mmaatttt

Members
  • Content Count

    26
  • Joined

  • Last visited

Community Reputation

0 Neutral

About mmaatttt

  • Rank
    Member
  1. Thanx HJThis!!! Seems to be working fine now, although the startup seems a bit slower than before and I'm still trying to find some windows items for my startmenu (good old google is helping me with that ). Also to anyone interested, I highly recommend the free AVG Antivirus software, it dosen't hog up resources and it is pretty powerful! mmaatttt
  2. I don't know if this helps but here is a list of items that AVG removed/spotted from my system: "General properties","" "Report name","Complete Test" "Start time","29/11/2007 19:16:12" "End time","29/11/2007 20:26:52 (total: 1:10:39.10 hrs)" "Launch method","Scanning launched manually" "Scanning result","Threats found" "Report status","Scanning completed successfully" " ","" "Object summary","" "Scanned","117065" "Threats Found","19" "Cleaned","0" "Moved to vault","1" "Deleted","13" "Errors","0" "D:\Documents and Settings\user\Desktop\Unused Desktop Shortcuts\imtoo_dvd_to_ipod_converter.exe:\keygen.exe","Trojan horse Proxy.VPK","Infected, Embedded object, Deleted" "D:\Documents and Settings\user\Desktop\Unused Desktop Shortcuts\imtoo_dvd_to_ipod_converter.exe:\crack.exe","Trojan horse Downloader.Generic6.UQU","Infected, Embedded object, Deleted" "D:\Documents and Settings\user\Desktop\Unused Desktop Shortcuts\imtoo_dvd_to_ipod_converter.exe:\serial.exe","Trojan horse Dialer.PYH","Infected, Embedded object, Deleted" "D:\Documents and Settings\user\Desktop\Unused Desktop Shortcuts\imtoo_dvd_to_ipod_converter.exe:\install.exe","Virus found Win32/Virut","Infected, Embedded object, Deleted" "D:\Documents and Settings\user\My Documents\F Drive\My Documents\Codecs\RealPlayer10-5GOLD with activatiopn patch.rar:\RealPlayer10-5GOLD with activatiopn patch\activator4.1.exe","Trojan horse Downloader.Generic6.IA","Infected, Embedded object" "D:\Documents and Settings\user\My Documents\F Drive\My Documents\Codecs\RealPlayer10-5GOLD with activatiopn patch.rar","Trojan horse Downloader.Generic6.IA","Infected, Archive" "K:\F. Documents and Settings\Matthew\My Documents\Codecs\RealPlayer10-5GOLD with activatiopn patch.rar:\RealPlayer10-5GOLD with activatiopn patch\activator4.1.exe","Trojan horse Downloader.Generic6.IA","Infected, Embedded object" "K:\F. Documents and Settings\Matthew\My Documents\Codecs\RealPlayer10-5GOLD with activatiopn patch.rar","Trojan horse Downloader.Generic6.IA","Infected, Archive" "C:\Program Files\Gfkgzmsb\nwejgwdm.dll","","Deleted" "C:\Program Files\ngbmpgnc\peduncjw.dll","","Deleted" "C:\qoobox\Quarantine\C\Program Files\SecCenter\scprot4.exe.vir","","Deleted" "C:\WINDOWS\system32\drvtug.dll","","Deleted" "C:\WINDOWS\system32\unpr.sys","","Deleted" "C:\WINDOWS\system32\winbug32.dll_tobedeleted_old","","Deleted" "D:\Deckard\System Scanner\backup\DOCUME~1\user\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\QY7AP01G\css4[1]","","Deleted" "D:\Deckard\System Scanner\backup\DOCUME~1\user\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\QY7AP01G\css4[2]","","Deleted" "D:\Deckard\System Scanner\backup\WINDOWS\temp\VRT11F.tmp","","Deleted" "D:\Deckard\System Scanner\backup\WINDOWS\temp\VRT145.tmp","","Deleted" "D:\Deckard\System Scanner\backup\WINDOWS\temp\VRTBA.tmp","","Deleted" "D:\Documents and Settings\All Users\Application Data\jibupqne.dll","","Deleted" "D:\Documents and Settings\user\Desktop\Unused Desktop Shortcuts\imtoo_dvd_to_ipod_converter.exe","","Moved to Vault, Archive" "K:\F. Documents and Settings\Matthew\Local Settings\Temp\Temporary Internet Files\Content.IE5\58CRPUDF\popup[1].php","","Deleted"
  3. Hhhmmm! I did alter a few things whilst I was gone. I've uninstalled Norton and added AVG Anti Virus instead, which I did a virus check with and it picked out a couple of things (since deleted!). Also Super Anti Spyware was already disabled. None the less, here are my logs: ComboFix 07-11-19.4 - user 2007-11-29 23:08:05.5 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.360 [GMT 0:00] Running from: D:\Documents and Settings\user\Desktop\ComboFix.exe Command switches used :: D:\Documents and Settings\user\Desktop\CFScript.txt * Created a new restore point FILE C:\WINDOWS\system32\drvtug.dll C:\WINDOWS\system32\llkkj.ini2 C:\WINDOWS\system32\pstwa.ini C:\WINDOWS\system32\pstwa.ini2 C:\WINDOWS\system32\rtstv.ini C:\WINDOWS\system32\rtstv.ini2 C:\WINDOWS\system32\winbug32.dll_tobedeleted_old D:\Documents and Settings\All Users\Application Data\jibupqne.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Gfkgzmsb C:\Program Files\ngbmpgnc C:\WINDOWS\system32\llkkj.ini2 C:\WINDOWS\system32\pstwa.ini C:\WINDOWS\system32\pstwa.ini2 C:\WINDOWS\system32\rtstv.ini C:\WINDOWS\system32\rtstv.ini2 C:\WINDOWS\system32\vgfddwtv C:\WINDOWS\system32\vgfddwtv\bg1.gif C:\WINDOWS\system32\vgfddwtv\bgtop.gif C:\WINDOWS\system32\vgfddwtv\bottom1.gif C:\WINDOWS\system32\vgfddwtv\essentials.gif C:\WINDOWS\system32\vgfddwtv\icon1.ico C:\WINDOWS\system32\vgfddwtv\install1.gif C:\WINDOWS\system32\vgfddwtv\left1.gif C:\WINDOWS\system32\vgfddwtv\li.gif C:\WINDOWS\system32\vgfddwtv\logo.gif C:\WINDOWS\system32\vgfddwtv\main.htm C:\WINDOWS\system32\vgfddwtv\mainframe.htm C:\WINDOWS\system32\vgfddwtv\reinstall1.gif C:\WINDOWS\system32\vgfddwtv\right1.gif C:\WINDOWS\system32\vgfddwtv\s1.htm C:\WINDOWS\system32\vgfddwtv\s2.htm C:\WINDOWS\system32\vgfddwtv\s3.htm C:\WINDOWS\system32\vgfddwtv\SMTop1.gif C:\WINDOWS\system32\vgfddwtv\SMTop2.gif C:\WINDOWS\system32\vgfddwtv\SMTop3.gif C:\WINDOWS\system32\vgfddwtv\SMTop4.gif C:\WINDOWS\system32\vgfddwtv\soft1_off.gif C:\WINDOWS\system32\vgfddwtv\soft1_off_ext.gif C:\WINDOWS\system32\vgfddwtv\soft1_on.gif C:\WINDOWS\system32\vgfddwtv\soft1_on_ext.gif C:\WINDOWS\system32\vgfddwtv\soft2_off.gif C:\WINDOWS\system32\vgfddwtv\soft2_off_ext.gif C:\WINDOWS\system32\vgfddwtv\soft2_on.gif C:\WINDOWS\system32\vgfddwtv\soft2_on_ext.gif C:\WINDOWS\system32\vgfddwtv\soft3_off.gif C:\WINDOWS\system32\vgfddwtv\soft3_off_ext.gif C:\WINDOWS\system32\vgfddwtv\soft3_on.gif C:\WINDOWS\system32\vgfddwtv\soft3_on_ext.gif C:\WINDOWS\system32\vgfddwtv\softbottom_off.gif C:\WINDOWS\system32\vgfddwtv\softbottom_on.gif C:\WINDOWS\system32\vgfddwtv\softleft_off.gif C:\WINDOWS\system32\vgfddwtv\softleft_on.gif C:\WINDOWS\system32\vgfddwtv\top1.gif C:\WINDOWS\system32\vgfddwtv\top2.gif C:\WINDOWS\system32\vgfddwtv\turnoff1.gif C:\WINDOWS\system32\vgfddwtv\turnon1.gif . ((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-29 ))))))))))))))))))))))))))))))) . 2007-11-29 19:05 <DIR> d-------- D:\Documents and Settings\user\Application Data\AVG7 2007-11-29 19:05 <DIR> d-------- D:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\AVG7 2007-11-29 19:04 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Grisoft 2007-11-29 19:04 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\avg7 2007-11-28 14:04 <DIR> d--hs---- D:\Documents and Settings\user\UserData 2007-11-28 12:40 <DIR> d-------- D:\Documents and Settings\user\Application Data\Talkback 2007-11-27 18:32 <DIR> d-------- D:\Documents and Settings\user\Shared 2007-11-27 02:05 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-11-27 02:05 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-11-27 02:05 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-11-27 01:43 1,582 --a------ D:\Documents and Settings\user\clean.reg 2007-11-27 01:36 <DIR> d-------- C:\WINDOWS\ERUNT 2007-11-27 00:26 33,280 --a------ C:\WINDOWS\system32\rundll32.exe 2007-11-27 00:26 33,280 --a------ C:\WINDOWS\system32\dllcache\rundll32.exe 2007-11-25 12:28 <DIR> d-------- D:\Documents and Settings\user\Application Data\Apple Computer 2007-11-25 11:59 <DIR> d-------- C:\VundoFix Backups 2007-11-25 00:26 <DIR> d-------- C:\Program Files\Trend Micro 2007-11-24 23:04 <DIR> d-------- D:\Documents and Settings\user\Application Data\Lavasoft 2007-11-24 22:46 <DIR> d-------- D:\Documents and Settings\user\Application Data\AdobeUM 2007-11-24 22:31 <DIR> d-------- D:\Documents and Settings\user\Application Data\vlc 2007-11-24 22:30 <DIR> d-------- D:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com 2007-11-23 23:52 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS 2007-11-20 14:02 <DIR> d-------- C:\Program Files\MSBuild 2007-11-20 13:57 <DIR> d-------- C:\WINDOWS\system32\XPSViewer 2007-11-20 13:56 <DIR> d-------- C:\Program Files\Reference Assemblies 2007-11-20 13:55 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2007-11-20 13:25 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll 2007-11-20 13:25 116,736 --------- C:\WINDOWS\system32\aaclient.dll 2007-11-14 17:47 <DIR> d-------- D:\Documents and Settings\user\Application Data\MSNInstaller 2007-11-08 20:25 <DIR> d-------- D:\Documents and Settings\user\Application Data\BitSpirit 2007-11-08 19:25 <DIR> d-------- C:\Program Files\PCPitstop 2007-11-03 00:14 <DIR> d-------- C:\Program Files\HTTP-Tunnel . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-29 18:44 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-11-27 17:46 --------- d-----w C:\Program Files\DivX 2007-11-27 17:21 --------- d-----w C:\Program Files\Java 2007-11-27 17:20 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-27 17:13 --------- d-----w C:\Program Files\ffdshow 2007-11-27 17:05 --------- d-----w C:\Program Files\Artlantis Studio 2007-11-27 03:37 --------- d-----w D:\Documents and Settings\All Users\Application Data\SecTaskMan 2007-11-27 02:01 8,704 ----a-w C:\WINDOWS\system32\wdfmgr.exe 2007-11-25 12:10 28,672 ------w C:\WINDOWS\system32\verclsid.exe 2007-11-25 02:25 --------- d-----w C:\Program Files\SUPERAntiSpyware 2007-11-23 23:53 --------- d-----w D:\Documents and Settings\user\Application Data\dvdcss 2007-11-23 23:52 --------- d-----w C:\Program Files\ImTOO 2007-11-23 21:08 --------- d-----w D:\Documents and Settings\user\Application Data\Azureus 2007-11-15 12:39 --------- d-----w D:\Documents and Settings\user\Application Data\OpenOffice.org2 2007-11-11 12:06 --------- d-----w C:\Program Files\Activision 2007-11-10 11:56 --------- d-----w D:\Documents and Settings\user\Application Data\LimeWire 2007-11-08 20:34 --------- d-----w D:\Documents and Settings\user\Application Data\uTorrent 2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-24 18:31 --------- d-----w D:\Documents and Settings\user\Application Data\Graphisoft 2007-10-24 18:27 --------- d-----w C:\Program Files\SSH Tunnel 2007-10-24 13:40 --------- d-----w C:\Program Files\LimeWire 2007-10-24 07:11 --------- d-----w C:\Program Files\Graphisoft 2007-10-19 12:08 --------- d-----w D:\Documents and Settings\user\Application Data\FrostWire 2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe 2007-10-06 18:27 --------- d-----w D:\Documents and Settings\All Users\Application Data\Bluetooth 2007-10-06 18:15 --------- d-----w C:\Program Files\IVT Corporation 2007-10-06 17:35 724,992 ----a-w C:\WINDOWS\iun6002.exe 2007-10-06 17:29 --------- d-----w C:\Program Files\TVersity 2007-10-06 16:21 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-10-06 10:41 --------- d-----w C:\Program Files\iTunes 2007-10-06 09:54 --------- d-----w C:\Program Files\FlashFXP 2007-10-06 01:51 --------- d-----w D:\Documents and Settings\user\Application Data\FlashFXP 2007-10-06 00:27 --------- d-----w C:\Program Files\XBCD 2007-10-03 23:36 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe 2007-10-03 20:11 --------- d-----w D:\Documents and Settings\All Users\Application Data\FlashFXP 2007-09-05 23:22 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe . ((((((((((((((((((((((((((((( snapshot_2007-11-28_14.28.17.90 ))))))))))))))))))))))))))))))))))))))))) . - 2004-08-04 14:00:00 98,304 ----a-w C:\WINDOWS\system32\cscript.exe + 2007-07-31 20:45:06 114,688 ----a-w C:\WINDOWS\system32\cscript.exe - 2004-08-04 14:00:00 45,083 ----a-w C:\WINDOWS\system32\dispex.dll + 2007-07-31 20:45:24 32,768 ----a-w C:\WINDOWS\system32\dispex.dll + 2007-07-31 20:45:06 114,688 ------w C:\WINDOWS\system32\dllcache\cscript.exe + 2007-07-31 20:45:24 32,768 ------w C:\WINDOWS\system32\dllcache\dispex.dll - 2006-10-17 13:00:00 491,520 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll + 2007-07-31 20:45:24 491,520 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll + 2007-07-31 20:45:28 163,840 ------w C:\WINDOWS\system32\dllcache\scrobj.dll + 2007-07-31 20:45:28 155,648 ------w C:\WINDOWS\system32\dllcache\scrrun.dll - 2006-10-17 13:33:40 413,696 ------w C:\WINDOWS\system32\dllcache\vbscript.dll + 2007-07-31 20:45:28 413,696 ------w C:\WINDOWS\system32\dllcache\vbscript.dll - 2004-08-04 14:00:00 114,688 ----a-w C:\WINDOWS\system32\dllcache\wscript.exe + 2007-07-31 20:45:22 135,168 ----a-w C:\WINDOWS\system32\dllcache\wscript.exe + 2007-07-31 20:45:30 69,632 ------w C:\WINDOWS\system32\dllcache\wshext.dll + 2007-11-29 19:04:59 821,856 ----a-w C:\WINDOWS\system32\drivers\avg7core.sys + 2007-11-29 19:05:04 4,224 ----a-w C:\WINDOWS\system32\drivers\avg7rsw.sys + 2007-11-29 19:05:04 27,776 ----a-w C:\WINDOWS\system32\drivers\avg7rsxp.sys + 2007-11-29 19:05:05 3,968 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys + 2007-11-29 19:05:05 19,904 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys - 2006-10-17 13:00:00 491,520 ----a-w C:\WINDOWS\system32\jscript.dll + 2007-07-31 20:45:24 491,520 ----a-w C:\WINDOWS\system32\jscript.dll - 2004-08-04 14:00:00 159,744 ----a-w C:\WINDOWS\system32\scrobj.dll + 2007-07-31 20:45:28 163,840 ----a-w C:\WINDOWS\system32\scrobj.dll - 2004-08-04 14:00:00 151,552 ----a-w C:\WINDOWS\system32\scrrun.dll + 2007-07-31 20:45:28 155,648 ----a-w C:\WINDOWS\system32\scrrun.dll - 2006-10-17 13:33:40 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll + 2007-07-31 20:45:28 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll - 2004-08-04 14:00:00 114,688 ----a-w C:\WINDOWS\system32\wscript.exe + 2007-07-31 20:45:22 135,168 ----a-w C:\WINDOWS\system32\wscript.exe - 2004-08-04 14:00:00 28,672 ----a-w C:\WINDOWS\system32\wshcon.dll + 2007-07-31 20:45:30 36,864 ----a-w C:\WINDOWS\system32\wshcon.dll - 2004-08-04 14:00:00 65,536 ----a-w C:\WINDOWS\system32\wshext.dll + 2007-07-31 20:45:30 69,632 ----a-w C:\WINDOWS\system32\wshext.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Remote"="C:\Program Files\TVR\Remote.exe" [2007-11-25 12:07] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-25 12:07] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-12-01 04:37] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-25 12:07] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-29 19:04] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-29 19:04] D:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04] [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2007-01-19 21:51 77824] "{ED203331-9C33-49D8-8714-D24A366A04EC}"= C:\WINDOWS\system32\iiffccd.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2006-10-19 09:12 258048 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk] path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\VIA RAID TOOL.lnk backup=C:\WINDOWS\pss\VIA RAID TOOL.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 -noicon [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2005-12-15 10:18 49152 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint] 2004-06-03 01:50 204800 --a------ C:\Program Files\Microsoft IntelliPoint\point32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] 2001-07-09 02:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecSche] 2005-05-23 08:44 450560 --a------ C:\Program Files\TVR\RecSche.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanRegistry] C:\W [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2005-05-31 01:04 1415824 --a------ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2007-01-19 21:51 1310720 --a------ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] VTTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp] VTtrayp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDVRCtrl] C:\WINDOWS\WDVRCtrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2006-10-18 20:05 204288 --a------ C:\Program Files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "StarWindService"=2 (0x2) "SAVScan"=3 (0x3) "Pml Driver HPZ12"=2 (0x2) "ose"=3 (0x3) "MDM"=2 (0x2) "ISSVC"=2 (0x2) "IDriverT"=3 (0x3) "GB-PVR Recording Service"=2 (0x2) "C-DillaCdaC11BA"=2 (0x2) "AOL ACS"=2 (0x2) R0 UNPR;UNPR;C:\WINDOWS\system32\unpr.sys R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys R3 AVHybrid;AVHybrid service;C:\WINDOWS\system32\DRIVERS\AVHybrid.sys S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys S3 Via4in1;Via4in1;\??\C:\Via4in1.sys S3 xbreader;MaxDrive XBox Driver (xbreader.sys);C:\WINDOWS\system32\Drivers\xbreader.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25ef4922-f755-11db-81f8-00038a000015}] \Shell\AutoRun\command - F:\LaunchU3.exe -a *Newly Created Service* - AVG7ALRT *Newly Created Service* - AVG7CORE *Newly Created Service* - AVG7RSXP *Newly Created Service* - AVG7UPDSVC *Newly Created Service* - AVGCLEAN . Contents of the 'Scheduled Tasks' folder "2007-11-28 23:38:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2005-12-27 10:59:40 C:\WINDOWS\Tasks\Registration reminder 1.job" - C:\WINDOWS\system32\OOBE\oobebaln.exe . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-29 23:09:54 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql] "ImagePath"="c:/xampp/mysql/bin/mysqld-nt.exe" . Completion time: 2007-11-29 23:10:31 C:\ComboFix2.txt ... 2007-11-28 14:28 C:\ComboFix3.txt ... 2007-11-27 12:47 . --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:12:14, on 29/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hotmail.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [Remote] C:\Program Files\TVR\Remote.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: MySql - Unknown owner - c:/xampp/mysql/bin/mysqld-nt.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 6959 bytes
  4. After some googling, I managed to find out it was NORTON that messed up with the secure sites etc!!! I managed to un-install it now and am using another SV software!
  5. BUMP My PC seems to be ok at the moment and i'm trying to recover my start-menu's and broken links. My Firefox bwser is not working though, ad Internet Explorer will no access secure login websites..(Hotmail, facebook etc!)! Is there any advise with regards to this matter???
