automatic update problem

Troncoso

Troncoso

VIP Member
me and my uncle were looking through my computer and found that automatic updates were turned off and we cant turn them back on. well, my computer has been having trouble with viruses lately, and when we tried going to the update website to get them manually we were redirected to another site. so we figure a trojan or something is trying to stop us from getting updates. does this make sense? if so, anything we can do?
 
We need more info!! What OS? To find out if you have a virus follow the following steps. Download trend micro hijackthis from the link below and install. Then run the program and click "Do a system scan only". When its done press "Save log" and save it to desktop. Then open it and copy ALL of the text inside of it and paste onto a new post on here. We will then diagnose it and tell you if your infected.

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
 
...i'm using XP. you guys seriously can only tell by looking at those logs? well, are the latest ones i have:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:57:08 PM, on 5/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe
C:\Program Files\FarStone\RestoreIT!\RestoreIT!_XP\VBPTASK.EXE
C:\Program Files\Common Files\AOL\1104650641\ee\AOLSoftware.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
c:\program files\common files\aol\1104650641\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1104650641\ee\aolsoftware.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [FastTVSync] "C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe"
O4 - HKLM\..\Run: [SonicFocus] "C:\Program Files\Sonic Focus\SFIGUI\SFIGUI.EXE" BOOT
O4 - HKLM\..\Run: [farstone] NULL
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\FarStone\RestoreIT!\RestoreIT!_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1104650641\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MaxBlastMonitor.exe] C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BMb3ebe41f] Rundll32.exe "C:\WINDOWS\system32\ieegodhu.dll",s
O4 - HKLM\..\Run: [b0d8d783] rundll32.exe "C:\WINDOWS\system32\athhjdes.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: InterVideo Scheduler server.lnk = C:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153096552906
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12383 bytes
 
err....i have games installed that can play online. though, i haven't run them in a while. well, i downloaded call of duty 4 at the same time these viruses started coming around, though i haven't even played it yet since my video card isn't good enough...
 
To turn automatic updates back on go to control panel and double click "system" then click the "automatic updates" tab and put a tick next to "Automatic (recommended)". You can change the date and time that it searches for updates too. I think microsoft stopped doing updates now for XP anyway so automatic updates is not necessary anyways but, it will still download older updates that didnt get installed before.
 
i said we cant turn them back on. when we go into windows security center, it says they are turned off and when we click "turn them on", it says that it cant and that we have to go under control panel, auto updates and all that like you said. so we did. but, the security center is still saying that they are turned off.
 
Oh but there are quite a few infections here!
Please follow these instructions to remove Viewpoint.

After that's done do the following:

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
 
Hey Gamemaster!! Are these two confirmed trojans or is that not confirmed yet?

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
 
GameMaster said:
Those are not Trojans. It's some beta testing process: http://www.evenbalance.com/index.php?page=pbsvcfaq.php
It can be removed, but I won't bother with it except if the OP complains on in-game problems.
Click to expand...

Ok I did some research a while back and people were saying it had its issues but I guess those are all worked out now. I dont play any of my games online so I got rid of those processes as soon as I saw them in task manager.
 
here is the combo fix log:

