Sign in to follow this  
mmaatttt

PC is FUBAR!

Recommended Posts

I don't know what sparked it off, but I almost had to format my HDD and re-install Windows!

 

I must of downloaded a dodgy file and it has seriously corrupted my system...

 

 

LOGONUI.EXE - Application Error on startup ("The instruction 0x005f0406? Referenced memory at 0x005f0406 memory could not be written" pop's up about 20 times before windows starts fully).

 

No XP Login user interface because of this, and just a blank screen (eventually the "classic" windows login pops up and I login)

 

Login to my account but only wallpaper displayed and no "explorer" interface (also all my original personalised settings have disappeared)

 

ctrl-alt-del to bring up task manager and managed to run (very slowly!!!) explorer.exe

 

Only default desktop icons and quick launch icons showing, also start menu items are all empty! (Can someone explain this??)

 

 

All programs now have to be searched/run... from windows explorer or task manager etc

 

A quick browse of the system reveals "Dcads Games" installed, "Personal Security Centre" running and some other malware security programs.

 

Firefox (my main browser) has a "error 777", pop-up every 4-5 pages visited, I switched to IE7 as my second browser to see if it worked, but that would not even connect.

Also just for my benefit, I can't seem to connect to hotmail.com in Firefox.!

 

 

Please help me fix this mess!!!!!

 

 

LOGS to follow!

 

NOTE: I've managed to find my documents, settings, bookmarks, data etc in a folder called:

 

"Account.3311 (Retrieved after unexpected restart.)".

Share this post


Link to post
Share on other sites

HJTHIS

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:45:52, on 25/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Outlook Express\msimn.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hotmail.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Athens Toolbar - {2E560504-B9C8-48AA-982A-08B79C3FD40E} - C:\Program Files\Eduserv Technologies Limited\Athens Toolbar\AthensToolbar.dll

O4 - HKLM\..\Run: [Remote] C:\Program Files\TVR\Remote.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"

O4 - HKLM\..\Run: [jibupqne] regsvr32 /u "D:\Documents and Settings\All Users\Application Data\jibupqne.dll"

O4 - HKLM\..\Run: [sC2] C:\Program Files\SecCenter\scprot4.exe

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\RunOnce: [spybotDeletingA805] command /c del "C:\Program Files\WinZix\WinZixManager.dll_tobedeleted"

O4 - HKLM\..\RunOnce: [spybotDeletingC449] cmd /c del "C:\Program Files\WinZix\WinZixManager.dll_tobedeleted"

O4 - HKLM\..\RunOnce: [spybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKCU\..\Run: [WinZix Service] C:\Program Files\WinZix\wakeservice.exe

O4 - HKLM\..\Policies\Explorer\Run: [isamini.exe] C:\Program Files\Key Generator\isamonitor.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: MySql - Unknown owner - c:/xampp/mysql/bin/mysqld-nt.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

 

--

End of file - 9373 bytes

Share this post


Link to post
Share on other sites

ADWARE

 

 

Ad-Aware SE Build 1.06r1

Logfile Created on:24 November 2007 23:10:34

Using definitions file:SE1R136 04.12.2006

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

MRU List(TAC index:0):37 total references

Tracking Cookie(TAC index:3):103 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Ad-Aware SE Settings

===========================

Set : Search for negligible risk entries

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan my Hosts file

 

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Ignore spanned files when scanning cab archives

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Block pop-ups aggressively

Set : Automatically select problematic objects in results lists

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Show splash screen

Set : Backup current definitions file before updating

Set : Play sound at scan completion if scan locates critical objects

 

 

24-11-2007 23:10:34 - Scan started. (Full System Scan)

 

MRU List Object Recognized!

Location: : D:\Documents and Settings\user\recent

Description : list of recently opened documents

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\adobe\photoshop\7.0\visiteddirs

Description : adobe photoshop 7 recent work folders

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct3d

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct3d

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct X

 

 

MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct X

 

 

MRU List Object Recognized!

