, Incorporated] [Adobe Photoshop CS3] MD5=EA820925DED97BF9EDACD6A0FCBFD05C SIZE=32768
%COMMONFILES%\Adobe\Adobe Asset Services CS3\Plug-Ins\PCX.8BI [Adobe Systems, Incorporated] [Adobe Photoshop CS3] MD5=65CFE9BE2452FC842B8EF107107972FC SIZE=22528
%COMMONFILES%\Adobe\Linguistics\Providers\Plugins\ WRLiloPlugin1.0\NFTWin_MacEnc.dll [Winsoft SA - NeuroSoft SA] [NFTWin_MacEnc.dll Dynamic Link Library] MD5=167FC2C88CB8366C2189E82A70281162 SIZE=221184
%COMMONFILES%\Adobe\Updater5\AdobeUpdater.ar_AE [Adobe Systems Incorporated] [Adobe Updater] MD5=37C241539946B96B1C3C83AE06F43079 SIZE=60608
%COMMONFILES%\Adobe\Updater5\AdobeUpdater.bg_BG [Adobe Systems Incorporated] [Adobe Updater] MD5=9E888FA177852B86278AAC34B8D0FDDF SIZE=64704
%COMMONFILES%\Adobe\Updater5\AdobeUpdater.et_EE [Adobe Systems Incorporated] [Adobe Updater] MD5=8973BF847409AE84191BBE8A24A4B167 SIZE=63168
%COMMONFILES%\Adobe\Updater5\AdobeUpdater.lt_LT [Adobe Systems Incorporated] [Adobe Updater] MD5=310EAE4D478D85DD6FBE0F05F42F2B2B SIZE=63168
%COMMONFILES%\Adobe\Updater5\AdobeUpdater.uk_UA [Adobe Systems Incorporated] [Adobe Updater] MD5=7766741BF52B87D901453EC62AE9EFCF SIZE=63680
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9 a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll [Microsoft Corporation] [Microsoft® Visual Studio® 2005] MD5=CB23B162AC655F24C6711A5F5DF348C6 SIZE=61440
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e 18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll [Microsoft Corporation] [Microsoft® Visual Studio® 2005] MD5=1B7524806D0270B81360C63A2FA047CB SIZE=1101824
%SYSDIR%\MFC71DEU.DLL [Microsoft Corporation] [Microsoft® Visual Studio .NET] MD5=C94D9D5B96D385586063093BAAD8F206 SIZE=65536
%SYSDIR%\MFC71JPN.DLL [Microsoft Corporation] [Microsoft® Visual Studio .NET] MD5=C3CA0BF342DD90C9012C77BCFFD9D43D SIZE=49152
%COMMONFILES%\Microsoft Shared\Smart Tag\FPERSON.DLL [Microsoft Corporation] [Microsoft Office 2003] MD5=B88AECBFC7434B37D6921199D9C47947 SIZE=179768
%COMMONFILES%\Microsoft Shared\OFFICE11\1033\MSOINTL.DLL [Microsoft Corporation] [Microsoft Office 2003] MD5=C1AA3D8D5E20D231FDD502889FC20793 SIZE=1748536
%SYSDIR%\drivers\mbamswissarmy.sys [Malwarebytes Corporation] [Malwarebytes' Anti-Malware] MD5=3FADDD373612EEB94C364A257A308978 SIZE=38496

End of Report


Malware thing:

Malwarebytes' Anti-Malware 1.33
Database version: 1654
Windows 5.1.2600 Service Pack 2

20/01/2009 8:10:17 p.m.
mbam-log-2009-01-20 (20-10-14).txt

Scan type: Quick Scan
Objects scanned: 53567
Time elapsed: 4 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\MS32DLL (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\MS32DLL.dll.vbs (Trojan.Agent) -> No action taken.

Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 8:21:22 p.m., on 20/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\Program Files\foobar2000\foobar2000.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Spyware Terminator\Spywareterminator.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\lovemelodiesnintendo\Desktop\HijackThis.e xe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [MS32DLL] C:\WINDOWS\MS32DLL.dll.vbs
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\PROGRA~1\FREEDO~1\fdm.exe -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

Now trying Speedy's method.

wainuitech
20-01-2009, 08:33 PM
rerun the scans - BUT in Full mode,( both programs) NOT quick, this misses lots of possible infections.

Looking at the malwarebytes log you still have infections.

When you open Spyware terminator - up top click Settings - on the left click Scan Settings - In the scan settings, click the top two boxes, by default they are unticked, go back to Spyware Scan and select FULL SCAN - may take an hour approx.

m3dic
20-01-2009, 08:44 PM
I will do the other scans in full next. It might not be untill tomorrow as they seem to take AGES. But for now, here's the Trojan Scanner's log see if it helps:

***** THE SYSTEM HAS BEEN RESTARTED *****
20/01/2009 8:40:38 p.m.: Trojan Remover has been restarted
C:\WINDOWS\MS32DLL.dll.vbs has been renamed to C:\WINDOWS\MS32DLL.dll.vbs.vir
================================================== =====
Deleting the following registry value(s):
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \[MS32DLL] - already deleted
================================================== =====
20/01/2009 8:40:38 p.m.: Trojan Remover closed
************************************************** **********


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.5.2560. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 8:38:03 p.m. 20 Jan 2009
Using Database v7265
Operating System: Windows XP SP2 [Windows XP Professional Service Pack 2 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\lovemelodiesnintendo\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\lovemelodiesnintendo\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********

************************************************** **********
8:38:03 p.m.: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

************************************************** **********
8:38:03 p.m.: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

************************************************** **********
8:38:03 p.m.: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************** **********
8:38:03 p.m.: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1032192 bytes
Created: 24/08/2001
Modified: 4/08/2004
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
24576 bytes
Created: 24/08/2001
Modified: 4/08/2004
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
514560 bytes
Created: 24/08/2001
Modified: 4/08/2004
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: JMB36X IDE Setup
Value Data: C:\WINDOWS\JM\JMInsIDE.exe
C:\WINDOWS\JM\JMInsIDE.exe
-R- 36864 bytes
Created: 15/01/2009
Modified: 31/10/2006
Company: [no info]
--------------------
Value Name: 36X Raid Configurer
Value Data: C:\WINDOWS\system32\JMRaidSetup.exe boot
C:\WINDOWS\system32\JMRaidSetup.exe
-R- 1953792 bytes
Created: 15/01/2009
Modified: 16/11/2006
Company: JMicron Technology Corp.
--------------------
Value Name: C-Media Mixer
Value Data: Mixer.exe /startup
C:\WINDOWS\Mixer.exe
-R- 1228800 bytes
Created: 15/01/2009
Modified: 29/01/2002
Company: C-Media Electronic Inc. (www.cmedia.com.tw)
--------------------
Value Name: NvCplDaemon
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
C:\WINDOWS\system32\NvCpl.dll
8523776 bytes
Created: 6/11/2007
Modified: 6/11/2007
Company: NVIDIA Corporation
--------------------
Value Name: nwiz
Value Data: nwiz.exe /install
C:\WINDOWS\system32\nwiz.exe
1626112 bytes
Created: 6/11/2007
Modified: 6/11/2007
Company: NVIDIA Corporation
--------------------
Value Name: NvMediaCenter
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
C:\WINDOWS\system32\NvMcTray.dll
81920 bytes
Created: 6/11/2007
Modified: 6/11/2007
Company: NVIDIA Corporation
--------------------
Value Name:
Value Data:
Blank entry: []
--------------------
Value Name: MS32DLL
Value Data: C:\WINDOWS\MS32DLL.dll.vbs
C:\WINDOWS\MS32DLL.dll.vbs
-RHS- 3754 bytes
Created: 20/01/2009
Modified: 20/01/2009
Company: [no info]
C:\WINDOWS\MS32DLL.dll.vbs appears to contain: WORM.VBS.SLOW
C:\WINDOWS\MS32DLL.dll.vbs - this registry value has been removed
C:\WINDOWS\MS32DLL.dll.vbs - READ-ONLY, HIDDEN and SYSTEM file attributes removed
C:\WINDOWS\MS32DLL.dll.vbs - file ownership assigned to: M3DIC\lovemelodiesnintendo
C:\WINDOWS\MS32DLL.dll.vbs - file backed up to C:\WINDOWS\MS32DLL.dll.vbs.vir
C:\WINDOWS\MS32DLL.dll.vbs - file has been neutralised
C:\WINDOWS\MS32DLL.dll.vbs - file renamed to: C:\WINDOWS\MS32DLL.dll.vbs.vir
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1231752 bytes
Created: 20/01/2009
Modified: 1/01/2009
Company: Simply Super Software
--------------------
Value Name: MSConfig
Value Data: C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
158208 bytes
Created: 15/01/2009
Modified: 4/08/2004
Company: Microsoft Corporation
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Once
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OnceEx
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 24/08/2001
Modified: 4/08/2004
Company: Microsoft Corporation
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once
This Registry Key appears to be empty

************************************************** **********
8:38:10 p.m.: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------

************************************************** **********
8:38:10 p.m.: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************** **********
8:38:10 p.m.: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\System32\logon.scr
C:\WINDOWS\System32\logon.scr
220672 bytes
Created: 24/08/2001
Modified: 4/08/2004
Company: Microsoft Corporation
--------------------

************************************************** **********
8:38:10 p.m.: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

************************************************** **********
8:38:10 p.m.: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
Key: wuauserv
Path: C:\WINDOWS\System32\wuauserv.dll
C:\WINDOWS\System32\wuauserv.dll
6656 bytes
Created: 15/01/2009
Modified: 4/08/2004
Company: Microsoft Corporation
--------------------