ComboFix 08-05-19.4 - Troncoso 2008-05-19 20:45:47.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.266 [GMT -4:00]
Running from: C:\Documents and Settings\Troncoso\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Dude\Application Data\ShoppingReport
C:\Documents and Settings\Dude\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Dude\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Dude\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Dude\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Dude\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Dude\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Dude\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Documents and Settings\Giggles\Application Data\ShoppingReport
C:\Documents and Settings\Giggles\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Giggles\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Giggles\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Giggles\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Giggles\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Giggles\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Giggles\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Program Files\MyWay
C:\Program Files\ShoppingReport
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\AaJmnnpo.ini
C:\WINDOWS\system32\AaJmnnpo.ini2
C:\WINDOWS\system32\aobhurir.ini
C:\WINDOWS\system32\bLoprqru.ini
C:\WINDOWS\system32\bLoprqru.ini2
C:\WINDOWS\system32\bxpoqqwi.ini
C:\WINDOWS\system32\cyntrnkl.ini
C:\WINDOWS\system32\hfroecwd.ini
C:\WINDOWS\system32\iguahtsl.ini
C:\WINDOWS\system32\iQtAbcdd.ini
C:\WINDOWS\system32\iQtAbcdd.ini2
C:\WINDOWS\system32\jhumupkc.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\ocpxwwhu.ini
C:\WINDOWS\system32\sedjhhta.ini
C:\WINDOWS\system32\ueibwals.ini
C:\WINDOWS\system32\wfvnmxnv.ini
C:\WINDOWS\system32\xmsnoggd.ini
C:\WINDOWS\system32\yauxxhsj.ini
C:\WINDOWS\system32\yfypasfn.ini

.
((((((((((((((((((((((((( Files Created from 2008-04-20 to 2008-05-20 )))))))))))))))))))))))))))))))
.