Location: : software\microsoft\directdraw\mostrecentapplication

Description : most recent application to use microsoft directdraw

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\directinput\mostrecentapplication

Description : most recent application to use microsoft directinput

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\directinput\mostrecentapplication

Description : most recent application to use microsoft directinput

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\frontpage\explorer\frontpage explorer\recent file list

Description : list of recently used files in microsoft frontpage

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\frontpage\explorer\frontpage explorer\recent page list

Description : list of recently used pages in microsoft frontpage

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\frontpage\explorer\frontpage explorer\recent web list

Description : list of recently used webs in microsoft frontpage

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\internet explorer

Description : last download directory used in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\internet explorer\main

Description : last save directory used in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\internet explorer\typedurls

Description : list of recently entered addresses in microsoft internet explorer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\mediaplayer\player\recentfilelist

Description : list of recently used files in microsoft windows media player

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\mediaplayer\player\settings

Description : last save as directory used in jasc paint shop pro

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\mediaplayer\player\settings

Description : last open directory used in jasc paint shop pro

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\mediaplayer\preferences

Description : last cd record path used in microsoft windows media player

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\mediaplayer\preferences

Description : last playlist index loaded in microsoft windows media player

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\mediaplayer\preferences

Description : last playlist loaded in microsoft windows media player

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\microsoft management console\recent file list

Description : list of recent snap-ins used in the microsoft management console

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\search assistant\acmru

Description : list of recent search terms used with the search assistant

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\windows\currentversion\applets\paint\recent file list

Description : list of files recently opened using microsoft paint

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\windows\currentversion\applets\regedit

Description : last key accessed using the microsoft registry editor

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\windows\currentversion\applets\wordpad\recent file list

Description : list of recent files opened using wordpad

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru

Description : list of recent programs opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru

Description : list of recently saved files, stored according to file extension

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\windows\currentversion\explorer\recentdocs

Description : list of recent documents opened

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\windows\currentversion\explorer\runmru

Description : mru list for items opened in start | run

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\realnetworks\realplayer\6.0\preferences

Description : list of recent skins in realplayer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\realnetworks\realplayer\6.0\preferences

Description : list of recent clips in realplayer

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\realnetworks\realplayer\6.0\preferences

Description : last login time in realplayer

 

 

MRU List Object Recognized!

Location: : S-1-5-19\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

 

 

MRU List Object Recognized!

Location: : S-1-5-20\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\microsoft\windows media\wmsdk\general

Description : windows media sdk

 

 

MRU List Object Recognized!

Location: : S-1-5-21-2316613608-2795444925-1306727118-1006\software\winrar\dialogedithistory\extrpath

Description : winrar "extract-to" history

 

 

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ProcessID : 792

ThreadCreationTime : 24-11-2007 22:32:42

BasePriority : Normal

 

 

#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 856

ThreadCreationTime : 24-11-2007 22:32:53

BasePriority : Normal

 

 

#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 884

ThreadCreationTime : 24-11-2007 22:32:56

BasePriority : High

 

 

#:4 [services.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 928

ThreadCreationTime : 24-11-2007 22:33:00

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : services.exe

 

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 940

ThreadCreationTime : 24-11-2007 22:33:00

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

 

#:6 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1084

ThreadCreationTime : 24-11-2007 22:33:04

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:7 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1232

ThreadCreationTime : 24-11-2007 22:33:16

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:8 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1376

ThreadCreationTime : 24-11-2007 22:33:17

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:9 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1440

ThreadCreationTime : 24-11-2007 22:33:17

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:10 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 228

ThreadCreationTime : 24-11-2007 22:33:23

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:11 [ccproxy.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 356

ThreadCreationTime : 24-11-2007 22:33:26

BasePriority : Normal

FileVersion : 103.0.8.2

ProductVersion : 103.0.8.2

ProductName : Client and Host Security Platform

CompanyName : Symantec Corporation

FileDescription : Symantec Network Proxy Service

InternalName : ccProxy

LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.

OriginalFilename : ccProxy.exe

 

#:12 [ccsetmgr.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 300

ThreadCreationTime : 24-11-2007 22:33:30

BasePriority : Normal

FileVersion : 103.0.9.2

ProductVersion : 103.0.9.2

ProductName : Client and Host Security Platform

CompanyName : Symantec Corporation

FileDescription : Symantec Settings Manager Service

InternalName : ccSetMgr

LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.