  6. ComboFix 07-11-19.4 - user 2007-11-27 12:44:23.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.397 [GMT 0:00] Running from: D:\Documents and Settings\user\Desktop\ComboFix.exe Command switches used :: C:\ComboFix\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-10-27 to 2007-11-27 ))))))))))))))))))))))))))))))) . 2007-11-27 02:05 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-11-27 02:05 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-11-27 02:05 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-11-27 01:43 1,582 --a------ D:\Documents and Settings\user\clean.reg 2007-11-27 00:26 33,280 --a------ C:\WINDOWS\system32\rundll32.exe 2007-11-27 00:26 33,280 --a------ C:\WINDOWS\system32\dllcache\rundll32.exe 2007-11-25 12:28 <DIR> d-------- D:\Documents and Settings\user\Application Data\Apple Computer 2007-11-25 11:59 <DIR> d-------- C:\VundoFix Backups 2007-11-25 00:26 <DIR> d-------- C:\Program Files\Trend Micro 2007-11-24 23:04 <DIR> d-------- D:\Documents and Settings\user\Application Data\Lavasoft 2007-11-24 22:51 57,701 --ahs---- C:\WINDOWS\system32\rtstv.ini 2007-11-24 22:51 14,654 --ahs---- C:\WINDOWS\system32\rtstv.ini2 2007-11-24 22:46 <DIR> d-------- D:\Documents and Settings\user\Application Data\AdobeUM 2007-11-24 22:31 <DIR> d-------- D:\Documents and Settings\user\Application Data\vlc 2007-11-24 22:30 <DIR> d-------- D:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com 2007-11-24 22:28 <DIR> d-------- C:\Program Files\Img2CAD 2007-11-24 22:14 <DIR> d-------- C:\Program Files\Security Task Manager(2) 2007-11-24 10:38 41,591 --ahs---- C:\WINDOWS\system32\llkkj.ini2 2007-11-24 00:02 6,490 --ahs---- C:\WINDOWS\system32\pstwa.ini2 2007-11-24 00:02 317 --ahs---- C:\WINDOWS\system32\pstwa.ini 2007-11-24 00:01 <DIR> d-------- C:\WINDOWS\system32\vgfddwtv 2007-11-24 00:01 <DIR> d-------- C:\Program Files\Gfkgzmsb 2007-11-24 00:01 131,072 --a------ D:\Documents and Settings\All Users\Application Data\jibupqne.dll 2007-11-24 00:01 102,912 --a------ C:\WINDOWS\system32\drvtug.dll 2007-11-23 23:59 <DIR> d-------- C:\Program Files\ngbmpgnc 2007-11-23 23:58 20,992 --------- C:\WINDOWS\system32\winbug32.dll_tobedeleted_old 2007-11-23 23:52 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL 2007-11-23 23:52 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS 2007-11-20 14:02 <DIR> d-------- C:\Program Files\MSBuild 2007-11-20 13:57 <DIR> d-------- C:\WINDOWS\system32\XPSViewer 2007-11-20 13:56 <DIR> d-------- C:\Program Files\Reference Assemblies 2007-11-20 13:55 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2007-11-20 13:25 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll 2007-11-20 13:25 116,736 --------- C:\WINDOWS\system32\aaclient.dll 2007-11-10 23:39 80,105 --a------ C:\WINDOWS\system32\dcads-remove.exe 2007-11-08 23:18 <DIR> d-------- C:\Program Files\TrustyFiles 2007-11-08 20:11 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll 2007-11-08 20:10 <DIR> d-------- C:\Program Files\BitSpirit 2007-11-08 20:08 <DIR> d-------- C:\Program Files\BitComet 2007-11-08 19:25 <DIR> d-------- C:\Program Files\PCPitstop 2007-11-07 16:59 <DIR> d-a------ C:\Program Files\WinZix 2007-11-05 12:35 65,024 --a------ C:\WINDOWS\system32\spads.dll 2007-11-03 00:14 <DIR> d-------- C:\Program Files\HTTP-Tunnel . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-27 03:44 --------- d-----w C:\Program Files\Java 2007-11-27 03:37 --------- d-----w D:\Documents and Settings\All Users\Application Data\SecTaskMan 2007-11-27 02:01 8,704 ----a-w C:\WINDOWS\system32\wdfmgr.exe 2007-11-25 12:10 28,672 ------w C:\WINDOWS\system32\verclsid.exe 2007-11-25 02:25 --------- d-----w C:\Program Files\SUPERAntiSpyware 2007-11-24 01:37 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-11-23 23:52 --------- d-----w C:\Program Files\ImTOO 2007-11-18 23:20 --------- d-----w C:\Program Files\Winamp 2007-11-11 12:28 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-11 12:06 --------- d-----w C:\Program Files\Activision 2007-11-10 23:40 40,731 ----a-w C:\WINDOWS\system32\superiorads-uninst.exe 2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-24 18:27 --------- d-----w C:\Program Files\SSH Tunnel 2007-10-24 13:51 --------- d-----w C:\Program Files\Microsoft ActiveSync 2007-10-24 13:40 --------- d-----w C:\Program Files\LimeWire 2007-10-24 07:33 --------- d-----w C:\Program Files\Artlantis Studio 2007-10-24 07:11 --------- d-----w C:\Program Files\Graphisoft 2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe 2007-10-06 18:27 --------- d-----w D:\Documents and Settings\All Users\Application Data\Bluetooth 2007-10-06 18:15 --------- d-----w C:\Program Files\IVT Corporation 2007-10-06 17:35 724,992 ----a-w C:\WINDOWS\iun6002.exe 2007-10-06 17:29 --------- d-----w C:\Program Files\TVersity 2007-10-06 16:21 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-10-06 10:41 --------- d-----w C:\Program Files\iTunes 2007-10-06 10:41 --------- d-----w C:\Program Files\iPod 2007-10-06 09:54 --------- d-----w C:\Program Files\FlashFXP 2007-10-06 01:48 --------- d-----w C:\Program Files\SatelliteTVforPC 2007-10-06 00:29 --------- d-----w C:\Program Files\Datel 2007-10-06 00:27 --------- d-----w C:\Program Files\XBCD 2007-10-03 20:12 --------- d-----w C:\Program Files\Fire International 2007-10-03 20:11 --------- d-----w D:\Documents and Settings\All Users\Application Data\FlashFXP 2007-09-30 19:22 --------- d-----w C:\Program Files\Symantec 2007-09-05 23:22 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe . ((((((((((((((((((((((((((((( [email protected]_ 2.23.14.20 ))))))))))))))))))))))))))))))))))))))))) . - 2004-09-19 20:21:24 177,152 -c----w C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe + 2007-11-27 02:44:53 169,984 -c----w C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe + 2004-08-04 14:00:00 20,992 ----a-w C:\WINDOWS\system32\dllcache\fontview.exe + 2004-08-04 14:00:00 15,872 ----a-w C:\WINDOWS\system32\dllcache\perfmon.exe + 2004-08-04 14:00:00 8,192 ----a-w C:\WINDOWS\system32\dllcache\winhstb.exe + 2004-08-04 14:00:00 32,256 ----a-w C:\WINDOWS\system32\dllcache\wpnpinst.exe - 2004-08-04 14:00:00 28,160 ----a-w C:\WINDOWS\system32\fontview.exe + 2004-08-04 14:00:00 20,992 ----a-w C:\WINDOWS\system32\fontview.exe - 2007-10-24 07:09:36 135,168 ----a-w C:\WINDOWS\system32\java.exe + 2007-09-24 22:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe - 2007-11-27 00:19:27 135,168 ----a-w C:\WINDOWS\system32\javaw.exe + 2007-09-24 22:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe - 2007-11-27 00:28:17 139,264 ----a-w C:\WINDOWS\system32\javaws.exe + 2007-09-24 23:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe - 2006-10-17 12:56:10 52,736 ----a-w C:\WINDOWS\system32\mshta.exe + 2006-10-17 12:56:10 45,568 ----a-w C:\WINDOWS\system32\mshta.exe - 2004-08-04 14:00:00 23,040 ----a-w C:\WINDOWS\system32\perfmon.exe + 2004-08-04 14:00:00 15,872 ----a-w C:\WINDOWS\system32\perfmon.exe - 2004-08-04 14:00:00 15,360 ----a-w C:\WINDOWS\system32\winhlp32.exe + 2004-08-04 14:00:00 8,192 ----a-w C:\WINDOWS\system32\winhlp32.exe - 2004-08-04 14:00:00 39,424 ----a-w C:\WINDOWS\system32\wpnpinst.exe + 2004-08-04 14:00:00 32,256 ----a-w C:\WINDOWS\system32\wpnpinst.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Remote"="C:\Program Files\TVR\Remote.exe" [2007-11-25 12:07] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32] "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2007-11-25 12:07] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-25 12:07] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-12-01 04:37] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-25 12:07] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-09-30 19:21] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00] [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2007-01-19 21:51 77824] "{ED203331-9C33-49D8-8714-D24A366A04EC}"= C:\WINDOWS\system32\iiffccd.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2006-10-19 09:12 258048 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iiffccd] iiffccd.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk] path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\VIA RAID TOOL.lnk backup=C:\WINDOWS\pss\VIA RAID TOOL.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 -noicon [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EACHITCHBATLOCKS] D:\Documents and Settings\All Users\Application Data\TWOHOLDEACHITCH\Web Noun.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\flag love] D:\DOCUME~1\user\APPLIC~1\OOZEON~1\Ace user.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2005-12-15 10:18 49152 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint] 2004-06-03 01:50 204800 --a------ C:\Program Files\Microsoft IntelliPoint\point32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] 2001-07-09 02:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecSche] 2005-05-23 08:44 450560 --a------ C:\Program Files\TVR\RecSche.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanRegistry] C:\W [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2005-05-31 01:04 1415824 --a------ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2007-01-19 21:51 1310720 --a------ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] VTTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp] VTtrayp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDVRCtrl] C:\WINDOWS\WDVRCtrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2006-10-18 20:05 204288 --a------ C:\Program Files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "StarWindService"=2 (0x2) "SAVScan"=3 (0x3) "Pml Driver HPZ12"=2 (0x2) "ose"=3 (0x3) "MDM"=2 (0x2) "ISSVC"=2 (0x2) "IDriverT"=3 (0x3) "GB-PVR Recording Service"=2 (0x2) "C-DillaCdaC11BA"=2 (0x2) "AOL ACS"=2 (0x2) R0 UNPR;UNPR;C:\WINDOWS\system32\unpr.sys R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys R3 AVHybrid;AVHybrid service;C:\WINDOWS\system32\DRIVERS\AVHybrid.sys S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys S3 Via4in1;Via4in1;\??\C:\Via4in1.sys S3 xbreader;MaxDrive XBox Driver (xbreader.sys);C:\WINDOWS\system32\Drivers\xbreader.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25ef4922-f755-11db-81f8-00038a000015}] \Shell\AutoRun\command - F:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder "2007-11-21 23:38:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2005-12-27 10:59:40 C:\WINDOWS\Tasks\Registration reminder 1.job" - C:\WINDOWS\system32\OOBE\oobebaln.exe . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-27 12:46:55 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql] "ImagePath"="c:/xampp/mysql/bin/mysqld-nt.exe" . Completion time: 2007-11-27 12:47:33 C:\ComboFix2.txt ... 2007-11-27 02:23 . --- E O F --- HJThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:48:13, on 27/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\TVR\remote.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hotmail.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Athens Toolbar - {2E560504-B9C8-48AA-982A-08B79C3FD40E} - C:\Program Files\Eduserv Technologies Limited\Athens Toolbar\AthensToolbar.dll O4 - HKLM\..\Run: [Remote] C:\Program Files\TVR\Remote.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: iiffccd - iiffccd.dll (file missing) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MySql - Unknown owner - c:/xampp/mysql/bin/mysqld-nt.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- End of file - 9289 bytes
  7. Seems to have done the trick! Any chance I can fix my browser, as I cannot access password login/secure websites? Also my start menu items are still showing empty folders!
