My log

[4uvak]

Deckard's System Scanner v20071014.68
Run by Dimon on 2007-12-23 23:10:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2007-12-24 04:10:35 UTC - RP3 - Deckard's System Scanner Restore Point
2: 2007-12-23 22:49:09 UTC - RP2 - ComboFix created restore point
1: 2007-12-23 19:47:59 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Dimon.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:33 PM, on 12/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Documents and Settings\Dimon\Desktop\dss.exe
C:\Hijack\Dimon.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = Dell Start Page
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162769752718
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 5793 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 prohlp02 (StarForce Protection Helper Driver v2) - c:\windows\system32\drivers\prohlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 prosync1 (StarForce Protection Synchronization Driver v1) - c:\windows\system32\drivers\prosync1.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp01 (StarForce Protection Helper Driver) - c:\windows\system32\drivers\sfhlp01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R1 prodrv06 (StarForce Protection Environment Driver v6) - c:\windows\system32\drivers\prodrv06.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 UBHelper - c:\windows\system32\drivers\ubhelper.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.5.3.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.5.3.0>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >

S3 catchme - c:\docume~1\dimon\locals~1\temp\catchme.sys (file missing)
S3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 NICCONFIGSVC - c:\program files\dell\quickset\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>
R2 WLANKEEPER (Intel(R) PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel(R) Corporation; SSO Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\30E6B141424FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\30E6B141424FC000
Service: NIC1394


-- Scheduled Tasks -------------------------------------------------------------

2007-12-21 17:15:00 390 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
2007-09-21 18:34:26 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-11-23 and 2007-12-23 -----------------------------

2007-12-23 21:53:37 0 d-------- C:\Hijack
2007-12-23 20:07:16 0 d-------- C:\MGtools
2007-12-23 17:46:01 1214661 --a------ C:\MGtools.exe
2007-12-23 17:43:02 0 dr-h----- C:\Documents and Settings\Dimon\Recent
2007-12-23 13:00:19 0 d-------- C:\backups
2007-12-23 11:53:52 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-23 11:53:52 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2007-12-23 11:53:52 81920 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2007-12-23 11:53:51 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-12-23 11:53:51 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-12-23 11:53:51 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-22 22:57:34 0 d-------- C:\VundoFix Backups
2007-12-22 22:55:10 906 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-22 22:47:43 0 d-------- C:\Program Files\MSConfig CleanUp
2007-12-22 22:45:45 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-22 22:41:36 0 d-------- C:\Documents and Settings\Dimon\Application Data\Grisoft
2007-12-22 22:40:33 162304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2007-12-22 22:40:33 77312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2007-12-22 22:40:33 69632 --a------ C:\WINDOWS\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2007-12-22 22:40:33 153088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-12-22 22:40:33 75264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-12-22 22:40:32 0 d-------- C:\Program Files\Trojan Remover
2007-12-22 22:40:32 0 d-------- C:\Documents and Settings\Dimon\Application Data\Simply Super Software
2007-12-22 22:40:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2007-12-22 22:39:57 0 d-------- C:\Program Files\InControl
2007-12-22 22:38:26 0 d-------- C:\Program Files\Yahoo!
2007-12-22 22:38:20 0 d-------- C:\Program Files\CCleaner
2007-12-19 18:46:53 0 dr-h----- C:\Documents and Settings\Dimon\Application Data\SecuROM
2007-12-19 18:33:23 0 d-------- C:\Program Files\EA Sports
2007-12-19 12:17:19 0 d-------- C:\Program Files\uTorrent
2007-12-19 12:17:16 0 d-------- C:\Documents and Settings\Dimon\Application Data\uTorrent
2007-12-03 20:01:05 0 d-------- C:\Documents and Settings\Dimon\Application Data\DivX


-- Find3M Report ---------------------------------------------------------------

2007-12-21 02:06:55 0 d-------- C:\Documents and Settings\Dimon\Application Data\AVG7
2007-12-20 23:22:32 0 d-------- C:\Program Files\SSH Communications Security
2007-12-20 23:22:32 0 d-------- C:\Documents and Settings\Dimon\Application Data\SSH
2007-12-20 23:22:09 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-14 11:36:46 0 d-------- C:\Program Files\Microsoft Works
2007-11-14 11:36:21 0 d-------- C:\Program Files\Common Files
2007-11-14 11:35:48 0 d-------- C:\Program Files\Microsoft.NET
2007-11-05 17:12:25 0 d-------- C:\Documents and Settings\Dimon\Application Data\Move Networks
2007-10-29 16:26:25 0 d-------- C:\Program Files\Modem Helper
2007-10-29 16:26:25 0 d-------- C:\Program Files\Messenger
2007-10-29 16:26:25 0 d-------- C:\Program Files\DivX
2007-10-29 16:22:01 0 d-------- C:\Documents and Settings\Dimon\Application Data\Apple Computer
2007-10-29 13:56:29 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-10-29 13:56:27 0 d-------- C:\Program Files\Brighter Minds Media


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [12/21/2007 10:47 AM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [06/21/2007 08:54 PM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [07/02/2006 08:50 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d9b229a-6d2f-11db-9824-0015c5210aef}]
AutoRun\command- E:\Autorun.exe




-- End of Deckard's System Scanner: finished at 2007-12-23 23:12:54 ------------

 

[Osiris]

Ok, I just installed, ran it and is said I was infected with thousands of spyware, to remove you had to buy. So I closed it from the taskbar, go the error when trying to uninstall it via add/remove, deleted the programs file folder, deleted the entry in MSCONFIG>Startup via MSconfig Cleanup, Delete the entry from the start menu, deleted icon from desktop, ran cleanup! and ccleaner. Just rebooted and I didn't get that dialog box. Also, I'm not infected anymore. So something else is going on somewhere.


So In msconfig>startup, did you delete all those entries or are they just unchecked? If they are just unchecked, can you post a screenshot of all the entries?

 

[4uvak]

not sure what you ment in the first part

 

[4uvak]

Oo yea that thing actually didnt start right away I noticed it today.

 

[Osiris]

open msconfig, click on boot.ini tab, click on check all boot paths, does it say "It appears that all boot.ini lines for Microsoft operating systems are ok"? or does it something else?

 

[4uvak]

Says everything is ok

 

[Osiris]

can you right click anywhere in that box to give you the properties of it by chance?

 

[4uvak]

It only has the option to close and move

 

[4uvak]

So none of this programs didnt give and clue?

 

[Osiris]

I have looked and looked and looked, nothing comes up. Scanned thru as many google images as I could, tried to replicate the issue, nothing is coming up.