OriginalFilename : ccSetMgr.exe

 

#:13 [sndsrvc.exe]

FilePath : C:\Program Files\Common Files\Symantec Shared\

ProcessID : 312

ThreadCreationTime : 24-11-2007 22:33:30

BasePriority : Normal

FileVersion : 5.5.6.604

ProductVersion : 5.5

ProductName : Symantec Security Drivers

CompanyName : Symantec Corporation

FileDescription : Network Driver Service

InternalName : SndSrvc

LegalCopyright : Copyright 2002 - 2007 Symantec Corporation

OriginalFilename : SndSrvc.exe

 

#:14 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1108

ThreadCreationTime : 24-11-2007 22:35:07

BasePriority : Normal

FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)

ProductVersion : 5.1.2600.2696

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe

 

#:15 [applemobiledeviceservice.exe]

FilePath : C:\Program Files\Common Files\Apple\Mobile Device Support\bin\

ProcessID : 1456

ThreadCreationTime : 24-11-2007 22:35:13

BasePriority : Normal

FileVersion : 1, 14, 0, 0

ProductVersion : 1, 14, 0, 0

ProductName : Apple Mobile Device Service

CompanyName : Apple, Inc.

FileDescription : Apple Mobile Device Service

InternalName : usbaapld

LegalCopyright : Copyright 2007 Apple, Inc. All Rights Reserved.

OriginalFilename : usbmuxd.exe

 

#:16 [aluschedulersvc.exe]

FilePath : C:\Program Files\Symantec\LiveUpdate\

ProcessID : 1480

ThreadCreationTime : 24-11-2007 22:35:14

BasePriority : Normal

FileVersion : 3.0.0.171

ProductVersion : 3.0.0.171

ProductName : LiveUpdate

CompanyName : Symantec Corporation

FileDescription : Automatic LiveUpdate Scheduler Service

InternalName : Automatic LiveUpdate Scheduler Service

LegalCopyright : Copyright © 1996-2005 Symantec Corporation

OriginalFilename : ALUSchedulerSvc.exe

 

#:17 [btntservice.exe]

FilePath : C:\Program Files\IVT Corporation\BlueSoleil\

ProcessID : 1504

ThreadCreationTime : 24-11-2007 22:35:14

BasePriority : High

 

 

#:18 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1580

ThreadCreationTime : 24-11-2007 22:35:14

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:19 [navapsvc.exe]

FilePath : C:\Program Files\Norton Internet Security\Norton AntiVirus\

ProcessID : 1560

ThreadCreationTime : 24-11-2007 22:35:16

BasePriority : Normal

FileVersion : 11.0.16.2

ProductVersion : 11.0.16

ProductName : Norton AntiVirus

CompanyName : Symantec Corporation

FileDescription : Norton AntiVirus Auto-Protect Service

InternalName : NAVAPSVC

LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.

OriginalFilename : NAVAPSVC.EXE

 

#:20 [hpzipm12.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1784

ThreadCreationTime : 24-11-2007 22:35:17

BasePriority : Normal

FileVersion : 10, 1, 1, 5

ProductVersion : 10, 1, 1, 5

ProductName : HP PML

CompanyName : HP

FileDescription : PML Driver

InternalName : PmlDrv

LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company

OriginalFilename : PmlDrv.exe

 

#:21 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1820

ThreadCreationTime : 24-11-2007 22:35:18

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

 

#:22 [wmpnetwk.exe]

FilePath : C:\Program Files\Windows Media Player\

ProcessID : 212

ThreadCreationTime : 24-11-2007 22:35:23

BasePriority : Normal

FileVersion : 11.0.5721.5145 (WMP_11.061018-2006)

ProductVersion : 11.0.5721.5145

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Media Player Network Sharing Service

InternalName : Windows Media Player Network Sharing Service

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : WMPNetwk.exe

 

#:23 [alg.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1896

ThreadCreationTime : 24-11-2007 22:35:36

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Application Layer Gateway Service

InternalName : ALG.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : ALG.exe

 

#:24 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 3212

ThreadCreationTime : 24-11-2007 22:45:55

BasePriority : Normal

FileVersion : 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)

ProductVersion : 6.00.2900.3156

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : EXPLORER.EXE

 

#:25 [realsched.exe]

FilePath : C:\Program Files\Common Files\Real\Update_OB\

ProcessID : 3780

ThreadCreationTime : 24-11-2007 22:46:24

BasePriority : Normal

FileVersion : 0.1.0.3275

ProductVersion : 0.1.0.3275

ProductName : RealPlayer (32-bit)

CompanyName : RealNetworks, Inc.

FileDescription : RealNetworks Scheduler

InternalName : schedapp

LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004

LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc.