  8. VundoFix V6.6.2 Checking Java version... Java version is 1.5.0.2 Old versions of java are exploitable and should be removed. Java version is 1.5.0.9 Old versions of java are exploitable and should be removed. Java version is 1.5.0.10 Scan started at 11:59:18 25/11/2007 Listing files found while scanning.... C:\windows\system32\drvtugr.dll Beginning removal... Attempting to delete C:\windows\system32\drvtugr.dll C:\windows\system32\drvtugr.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.6.2 Checking Java version... Scan started at 02:43:34 27/11/2007 Listing files found while scanning.... No infected files were found. Beginning removal... COMBOFIX ComboFix 07-11-19.4 - user 2007-11-27 2:52:55.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.374 [GMT 0:00] Running from: D:\Documents and Settings\user\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-10-27 to 2007-11-27 ))))))))))))))))))))))))))))))) . 2007-11-27 02:50 32,256 --a------ C:\WINDOWS\system32\OLD20.tmp 2007-11-27 02:50 15,872 --a------ C:\WINDOWS\system32\OLD14.tmp 2007-11-27 02:50 8,192 --a------ C:\WINDOWS\system32\OLD1A.tmp 2007-11-27 02:49 <DIR> d-------- C:\WINDOWS\LastGood 2007-11-27 02:49 20,992 --a------ C:\WINDOWS\system32\OLDB.tmp 2007-11-27 02:05 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-11-27 02:05 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-11-27 02:05 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-11-27 01:43 1,582 --a------ D:\Documents and Settings\user\clean.reg 2007-11-27 01:36 <DIR> d-------- C:\WINDOWS\ERUNT 2007-11-27 00:26 33,280 --a------ C:\WINDOWS\system32\rundll32.exe 2007-11-27 00:26 33,280 --a------ C:\WINDOWS\system32\dllcache\rundll32.exe 2007-11-25 12:28 <DIR> d-------- D:\Documents and Settings\user\Application Data\Apple Computer 2007-11-25 11:59 <DIR> d-------- C:\VundoFix Backups 2007-11-25 00:26 <DIR> d-------- C:\Program Files\Trend Micro 2007-11-24 23:04 <DIR> d-------- D:\Documents and Settings\user\Application Data\Lavasoft 2007-11-24 22:51 57,701 --ahs---- C:\WINDOWS\system32\rtstv.ini 2007-11-24 22:51 14,654 --ahs---- C:\WINDOWS\system32\rtstv.ini2 2007-11-24 22:46 <DIR> d-------- D:\Documents and Settings\user\Application Data\AdobeUM 2007-11-24 22:31 <DIR> d-------- D:\Documents and Settings\user\Application Data\vlc 2007-11-24 22:30 <DIR> d-------- D:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com 2007-11-24 22:28 <DIR> d-------- C:\Program Files\Security Task Manager 2007-11-24 22:28 <DIR> d-------- C:\Program Files\Img2CAD 2007-11-24 22:28 <DIR> d-------- C:\Program Files\Dcads Games Collection 2007-11-24 22:14 <DIR> d-------- C:\Program Files\Security Task Manager(2) 2007-11-24 10:38 41,591 --ahs---- C:\WINDOWS\system32\llkkj.ini2 2007-11-24 00:02 6,490 --ahs---- C:\WINDOWS\system32\pstwa.ini2 2007-11-24 00:02 317 --ahs---- C:\WINDOWS\system32\pstwa.ini 2007-11-24 00:01 <DIR> d-------- C:\WINDOWS\system32\vgfddwtv 2007-11-24 00:01 <DIR> d-------- C:\Program Files\Gfkgzmsb 2007-11-24 00:01 131,072 --a------ D:\Documents and Settings\All Users\Application Data\jibupqne.dll 2007-11-24 00:01 102,912 --a------ C:\WINDOWS\system32\drvtug.dll 2007-11-23 23:59 <DIR> d-------- C:\Program Files\ngbmpgnc 2007-11-23 23:58 20,992 --------- C:\WINDOWS\system32\winbug32.dll_tobedeleted_old 2007-11-23 23:52 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL 2007-11-23 23:52 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS 2007-11-20 14:02 <DIR> d-------- C:\Program Files\MSBuild 2007-11-20 13:57 <DIR> d-------- C:\WINDOWS\system32\XPSViewer 2007-11-20 13:56 <DIR> d-------- C:\Program Files\Reference Assemblies 2007-11-20 13:55 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2007-11-20 13:25 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll 2007-11-20 13:25 116,736 --------- C:\WINDOWS\system32\aaclient.dll 2007-11-10 23:39 80,105 --a------ C:\WINDOWS\system32\dcads-remove.exe 2007-11-08 23:18 <DIR> d-------- C:\Program Files\TrustyFiles 2007-11-08 20:11 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll 2007-11-08 20:10 <DIR> d-------- C:\Program Files\BitSpirit 2007-11-08 20:08 <DIR> d-------- C:\Program Files\BitComet 2007-11-08 19:25 <DIR> d-------- C:\Program Files\PCPitstop 2007-11-07 16:59 <DIR> d-a------ C:\Program Files\WinZix 2007-11-05 12:35 65,024 --a------ C:\WINDOWS\system32\spads.dll 2007-11-03 00:14 <DIR> d-------- C:\Program Files\HTTP-Tunnel . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-27 02:01 8,704 ----a-w C:\WINDOWS\system32\wdfmgr.exe 2007-11-27 00:30 --------- d-----w C:\Program Files\Java 2007-11-25 12:10 28,672 ------w C:\WINDOWS\system32\verclsid.exe 2007-11-25 02:25 --------- d-----w C:\Program Files\SUPERAntiSpyware 2007-11-24 22:15 --------- d-----w D:\Documents and Settings\All Users\Application Data\SecTaskMan 2007-11-24 01:37 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-11-23 23:52 --------- d-----w C:\Program Files\ImTOO 2007-11-18 23:20 --------- d-----w C:\Program Files\Winamp 2007-11-11 12:28 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-11 12:06 --------- d-----w C:\Program Files\Activision 2007-11-10 23:40 40,731 ----a-w C:\WINDOWS\system32\superiorads-uninst.exe 2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-24 18:27 --------- d-----w C:\Program Files\SSH Tunnel 2007-10-24 13:51 --------- d-----w C:\Program Files\Microsoft ActiveSync 2007-10-24 13:40 --------- d-----w C:\Program Files\LimeWire 2007-10-24 07:33 --------- d-----w C:\Program Files\Artlantis Studio 2007-10-24 07:11 --------- d-----w C:\Program Files\Graphisoft 2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe 2007-10-06 18:27 --------- d-----w D:\Documents and Settings\All Users\Application Data\Bluetooth 2007-10-06 18:15 --------- d-----w C:\Program Files\IVT Corporation 2007-10-06 17:35 724,992 ----a-w C:\WINDOWS\iun6002.exe 2007-10-06 17:29 --------- d-----w C:\Program Files\TVersity 2007-10-06 16:21 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-10-06 10:41 --------- d-----w C:\Program Files\iTunes 2007-10-06 10:41 --------- d-----w C:\Program Files\iPod 2007-10-06 09:54 --------- d-----w C:\Program Files\FlashFXP 2007-10-06 01:48 --------- d-----w C:\Program Files\SatelliteTVforPC 2007-10-06 00:29 --------- d-----w C:\Program Files\Datel 2007-10-06 00:27 --------- d-----w C:\Program Files\XBCD 2007-10-03 20:12 --------- d-----w C:\Program Files\Fire International 2007-10-03 20:11 --------- d-----w D:\Documents and Settings\All Users\Application Data\FlashFXP 2007-09-30 19:22 --------- d-----w C:\Program Files\Symantec 2007-09-05 23:22 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe . ((((((((((((((((((((((((((((( [email protected]_ 2.23.14.20 ))))))))))))))))))))))))))))))))))))))))) . - 2004-09-19 20:21:24 177,152 -c----w C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe + 2007-11-27 02:44:53 169,984 -c----w C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe + 2007-11-27 02:49:08 20,992 ----a-w C:\WINDOWS\LastGood\system32\fontview.exe + 2007-11-27 02:50:02 15,872 ----a-w C:\WINDOWS\LastGood\system32\perfmon.exe + 2007-11-27 02:50:30 8,192 ----a-w C:\WINDOWS\LastGood\system32\winhlp32.exe + 2007-11-27 02:50:38 32,256 ----a-w C:\WINDOWS\LastGood\system32\wpnpinst.exe + 2004-08-04 14:00:00 20,992 ----a-w C:\WINDOWS\system32\dllcache\fontview.exe + 2004-08-04 14:00:00 15,872 ----a-w C:\WINDOWS\system32\dllcache\perfmon.exe + 2004-08-04 14:00:00 8,192 ----a-w C:\WINDOWS\system32\dllcache\winhstb.exe + 2004-08-04 14:00:00 32,256 ----a-w C:\WINDOWS\system32\dllcache\wpnpinst.exe - 2004-08-04 14:00:00 28,160 ----a-w C:\WINDOWS\system32\fontview.exe + 2004-08-04 14:00:00 20,992 ----a-w C:\WINDOWS\system32\fontview.exe - 2006-10-17 12:56:10 52,736 ----a-w C:\WINDOWS\system32\mshta.exe + 2006-10-17 12:56:10 45,568 ----a-w C:\WINDOWS\system32\mshta.exe - 2004-08-04 14:00:00 23,040 ----a-w C:\WINDOWS\system32\perfmon.exe + 2004-08-04 14:00:00 15,872 ----a-w C:\WINDOWS\system32\perfmon.exe - 2004-08-04 14:00:00 15,360 ----a-w C:\WINDOWS\system32\winhlp32.exe + 2004-08-04 14:00:00 8,192 ----a-w C:\WINDOWS\system32\winhlp32.exe - 2004-08-04 14:00:00 39,424 ----a-w C:\WINDOWS\system32\wpnpinst.exe + 2004-08-04 14:00:00 32,256 ----a-w C:\WINDOWS\system32\wpnpinst.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Remote"="C:\Program Files\TVR\Remote.exe" [2007-11-25 12:07] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32] "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2007-11-25 12:07] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-25 12:07] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-12-01 04:37] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-25 12:07] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-09-30 19:21] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-10-24 07:09] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00] [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2007-01-19 21:51 77824] "{ED203331-9C33-49D8-8714-D24A366A04EC}"= C:\WINDOWS\system32\iiffccd.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2006-10-19 09:12 258048 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iiffccd] iiffccd.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk] path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\VIA RAID TOOL.lnk backup=C:\WINDOWS\pss\VIA RAID TOOL.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 -noicon [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EACHITCHBATLOCKS] D:\Documents and Settings\All Users\Application Data\TWOHOLDEACHITCH\Web Noun.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\flag love] D:\DOCUME~1\user\APPLIC~1\OOZEON~1\Ace user.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2005-12-15 10:18 49152 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint] 2004-06-03 01:50 204800 --a------ C:\Program Files\Microsoft IntelliPoint\point32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] 2001-07-09 02:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecSche] 2005-05-23 08:44 450560 --a------ C:\Program Files\TVR\RecSche.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanRegistry] C:\W [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2005-05-31 01:04 1415824 --a------ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2007-01-19 21:51 1310720 --a------ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] VTTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp] VTtrayp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDVRCtrl] C:\WINDOWS\WDVRCtrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2006-10-18 20:05 204288 --a------ C:\Program Files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "StarWindService"=2 (0x2) "SAVScan"=3 (0x3) "Pml Driver HPZ12"=2 (0x2) "ose"=3 (0x3) "MDM"=2 (0x2) "ISSVC"=2 (0x2) "IDriverT"=3 (0x3) "GB-PVR Recording Service"=2 (0x2) "C-DillaCdaC11BA"=2 (0x2) "AOL ACS"=2 (0x2) R0 UNPR;UNPR;C:\WINDOWS\system32\unpr.sys R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys R3 AVHybrid;AVHybrid service;C:\WINDOWS\system32\DRIVERS\AVHybrid.sys S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys S3 Via4in1;Via4in1;\??\C:\Via4in1.sys S3 xbreader;MaxDrive XBox Driver (xbreader.sys);C:\WINDOWS\system32\Drivers\xbreader.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25ef4922-f755-11db-81f8-00038a000015}] \Shell\AutoRun\command - F:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder "2007-11-21 23:38:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2005-12-27 10:59:40 C:\WINDOWS\Tasks\Registration reminder 1.job" - C:\WINDOWS\system32\OOBE\oobebaln.exe . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-27 02:55:10 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... HJTHIS Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:59, on 2007-11-27 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hotmail.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Athens Toolbar - {2E560504-B9C8-48AA-982A-08B79C3FD40E} - C:\Program Files\Eduserv Technologies Limited\Athens Toolbar\AthensToolbar.dll O4 - HKLM\..\Run: [Remote] C:\Program Files\TVR\Remote.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: iiffccd - iiffccd.dll (file missing) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MySql - Unknown owner - c:/xampp/mysql/bin/mysqld-nt.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- End of file - 9294 bytes