2008-05-19 21:00 . 2008-05-19 21:00 124,928 --a------ C:\WINDOWS\system32\yuhktmnk.dll
2008-05-19 20:58 . 2008-05-19 21:01 1,001,864 --ahs---- C:\WINDOWS\system32\AaJmnnpo.ini2
2008-05-19 20:58 . 2008-05-19 21:04 0 --ahs---- C:\WINDOWS\system32\AaJmnnpo.ini
2008-05-19 10:38 . 2008-05-19 10:38 114,688 --a------ C:\WINDOWS\system32\athhjdes.dll
2008-05-19 10:32 . 2008-05-19 10:32 132,608 --a------ C:\WINDOWS\system32\oitkvaao.dll
2008-05-19 10:30 . 2008-05-19 10:30 124,928 --a------ C:\WINDOWS\system32\ieegodhu.dll
2008-05-19 10:29 . 2008-05-19 10:29 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-19 10:29 . 2008-05-19 10:29 371,712 --a------ C:\WINDOWS\system32\opnnmJaA.dll
2008-05-18 23:42 . 2008-05-18 23:42 133,120 --a------ C:\WINDOWS\system32\ycvojdjq.dll
2008-05-18 23:39 . 2008-05-18 23:39 117,248 --a------ C:\WINDOWS\system32\uhwwxpco.dll
2008-05-18 23:37 . 2008-05-18 23:37 124,928 --a------ C:\WINDOWS\system32\tyfxeirr.dll
2008-05-17 23:53 . 2008-05-18 23:33 211 --a------ C:\WINDOWS\wininit.ini
2008-05-17 22:24 . 2008-05-19 17:20 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-17 22:24 . 2008-05-19 17:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-17 20:27 . 2008-05-17 20:27 134,144 --a------ C:\WINDOWS\system32\yugsbfxd.dll
2008-05-17 20:25 . 2008-05-17 20:25 125,952 --a------ C:\WINDOWS\system32\luqrursy.dll
2008-05-17 20:13 . 2008-05-17 20:13 134,144 --a------ C:\WINDOWS\system32\ehrduihp.dll
2008-05-17 20:02 . 2008-05-17 20:02 125,952 --a------ C:\WINDOWS\system32\aewwtfih.dll
2008-05-17 00:47 . 2008-05-17 00:47 135,680 --a------ C:\WINDOWS\system32\mslqidlt.dll
2008-05-17 00:41 . 2008-05-17 00:41 125,952 --a------ C:\WINDOWS\system32\igcwjxex.dll
2008-05-16 18:37 . 2005-01-05 23:22 39,794 --a------ C:\WINDOWS\_detmp.1
2008-05-16 00:46 . 2008-05-16 00:46 133,120 --a------ C:\WINDOWS\system32\odydjqia.dll
2008-05-16 00:41 . 2008-05-16 00:41 125,952 --a------ C:\WINDOWS\system32\gcudnsql.dll
2008-05-15 02:38 . 2008-05-15 02:38 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-05-15 02:38 . 2008-05-15 02:38 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-15 02:38 . 2008-05-15 02:38 22,328 --a------ C:\Documents and Settings\Troncoso\Application Data\PnkBstrK.sys
2008-05-15 02:37 . 2008-05-15 02:37 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-05-15 02:37 . 2008-05-15 02:37 319 --a------ C:\WINDOWS\game.ini
2008-05-15 02:04 . 2008-05-15 02:04 <DIR> d-------- C:\Program Files\Activision
2008-05-15 00:03 . 2008-05-15 00:03 133,120 --a------ C:\WINDOWS\system32\svvvfnxa.dll
2008-05-15 00:02 . 2008-05-16 13:57 <DIR> d-------- C:\Program Files\CA Yahoo! Anti-Spy
2008-05-14 23:56 . 2008-05-14 23:56 126,464 --a------ C:\WINDOWS\system32\gxcypxsu.dll
2008-05-14 00:23 . 2008-05-14 00:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-14 00:22 . 2008-05-14 00:22 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-13 23:49 . 2008-05-16 01:43 0 --a------ C:\WINDOWS\system32\pelhljaq.exe
2008-05-13 23:46 . 2008-05-13 23:46 133,632 --a------ C:\WINDOWS\system32\ajaadwvb.dll
2008-05-13 23:40 . 2008-05-13 23:40 123,392 --a------ C:\WINDOWS\system32\lltbupmn.dll
2008-05-13 00:04 . 2008-05-13 00:04 <DIR> d-------- C:\Documents and Settings\Troncoso\Application Data\Lavasoft
2008-05-12 23:38 . 2008-05-16 01:43 0 --a------ C:\WINDOWS\system32\ssobyovw.dll
2008-05-12 02:25 . 2008-05-12 02:25 57,344 --a------ C:\WINDOWS\system32\mlJAsTjj.dll
2008-05-11 20:17 . 2008-05-11 20:17 133,120 --a------ C:\WINDOWS\system32\vmwlhrun.dll
2008-05-11 20:14 . 2008-05-11 20:14 126,976 --a------ C:\WINDOWS\system32\rrbiaqgj.dll
2008-05-11 19:59 . 2008-05-16 01:44 0 --a------ C:\WINDOWS\system32\unrxxueh.exe
2008-05-11 19:57 . 2008-05-11 19:57 133,120 --a------ C:\WINDOWS\system32\jmmoeojn.dll
2008-05-11 19:57 . 2008-05-11 19:57 126,976 --a------ C:\WINDOWS\system32\oupqjkpm.dll
2008-05-11 19:53 . 2008-05-11 19:53 126,976 --a------ C:\WINDOWS\system32\tsoxjtas.dll
2008-05-11 11:47 . 2008-05-11 11:47 <DIR> d-------- C:\Documents and Settings\Dude\Application Data\Lavasoft
2008-05-11 11:25 . 2008-05-16 01:43 0 --a------ C:\WINDOWS\system32\sdfujewh.exe
2008-05-11 11:22 . 2008-05-11 11:22 133,120 --a------ C:\WINDOWS\system32\irwdyypt.dll
2008-05-11 11:20 . 2008-05-11 11:20 126,976 --a------ C:\WINDOWS\system32\ylohqjoy.dll
2008-05-10 13:35 . 2008-05-19 21:00 109,803 --a------ C:\WINDOWS\BMb3ebe41f.xml
2008-05-10 13:34 . 2008-05-10 13:34 125,440 --a------ C:\WINDOWS\system32\unqgxycu.dll
2008-05-10 01:28 . 2008-05-10 01:28 57,856 --a------ C:\WINDOWS\system32\mlJBSkLe.dll
2008-05-10 01:27 . 2008-05-10 01:27 57,856 --a------ C:\WINDOWS\system32\hgGawWQj.dll
2008-05-10 01:25 . 2008-05-10 01:25 57,856 --a------ C:\WINDOWS\system32\opnmkkig.dll
2008-05-10 01:24 . 2008-05-10 01:24 57,856 --a------ C:\WINDOWS\system32\jkkHARkI.dll
2008-05-10 01:23 . 2008-05-10 01:23 57,856 --a------ C:\WINDOWS\system32\ddcBTMcc.dll
2008-04-30 00:22 . 2008-04-30 00:22 <DIR> d-------- C:\Documents and Settings\Troncoso\Application Data\dBpoweramp
2008-04-24 00:07 . 2008-04-28 06:03 <DIR> d-------- C:\Program Files\Warcraft III
2008-04-23 12:35 . 2008-05-04 12:40 23,542 --a------ C:\VETlog.dmp
2008-04-20 22:32 . 2008-04-20 22:32 <DIR> d-------- C:\Program Files\Illustrate
2008-04-20 22:32 . 2008-04-20 22:32 <DIR> d-------- C:\Documents and Settings\Troncoso\Application Data\AccurateRip
2008-04-20 22:32 . 2008-04-20 22:32 4,230,520 --a------ C:\WINDOWS\system32\SpoonUninstall.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-20 00:54 --------- d-----w C:\Documents and Settings\Troncoso\Application Data\DNA
2008-05-20 00:39 --------- d-----w C:\Program Files\Viewpoint
2008-05-20 00:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-18 00:25 --------- d-----w C:\Program Files\World of Warcraft