************************************************** **********
8:38:10 p.m.: Scanning ----- SERVICES REGISTRY KEYS -----
Key: ADIHdAudAddService
ImagePath: system32\drivers\ADIHdAud.sys
C:\WINDOWS\system32\drivers\ADIHdAud.sys [file not found to scan]
----------
Key: AEAudio
ImagePath: system32\drivers\AEAudio.sys
C:\WINDOWS\system32\drivers\AEAudio.sys [file not found to scan]
----------
Key: Asushwio
ImagePath: \??\C:\WINDOWS\system32\drivers\Asushwio.sys
C:\WINDOWS\system32\drivers\Asushwio.sys
10288 bytes
Created: 15/01/2009
Modified: 11/10/2006
Company: [no info]
----------
Key: Ca533av
ImagePath: System32\Drivers\Ca533av.sys
C:\WINDOWS\System32\Drivers\Ca533av.sys
514929 bytes
Created: 20/01/2009
Modified: 31/07/2002
Company: Digital Camera
----------
Key: cmpci
ImagePath: system32\drivers\cmaudio.sys
C:\WINDOWS\system32\drivers\cmaudio.sys
-R- 370382 bytes
Created: 15/01/2009
Modified: 30/01/2002
Company: C-Media Inc
----------
Key: FLEXnet Licensing Service
ImagePath: "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
654848 bytes
Created: 16/01/2009
Modified: 16/01/2009
Company: Macrovision Europe Ltd.
----------
Key: IDriverT
ImagePath: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
69632 bytes
Created: 4/04/2005
Modified: 4/04/2005
Company: Macrovision Corporation
----------
Key: JGOGO
ImagePath: system32\DRIVERS\JGOGO.sys
C:\WINDOWS\system32\DRIVERS\JGOGO.sys
-R- 6912 bytes
Created: 15/01/2009
Modified: 8/02/2006
Company: JMicron
----------
Key: JRAID
ImagePath: system32\DRIVERS\jraid.sys
C:\WINDOWS\system32\DRIVERS\jraid.sys
-R- 44416 bytes
Created: 15/01/2009
Modified: 7/12/2006
Company: JMicron Technology Corp.
----------
Key: MTsensor
ImagePath: system32\DRIVERS\ASACPI.sys
C:\WINDOWS\system32\DRIVERS\ASACPI.sys
-R- 5810 bytes
Created: 15/01/2009
Modified: 13/08/2004
Company:
----------
Key: nvata
ImagePath: system32\DRIVERS\nvata.sys
C:\WINDOWS\system32\DRIVERS\nvata.sys
-R- 105344 bytes
Created: 15/01/2009
Modified: 21/08/2006
Company: NVIDIA Corporation
----------
Key: NVENETFD
ImagePath: system32\DRIVERS\NVENETFD.sys
C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
-R- 57856 bytes
Created: 15/01/2009
Modified: 12/09/2006
Company: NVIDIA Corporation
----------
Key: nvnetbus
ImagePath: system32\DRIVERS\nvnetbus.sys
C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
-R- 19968 bytes
Created: 15/01/2009
Modified: 12/09/2006
Company: NVIDIA Corporation
----------
Key: Secdrv
ImagePath: System32\DRIVERS\secdrv.sys
C:\WINDOWS\System32\DRIVERS\secdrv.sys
27440 bytes
Created: 24/08/2001
Modified: 24/08/2001
Company: [no info]
----------
Key: SenFiltService
ImagePath: system32\drivers\Senfilt.sys
C:\WINDOWS\system32\drivers\Senfilt.sys [file not found to scan]
----------
Key: sp_rssrv
ImagePath: "C:\Program Files\Spyware Terminator\sp_rsser.exe"
C:\Program Files\Spyware Terminator\sp_rsser.exe
540672 bytes
Created: 20/01/2009
Modified: 20/01/2009
Company: Crawler.com
----------
Key: SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{59DF10AD-1E5C-4A1A-9128-696E55A8DC51}
C:\WINDOWS\System32\dllhost.exe
5120 bytes
Created: 24/08/2001
Modified: 4/08/2004
Company: Microsoft Corporation
----------
Key: USBCamera
ImagePath: System32\Drivers\Bulk533.sys
C:\WINDOWS\System32\Drivers\Bulk533.sys
10986 bytes
Created: 20/01/2009
Modified: 6/11/2002
Company: USB BULK
----------

************************************************** **********
8:38:12 p.m.: Scanning -----VXD ENTRIES-----

************************************************** **********
8:38:12 p.m.: Scanning ----- WINLOGON\NOTIFY DLLS -----

************************************************** **********
8:38:12 p.m.: Scanning ----- CONTEXTMENUHANDLERS -----
Key: 7-Zip
CLSID: {23170F69-40C1-278A-1000-000100020000}
Path: C:\Program Files\7-Zip\7-zip.dll
C:\Program Files\7-Zip\7-zip.dll
70144 bytes
Created: 3/01/2009
Modified: 3/01/2009
Company: Igor Pavlov
----------
Key: Adobe.Acrobat.ContextMenu
CLSID: {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}
Path: C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll
C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll
685696 bytes
Created: 16/01/2009
Modified: 29/03/2007
Company: Adobe Systems Inc.
----------
Key: SPTContMenu
CLSID: {BD88A479-9623-4897-8546-BC62B9628F44}
Path: C:\Program Files\Spyware Terminator\sptcontmenu.dll
C:\Program Files\Spyware Terminator\sptcontmenu.dll
164352 bytes
Created: 20/01/2009
Modified: 20/01/2009
Company: Crawler.com
----------

************************************************** **********
8:38:12 p.m.: Scanning ----- FOLDER\COLUMNHANDLERS -----

************************************************** **********
8:38:12 p.m.: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
62080 bytes
Created: 22/10/2006
Modified: 22/10/2006
Company: Adobe Systems Incorporated
----------
Key: {AE7CD045-E861-484f-8273-0445EE161910}
BHO: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
321120 bytes
Created: 16/01/2009
Modified: 29/03/2007
Company: Adobe Systems Incorporated
----------
Key: {CC59E0F9-7E43-44FA-9FAA-8377850BF205}
BHO: C:\Program Files\Free Download Manager\iefdm2.dll
C:\Program Files\Free Download Manager\iefdm2.dll
98304 bytes
Created: 15/01/2009
Modified: 30/12/2008
Company:
----------

************************************************** **********
8:38:12 p.m.: Scanning ----- SHELLSERVICEOBJECTS -----
Key: WebCheck
CLSID: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Path: %SystemRoot%\System32\webcheck.dll
C:\WINDOWS\System32\webcheck.dll
276480 bytes
Created: 24/08/2001
Modified: 4/08/2004
Company: Microsoft Corporation
----------
Key: IconPackager Repair
CLSID: {1799460C-0BC8-4865-B9DF-4A36CD703FF0}
Path: C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll
C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll
65536 bytes
Created: 16/05/2008
Modified: 16/05/2008
Company: Stardock.net, Inc
----------

************************************************** **********
8:38:12 p.m.: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************** **********
8:38:12 p.m.: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************** **********
8:38:12 p.m.: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist

************************************************** **********
8:38:12 p.m.: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************** **********
8:38:12 p.m.: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
-HS- 84 bytes
Created: 16/01/2009
Modified: 15/01/2009
Company: [no info]
--------------------

************************************************** **********
8:38:12 p.m.: Scanning ------ USER STARTUP GROUPS ------
--------------------
Checking Startup Group for: lovemelodiesnintendo
[C:\Documents and Settings\lovemelodiesnintendo\START MENU\PROGRAMS\STARTUP]
The Startup Group for lovemelodiesnintendo attempts to load the following file(s):
C:\Documents and Settings\lovemelodiesnintendo\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 15/01/2009
Modified: 15/01/2009
Company: [no info]
----------

************************************************** **********
8:38:12 p.m.: Scanning ----- SCHEDULED TASKS -----
No Scheduled Tasks found to scan

************************************************** **********
8:38:12 p.m.: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************** **********
8:38:12 p.m.: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Checking autorun.inf in C:\
C:\autorun.inf
-RHS- 104 bytes
Created: 20/01/2009
Modified: 20/01/2009
Company: [no info]
C:\autorun.inf - READ-ONLY, HIDDEN and SYSTEM file attributes removed
C:\autorun.inf - file renamed to: C:\autorun.inf.vir
----------
Checking autorun.inf in D:\
D:\autorun.inf
-RHS- 104 bytes
Created: 20/01/2009
Modified: 20/01/2009
Company: [no info]
D:\autorun.inf - READ-ONLY, HIDDEN and SYSTEM file attributes removed
D:\autorun.inf - file renamed to: D:\autorun.inf.vir
----------
Checking autorun.inf in E:\
E:\autorun.inf
-RHS- 104 bytes
Created: 20/01/2009
Modified: 20/01/2009
Company: [no info]
E:\autorun.inf - READ-ONLY, HIDDEN and SYSTEM file attributes removed
E:\autorun.inf - file renamed to: E:\autorun.inf.vir
----------
--------------------
Desktop Wallpaper: C:\WINDOWS\web\wallpaper\Bliss.bmp
C:\WINDOWS\web\wallpaper\Bliss.bmp
1440054 bytes
Created: 15/01/2009
Modified: 15/01/2009
Company: [no info]
----------
Web Desktop Wallpaper: %SystemRoot%\web\wallpaper\Bliss.bmp
C:\WINDOWS\web\wallpaper\Bliss.bmp
1440054 bytes
Created: 15/01/2009
Modified: 15/01/2009
Company: [no info]
----------
Checks for rogue DNS NameServers completed
----------
Additional checks completed