  9. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:27:34, on 27/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hotmail.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Athens Toolbar - {2E560504-B9C8-48AA-982A-08B79C3FD40E} - C:\Program Files\Eduserv Technologies Limited\Athens Toolbar\AthensToolbar.dll O4 - HKLM\..\Run: [Remote] C:\Program Files\TVR\Remote.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: iiffccd - iiffccd.dll (file missing) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MySql - Unknown owner - c:/xampp/mysql/bin/mysqld-nt.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- End of file - 9330 bytes
  10. ComboFix 07-11-19.4 - user 2007-11-27 2:18:21.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.362 [GMT 0:00] Running from: D:\Documents and Settings\user\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\internet explorer\iekey.dll C:\Program Files\SecCenter C:\Program Files\SecCenter\scprot4.exe C:\WINDOWS\system32\nsx237.dll . ((((((((((((((((((((((((( Files Created from 2007-10-27 to 2007-11-27 ))))))))))))))))))))))))))))))) . 2007-11-27 02:05 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-11-27 02:05 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-11-27 02:05 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-11-27 01:43 1,582 --a------ D:\Documents and Settings\user\clean.reg 2007-11-27 00:26 33,280 --a------ C:\WINDOWS\system32\rundll32.exe 2007-11-27 00:26 33,280 --a------ C:\WINDOWS\system32\dllcache\rundll32.exe 2007-11-25 12:28 <DIR> d-------- D:\Documents and Settings\user\Application Data\Apple Computer 2007-11-25 11:59 <DIR> d-------- C:\VundoFix Backups 2007-11-25 00:26 <DIR> d-------- C:\Program Files\Trend Micro 2007-11-24 23:04 <DIR> d-------- D:\Documents and Settings\user\Application Data\Lavasoft 2007-11-24 22:51 57,701 --ahs---- C:\WINDOWS\system32\rtstv.ini 2007-11-24 22:51 14,654 --ahs---- C:\WINDOWS\system32\rtstv.ini2 2007-11-24 22:46 <DIR> d-------- D:\Documents and Settings\user\Application Data\AdobeUM 2007-11-24 22:31 <DIR> d-------- D:\Documents and Settings\user\Application Data\vlc 2007-11-24 22:30 <DIR> d-------- D:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com 2007-11-24 22:28 <DIR> d-------- C:\Program Files\Security Task Manager 2007-11-24 22:28 <DIR> d-------- C:\Program Files\Img2CAD 2007-11-24 22:28 <DIR> d-------- C:\Program Files\Dcads Games Collection 2007-11-24 22:14 <DIR> d-------- C:\Program Files\Security Task Manager(2) 2007-11-24 10:38 41,591 --ahs---- C:\WINDOWS\system32\llkkj.ini2 2007-11-24 00:02 6,490 --ahs---- C:\WINDOWS\system32\pstwa.ini2 2007-11-24 00:02 317 --ahs---- C:\WINDOWS\system32\pstwa.ini 2007-11-24 00:01 <DIR> d-------- C:\WINDOWS\system32\vgfddwtv 2007-11-24 00:01 <DIR> d-------- C:\Program Files\Gfkgzmsb 2007-11-24 00:01 131,072 --a------ D:\Documents and Settings\All Users\Application Data\jibupqne.dll 2007-11-24 00:01 102,912 --a------ C:\WINDOWS\system32\drvtug.dll 2007-11-23 23:59 <DIR> d-------- C:\Program Files\ngbmpgnc 2007-11-23 23:58 20,992 --------- C:\WINDOWS\system32\winbug32.dll_tobedeleted_old 2007-11-23 23:52 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL 2007-11-23 23:52 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS 2007-11-20 14:02 <DIR> d-------- C:\Program Files\MSBuild 2007-11-20 13:57 <DIR> d-------- C:\WINDOWS\system32\XPSViewer 2007-11-20 13:56 <DIR> d-------- C:\Program Files\Reference Assemblies 2007-11-20 13:55 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2007-11-20 13:25 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll 2007-11-20 13:25 116,736 --------- C:\WINDOWS\system32\aaclient.dll 2007-11-10 23:39 80,105 --a------ C:\WINDOWS\system32\dcads-remove.exe 2007-11-08 23:18 <DIR> d-------- C:\Program Files\TrustyFiles 2007-11-08 20:11 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll 2007-11-08 20:10 <DIR> d-------- C:\Program Files\BitSpirit 2007-11-08 20:08 <DIR> d-------- C:\Program Files\BitComet 2007-11-08 19:25 <DIR> d-------- C:\Program Files\PCPitstop 2007-11-07 16:59 <DIR> d-a------ C:\Program Files\WinZix 2007-11-05 12:35 65,024 --a------ C:\WINDOWS\system32\spads.dll 2007-11-03 00:14 <DIR> d-------- C:\Program Files\HTTP-Tunnel . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-27 00:30 --------- d-----w C:\Program Files\Java 2007-11-25 02:25 --------- d-----w C:\Program Files\SUPERAntiSpyware 2007-11-24 22:15 --------- d-----w D:\Documents and Settings\All Users\Application Data\SecTaskMan 2007-11-24 01:37 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-11-23 23:52 --------- d-----w C:\Program Files\ImTOO 2007-11-18 23:20 --------- d-----w C:\Program Files\Winamp 2007-11-11 12:28 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-11 12:06 --------- d-----w C:\Program Files\Activision 2007-10-24 18:27 --------- d-----w C:\Program Files\SSH Tunnel 2007-10-24 13:51 --------- d-----w C:\Program Files\Microsoft ActiveSync 2007-10-24 13:40 --------- d-----w C:\Program Files\LimeWire 2007-10-24 07:33 --------- d-----w C:\Program Files\Artlantis Studio 2007-10-24 07:11 --------- d-----w C:\Program Files\Graphisoft 2007-10-06 18:27 --------- d-----w D:\Documents and Settings\All Users\Application Data\Bluetooth 2007-10-06 18:15 --------- d-----w C:\Program Files\IVT Corporation 2007-10-06 17:35 724,992 ----a-w C:\WINDOWS\iun6002.exe 2007-10-06 17:29 --------- d-----w C:\Program Files\TVersity 2007-10-06 16:21 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-10-06 10:41 --------- d-----w C:\Program Files\iTunes 2007-10-06 10:41 --------- d-----w C:\Program Files\iPod 2007-10-06 09:54 --------- d-----w C:\Program Files\FlashFXP 2007-10-06 01:48 --------- d-----w C:\Program Files\SatelliteTVforPC 2007-10-06 00:29 --------- d-----w C:\Program Files\Datel 2007-10-06 00:27 --------- d-----w C:\Program Files\XBCD 2007-10-03 20:12 --------- d-----w C:\Program Files\Fire International 2007-10-03 20:11 --------- d-----w D:\Documents and Settings\All Users\Application Data\FlashFXP 2007-09-30 19:22 --------- d-----w C:\Program Files\Symantec . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Remote"="C:\Program Files\TVR\Remote.exe" [2007-11-25 12:07] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32] "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2007-11-25 12:07] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-25 12:07] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-12-01 04:37] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-25 12:07] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-09-30 19:21] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-10-24 07:09] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00] [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2007-01-19 21:51 77824] "{ED203331-9C33-49D8-8714-D24A366A04EC}"= C:\WINDOWS\system32\iiffccd.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2006-10-19 09:12 258048 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iiffccd] iiffccd.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk] path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\VIA RAID TOOL.lnk backup=C:\WINDOWS\pss\VIA RAID TOOL.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 -noicon [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EACHITCHBATLOCKS] D:\Documents and Settings\All Users\Application Data\TWOHOLDEACHITCH\Web Noun.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\flag love] D:\DOCUME~1\user\APPLIC~1\OOZEON~1\Ace user.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2005-12-15 10:18 49152 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint] 2004-06-03 01:50 204800 --a------ C:\Program Files\Microsoft IntelliPoint\point32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] 2001-07-09 02:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecSche] 2005-05-23 08:44 450560 --a------ C:\Program Files\TVR\RecSche.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanRegistry] C:\W [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2005-05-31 01:04 1415824 --a------ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2007-01-19 21:51 1310720 --a------ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] VTTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp] VTtrayp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDVRCtrl] C:\WINDOWS\WDVRCtrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2006-10-18 20:05 204288 --a------ C:\Program Files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "StarWindService"=2 (0x2) "SAVScan"=3 (0x3) "Pml Driver HPZ12"=2 (0x2) "ose"=3 (0x3) "MDM"=2 (0x2) "ISSVC"=2 (0x2) "IDriverT"=3 (0x3) "GB-PVR Recording Service"=2 (0x2) "C-DillaCdaC11BA"=2 (0x2) "AOL ACS"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25ef4922-f755-11db-81f8-00038a000015}] \Shell\AutoRun\command - F:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder "2007-11-21 23:38:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2005-12-27 10:59:40 C:\WINDOWS\Tasks\Registration reminder 1.job" - C:\WINDOWS\system32\OOBE\oobebaln.exe . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-27 02:23:07 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql] "ImagePath"="c:/xampp/mysql/bin/mysqld-nt.exe" . Completion time: 2007-11-27 2:23:54 - machine was rebooted . --- E O F ---
  11. SMITFRAUDFIX Report SmitFraudFix v2.256 Scan done at 2:05:56.00, 27/11/2007 Run from D:\Documents and Settings\user\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\regsvr32.exe C:\Program Files\SecCenter\scprot4.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» D:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDOWS\system32\1024\ FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\user »»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\user\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\user\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL" "LoadAppInit_DLLs"=dword:00000001 »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport DNS Server Search Order: 192.168.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{E7D2ACA9-660B-4D57-BF53-EFA67E229295}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{E7D2ACA9-660B-4D57-BF53-EFA67E229295}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{E7D2ACA9-660B-4D57-BF53-EFA67E229295}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End