2008-05-16 22:38 --------- d-----w C:\Program Files\Volo View Express
2008-05-16 20:33 --------- d-----w C:\Program Files\Pivot Stickfigure Animator
2008-05-16 20:30 --------- d-----w C:\Program Files\PHP
2008-05-16 20:28 --------- d-----w C:\Program Files\Game Cam v1.4
2008-05-16 02:17 --------- d-----w C:\Program Files\Common Files\Scanner
2008-05-15 06:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-14 04:24 --------- d-----w C:\Program Files\Lavasoft
2008-05-14 04:24 --------- d-----w C:\Documents and Settings\1\Application Data\Lavasoft
2008-05-13 03:41 --------- d-----w C:\Documents and Settings\Troncoso\Application Data\BitTorrent
2008-05-11 05:05 --------- d-----w C:\Documents and Settings\Troncoso\Application Data\dvdcss
2008-05-11 02:14 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-10 05:28 --------- d-----w C:\Program Files\BitTorrent
2008-04-20 05:44 --------- d-----w C:\Documents and Settings\Troncoso\Application Data\Skype
2008-04-20 05:39 --------- d-----w C:\Documents and Settings\Troncoso\Application Data\skypePM
2008-04-17 02:06 --------- d-----w C:\Documents and Settings\Troncoso\Application Data\Any Video Converter
2008-04-08 02:25 --------- d-----w C:\Program Files\InterActual
2008-04-07 14:20 --------- d-----w C:\Documents and Settings\Giggles\Application Data\Skype
2008-04-02 01:26 --------- d-----w C:\Program Files\Any Video Converter
2008-04-02 01:16 --------- d-----w C:\Program Files\eRightSoft
2008-04-02 01:16 --------- d-----w C:\Program Files\AviSynth 2.5
2008-03-31 01:28 --------- d-----w C:\Program Files\Audio Converter
2008-03-30 02:19 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-30 02:05 --------- d-----w C:\Program Files\Midi Maker
2008-03-30 01:38 --------- d-----w C:\Documents and Settings\Troncoso\Application Data\Apple Computer
2008-03-30 01:27 --------- d-----w C:\Program Files\DNA
2008-03-29 01:07 --------- d-----w C:\Program Files\Shockwave.com
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 02:22 --------- d-----w C:\Documents and Settings\Troncoso\Application Data\Ahead
2008-03-25 01:06 --------- d-----w C:\Documents and Settings\Troncoso\Application Data\MSN6
2008-03-25 01:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2008-03-25 00:46 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-03-23 15:25 --------- d-----w C:\Program Files\Common Files\xing shared
2008-03-23 15:25 --------- d-----w C:\Program Files\Common Files\Real
2008-03-23 15:24 --------- d-----w C:\Program Files\Real
2008-03-22 23:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2005-04-01 06:17 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11CFC3A7-B6B2-4BB1-AC0D-22F8C37D41F9}]
2008-05-19 10:29 371712 --a------ C:\WINDOWS\system32\opnnmJaA.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51239dbd-b31f-4bc3-9df6-f0c83e205e02}]
2008-05-19 10:32 132608 --a------ C:\WINDOWS\system32\oitkvaao.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7872A60F-9E46-454F-93DF-80DCE341A045}]
C:\WINDOWS\system32\urqrpoLb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E243A8E7-6244-49E0-A361-22DBF30FD46C}]
2008-05-10 01:23 57856 --a------ C:\WINDOWS\system32\ddcBTMcc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E4C6FEFD-DA3D-421B-9087-17DB2A3CA2D4}]
C:\WINDOWS\system32\ddcbAtQi.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-12-17 21:13 3810544]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-28 15:39 68856]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 18:36 455968]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-07 18:53 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 20:28 790528]
"IMONTRAY"="C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe" [2003-11-03 20:44 32768]
"FastTVSync"="C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe" [2003-06-04 21:58 241664]
"SonicFocus"="C:\Program Files\Sonic Focus\SFIGUI\SFIGUI.exe" [2003-04-17 01:16 1220608]
"farstone"="NULL" []
"RestoreIT!"="C:\Program Files\FarStone\RestoreIT!\RestoreIT!_XP\VBPTASK.exe" [2003-01-10 21:46 122880]
"HostManager"="C:\Program Files\Common Files\AOL\1104650641\ee\AOLSoftware.exe" [2006-09-25 20:52 50736]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 08:50 71216]
"vptray"="C:\Program Files\NavNT\vptray.exe" [2001-09-24 10:59 73728]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 17:33 99480]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 22:20 866584]
"MaxBlastMonitor.exe"="C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe" [2007-04-20 11:59 1169720]
"AcronisTimounterMonitor"="C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe" [2007-04-20 12:09 1945712]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2007-04-20 12:03 149024]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-23 11:24 185896]
"b0d8d783"="C:\WINDOWS\system32\athhjdes.dll" [2008-05-19 10:38 114688]
"BMb3ebe41f"="C:\WINDOWS\system32\yuhktmnk.dll" [2008-05-19 21:00 124928]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 23:29 39264]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
InterVideo Scheduler server.lnk - C:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe [2004-12-30 00:35:05 135168]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2004-12-30 00:35:12 122880]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2005-11-03 01:35:18 573440]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{E243A8E7-6244-49E0-A361-22DBF30FD46C}"= C:\WINDOWS\system32\ddcBTMcc.dll [2008-05-10 01:23 57856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcBTMcc]
ddcBTMcc.dll 2008-05-10 01:23 57856 C:\WINDOWS\system32\ddcBTMcc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-21 03:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap C:\WINDOWS\system32\opnnmJaA