************************************************** **********
8:38:19 p.m.: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
[1 loaded module]
--------------------
C:\WINDOWS\system32\csrss.exe
[15 loaded modules in total]
--------------------
C:\WINDOWS\system32\winlogon.exe
[65 loaded modules in total]
--------------------
C:\WINDOWS\system32\services.exe
[42 loaded modules in total]
--------------------
C:\WINDOWS\system32\lsass.exe
[59 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[48 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[39 loaded modules in total]
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
[130 loaded modules in total]
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
[32 loaded modules in total]
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
[46 loaded modules in total]
--------------------
C:\WINDOWS\system32\spoolsv.exe
[55 loaded modules in total]
--------------------
C:\WINDOWS\system32\nvsvc32.exe
[37 loaded modules in total]
--------------------
C:\Program Files\Spyware Terminator\sp_rsser.exe - file already scanned
[23 loaded modules in total]
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
[41 loaded modules in total]
--------------------
C:\WINDOWS\System32\alg.exe
[33 loaded modules in total]
--------------------
C:\WINDOWS\system32\wscntfy.exe
[20 loaded modules in total]
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
[79 loaded modules in total]
--------------------
C:\WINDOWS\Mixer.exe - file already scanned
[37 loaded modules in total]
--------------------
C:\WINDOWS\system32\RUNDLL32.EXE
[23 loaded modules in total]
--------------------
C:\WINDOWS\System32\WScript.exe
[42 loaded modules in total]
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
[26 loaded modules in total]
--------------------
C:\Program Files\MSN Messenger\MsnMsgr.Exe
[134 loaded modules in total]
--------------------
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
[67 loaded modules in total]
--------------------
C:\Documents and Settings\lovemelodiesnintendo\Application Data\Simply Super Software\Trojan Remover\vdq3.exe
FileSize: 2921336
[This is a Trojan Remover component]
[67 loaded modules in total]
--------------------

************************************************** **********
8:38:39 p.m.: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

************************************************** **********
8:38:39 p.m.: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

************************************************** **********
8:38:39 p.m.: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************** **********
8:38:39 p.m.: Scanning ------ %TEMP% DIRECTORY ------
C:\DOCUME~1\LOVEME~1\LOCALS~1\Temp\~DF4903.tmp appears to be in-use/locked
C:\DOCUME~1\LOVEME~1\LOCALS~1\Temp\~DF4910.tmp appears to be in-use/locked
C:\DOCUME~1\LOVEME~1\LOCALS~1\Temp\~DF5119.tmp appears to be in-use/locked
C:\DOCUME~1\LOVEME~1\LOCALS~1\Temp\~DF5126.tmp appears to be in-use/locked
************************************************** **********
8:38:42 p.m.: Scanning ------ C:\WINDOWS\Temp DIRECTORY ------
No files found to scan
************************************************** **********
8:38:42 p.m.: Scanning ------ ROOT DIRECTORY ------

************************************************** **********
8:38:42 p.m.: ------ Scan for other files to remove ------
No malware-related files found to remove

************************************************** **********
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
about:blank
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

************************************************** **********
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
=== ONE OR MORE FILES WERE RENAMED OR REMOVED ===
Scan completed at: 8:38:42 p.m. 20 Jan 2009
Total Scan time: 00:00:38
-------------------------------------------------------------------------
One or more files could not be moved or renamed as requested.
They may be in use by Windows, so Trojan Remover needs
to restart the system in order to deal with these files.
20/01/2009 8:39:12 p.m.: restart commenced
************************************************** **********


***** WINDOWS EXPLORER POLICIES RESET *****
Trojan Remover Ver 6.7.5.2560. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 8:38:00 p.m. 20 Jan 2009
Using Database v7265
Operating System: Windows XP SP2 [Windows XP Professional Service Pack 2 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\lovemelodiesnintendo\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\lovemelodiesnintendo\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
Checking for HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System
- no action required on this key as it does not exist
----------
Checking for HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\NonEnum
- no action required on this key as it does not exist
Checking for HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
- no action required: value either does not exist or is set to False
Checking for HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\NonEnum\{450D8FBA-AD25-11D0-98A8-0800361B1103}
- no action required: value either does not exist or is set to False
----------
Checking for HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\DisallowRun
- no action required on this key as it does not exist
----------
Checking Values in:
HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer
Value: DisallowRun - value does not exist, no action required
Value: NoActiveDesktopChanges - value does not exist, no action required
Value: NoActiveDesktop - not set, no action required
Value: NoFileMenu - value does not exist, no action required
Value: NoClose - value does not exist, no action required
Value: NoDesktop - value does not exist, no action required
Value: NoDrives - value does not exist, no action required
Value: NoFind - value does not exist, no action required
Value: NoFolderOptions - value does not exist, no action required
Value: NoRun - value does not exist, no action required
Value: NoFavoritesMenu - value does not exist, no action required
Value: NoSetFolders - value does not exist, no action required
Value: NoControlPanel - value does not exist, no action required
----------
Checking Values in:
HKCU\Control Panel\Desktop
----------
Checking HKCU ActiveDesktop Policies:
----------
Checking HKCU Add/Remove Programs Policies:
----------
Checking for HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\DisallowRun
- no action required on this key as it does not exist
----------
Checking Values in:
HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer
- no values to check [key does not exist]
----------
Checking HKLM ActiveDesktop Policies:
----------
Checking HKLM Add/Remove Programs Policies:
----------
************************************************** **********


***** LAYERED SERVICE PROVIDER CHECKS *****
Trojan Remover Ver 6.7.5.2560. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 8:37:57 p.m. 20 Jan 2009
Using Database v7265
Operating System: Windows XP SP2 [Windows XP Professional Service Pack 2 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\lovemelodiesnintendo\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\lovemelodiesnintendo\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
No errors were located in the Layered Service Provider Registry entries.
No action was taken.
************************************************** **********


***** WINDOWS UPDATE POLICIES RESET *****
Trojan Remover Ver 6.7.5.2560. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 8:37:54 p.m. 20 Jan 2009
Using Database v7265
Operating System: Windows XP SP2 [Windows XP Professional Service Pack 2 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\lovemelodiesnintendo\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\lovemelodiesnintendo\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Windows Update Policies have been reset:
AUOptions
************************************************** **********


***** WINDOWS HOSTS FILE RESET *****
Trojan Remover Ver 6.7.5.2560. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 8:37:50 p.m. 20 Jan 2009
Using Database v7265
Operating System: Windows XP SP2 [Windows XP Professional Service Pack 2 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\lovemelodiesnintendo\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\lovemelodiesnintendo\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
C:\WINDOWS\system32\DRIVERS\ETC\HOSTS has been copied to C:\WINDOWS\system32\DRIVERS\ETC\HOSTS.TRB
The default HOSTS file was successfully reset.
************************************************** **********


***** INTERNET EXPLORER HOME/START/SEARCH PAGE AND POLICY RESTRICTIONS RESET ****
Trojan Remover Ver 6.7.5.2560. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 8:37:42 p.m. 20 Jan 2009
Using Database v7265
Operating System: Windows XP SP2 [Windows XP Professional Service Pack 2 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\lovemelodiesnintendo\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\lovemelodiesnintendo\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
Existing Home/Start/Search Page settings are as follows:
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
These settings will now be reset to their defaults:
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL" has been reset
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL" has been reset
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page" has been reset
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page" has been reset
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch" has been reset
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"www" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"ftp" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"gopher" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"home" has been reset
HKLM\Software\Microsoft\Windows\CurrentVersion\URL \Prefixes\"mosaic" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\"NoToolbarCustomize" policy reset to default
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\"NoBandCustomize" policy reset to default
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Local Page" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_FullURL" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_ToolBar" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_URLToolBar" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_StatusBar" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Show_URLinStatusBar" has been reset
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Window_Placement" has been reset
--------------------
************************************************** **********

Speedy Gonzales
20-01-2009, 08:49 PM
Thats good it renamed it, now find MS32DLL.dll.vbs.vir and delete it

That would have fixed the main prob, the script that runs the worm

All you have to do now is update HJT and tick the other entries

Can you get into the folders now?

Youre right if a hdd has an autoplay file in it, youre infected with something

m3dic
20-01-2009, 08:53 PM
Thats good it renamed it, now find MS32DLL.dll.vbs.vir and delete it

That would have fixed the main prob, the script that runs the worm

All you have to do now is update HJT and tick the other entries

Can you get into the folders now?

Youre right if a hdd has an autoplay file in it, youre infected with something

Just a small note. Prior to doing that my computer took atleast 2 mins longer than usually to shut down/restart, and lagged big time when you click the shutdown dialog box, but now it seems to have been fixed.

Speedy Gonzales
20-01-2009, 08:55 PM
After this has been fixed, update to SP3 and MAKE SURE its up to date.

Or you may get hit by another nasty - Conficker

And if you have USB flash drives, SCAN them first, BEFORE you use them

This is what it does (http://www.sophos.com/security/analyses/viruses-and-spyware/vbssolowa.html)

Every 200 seconds VBS/Solow-A enumerates available devices in attempt to copy itself with the filename MS32DLL.DLL.VBS and to create the file autorun.inf that contains instructions to autorun the copy of the worm once infected drive is accessed. This file should be deleted.

If you've used USB flash drives in other systems (if they've been used on this computer), scan them as well

Pancake
20-01-2009, 09:14 PM
Ok.Lets get you fixed

Run both these programs.


Please download Malwarebytes' Anti-Malware from one of these places:

http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

http://www.besttechie.net/tools/mbam-setup.exe


Double Click mbam-setup.exe to install the application.
If it will not run rename MBAM.exe to xxx.exe
* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Please Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


================================================== ===================================

================================================== ===================================


Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please download from one of these webpages .