  12. SDFix REPORT.TXT SDFix: Version 1.115 Run by user on 27/11/2007 at 01:52 Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File and Hijack This report: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:04:00, on 27/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\regsvr32.exe C:\Program Files\SecCenter\scprot4.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hotmail.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Athens Toolbar - {2E560504-B9C8-48AA-982A-08B79C3FD40E} - C:\Program Files\Eduserv Technologies Limited\Athens Toolbar\AthensToolbar.dll O4 - HKLM\..\Run: [Remote] C:\Program Files\TVR\Remote.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [jibupqne] regsvr32 /u "D:\Documents and Settings\All Users\Application Data\jibupqne.dll" O4 - HKLM\..\Run: [sC2] C:\Program Files\SecCenter\scprot4.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: iiffccd - iiffccd.dll (file missing) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MySql - Unknown owner - c:/xampp/mysql/bin/mysqld-nt.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- End of file - 9692 bytes
  13. EXTRA Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: AMD Sempron Processor 3000+ Percentage of Memory in Use: 40% Physical Memory (total/avail): 703.48 MiB / 419.56 MiB Pagefile Memory (total/avail): 1174.78 MiB / 913.4 MiB Virtual Memory (total/avail): 2047.88 MiB / 1913.04 MiB C: is Fixed (NTFS) - 22.23 GiB total, 5.44 GiB free. D: is Fixed (NTFS) - 44.48 GiB total, 3.35 GiB free. E: is CDROM (No Media) G: is Removable (No Media) H: is Removable (No Media) I: is Removable (No Media) J: is CDROM (No Media) K: is Fixed (NTFS) - 465.76 GiB total, 431.8 GiB free. L: is CDROM (No Media) M: is Removable (No Media) Z: is Fixed (NTFS) - 114.49 GiB total, 11.02 GiB free. \\.\PHYSICALDRIVE0 - ST380011A - 74.53 GiB - 3 partitions \PARTITION0 - Unknown - 7.81 GiB \PARTITION1 (bootable) - Installable File System - 22.23 GiB - C: \PARTITION2 - Installable File System - 44.48 GiB - D: \\.\PHYSICALDRIVE1 - ST350063 0AS SCSI Disk Device - 465.76 GiB - 1 partition \PARTITION0 - Installable File System - 465.76 GiB - K: \\.\PHYSICALDRIVE6 - Maxtor 6Y120L0 USB Device - 114.49 GiB - 1 partition \PARTITION0 - Installable File System - 114.49 GiB - Z: \\.\PHYSICALDRIVE3 - NEODIO USB Storage-CFC USB Device \\.\PHYSICALDRIVE2 - NEODIO USB Storage-MMC USB Device \\.\PHYSICALDRIVE5 - NEODIO USB Storage-MSC USB Device \\.\PHYSICALDRIVE4 - NEODIO USB Storage-SMC USB Device -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is disabled. FirstRunDisabled is set. FW: Norton Internet Security v2005 (Symantec Corporation) AV: Norton Internet Security v2005 (Symantec Corporation) Outdated [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%ProgramFiles%\\AOL 9.0\\aol.exe"="%ProgramFiles%\\AOL 9.0\\aol.exe:*:Enabled:AOL" "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"="%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA" "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"="%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe:*:Enabled:PANDORA" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Red Chair Software\\Anapod Explorer\\anamgr.exe"="C:\\Program Files\\Red Chair Software\\Anapod Explorer\\anamgr.exe:*:Enabled:Anapod Xtreamer" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe" "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe" "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe" "C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent" "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent" "C:\\APPS\\skype\\phone\\Skype.exe"="C:\\APPS\\skype\\phone\\Skype.exe:*:Enabled:Skype" "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader" "C:\\Program Files\\Common Files\\AOL\\1171300940\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1171300940\\ee\\aolsoftware.exe:*:Enabled:AOL Services" "C:\\Program Files\\Common Files\\AOL\\1171300940\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1171300940\\ee\\aim6.exe:*:Enabled:AIM" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\PPMate\\PPMate\\ppmate.exe"="C:\\Program Files\\PPMate\\PPMate\\ppmate.exe:*:Enabled:PPMate" "C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil" "D:\\Documents and Settings\\user\\Desktop\\utorrent.exe"="D:\\Documents and Settings\\user\\Desktop\\utorrent.exe:*:Enabled:µTorrent" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\BitSpirit\\BitSpirit.exe"="C:\\Program Files\\BitSpirit\\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client" "D:\\DOCUME~1\\user\\LOCALS~1\\Temp\\winBC.exe"="D:\\DOCUME~1\\user\\LOCALS~1\\Temp\\winBC.exe:*:Enabled:winBC" "D:\\Documents and Settings\\user\\Local Settings\\Temp\\winD4.exe"="D:\\Documents and Settings\\user\\Local Settings\\Temp\\winD4.exe:*:Enabled:UK Provider" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=D:\Documents and Settings\All Users APPDATA=D:\Documents and Settings\user\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=049657420245 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=D: HOMEPATH=\Documents and Settings\user LOGONSERVER=\49657420245 NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 44 Stepping 2, AuthenticAMD PROCESSOR_LEVEL=15 PROCESSOR_REVISION=2c02 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=D:\DOCUME~1\user\LOCALS~1\Temp TMP=D:\DOCUME~1\user\LOCALS~1\Temp USERDOMAIN=049657420245 USERNAME=user USERPROFILE=D:\Documents and Settings\user windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- user (admin) Microsoft (admin) -- Add/Remove Programs --------------------------------------------------------- --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> --> "C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe" -lang="en-uk" --> C:\PROGRA~1\COMMON~1\AOL\ACS\AcsUninstall.exe /c --> C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\UNWISE.EXE C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\INSTALL.LOG --> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> C:\Program Files\Learn2.com\StRunner\stuninst.exe --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19} --> MsiExec.exe /I{8B543A39-9401-44F4-B572-069E64C15189} --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A065EA0-0EEC-4E94-A2A0-40812576C122}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AFA4872-16B2-419E-ADCA-8E96E739115D}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf --> VTUninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Timer' ActionReplay Xbox --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Datel\ActionReplay Xbox\Uninst.isu" Ad-Aware SE Professional --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll" Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002} Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Ahead Nero Burning ROM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL AiO_Scan_CDA --> AiOSoftwareNPI --> AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217} Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} ArchiCAD 11 INT --> C:\Program Files\Graphisoft\ArchiCAD 11\Uninstall.AC\uninstaller.exe Ares 2.0.9 --> "C:\Program Files\Ares\uninstall.exe" Artlantis Studio 1.2 --> C:\Program Files\Artlantis Studio\uninst.exe Athens Toolbar --> MsiExec.exe /I{E79734B1-B505-42E6-B6AF-65D049C503B0} AutoCAD 2007 - English --> MsiExec.exe /I{5783F2D7-5001-0409-0002-0060B0CE6BBA} Autodesk DWF Viewer --> C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove /q0 Azureus --> C:\Program Files\Azureus\Uninstall.exe BitComet 0.96 --> C:\Program Files\BitComet\uninst.exe BitSpirit v3.3.1.232 Stable --> "C:\Program Files\BitSpirit\unins000.exe" BlueSoleil --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\Setup.exe" -l0x9 Browser Optimizer Dcads --> C:\WINDOWS\system32\dcads-remove.exe Browser Optimizer Superiorads --> C:\WINDOWS\system32\superiorads-uninst.exe BufferChm --> Call of Duty® 2 --> Call of Duty® 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l2057 Call of Duty® 2 Patch 1.3 --> Call of Duty® 4 - Modern Warfare Demo --> C:\Program Files\InstallShield Installation Information\{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}\setup.exe -runfromtemp -l0x0409 CC_ccProxyExt --> MsiExec.exe /I{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919} ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB} ccPxyCore --> MsiExec.exe /I{FC08587A-4F01-4188-819F-F55880022917} CDisplay 1.8 --> "C:\Program Files\CDisplay\unins000.exe" CloneCD --> "C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD" CP_Package_Variety1 --> CP_Package_Variety2 --> CP_Package_Variety3 --> CustomerResearchQFolder --> DawnOfWar --> DawnOfWar --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{362D5167-9716-44BE-89FD-BF9EB6EF814B} Dcads Games Collection --> C:\Program Files\Dcads Games Collection\uninstall.exe Destinations --> DeviceManagementQFolder --> DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN DocProc --> Donald Trump´s Real Estate Tycoon --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A8D8F09-75CB-4BB4-8384-9E94B5BAF542}\setup.exe" eSupportQFolder --> F300 --> F300_Help --> F300Trb --> Fax_CDA --> ffdshow --> "C:\Program Files\ffdshow\uninstall.exe" Fighting Fit --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Europress\Fighting Fit\Uninst.isu" FlashFXP v3 --> "C:\Program Files\FlashFXP\Uninstall.exe" "C:\Program Files\FlashFXP\install.log" -u GB-PVR --> MsiExec.exe /X{1E1C56B2-9172-4416-A429-30A793B213D9} [email protected] 1.9.5 --> MsiExec.exe /I{9F185C48-595B-401A-A1D6-AAB324890DC4} Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly Google SketchUp 6 Exporters --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EB459C2F-41CA-4222-B9CA-F8EBA40B8DAB}\setup.exe" -l0x9 -removeonly Google SketchUp LayOut 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C12D609B-EB71-411B-82C3-9BE6D40435D7}\setup.exe" -l0x9 -removeonly Google SketchUp Pro 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12E75B98-8463-4C1F-8DDA-F6CF31566A55}\setup.exe" -l0x9 -removeonly HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" HP Extended Capabilities 6.1 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat HP Imaging Device Functions 6.1 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat HP Photosmart Essential --> MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F} HP PSC & OfficeJet 6.1.A --> "C:\Program Files\HP\Digital Imaging\{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}\setup\hpzscr01.exe" -datfile hposcr08.dat HP Software Update --> MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93} HP Solution Center and Imaging Support Tools 6.1 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat HP USB Disk Storage Format Tool --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}\Setup.exe" -l0x9 HPProductAssistant --> Img2CAD 1.0 --> "C:\Program Files\Img2CAD\unins000.exe" ImTOO DVD to iPod Converter --> C:\Program Files\ImTOO\DVD to iPod Converter 4\Uninstall.exe iPod for Windows 2006-01-10 --> iPod for Windows 2006-01-10 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033 iPod movie Converter 3 --> C:\Program Files\ImTOO\iPod movie Converter 3\Uninstall.exe iTunes --> MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306} Java SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000} Lavasoft Reghance 2.1 --> C:\PROGRA~1\LAVASO~1\UNWISE.EXE