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1104650641\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.3.0-enUS-downloader.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Common Files\\AOL\\1104650641\\EE\\aolsoftware.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\Win32\\RpcDataSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\RpcSandraSrv.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 VVBackd5;VVBackd5;C:\WINDOWS\system32\drivers\VVBackd5.sys [2003-01-20 06:21]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
S3 ATICXCAP;ATI TV Wonder Pro A/V Capture;C:\WINDOWS\system32\drivers\aticxcap.sys [2005-03-30 15:22]
S3 ATICXTUN;ATI TV Wonder Pro Tuner (Philips 1236 MK3);C:\WINDOWS\system32\drivers\aticxtun.sys [2005-03-30 15:22]
S3 ATICXXBR;ATI TV Wonder Pro A/V Crossbar;C:\WINDOWS\system32\drivers\aticxxbr.sys [2005-03-30 15:22]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{269dedf4-cf74-11dc-b6ea-00038a000015}]
\Shell\AutoRun\command - K:\Autorun.exe /run
\Shell\Shell00\Command - K:\Autorun.exe /run
\Shell\Shell01\Command - K:\Autorun.exe /action
\Shell\Shell02\Command - K:\Autorun.exe /uninstall


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-05-12 01:00:22 C:\WINDOWS\Tasks\DeFrag.job"
- C:\Documents and Settings\All Users\Start Menu\Programs\Diskeeper Lite.lnk
"2008-05-20 01:00:49 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-01-16 17:00:00 C:\WINDOWS\Tasks\rpc.job"
- C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-19 21:01:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\TEMP\TMP00000045682C0731B8461486 524288 bytes executable
C:\WINDOWS\system32\kkwhtouu.exe