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools.

Double-click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Recovery Console can be installed from your disc if you have Vista if you wish.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


http://i254.photobucket.com/albums/hh103/velta911/RcAuto1.gif


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


http://i254.photobucket.com/albums/hh103/velta911/whatnext.png


Click on Yes to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

m3dic
21-01-2009, 10:21 AM
Malware log:

Malwarebytes' Anti-Malware 1.33
Database version: 1671
Windows 5.1.2600 Service Pack 2

21/01/2009 10:05:49 a.m.
mbam-log-2009-01-21 (10-05-49).txt

Scan type: Full Scan (C:\|)
Objects scanned: 153611
Time elapsed: 1 hour(s), 7 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Spyware log:

Logfile of Spyware Terminator v2.5.1.028 (db:3.001.019.000)
Scan Time: 21/01/2009 8:36:48 a.m. length: 1009 s
Platform: WXP (5.1.0.2600)
User: Admin
Boot Mode: Normal
Scan type: Full_Spyware_Scan
Scanned Objects: 59307 (Critical:2)
Filter: No System items, No Safe items, No Invalid items

Running Processes
nvsvc32.exe [NVIDIA Corporation] : C:\WINDOWS\system32\nvsvc32.exe
Mixer.exe [C-Media Electronic Inc. (www.cmedia.com.tw)] : C:\WINDOWS\Mixer.exe
thunderbird.exe [Mozilla Corporation] : C:\Program Files\Mozilla Thunderbird\thunderbird.exe

Internet Settings
R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R - HKLM\System\CurrentControlSet\Services\Tcpip\Param eters, Domain =
R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Tel ephony, DomainName =

BHO
02 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - : C:\Program Files\Free Download Manager\iefdm2.dll

StartUps
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run , JMB36X IDE Setup : : C:\WINDOWS\JM\JMInsIDE.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run , 36X Raid Configurer : [JMicron Technology Corp.] : C:\WINDOWS\system32\JMRAIDSETUP.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run , C-Media Mixer : [C-Media Electronic Inc. (www.cmedia.com.tw)] : C:\WINDOWS\Mixer.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run , TrojanScanner : [Simply Super Software] : C:\Program Files\TROJAN REMOVER\TRJSCAN.EXE

Shell Extensions
WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} - : C:\Program Files\WinRAR\rarext.dll
Desktop Explorer - {1CDB2949-8F65-4355-8456-263E7C208A5D} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll
- {1E9B04FB-F9E5-4718-997B-B8DA88302A47} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll
nView Desktop Context Menu - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll
AlcoholShellEx - {32020A01-506E-484D-A2A8-BE3CF17601C3} - [Alcohol Soft Development Team] : C:\Program Files\Alcohol Soft\Alcohol 120\AXShlEx.dll
Acrobat Elements Context Menu - {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} - [Adobe Systems Inc.] : C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll
WinZip - {E0D79304-84BE-11CE-9641-444553540000} - [WinZip Computing LP] : C:\Program Files\WinZip\WZSHLSTB.DLL
WinZip - {E0D79305-84BE-11CE-9641-444553540000} - [WinZip Computing LP] : C:\Program Files\WinZip\WZSHLSTB.DLL
WinZip - {E0D79306-84BE-11CE-9641-444553540000} - [WinZip Computing LP] : C:\Program Files\WinZip\WZSHLSTB.DLL
WinZip - {E0D79307-84BE-11CE-9641-444553540000} - [WinZip Computing LP] : C:\Program Files\WinZip\WZSHLSTB.DLL
7-Zip Shell Extension - {23170F69-40C1-278A-1000-000100020000} - [Igor Pavlov] : C:\Program Files\7-Zip\7-zip.dll
Trojan Remover Shell Extension - {52B87208-9CCF-42C9-B88E-069281105805} - [Simply Super Software] : C:\Program Files\Trojan Remover\Trshlex.dll

Shell Service Objects
- {IconPackager Repair} - [Stardock.net, Inc] : C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll

Services
23 - [Advanced Micro Devices] : C:\WINDOWS\system32\DRIVERS\AmdK8.sys
23 - [Digital Camera] : C:\WINDOWS\system32\Drivers\Ca533av.sys
23 - [C-Media Inc] : C:\WINDOWS\system32\drivers\cmaudio.sys
23 - [JMicron] : C:\WINDOWS\system32\DRIVERS\JGOGO.sys
23 - [JMicron Technology Corp.] : C:\WINDOWS\system32\DRIVERS\jraid.sys
23 - : C:\WINDOWS\system32\DRIVERS\ASACPI.sys
23 - [NVIDIA Corporation] : C:\WINDOWS\system32\DRIVERS\nvata.sys
23 - [NVIDIA Corporation] : C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
23 - [NVIDIA Corporation] : C:\WINDOWS\system32\nvsvc32.exe
23 - [USB BULK] : C:\WINDOWS\system32\Drivers\Bulk533.sys

Threat Files
<Trojan.Agent.49152.BE> : e:\Other\Apps\3ds max 2009\vRay\crack\Keymaker.exe
<Trojan.Virtl.7757> : e:\Other\Games\YU GI OH\TRAINERS\kaiba_trn.exe