C:\PROGRA~1\LAVASO~1\INSTALL.LOG LimeWire 4.14.10 --> "C:\Program Files\LimeWire\uninstall.exe" LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U Macromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5 Macromedia Shockwave Player --> MsiExec.exe /X{7D1D6A24-65D4-454C-8815-4F08A5FFF12C} MarketResearch --> MediaPortal --> MsiExec.exe /I{E95FD367-B0A7-420B-A95A-E8888D3C0C99} Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe" Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Halo --> "C:\Program Files\Microsoft Games\Halo\UNINSTAL.EXE" /runtemp /addremove Microsoft IntelliPoint 5.2 --> Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9} Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Mozilla Firefox (2.0.0.9) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69} MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} MSXML 6.0 SDK --> MsiExec.exe /I{DF67E8C2-1D4C-44E1-93DC-7E26E2D74D00} NewCopy_CDA --> Norton AntiSpam --> MsiExec.exe /I{3B29A786-5803-4e9e-9B58-3014A5B4E519} Norton AntiSpam --> MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F} Norton AntiVirus 2005 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B} Norton Internet Security --> MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125} Norton Internet Security --> MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935} Norton Internet Security --> MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B} Norton Internet Security --> MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F} Norton Internet Security --> MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20} Norton Internet Security --> MsiExec.exe /I{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF} Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555} Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43} Norton Internet Security --> MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22} Norton Internet Security 2005 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe /X Norton WMI Update --> MsiExec.exe /X{E85FA9A1-C241-4698-893B-DD99509B8DB0} Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4} OfficeForms Filler --> MsiExec.exe /I{BEC1E8D2-5A1D-49EA-B9BC-5AEC613BF07D} OpenOffice.org 2.0 --> MsiExec.exe /I{BF4C2438-CAFF-4DB0-BB77-48BB1781F313} Platform --> ProductContextNPI --> QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC} Readme --> Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE REALTEK GbE & FE Ethernet PCI NIC Driver --> C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe -runfromtemp -l0x0009 -removeonly S3 S3Display --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display' S3 S3Gamma2 --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2' S3 S3Info2 --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2' S3 S3Overlay --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay' S3 S3TrayPlus --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3TrayPlus' S3GSetup --> Scan --> ScannerCopy --> Scratch LIVE 1.5 (1517) --> MsiExec.exe /I{00185E7B-E2DE-48D6-A125-584B18F59E5D} Security Task Manager 1.7 --> C:\Program Files\Security Task Manager\Uninstal.exe "D:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager" Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe" Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Skype 2.0 --> "c:\apps\skype\phone\unins000.exe" SolutionCenter --> Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19} Sony Ericsson DRM Packager 1.35 --> C:\Program Files\Sony Ericsson\DRM Packager\Uninstall.exe SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56} Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe" Status --> SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} Symantec Network Drivers Update --> SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2} System Requirements Lab --> C:\Program Files\Common Files\SystemRequirementsLab\Uninstall.exe Toolbox --> TrayApp --> TrustyFiles 3.1.0.22 --> "C:\Program Files\TrustyFiles\unins000.exe" TVR --> C:\Program Files\TVR\Uninstal.EXE Tweak-SE plug-in for Ad-Aware SE --> C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\tweakse\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\tweakse\INSTALL.LOG UK Driving Secrets Guide --> "C:\Program Files\UK Driving Secrets Guide\unins000.exe" Uniblue Registry Booster --> "C:\Program Files\Uniblue\Registry Booster\unins000.exe" UniChrome Pro IGP Display Driver and Utilities --> C:\PROGRA~1\S3\S3\s3setvga.exe -s -fC:\PROGRA~1\S3\S3\S3.uns Unload --> VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169} VIA/S3G Display Driver --> C:\PROGRA~1\VIA\UChromeP\s3minset.exe /u C:\PROGRA~1\VIA\UChromeP\UChromeP.uns VIA/S3G Display Driver 6.14.10.0333 --> C:\PROGRA~1\S3\UChromeP\s3minset.exe /u UChromeP.uns VideoLAN VLC media player 0.8.4a --> C:\Program Files\VideoLAN\VLC\uninstall.exe Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u WebFldrs XP --> WebReg --> Wii Video 9 1.94 --> C:\Program Files\Red Kawa\Video Converter\uninst.exe Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe" WinAVI 3GP MP4 PSP iPod Video Converter v2.0 ÃcÅ餤¤å¤Æª© --> C:\Program Files\WinAVI MP4 Converter\Uninstall WinAVI MP4 Converter.exe Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333} Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52} Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F} Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7} Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe" Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe" Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows Vista Upgrade Advisor --> MsiExec.exe /I{B79FBFDD-8B0C-4B8E-B70E-499E39978281} Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD} WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe XAMPP 1.6.3a --> "c:\xampp\uninstall.exe" XBCD 1.07 --> C:\Program Files\XBCD\uninst.exe XML Paper Specification Shared Components Pack 1.0 --> Zone Media --> D:\DOCUME~1\user\APPLIC~1\OOZEON~1\Ace user.exe -uninstall -- Application Event Log ------------------------------------------------------- Event Record #/Type17113 / Error Event Submitted/Written: 11/27/2007 00:36:03 AM Event ID/Source: 8 / crypt32 Event Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Event Record #/Type17112 / Error Event Submitted/Written: 11/27/2007 00:35:50 AM Event ID/Source: 8 / crypt32 Event Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established Event Record #/Type17096 / Error Event Submitted/Written: 11/26/2007 11:55:05 AM Event ID/Source: 1004 / Application Error Event Description: Faulting application logonui.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x005f0406. Error in creating result PEAP-TLV in response to received PEAP-TLV (logonui.exe!ld!) Event Record #/Type17095 / Error Event Submitted/Written: 11/26/2007 11:55:03 AM Event ID/Source: 1004 / Application Error Event Description: Faulting application logonui.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x005f0406. Error in creating result PEAP-TLV in response to received PEAP-TLV (logonui.exe!ld!) Event Record #/Type17094 / Error Event Submitted/Written: 11/26/2007 11:54:59 AM Event ID/Source: 1004 / Application Error Event Description: Faulting application logonui.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x005f0406. Error in creating result PEAP-TLV in response to received PEAP-TLV (logonui.exe!ld!) -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type35109 / Error Event Submitted/Written: 11/27/2007 00:34:11 AM Event ID/Source: 10005 / DCOM Event Description: DCOM got error "%%1058" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064} Event Record #/Type35108 / Error Event Submitted/Written: 11/27/2007 00:34:06 AM Event ID/Source: 10005 / DCOM Event Description: DCOM got error "%%1058" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064} Event Record #/Type35103 / Error Event Submitted/Written: 11/27/2007 00:29:37 AM Event ID/Source: 7023 / Service Control Manager Event Description: The Application Management service terminated with the following error: %%126 Event Record #/Type35100 / Error Event Submitted/Written: 11/27/2007 00:29:35 AM Event ID/Source: 7023 / Service Control Manager Event Description: The Application Management service terminated with the following error: %%126 Event Record #/Type35097 / Error Event Submitted/Written: 11/27/2007 00:29:35 AM Event ID/Source: 7023 / Service Control Manager Event Description: The Application Management service terminated with the following error: %%126 -- End of Deckard's System Scanner: finished at 2007-11-27 00:37:08 ------------
  14. OK here we go... MAIN Deckard's System Scanner v20071014.68 Run by user on 2007-11-27 00:31:39 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- System Restore is disabled; attempting to re-enable...success. -- Last 1 Restore Point(s) -- 1: 2007-11-27 00:31:41 UTC - RP1 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as user.exe) ------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:35:35, on 27/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\regsvr32.exe C:\Program Files\SecCenter\scprot4.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\msiexec.exe D:\Documents and Settings\user\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hotmail.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Athens Toolbar - {2E560504-B9C8-48AA-982A-08B79C3FD40E} - C:\Program Files\Eduserv Technologies Limited\Athens Toolbar\AthensToolbar.dll O4 - HKLM\..\Run: [Remote] C:\Program Files\TVR\Remote.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [jibupqne] regsvr32 /u "D:\Documents and Settings\All Users\Application Data\jibupqne.dll" O4 - HKLM\..\Run: [sC2] C:\Program Files\SecCenter\scprot4.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKLM\..\Policies\Explorer\Run: [isamini.exe] C:\Program Files\Key Generator\isamonitor.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: iiffccd - iiffccd.dll (file missing) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MySql - Unknown owner - c:/xampp/mysql/bin/mysqld-nt.