scan completed successfully
hidden files: 2

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\ddcBTMcc.dll
-> C:\WINDOWS\system32\NavLogon.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\opnnmJaA.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\athhjdes.dll
-> C:\WINDOWS\system32\yuhktmnk.dll
-> C:\Program Files\Logitech\SetPoint\lgscroll.dll
-> C:\WINDOWS\system32\opnnmJaA.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonNT.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\MSGSYS.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\AOL\1104650641\EE\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1104650641\EE\anotify.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2008-05-19 21:08:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-20 01:08:21

Pre-Run: 39,885,021,184 bytes free
Post-Run: 40,257,662,976 bytes free

336 --- E O F --- 2008-05-16 08:26:16
 
what do you mean? the only thing you've said to do was remove viewpoint(which i couldnt do completely). anyway, new hjk log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:18:28 AM, on 5/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe
C:\Program Files\FarStone\RestoreIT!\RestoreIT!_XP\VBPTASK.EXE
C:\Program Files\Common Files\AOL\1104650641\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
c:\program files\common files\aol\1104650641\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1104650641\ee\aolsoftware.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [FastTVSync] "C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe"
O4 - HKLM\..\Run: [SonicFocus] "C:\Program Files\Sonic Focus\SFIGUI\SFIGUI.EXE" BOOT
O4 - HKLM\..\Run: [farstone] NULL
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\FarStone\RestoreIT!\RestoreIT!_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1104650641\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MaxBlastMonitor.exe] C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [b0d8d783] rundll32.exe "C:\WINDOWS\system32\dqmauxko.dll",b
O4 - HKLM\..\Run: [BMb3ebe41f] Rundll32.exe "C:\WINDOWS\system32\yuhktmnk.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: InterVideo Scheduler server.lnk = C:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153096552906
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11355 bytes
 
You did not remove Viewpoint at all. Please, what part do you find too hard to do?

  • Click Start>Control Panel>Add/Remove Programs
  • Find and Remove any Viewpoint component you find, i.e.: Viewpoint Manager...
  • After you have remved all of the components,exit the control panel and restart your computer.
  • It's as easy as that!

It is important to remove Viewpoint, all experts agree that it's a foistware and brings only problems.After that, let's try something about the updates.

Download Dial-a-Fix and extract it. Follow the prompts and when the program is installed, run it.
You will find an entry: Fix Windows Update
Check that box and you will see the 3 boxes under it also get checked.
When you checked the boxes, Click Go.

Is your pc now ok?
 
no, i did that to try and get rid of it. but there is still a file in program files :ViewpointService

its not in add/remove programs and i can't delete it. it says access denied.
 
haha, thanks i forgot to do that. though that dial-a-fix didnt do anything. i still cant turn automatic updates on and i still cant access most sites on the internet.
 
You must log in or register to reply here.
Back
Top