Advanced Files Report
%SYSDIR%\nvsvc32.exe [NVIDIA Corporation] [NVIDIA Driver Helper Service, Version 169.06] MD5=357CDE6C24EB15888E810C6D2787C238 SIZE=155716
%SYSDIR%\nvapi.dll [NVIDIA Corporation] [NVIDIA Windows drivers] MD5=05CFBD59DFFD6B2F2109A016B7F1ADD2 SIZE=385024
%PROGRAMFILES%\Stardock\Object Desktop\IconPackager\iprepair.dll [Stardock.net, Inc] [IconPackager for ObjectDesktop] MD5=3E9DFC0050BD86A08AAA247FA6BF0799 SIZE=65536
%SYSDIR%\cmnprop.dll [C-Media Corporation] [CMI8738/CMI9738 Audio Device] MD5=6C04E2383A0B245AC42F64CD7F095CD0 SIZE=32768
%PROGRAMFILES%\MSN Messenger\MSIMG32.dll [Patchou] [Messenger Plus! Live] MD5=67DE23C7D320590168DAD1B59CF59F3A SIZE=59728
%PROGRAMFILES%\Messenger Plus! Live\MsgPlusLive.dll [Patchou] [Messenger Plus! Live] MD5=2F90405B21686A8A81B77B2824D95521 SIZE=3379024
%PROGRAMFILES%\Messenger Plus! Live\Detoured.dll MD5=6256684495C499B22DCDBA266E4F2494 SIZE=4096
%PROGRAMFILES%\Messenger Plus! Live\MsgPlusLiveRes.dll [Patchou] [Messenger Plus! Live] MD5=68262E065949567D7B38F4EC757B09E7 SIZE=1831248
%SYSDIR%\Macromed\Flash\FlDbg9c.ocx [Adobe Systems, Inc.] [Shockwave Flash] MD5=14F08AE5D3107E6D9EFB58007D0F7617 SIZE=2611432
%PROGRAMFILES%\Mozilla Thunderbird\thunderbird.exe [Mozilla Corporation] [Thunderbird] MD5=A9D830B99ABEA315C465A440C4AA1B94 SIZE=8504936
%PROGRAMFILES%\Mozilla Thunderbird\js3250.dll [Netscape Communications Corporation] [NETSCAPE] MD5=7C4A1822055BF598F35D72E0EC98F429 SIZE=458848
%PROGRAMFILES%\Mozilla Thunderbird\nspr4.dll [Netscape Communications Corporation] [Netscape Portable Runtime] MD5=312DC77A5D170D38F3D88873181FCC0E SIZE=161384
%PROGRAMFILES%\Mozilla Thunderbird\xpcom_core.dll [Mozilla Foundation] [Thunderbird] MD5=A723CCE7E469839E7728A8EEFA835A17 SIZE=420456
%PROGRAMFILES%\Mozilla Thunderbird\plc4.dll [Netscape Communications Corporation] [Netscape Portable Runtime] MD5=9ED02E151C4F5417C10594A19EEEB034 SIZE=34416
%PROGRAMFILES%\Mozilla Thunderbird\plds4.dll [Netscape Communications Corporation] [Netscape Portable Runtime] MD5=5D35EE582ED616947ADE1002F25682CA SIZE=30312
%PROGRAMFILES%\Mozilla Thunderbird\smime3.dll [Mozilla Foundation] [Network Security Services] MD5=05FF877978A22599F8675344AFF7E9AC SIZE=112224
%PROGRAMFILES%\Mozilla Thunderbird\nss3.dll [Mozilla Foundation] [Network Security Services] MD5=0E845C5A84427B1AF9B577C122BC4E23 SIZE=382560
%PROGRAMFILES%\Mozilla Thunderbird\softokn3.dll [Mozilla Foundation] [Network Security Services] MD5=DA7C7F8681BC177CC5CC1A5564BD6CE5 SIZE=254060
%PROGRAMFILES%\Mozilla Thunderbird\ssl3.dll [Mozilla Foundation] [Network Security Services] MD5=FDF29B3A596524ADCC11C6031E682E16 SIZE=136800
%PROGRAMFILES%\Mozilla Thunderbird\NSLDAP32V50.dll MD5=7081AF61B5B48EE3709FFE2996B3362C SIZE=145032
%PROGRAMFILES%\Mozilla Thunderbird\NSLDAPPR32V50.dll MD5=B8019E6A4DCF1037AB4FB3EA74FFF91D SIZE=30344
%PROGRAMFILES%\Mozilla Thunderbird\xpcom_compat.dll [Mozilla Foundation] [Thunderbird] MD5=E9B352B512E03ED5C35D6350414B68AD SIZE=73840
%PROGRAMFILES%\Mozilla Thunderbird\components\myspell.dll [Mozilla Foundation] [Thunderbird] MD5=C04860FDA00029873C454838978B34BF SIZE=34944
%PROGRAMFILES%\Mozilla Thunderbird\components\jar50.dll [Mozilla Foundation] [Thunderbird] MD5=653729BD50871348C8DE29467159DDFF SIZE=67688
%PROGRAMFILES%\Mozilla Thunderbird\extensions\talkback@mozilla.org\compon ents\qfaservices.dll [Mozilla Foundation] [Thunderbird] MD5=2D4FF109D3FAB7EDA2EFC99D0B1B975A SIZE=14448
%PROGRAMFILES%\Mozilla Thunderbird\extensions\talkback@mozilla.org\compon ents\FULLSOFT.DLL [Full Circle Software, Inc.] [Full Circle Talkback] MD5=F95D9ED1633C7D9C300AA4B7089816D8 SIZE=156536
%PROGRAMFILES%\Mozilla Thunderbird\components\spellchk.dll [Mozilla Foundation] [Thunderbird] MD5=05A4099FFAD8E2D98AC03C5C9C939A91 SIZE=46712
%PROGRAMFILES%\Mozilla Thunderbird\freebl3.dll [Mozilla Foundation] [Network Security Services] MD5=B482CCF4CEFBBFC273734815074E009E SIZE=200829
%PROGRAMFILES%\Mozilla Thunderbird\nssckbi.dll [Mozilla Foundation] [Network Security Services] MD5=149C290A75D21AD2FBDDA93F544E11AF SIZE=276072
deskpan.dll
%PROGRAMFILES%\WinRAR\rarext.dll MD5=3552CBED461D5309E86B640AD40C7F3E SIZE=120832
%SYSDIR%\nvshell.dll [NVIDIA Corporation] [NVIDIA Desktop Explorer, Version 111.29] MD5=5238E5928F3AC2FC0B5E79645C4AB5B5 SIZE=466944
%PROGRAMFILES%\Alcohol Soft\Alcohol 120\AXShlEx.dll [Alcohol Soft Development Team] [Alcohol ShellEx] MD5=0C1D3CA7D2C8A48AB01DFA958E150169 SIZE=387584
%PROGRAMFILES%\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll [Adobe Systems Inc.] [Adobe Acrobat Elements] MD5=8DFADBF07EDEF36EE825EA4B0B8B3029 SIZE=685696
%PROGRAMFILES%\WinZip\WZSHLSTB.DLL [WinZip Computing LP] [WinZip] MD5=C897E5F411D87BF5029F3126058882C4 SIZE=5120
%PROGRAMFILES%\7-Zip\7-zip.dll [Igor Pavlov] [7-Zip] MD5=BF58D2BD6F8F22E2166E1D23AFEC8110 SIZE=70144
%PROGRAMFILES%\Trojan Remover\Trshlex.dll [Simply Super Software] [Trojan Remover] MD5=B76FDC3CDB2580405FE8100D248B4821 SIZE=467552
%SYSDIR%\DRIVERS\AmdK8.sys [Advanced Micro Devices] [AMD Processor Driver] MD5=0A4D13B388C814560BD69C3A496ECFA8 SIZE=36864
%SYSDIR%\svchost.exe -k netsvcs
%SYSDIR%\Drivers\Ca533av.sys [Digital Camera] [Digital Camera Driver] MD5=CB767B4677E95AB30C9634ACC7E8539D SIZE=514929
%SYSDIR%\drivers\cmaudio.sys [C-Media Inc] [C-Media Audio Driver (WDM)] MD5=21D32A883613739D206166EC1AE561F1 SIZE=370382
%SYSDIR%\svchost -k DcomLaunch
%SYSDIR%\svchost.exe -k NetworkService
%SYSDIR%\DRIVERS\JGOGO.sys [JMicron] [SCSI Port upper filter driver] MD5=C995C0E8B4503FAC38793BB0236AD246 SIZE=6912
%SYSDIR%\DRIVERS\jraid.sys [JMicron Technology Corp.] [JMicron JMB36X RAID Driver] MD5=C341318BEAE24FA4042C5F8C64CB38B6 SIZE=44416
%SYSDIR%\svchost.exe -k LocalService
%SYSDIR%\DRIVERS\ASACPI.sys [ATK0110 ACPI Utility] MD5=D48659BB24C48345D926ECB45C1EBDF5 SIZE=5810
%SYSDIR%\DRIVERS\nvata.sys [NVIDIA Corporation] [NVIDIA nForce(TM) IDE Driver] MD5=4D6C6B46B3EDF6F2E219A86B61D104AE SIZE=105344
%SYSDIR%\DRIVERS\nvnetbus.sys [NVIDIA Corporation] [NVNETBUS] MD5=57B669F9234604A350174B86764444B0 SIZE=19968
%SYSDIR%\svchost -k rpcss
%SYSDIR%\svchost.exe -k imgsvc
%SYSDIR%\Drivers\Bulk533.sys [USB BULK] [Platform SDK Sample Code] MD5=0C28DD9EC68CCB6E95D49BFD24FD2C11 SIZE=10986
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\ACE.dll [Adobe Systems Incorporated] [ACE] MD5=CC954BD96AC969F9CDCC34E0349570DE SIZE=845824
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\AGM.dll [Adobe Systems Incorporated] [AGM] MD5=0B6A7C548C07EE28AFE05E6ABB96CD2E SIZE=5345280
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\Adobe DNG Converter.exe [Adobe Systems Incorporated] [Adobe DNG Converter] MD5=740F204E91A64455C60C7866664E742F SIZE=6183088
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\AdobeLM_libFNP.dll [Macrovision Europe Ltd.] [FLEXnet Publisher (32 bit)] MD5=1D6BFFBC5CDDA17E4812288FC5C5CE22 SIZE=2531328
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\AdobeUpdater.dll [Adobe Systems Incorporated] [Adobe Updater Library] MD5=88EAB5C445EB10829513D076B4E3675A SIZE=496128
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\BIB.dll [Adobe Systems Incorporated] [BIB] MD5=AF000DDB9802F88C3E40FA8378B835F7 SIZE=276480
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\FNP_Act_Installer.dll [Macrovision Europe Ltd.] [FLEXnet Publisher (32 bit)] MD5=6F2E09108202E5EB008C69488FAFD27C SIZE=934400
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\MPS.dll [Adobe Systems Incorporated] [MPS] MD5=63FFF89A754FC2B2D9DC37320B04547B SIZE=3798016
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\OperaMgr.dll [Adobe Systems Incorporated] [Adobe Opera Manager] MD5=DE0C3BB21AA525F07786BD748D6BD6DB SIZE=73728
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\Photodownloader.exe [Adobe Systems Incorporated] [Adobe Photo Downloader] MD5=47714AEAFFAB5A29DE9EA08CB4A74C04 SIZE=4937904
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\Plug-Ins\ASEFormat.8bi MD5=B13A5EBEEDF948B99F4817A7E4750579 SIZE=290816
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\Plug-Ins\Cineon.8bi [Adobe Systems, Incorporated] [Adobe Photoshop CS3] MD5=81F9ACB9E9C30B6766CF21B775D51EB2 SIZE=29184
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\Plug-Ins\MMXCore.8BX [Adobe Systems, Incorporated] [Adobe Photoshop CS3] MD5=6E5259852ACB4E964FEBD7FA5B5F9216 SIZE=245760
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\adobe_personalization.dll [Adobe Systems Incorporated] [Adobe EPIC Personalization] MD5=157E5B28440B22797106EC574805E10B SIZE=346624
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\libagli18n28.dll [IBM Corporation and others] [International Components for Unicode] MD5=E110D3350932FD8F193AB3D8A75F51D4 SIZE=671744
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\libagluc28.dll [IBM Corporation and others] [International Components for Unicode] MD5=B9460E79EC16BE1416869EB13CE68D2C SIZE=589824
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\libmmd.dll [Intel Corporation] [Intel(r) C Compiler, Intel(r) C++ Compiler, Intel(r) Fortran Compiler] MD5=A8E9F6ED6912CE1B03A172DB99CC1823 SIZE=2797660
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\libmysqld.dll MD5=6A9DC6FB11A6BF111171AF8FADDC2809 SIZE=2748416
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\ols.dll [Adobe Systems Incorporated] [Adobe Online Services] MD5=EC903FC197E43A61EC1B7B3B3C025584 SIZE=290816
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\pspluginsupport.dll [Adobe Systems Incorporated] [Adobe Photo Downloader 4.0 component] MD5=AC6417E173833D9B0E6738CE1485F783 SIZE=114688
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\zlib.dll [ZLib.DLL] MD5=038F501695724FF0A44A0129DE8279DE SIZE=618496
%PROGRAMFILES%\Adobe\Adobe Device Central CS3\SCL.dll [Adobe Systems Incorporated] [Adobe SCL] MD5=70C98B718A3C72922A212C5762DC9F2A SIZE=1410048
%PROGRAMFILES%\Adobe\Adobe Stock Photos CS3\adobe_caps.dll [Adobe Systems Incorporated] [Adobe CAPS] MD5=C4A9FBE8B7D32E29880AE41738166C4B SIZE=220856
%COMMONFILES%\Adobe\Adobe Asset Services CS3\ARE.dll [Adobe Systems Incorporated] [ARE] MD5=8B507D67731B1C6244BD61E0E92621CD SIZE=319160
%COMMONFILES%\Adobe\Adobe Asset Services CS3\AXE8SharedExpat.dll [Adobe Systems Incorporated] [AXE8SharedExpat] MD5=EF6873EF162288CD053C31EFAAF366AD SIZE=167936
%COMMONFILES%\Adobe\Adobe Asset Services CS3\AdobeXMPFiles.dll [Adobe XMP Files] MD5=456D65C2543902E768CF6105386ABCBE SIZE=339968
%COMMONFILES%\Adobe\Adobe Asset Services CS3\BIB.dll [Adobe Systems Incorporated] [BIB] MD5=A864913759544CB26093B792206C0894 SIZE=282816
%COMMONFILES%\Adobe\Adobe Asset Services CS3\BIBUtils.dll [Adobe Systems Incorporated] [BIBUtils] MD5=2BD9F80EF217317935D9513320CF9CA6 SIZE=249552
%COMMONFILES%\Adobe\Adobe Asset Services CS3\Plug-Ins\Cineon.8bi [Adobe Systems, Incorporated] [Adobe Photoshop CS3] MD5=81F9ACB9E9C30B6766CF21B775D51EB2 SIZE=29184
%COMMONFILES%\Adobe\Adobe Asset Services CS3\Plug-Ins\FastCore.8BX [Adobe Systems, Incorporated] [Adobe Photoshop CS3] MD5=EA820925DED97BF9EDACD6A0FCBFD05C SIZE=32768
%COMMONFILES%\Adobe\Adobe Asset Services CS3\Plug-Ins\PCX.8BI [Adobe Systems, Incorporated] [Adobe Photoshop CS3] MD5=65CFE9BE2452FC842B8EF107107972FC SIZE=22528
%COMMONFILES%\Adobe\Linguistics\Providers\Plugins\ WRLiloPlugin1.0\NFTWin_MacEnc.dll [Winsoft SA - NeuroSoft SA] [NFTWin_MacEnc.dll Dynamic Link Library] MD5=167FC2C88CB8366C2189E82A70281162 SIZE=221184
%COMMONFILES%\Adobe\Updater5\AdobeUpdater.ar_AE [Adobe Systems Incorporated] [Adobe Updater] MD5=37C241539946B96B1C3C83AE06F43079 SIZE=60608
%COMMONFILES%\Adobe\Updater5\AdobeUpdater.bg_BG [Adobe Systems Incorporated] [Adobe Updater] MD5=9E888FA177852B86278AAC34B8D0FDDF SIZE=64704
%COMMONFILES%\Adobe\Updater5\AdobeUpdater.et_EE [Adobe Systems Incorporated] [Adobe Updater] MD5=8973BF847409AE84191BBE8A24A4B167 SIZE=63168
%COMMONFILES%\Adobe\Updater5\AdobeUpdater.lt_LT [Adobe Systems Incorporated] [Adobe Updater] MD5=310EAE4D478D85DD6FBE0F05F42F2B2B SIZE=63168
%COMMONFILES%\Adobe\Updater5\AdobeUpdater.uk_UA [Adobe Systems Incorporated] [Adobe Updater] MD5=7766741BF52B87D901453EC62AE9EFCF SIZE=63680
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9 a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll [Microsoft Corporation] [Microsoft® Visual Studio® 2005] MD5=CB23B162AC655F24C6711A5F5DF348C6 SIZE=61440
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e 18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll [Microsoft Corporation] [Microsoft® Visual Studio® 2005] MD5=1B7524806D0270B81360C63A2FA047CB SIZE=1101824
%SYSDIR%\MFC71DEU.DLL [Microsoft Corporation] [Microsoft® Visual Studio .NET] MD5=C94D9D5B96D385586063093BAAD8F206 SIZE=65536
%SYSDIR%\MFC71JPN.DLL [Microsoft Corporation] [Microsoft® Visual Studio .NET] MD5=C3CA0BF342DD90C9012C77BCFFD9D43D SIZE=49152
%COMMONFILES%\Microsoft Shared\Smart Tag\FPERSON.DLL [Microsoft Corporation] [Microsoft Office 2003] MD5=B88AECBFC7434B37D6921199D9C47947 SIZE=179768
%COMMONFILES%\Microsoft Shared\OFFICE11\1033\MSOINTL.DLL [Microsoft Corporation] [Microsoft Office 2003] MD5=C1AA3D8D5E20D231FDD502889FC20793 SIZE=1748536
%SYSDIR%\drivers\mbamswissarmy.sys [Malwarebytes Corporation] [Malwarebytes' Anti-Malware] MD5=3FADDD373612EEB94C364A257A308978 SIZE=38496