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- End of file - 9655 bytes -- File Associations ----------------------------------------------------------- .scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1" -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil©> R0 UNPR - c:\windows\system32\unpr.sys R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver> R3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil> R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil> R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil> S2 OMSCAN - \sys? (file missing) S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver> S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware> S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64> S3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys (file missing) S3 Via4in1 - c:\via4in1.sys (file missing) S3 XBCD (XBCD Kernel Module) - c:\windows\system32\drivers\xbcd.sys <Not Verified; Redcl0ud; XBCD> S3 xbreader (MaxDrive XBox Driver (xbreader.sys)) - c:\windows\system32\drivers\xbreader.sys <Not Verified; Thesycon GmbH, Germany; Universal USB Device Driver> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe S2 MySql - c:/xampp/mysql/bin/mysqld-nt.exe S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server> S4 GB-PVR Recording Service - "c:\program files\devnz\gbpvr\gbpvrrecordingservice.exe" S4 StarWindService (StarWind iSCSI Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindservice.exe (file missing) -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2007-11-21 23:38:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2005-12-27 10:59:40 258 --a------ C:\WINDOWS\Tasks\Registration reminder 1.job -- Files created between 2007-10-27 and 2007-11-27 ----------------------------- 2007-11-27 00:31:26 0 d-------- D:\Deckard 2007-11-26 16:52:48 0 d-------- C:\WINDOWS\LastGood 2007-11-25 21:22:46 0 d-------- D:\Documents and Settings\user\Application Data\Adobe 2007-11-25 12:28:50 0 d-------- D:\Documents and Settings\user\Application Data\Apple Computer 2007-11-25 01:31:40 317 --ahs---- C:\WINDOWS\system32\tstwa.ini2 2007-11-25 00:44:57 0 d-------- D:\Documents and Settings\user\Application Data\Sun 2007-11-25 00:26:18 0 d-------- C:\Program Files\Trend Micro 2007-11-24 23:04:29 0 d-------- D:\Documents and Settings\user\Application Data\Lavasoft 2007-11-24 22:51:03 14654 --ahs---- C:\WINDOWS\system32\rtstv.ini2 2007-11-24 22:46:35 0 d-------- D:\Documents and Settings\user\Application Data\AdobeUM 2007-11-24 22:33:19 0 d--hs---- D:\Documents and Settings\LocalService.NT AUTHORITY.000\Cookies 2007-11-24 22:33:19 0 d-------- D:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data 2007-11-24 22:33:19 0 d---s---- D:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\Microsoft 2007-11-24 22:33:18 0 d--h----- D:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings 2007-11-24 22:33:17 786432 --ah----- D:\Documents and Settings\LocalService.NT AUTHORITY.000\NTUSER.DAT 2007-11-24 22:33:10 0 d--hs---- D:\Documents and Settings\NetworkService.NT AUTHORITY.000\Cookies 2007-11-24 22:33:10 0 d-------- D:\Documents and Settings\NetworkService.NT AUTHORITY.000\Application Data 2007-11-24 22:33:10 0 d---s---- D:\Documents and Settings\NetworkService.NT AUTHORITY.000\Application Data\Microsoft 2007-11-24 22:33:09 0 d--h----- D:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings 2007-11-24 22:33:08 786432 --ah----- D:\Documents and Settings\NetworkService.NT AUTHORITY.000\NTUSER.DAT 2007-11-24 22:31:03 0 d-------- D:\Documents and Settings\user\Desktop 2007-11-24 22:31:03 0 d-------- D:\Documents and Settings\user\Application Data\vlc 2007-11-24 22:31:01 0 d-------- D:\Documents and Settings\user\Recent 2007-11-24 22:30:58 0 d-------- D:\Documents and Settings\user\Start Menu 2007-11-24 22:30:57 0 d-------- D:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com 2007-11-24 22:28:24 0 d-------- C:\Program Files\Dcads Games Collection 2007-11-24 22:28:17 0 d-------- C:\Program Files\Img2CAD 2007-11-24 22:28:14 0 d-------- C:\Program Files\Security Task Manager 2007-11-24 22:14:38 0 d-------- C:\Program Files\Security Task Manager(2) 2007-11-24 22:02:37 0 d-------- D:\Documents and Settings\user\Application Data\Mozilla 2007-11-24 21:53:18 0 dr------- D:\Documents and Settings\user\Favorites 2007-11-24 21:53:18 0 d--hs---- D:\Documents and Settings\user\Cookies 2007-11-24 21:53:18 0 d-------- D:\Documents and Settings\user\Application Data 2007-11-24 21:53:18 0 d-------- D:\Documents and Settings\user\Application Data\Real 2007-11-24 21:53:18 0 d-------- D:\Documents and Settings\user\Application Data\Macromedia 2007-11-24 21:53:17 0 d-------- D:\Documents and Settings\user\Templates 2007-11-24 21:53:17 0 d-------- D:\Documents and Settings\user\SendTo 2007-11-24 21:53:17 0 d--h----- D:\Documents and Settings\user\NetHood 2007-11-24 21:53:17 0 dr------- D:\Documents and Settings\user\My Documents 2007-11-24 21:53:17 0 d--h----- D:\Documents and Settings\user\Local Settings 2007-11-24 10:38:12 41591 --ahs---- C:\WINDOWS\system32\llkkj.ini2 2007-11-24 00:02:27 9863168 --a------ D:\Documents and Settings\user\ntuser.dat 2007-11-24 00:02:14 6490 --ahs---- C:\WINDOWS\system32\pstwa.ini2 2007-11-24 00:01:48 102912 --a------ C:\WINDOWS\system32\drvtug.dll 2007-11-24 00:01:37 0 --a------ C:\WINDOWS\system32\ddcawts.dll 2007-11-24 00:01:20 0 d-------- C:\WINDOWS\system32\vgfddwtv 2007-11-24 00:01:20 0 d-------- C:\Program Files\SecCenter 2007-11-24 00:01:06 131072 --a------ D:\Documents and Settings\All Users\Application Data\jibupqne.dll 2007-11-24 00:01:05 0 d-------- C:\Program Files\Gfkgzmsb 2007-11-23 23:59:36 0 d-------- C:\Program Files\ngbmpgnc 2007-11-23 23:58:49 2432 --a------ C:\WINDOWS\system32\unpr.sys 2007-11-23 23:52:30 45056 --a------ C:\WINDOWS\system32\WNASPI32.DLL <Not Verified; Adaptec; Adaptec's ASPI Layer> 2007-11-23 23:52:30 16512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS <Not Verified; Adaptec; Adaptec's ASPI Layer> 2007-11-20 14:02:06 0 d-------- C:\Program Files\MSBuild 2007-11-20 13:57:46 0 d-------- C:\WINDOWS\system32\XPSViewer 2007-11-20 13:56:36 0 d-------- C:\Program Files\Reference Assemblies 2007-11-19 15:18:36 208896 --a------ C:\WINDOWS\system32\nsx237.dll 2007-11-14 17:47:18 0 d-------- D:\Documents and Settings\Account.3311 (Retrieved after unexpected restart.)\Application Data\MSNInstaller 2007-11-10 23:39:51 40731 --a------ C:\WINDOWS\system32\superiorads-uninst.exe 2007-11-10 23:39:10 80105 --a------ C:\WINDOWS\system32\dcads-remove.exe 2007-11-08 23:18:43 0 d-------- C:\Program Files\TrustyFiles 2007-11-08 20:25:33 0 d-------- D:\Documents and Settings\Account.3311 (Retrieved after unexpected restart.)\Application Data\BitSpirit 2007-11-08 20:11:44 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper> 2007-11-08 20:10:38 0 d-------- C:\Program Files\BitSpirit 2007-11-08 20:08:41 0 d-------- C:\Program Files\BitComet 2007-11-08 19:25:16 0 d-------- C:\Program Files\PCPitstop 2007-11-07 16:59:13 0 d-a------ C:\Program Files\WinZix 2007-11-05 12:35:36 65024 --a------ C:\WINDOWS\system32\spads.dll 2007-11-03 00:14:30 0 d-------- C:\Program Files\HTTP-Tunnel -- Find3M Report --------------------------------------------------------------- 2007-11-27 00:30:51 0 d-------- C:\Program Files\Java 2007-11-26 11:54:35 0 d-------- C:\Program Files\Common Files 2007-11-25 12:10:03 28672 -----n--- C:\WINDOWS\system32\verclsid.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-11-25 02:25:17 0 d-------- C:\Program Files\SUPERAntiSpyware 2007-11-24 01:37:20 0 d-------- C:\Program Files\Common Files\Symantec Shared 2007-11-23 23:52:07 0 d-------- C:\Program Files\ImTOO 2007-11-18 23:20:30 0 d-------- C:\Program Files\Winamp 2007-11-11 12:28:21 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-11-11 12:06:44 0 d-------- C:\Program Files\Activision 2007-11-03 00:11:12 2548 --a------ C:\WINDOWS\mozver.dat 2007-10-24 18:27:29 0 d-------- C:\Program Files\SSH Tunnel 2007-10-24 13:51:48 0 d-------- C:\Program Files\Microsoft ActiveSync 2007-10-24 13:40:19 0 d-------- C:\Program Files\LimeWire 2007-10-24 07:33:20 0 d-------- C:\Program Files\Artlantis Studio 2007-10-24 07:11:10 0 d-------- C:\Program Files\Graphisoft 2007-10-17 17:23:24 10752 --a------ C:\WINDOWS\system32\WhoisCL.exe <Not Verified; NirSoft; WhoisCL> 2007-10-06 18:15:08 0 d-------- C:\Program Files\IVT Corporation 2007-10-06 17:35:03 724992 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module> 2007-10-06 17:29:25 0 d-------- C:\Program Files\TVersity 2007-10-06 16:21:14 0 d-------- C:\Program Files\Windows Media Connect 2 2007-10-06 10:41:37 0 d-------- C:\Program Files\iTunes 2007-10-06 10:41:21 0 d-------- C:\Program Files\iPod 2007-10-06 09:54:09 0 d-------- C:\Program Files\FlashFXP 2007-10-06 01:48:48 0 d-------- C:\Program Files\SatelliteTVforPC 2007-10-06 00:29:03 0 d-------- C:\Program Files\Datel 2007-10-06 00:27:44 0 d-------- C:\Program Files\XBCD 2007-10-03 20:12:09 0 d-------- C:\Program Files\Fire International 2007-09-30 19:22:06 0 d-------- C:\Program Files\Symantec 2007-09-18 23:19:24 4 --a------ C:\WINDOWS\IEdate.dll -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Remote"="C:\Program Files\TVR\Remote.exe" [25/11/2007 12:07] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [09/01/2007 17:32] "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [25/11/2007 12:07] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [25/11/2007 12:07] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/12/2005 04:37] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [25/11/2007 12:07] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [30/09/2007 19:21] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [26/09/2007 13:42] "jibupqne"="regsvr32 /u D:\Documents and Settings\All Users\Application Data\jibupqne.dll" [] "SC2"="C:\Program Files\SecCenter\scprot4.exe" [25/11/2007 12:07] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [24/10/2007 07:09] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 16:24] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30/03/2006 16:45] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"=0 (0x0) "NoDispAppearancePage"=0 (0x0) "NoColorChoice"=0 (0x0) "NoSizeChoice"=0 (0x0) "NoDispBackgroundPage"=0 (0x0) "NoDispScrSavPage"=0 (0x0) "NoDispCPL"=0 (0x0) "NoVisualStyleChoice"=0 (0x0) "NoDispSettingsPage"=0 (0x0) "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoActiveDesktopChanges"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "isamini.exe"=C:\Program Files\Key Generator\isamonitor.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoActiveDesktop"=0 (0x0) "NoSaveSettings"=0 (0x0) "NoThemesTab"=0 (0x0) "ForceActiveDesktopOn"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [19/01/2007 21:51 77824] "{ED203331-9C33-49D8-8714-D24A366A04EC}"= C:\WINDOWS\system32\iiffccd.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/10/2006 09:12 258048 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iiffccd] iiffccd.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\awtst [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk] path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\VIA RAID TOOL.lnk backup=C:\WINDOWS\pss\VIA RAID TOOL.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EACHITCHBATLOCKS] D:\Documents and Settings\All Users\Application Data\TWOHOLDEACHITCH\Web Noun.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\flag love] D:\DOCUME~1\user\APPLIC~1\OOZEON~1\Ace user.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecSche] "C:\Program Files\TVR\RecSche.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanRegistry] C:\W [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] VTTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp] VTtrayp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDVRCtrl] C:\WINDOWS\WDVRCtrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "StarWindService"=2 (0x2) "SAVScan"=3 (0x3) "Pml Driver HPZ12"=2 (0x2) "ose"=3 (0x3) "MDM"=2 (0x2) "ISSVC"=2 (0x2) "IDriverT"=3 (0x3) "GB-PVR Recording Service"=2 (0x2) "C-DillaCdaC11BA"=2 (0x2) "AOL ACS"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25ef4922-f755-11db-81f8-00038a000015}] AutoRun\command- F:\LaunchU3.exe -a -- Hosts ----------------------------------------------------------------------- 127.0.0.1 NtKrnlpa.info -- End of Deckard's System Scanner: finished at 2007-11-27 00:37:08 ------------
  15. I cannot run Add/Remove programs, from Control Panel! Error "Windows cannot find 'C:\WINDOWS\system32\rundll32.exe'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search."