End of Report

Hijack this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21:07 a.m., on 21/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\foobar2000\foobar2000.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 5922 bytes



If no one can report anything new from this I will now install SP3 and try pancake's advice.

m3dic
21-01-2009, 10:22 AM
Malware log:

Malwarebytes' Anti-Malware 1.33
Database version: 1671
Windows 5.1.2600 Service Pack 2

21/01/2009 10:05:49 a.m.
mbam-log-2009-01-21 (10-05-49).txt

Scan type: Full Scan (C:\|)
Objects scanned: 153611
Time elapsed: 1 hour(s), 7 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Spyware log:

Logfile of Spyware Terminator v2.5.1.028 (db:3.001.019.000)
Scan Time: 21/01/2009 8:36:48 a.m. length: 1009 s
Platform: WXP (5.1.0.2600)
User: Admin
Boot Mode: Normal
Scan type: Full_Spyware_Scan
Scanned Objects: 59307 (Critical:2)
Filter: No System items, No Safe items, No Invalid items

Running Processes
nvsvc32.exe [NVIDIA Corporation] : C:\WINDOWS\system32\nvsvc32.exe
Mixer.exe [C-Media Electronic Inc. (www.cmedia.com.tw)] : C:\WINDOWS\Mixer.exe
thunderbird.exe [Mozilla Corporation] : C:\Program Files\Mozilla Thunderbird\thunderbird.exe

Internet Settings
R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R - HKLM\System\CurrentControlSet\Services\Tcpip\Param eters, Domain =
R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Tel ephony, DomainName =

BHO
02 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - : C:\Program Files\Free Download Manager\iefdm2.dll

StartUps
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run , JMB36X IDE Setup : : C:\WINDOWS\JM\JMInsIDE.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run , 36X Raid Configurer : [JMicron Technology Corp.] : C:\WINDOWS\system32\JMRAIDSETUP.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run , C-Media Mixer : [C-Media Electronic Inc. (www.cmedia.com.tw)] : C:\WINDOWS\Mixer.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run , TrojanScanner : [Simply Super Software] : C:\Program Files\TROJAN REMOVER\TRJSCAN.EXE

Shell Extensions
WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} - : C:\Program Files\WinRAR\rarext.dll
Desktop Explorer - {1CDB2949-8F65-4355-8456-263E7C208A5D} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll
- {1E9B04FB-F9E5-4718-997B-B8DA88302A47} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll
nView Desktop Context Menu - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} - [NVIDIA Corporation] : C:\WINDOWS\system32\nvshell.dll
AlcoholShellEx - {32020A01-506E-484D-A2A8-BE3CF17601C3} - [Alcohol Soft Development Team] : C:\Program Files\Alcohol Soft\Alcohol 120\AXShlEx.dll
Acrobat Elements Context Menu - {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} - [Adobe Systems Inc.] : C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll
WinZip - {E0D79304-84BE-11CE-9641-444553540000} - [WinZip Computing LP] : C:\Program Files\WinZip\WZSHLSTB.DLL
WinZip - {E0D79305-84BE-11CE-9641-444553540000} - [WinZip Computing LP] : C:\Program Files\WinZip\WZSHLSTB.DLL
WinZip - {E0D79306-84BE-11CE-9641-444553540000} - [WinZip Computing LP] : C:\Program Files\WinZip\WZSHLSTB.DLL
WinZip - {E0D79307-84BE-11CE-9641-444553540000} - [WinZip Computing LP] : C:\Program Files\WinZip\WZSHLSTB.DLL
7-Zip Shell Extension - {23170F69-40C1-278A-1000-000100020000} - [Igor Pavlov] : C:\Program Files\7-Zip\7-zip.dll
Trojan Remover Shell Extension - {52B87208-9CCF-42C9-B88E-069281105805} - [Simply Super Software] : C:\Program Files\Trojan Remover\Trshlex.dll

Shell Service Objects
- {IconPackager Repair} - [Stardock.net, Inc] : C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll

Services
23 - [Advanced Micro Devices] : C:\WINDOWS\system32\DRIVERS\AmdK8.sys
23 - [Digital Camera] : C:\WINDOWS\system32\Drivers\Ca533av.sys
23 - [C-Media Inc] : C:\WINDOWS\system32\drivers\cmaudio.sys
23 - [JMicron] : C:\WINDOWS\system32\DRIVERS\JGOGO.sys
23 - [JMicron Technology Corp.] : C:\WINDOWS\system32\DRIVERS\jraid.sys
23 - : C:\WINDOWS\system32\DRIVERS\ASACPI.sys
23 - [NVIDIA Corporation] : C:\WINDOWS\system32\DRIVERS\nvata.sys
23 - [NVIDIA Corporation] : C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
23 - [NVIDIA Corporation] : C:\WINDOWS\system32\nvsvc32.exe
23 - [USB BULK] : C:\WINDOWS\system32\Drivers\Bulk533.sys

Threat Files
<Trojan.Agent.49152.BE> : e:\Other\Apps\3ds max 2009\vRay\crack\Keymaker.exe
<Trojan.Virtl.7757> : e:\Other\Games\YU GI OH\TRAINERS\kaiba_trn.exe

Advanced Files Report
%SYSDIR%\nvsvc32.exe [NVIDIA Corporation] [NVIDIA Driver Helper Service, Version 169.06] MD5=357CDE6C24EB15888E810C6D2787C238 SIZE=155716
%SYSDIR%\nvapi.dll [NVIDIA Corporation] [NVIDIA Windows drivers] MD5=05CFBD59DFFD6B2F2109A016B7F1ADD2 SIZE=385024
%PROGRAMFILES%\Stardock\Object Desktop\IconPackager\iprepair.dll [Stardock.net, Inc] [IconPackager for ObjectDesktop] MD5=3E9DFC0050BD86A08AAA247FA6BF0799 SIZE=65536
%SYSDIR%\cmnprop.dll [C-Media Corporation] [CMI8738/CMI9738 Audio Device] MD5=6C04E2383A0B245AC42F64CD7F095CD0 SIZE=32768
%PROGRAMFILES%\MSN Messenger\MSIMG32.dll [Patchou] [Messenger Plus! Live] MD5=67DE23C7D320590168DAD1B59CF59F3A SIZE=59728
%PROGRAMFILES%\Messenger Plus! Live\MsgPlusLive.dll [Patchou] [Messenger Plus! Live] MD5=2F90405B21686A8A81B77B2824D95521 SIZE=3379024
%PROGRAMFILES%\Messenger Plus! Live\Detoured.dll MD5=6256684495C499B22DCDBA266E4F2494 SIZE=4096
%PROGRAMFILES%\Messenger Plus! Live\MsgPlusLiveRes.dll [Patchou] [Messenger Plus! Live] MD5=68262E065949567D7B38F4EC757B09E7 SIZE=1831248
%SYSDIR%\Macromed\Flash\FlDbg9c.ocx [Adobe Systems, Inc.] [Shockwave Flash] MD5=14F08AE5D3107E6D9EFB58007D0F7617 SIZE=2611432
%PROGRAMFILES%\Mozilla Thunderbird\thunderbird.exe [Mozilla Corporation] [Thunderbird] MD5=A9D830B99ABEA315C465A440C4AA1B94 SIZE=8504936
%PROGRAMFILES%\Mozilla Thunderbird\js3250.dll [Netscape Communications Corporation] [NETSCAPE] MD5=7C4A1822055BF598F35D72E0EC98F429 SIZE=458848
%PROGRAMFILES%\Mozilla Thunderbird\nspr4.dll [Netscape Communications Corporation] [Netscape Portable Runtime] MD5=312DC77A5D170D38F3D88873181FCC0E SIZE=161384
%PROGRAMFILES%\Mozilla Thunderbird\xpcom_core.dll [Mozilla Foundation] [Thunderbird] MD5=A723CCE7E469839E7728A8EEFA835A17 SIZE=420456
%PROGRAMFILES%\Mozilla Thunderbird\plc4.dll [Netscape Communications Corporation] [Netscape Portable Runtime] MD5=9ED02E151C4F5417C10594A19EEEB034 SIZE=34416
%PROGRAMFILES%\Mozilla Thunderbird\plds4.dll [Netscape Communications Corporation] [Netscape Portable Runtime] MD5=5D35EE582ED616947ADE1002F25682CA SIZE=30312
%PROGRAMFILES%\Mozilla Thunderbird\smime3.dll [Mozilla Foundation] [Network Security Services] MD5=05FF877978A22599F8675344AFF7E9AC SIZE=112224
%PROGRAMFILES%\Mozilla Thunderbird\nss3.dll [Mozilla Foundation] [Network Security Services] MD5=0E845C5A84427B1AF9B577C122BC4E23 SIZE=382560
%PROGRAMFILES%\Mozilla Thunderbird\softokn3.dll [Mozilla Foundation] [Network Security Services] MD5=DA7C7F8681BC177CC5CC1A5564BD6CE5 SIZE=254060
%PROGRAMFILES%\Mozilla Thunderbird\ssl3.dll [Mozilla Foundation] [Network Security Services] MD5=FDF29B3A596524ADCC11C6031E682E16 SIZE=136800
%PROGRAMFILES%\Mozilla Thunderbird\NSLDAP32V50.dll MD5=7081AF61B5B48EE3709FFE2996B3362C SIZE=145032
%PROGRAMFILES%\Mozilla Thunderbird\NSLDAPPR32V50.dll MD5=B8019E6A4DCF1037AB4FB3EA74FFF91D SIZE=30344
%PROGRAMFILES%\Mozilla Thunderbird\xpcom_compat.dll [Mozilla Foundation] [Thunderbird] MD5=E9B352B512E03ED5C35D6350414B68AD SIZE=73840
%PROGRAMFILES%\Mozilla Thunderbird\components\myspell.dll [Mozilla Foundation] [Thunderbird] MD5=C04860FDA00029873C454838978B34BF SIZE=34944
%PROGRAMFILES%\Mozilla Thunderbird\components\jar50.dll [Mozilla Foundation] [Thunderbird] MD5=653729BD50871348C8DE29467159DDFF SIZE=67688
%PROGRAMFILES%\Mozilla Thunderbird\extensions\talkback@mozilla.org\compon ents\qfaservices.dll [Mozilla Foundation] [Thunderbird] MD5=2D4FF109D3FAB7EDA2EFC99D0B1B975A SIZE=14448
%PROGRAMFILES%\Mozilla Thunderbird\extensions\talkback@mozilla.org\compon ents\FULLSOFT.DLL [Full Circle Software, Inc.] [Full Circle Talkback] MD5=F95D9ED1633C7D9C300AA4B7089816D8 SIZE=156536
%PROGRAMFILES%\Mozilla Thunderbird\components\spellchk.dll [Mozilla Foundation] [Thunderbird] MD5=05A4099FFAD8E2D98AC03C5C9C939A91 SIZE=46712
%PROGRAMFILES%\Mozilla Thunderbird\freebl3.dll [Mozilla Foundation] [Network Security Services] MD5=B482CCF4CEFBBFC273734815074E009E SIZE=200829
%PROGRAMFILES%\Mozilla Thunderbird\nssckbi.dll [Mozilla Foundation] [Network Security Services] MD5=149C290A75D21AD2FBDDA93F544E11AF SIZE=276072
deskpan.dll
%PROGRAMFILES%\WinRAR\rarext.dll MD5=3552CBED461D5309E86B640AD40C7F3E SIZE=120832
%SYSDIR%\nvshell.dll [NVIDIA Corporation] [NVIDIA Desktop Explorer, Version 111.29] MD5=5238E5928F3AC2FC0B5E79645C4AB5B5 SIZE=466944
%PROGRAMFILES%\Alcohol Soft\Alcohol 120\AXShlEx.dll [Alcohol Soft Development Team] [Alcohol ShellEx] MD5=0C1D3CA7D2C8A48AB01DFA958E150169 SIZE=387584
%PROGRAMFILES%\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll [Adobe Systems Inc.] [Adobe Acrobat Elements] MD5=8DFADBF07EDEF36EE825EA4B0B8B3029 SIZE=685696
%PROGRAMFILES%\WinZip\WZSHLSTB.DLL [WinZip Computing LP] [WinZip] MD5=C897E5F411D87BF5029F3126058882C4 SIZE=5120
%PROGRAMFILES%\7-Zip\7-zip.dll [Igor Pavlov] [7-Zip] MD5=BF58D2BD6F8F22E2166E1D23AFEC8110 SIZE=70144
%PROGRAMFILES%\Trojan Remover\Trshlex.dll [Simply Super Software] [Trojan Remover] MD5=B76FDC3CDB2580405FE8100D248B4821 SIZE=467552
%SYSDIR%\DRIVERS\AmdK8.sys [Advanced Micro Devices] [AMD Processor Driver] MD5=0A4D13B388C814560BD69C3A496ECFA8 SIZE=36864
%SYSDIR%\svchost.exe -k netsvcs
%SYSDIR%\Drivers\Ca533av.sys [Digital Camera] [Digital Camera Driver] MD5=CB767B4677E95AB30C9634ACC7E8539D SIZE=514929
%SYSDIR%\drivers\cmaudio.sys [C-Media Inc] [C-Media Audio Driver (WDM)] MD5=21D32A883613739D206166EC1AE561F1 SIZE=370382
%SYSDIR%\svchost -k DcomLaunch
%SYSDIR%\svchost.exe -k NetworkService
%SYSDIR%\DRIVERS\JGOGO.sys [JMicron] [SCSI Port upper filter driver] MD5=C995C0E8B4503FAC38793BB0236AD246 SIZE=6912
%SYSDIR%\DRIVERS\jraid.sys [JMicron Technology Corp.] [JMicron JMB36X RAID Driver] MD5=C341318BEAE24FA4042C5F8C64CB38B6 SIZE=44416
%SYSDIR%\svchost.exe -k LocalService
%SYSDIR%\DRIVERS\ASACPI.sys [ATK0110 ACPI Utility] MD5=D48659BB24C48345D926ECB45C1EBDF5 SIZE=5810
%SYSDIR%\DRIVERS\nvata.sys [NVIDIA Corporation] [NVIDIA nForce(TM) IDE Driver] MD5=4D6C6B46B3EDF6F2E219A86B61D104AE SIZE=105344
%SYSDIR%\DRIVERS\nvnetbus.sys [NVIDIA Corporation] [NVNETBUS] MD5=57B669F9234604A350174B86764444B0 SIZE=19968
%SYSDIR%\svchost -k rpcss
%SYSDIR%\svchost.exe -k imgsvc
%SYSDIR%\Drivers\Bulk533.sys [USB BULK] [Platform SDK Sample Code] MD5=0C28DD9EC68CCB6E95D49BFD24FD2C11 SIZE=10986
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\ACE.dll [Adobe Systems Incorporated] [ACE] MD5=CC954BD96AC969F9CDCC34E0349570DE SIZE=845824
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\AGM.dll [Adobe Systems Incorporated] [AGM] MD5=0B6A7C548C07EE28AFE05E6ABB96CD2E SIZE=5345280
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\Adobe DNG Converter.exe [Adobe Systems Incorporated] [Adobe DNG Converter] MD5=740F204E91A64455C60C7866664E742F SIZE=6183088
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\AdobeLM_libFNP.dll [Macrovision Europe Ltd.] [FLEXnet Publisher (32 bit)] MD5=1D6BFFBC5CDDA17E4812288FC5C5CE22 SIZE=2531328
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\AdobeUpdater.dll [Adobe Systems Incorporated] [Adobe Updater Library] MD5=88EAB5C445EB10829513D076B4E3675A SIZE=496128
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\BIB.dll [Adobe Systems Incorporated] [BIB] MD5=AF000DDB9802F88C3E40FA8378B835F7 SIZE=276480
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\FNP_Act_Installer.dll [Macrovision Europe Ltd.] [FLEXnet Publisher (32 bit)] MD5=6F2E09108202E5EB008C69488FAFD27C SIZE=934400
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\MPS.dll [Adobe Systems Incorporated] [MPS] MD5=63FFF89A754FC2B2D9DC37320B04547B SIZE=3798016
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\OperaMgr.dll [Adobe Systems Incorporated] [Adobe Opera Manager] MD5=DE0C3BB21AA525F07786BD748D6BD6DB SIZE=73728
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\Photodownloader.exe [Adobe Systems Incorporated] [Adobe Photo Downloader] MD5=47714AEAFFAB5A29DE9EA08CB4A74C04 SIZE=4937904
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\Plug-Ins\ASEFormat.8bi MD5=B13A5EBEEDF948B99F4817A7E4750579 SIZE=290816
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\Plug-Ins\Cineon.8bi [Adobe Systems, Incorporated] [Adobe Photoshop CS3] MD5=81F9ACB9E9C30B6766CF21B775D51EB2 SIZE=29184
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\Plug-Ins\MMXCore.8BX [Adobe Systems, Incorporated] [Adobe Photoshop CS3] MD5=6E5259852ACB4E964FEBD7FA5B5F9216 SIZE=245760
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\adobe_personalization.dll [Adobe Systems Incorporated] [Adobe EPIC Personalization] MD5=157E5B28440B22797106EC574805E10B SIZE=346624
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\libagli18n28.dll [IBM Corporation and others] [International Components for Unicode] MD5=E110D3350932FD8F193AB3D8A75F51D4 SIZE=671744
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\libagluc28.dll [IBM Corporation and others] [International Components for Unicode] MD5=B9460E79EC16BE1416869EB13CE68D2C SIZE=589824
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\libmmd.dll [Intel Corporation] [Intel(r) C Compiler, Intel(r) C++ Compiler, Intel(r) Fortran Compiler] MD5=A8E9F6ED6912CE1B03A172DB99CC1823 SIZE=2797660
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\libmysqld.dll MD5=6A9DC6FB11A6BF111171AF8FADDC2809 SIZE=2748416
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\ols.dll [Adobe Systems Incorporated] [Adobe Online Services] MD5=EC903FC197E43A61EC1B7B3B3C025584 SIZE=290816
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\pspluginsupport.dll [Adobe Systems Incorporated] [Adobe Photo Downloader 4.0 component] MD5=AC6417E173833D9B0E6738CE1485F783 SIZE=114688
%PROGRAMFILES%\Adobe\Adobe Bridge CS3\zlib.dll [ZLib.DLL] MD5=038F501695724FF0A44A0129DE8279DE SIZE=618496
%PROGRAMFILES%\Adobe\Adobe Device Central CS3\SCL.dll [Adobe Systems Incorporated] [Adobe SCL] MD5=70C98B718A3C72922A212C5762DC9F2A SIZE=1410048
%PROGRAMFILES%\Adobe\Adobe Stock Photos CS3\adobe_caps.dll [Adobe Systems Incorporated] [Adobe CAPS] MD5=C4A9FBE8B7D32E29880AE41738166C4B SIZE=220856
%COMMONFILES%\Adobe\Adobe Asset Services CS3\ARE.dll [Adobe Systems Incorporated] [ARE] MD5=8B507D67731B1C6244BD61E0E92621CD SIZE=319160
%COMMONFILES%\Adobe\Adobe Asset Services CS3\AXE8SharedExpat.dll [Adobe Systems Incorporated] [AXE8SharedExpat] MD5=EF6873EF162288CD053C31EFAAF366AD SIZE=167936
%COMMONFILES%\Adobe\Adobe Asset Services CS3\AdobeXMPFiles.dll [Adobe XMP Files] MD5=456D65C2543902E768CF6105386ABCBE SIZE=339968
%COMMONFILES%\Adobe\Adobe Asset Services CS3\BIB.dll [Adobe Systems Incorporated] [BIB] MD5=A864913759544CB26093B792206C0894 SIZE=282816
%COMMONFILES%\Adobe\Adobe Asset Services CS3\BIBUtils.dll [Adobe Systems Incorporated] [BIBUtils] MD5=2BD9F80EF217317935D9513320CF9CA6 SIZE=249552
%COMMONFILES%\Adobe\Adobe Asset Services CS3\Plug-Ins\Cineon.8bi [Adobe Systems, Incorporated] [Adobe Photoshop CS3] MD5=81F9ACB9E9C30B6766CF21B775D51EB2 SIZE=29184
%COMMONFILES%\Adobe\Adobe Asset Services CS3\Plug-Ins\FastCore.8BX [Adobe Systems, Incorporated] [Adobe Photoshop CS3] MD5=EA820925DED97BF9EDACD6A0FCBFD05C SIZE=32768
%COMMONFILES%\Adobe\Adobe Asset Services CS3\Plug-Ins\PCX.8BI [Adobe Systems, Incorporated] [Adobe Photoshop CS3] MD5=65CFE9BE2452FC842B8EF107107972FC SIZE=22528
%COMMONFILES%\Adobe\Linguistics\Providers\Plugins\ WRLiloPlugin1.0\NFTWin_MacEnc.dll [Winsoft SA - NeuroSoft SA] [NFTWin_MacEnc.dll Dynamic Link Library] MD5=167FC2C88CB8366C2189E82A70281162 SIZE=221184
%COMMONFILES%\Adobe\Updater5\AdobeUpdater.ar_AE [Adobe Systems Incorporated] [Adobe Updater] MD5=37C241539946B96B1C3C83AE06F43079 SIZE=60608
%COMMONFILES%\Adobe\Updater5\AdobeUpdater.bg_BG [Adobe Systems Incorporated] [Adobe Updater] MD5=9E888FA177852B86278AAC34B8D0FDDF SIZE=64704
%COMMONFILES%\Adobe\Updater5\AdobeUpdater.et_EE [Adobe Systems Incorporated] [Adobe Updater] MD5=8973BF847409AE84191BBE8A24A4B167 SIZE=63168
%COMMONFILES%\Adobe\Updater5\AdobeUpdater.lt_LT [Adobe Systems Incorporated] [Adobe Updater] MD5=310EAE4D478D85DD6FBE0F05F42F2B2B SIZE=63168
%COMMONFILES%\Adobe\Updater5\AdobeUpdater.uk_UA [Adobe Systems Incorporated] [Adobe Updater] MD5=7766741BF52B87D901453EC62AE9EFCF SIZE=63680
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9 a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll [Microsoft Corporation] [Microsoft® Visual Studio® 2005] MD5=CB23B162AC655F24C6711A5F5DF348C6 SIZE=61440
%WINDIR%\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e 18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll [Microsoft Corporation] [Microsoft® Visual Studio® 2005] MD5=1B7524806D0270B81360C63A2FA047CB SIZE=1101824
%SYSDIR%\MFC71DEU.DLL [Microsoft Corporation] [Microsoft® Visual Studio .NET] MD5=C94D9D5B96D385586063093BAAD8F206 SIZE=65536
%SYSDIR%\MFC71JPN.DLL [Microsoft Corporation] [Microsoft® Visual Studio .NET] MD5=C3CA0BF342DD90C9012C77BCFFD9D43D SIZE=49152
%COMMONFILES%\Microsoft Shared\Smart Tag\FPERSON.DLL [Microsoft Corporation] [Microsoft Office 2003] MD5=B88AECBFC7434B37D6921199D9C47947 SIZE=179768
%COMMONFILES%\Microsoft Shared\OFFICE11\1033\MSOINTL.DLL [Microsoft Corporation] [Microsoft Office 2003] MD5=C1AA3D8D5E20D231FDD502889FC20793 SIZE=1748536
%SYSDIR%\drivers\mbamswissarmy.sys [Malwarebytes Corporation] [Malwarebytes' Anti-Malware] MD5=3FADDD373612EEB94C364A257A308978 SIZE=38496

End of Report

Hijack this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21:07 a.m., on 21/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\foobar2000\foobar2000.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 5922 bytes



If no one can report anything new from this I will now install SP3 and try pancake's advice.

Speedy Gonzales
21-01-2009, 10:37 AM
Tick this entry then tick fix checked

Close browsers

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla

Pancake
21-01-2009, 11:01 AM
Track these down and remove them:

<Trojan.Agent.49152.BE> : e:\Other\Apps\3ds max 2009\vRay\crack\Keymaker.exe
<Trojan.Virtl.7757> : e:\Other\Games\YU GI OH\TRAINERS\kaiba_trn.exe