OriginalFilename : realsched.exe

 

#:26 [qttask.exe]

FilePath : C:\Program Files\QuickTime\

ProcessID : 3784

ThreadCreationTime : 24-11-2007 22:46:24

BasePriority : Normal

FileVersion : 7.2

ProductVersion : QuickTime 7.2

ProductName : QuickTime

CompanyName : Apple Inc.

FileDescription : QuickTime Task

InternalName : QuickTime Task

LegalCopyright : Copyright Apple Inc. 1989-2007

OriginalFilename : QTTask.exe

 

#:27 [ituneshelper.exe]

FilePath : C:\Program Files\iTunes\

ProcessID : 3904

ThreadCreationTime : 24-11-2007 22:46:25

BasePriority : Normal

FileVersion : 7.4.3.1

ProductVersion : 7.4.3.1

ProductName : iTunes

CompanyName : Apple Inc.

FileDescription : iTunesHelper Module

InternalName : iTunesHelper

LegalCopyright : © 2003-2007 Apple Inc. All Rights Reserved.

OriginalFilename : iTunesHelper.exe

 

#:28 [jusched.exe]

FilePath : C:\Program Files\Java\jre1.6.0\bin\

ProcessID : 3972

ThreadCreationTime : 24-11-2007 22:46:26

BasePriority : Normal

 

 

#:29 [regsvr32.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 3460

ThreadCreationTime : 24-11-2007 22:46:30

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Microsoft© Register Server

InternalName : REGSVR32

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : REGSVR32.EXE

 

#:30 [scprot4.exe]

FilePath : C:\Program Files\SecCenter\

ProcessID : 3504

ThreadCreationTime : 24-11-2007 22:46:30

BasePriority : Normal

 

 

#:31 [msmsgs.exe]

FilePath : C:\Program Files\Messenger\

ProcessID : 3768

ThreadCreationTime : 24-11-2007 22:46:31

BasePriority : Normal

FileVersion : 4.7.3001

ProductVersion : Version 4.7.3001

ProductName : Messenger

CompanyName : Microsoft Corporation

FileDescription : Windows Messenger

InternalName : msmsgs

LegalCopyright : Copyright © Microsoft Corporation 2004

LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.

OriginalFilename : msmsgs.exe

 

#:32 [dumprep.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 3864

ThreadCreationTime : 24-11-2007 22:46:32

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Error Reporting Dump Reporting Tool

InternalName : DUMPREP.EXE

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : DUMPREP.EXE

 

#:33 [wakeservice.exe]

FilePath : C:\Program Files\WinZix\

ProcessID : 1688

ThreadCreationTime : 24-11-2007 22:46:32

BasePriority : Normal

FileVersion : 1, 0, 0, 1

ProductVersion : 1, 0, 0, 1

ProductName : WakeService

CompanyName : WakeNet

FileDescription : Service utility

InternalName : WakeService.exe

LegalCopyright : © WakeNet. All rights reserved.

OriginalFilename : WakeService.exe

 

#:34 [ipodservice.exe]

FilePath : C:\Program Files\iPod\bin\

ProcessID : 2272

ThreadCreationTime : 24-11-2007 22:46:55

BasePriority : Normal

FileVersion : 7.4.3.1

ProductVersion : 7.4.3.1

ProductName : iTunes

CompanyName : Apple Inc.

FileDescription : iPodService Module

InternalName : iPodService

LegalCopyright : © 2003-2007 Apple Inc. All Rights Reserved.

OriginalFilename : iPodService.exe

 

#:35 [rundll32.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1100

ThreadCreationTime : 24-11-2007 22:47:51

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Run a DLL as an App

InternalName : rundll

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : RUNDLL.EXE

 

#:36 [firefox.exe]

FilePath : C:\Program Files\Mozilla Firefox\

ProcessID : 2444

ThreadCreationTime : 24-11-2007 22:48:36

BasePriority : Normal

 

 

#:37 [rundll32.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 3736

ThreadCreationTime : 24-11-2007 22:51:03

BasePriority : Normal

FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

ProductVersion : 5.1.2600.2180

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Run a DLL as an App

InternalName : rundll

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : RUNDLL.EXE

 

#:38 [remote.exe]

FilePath : C:\Program Files\TVR\

ProcessID : 3552

ThreadCreationTime : 24-11-2007 22:56:15

BasePriority : Normal

FileVersion : 3.35

ProductVersion : 3.35

ProductName : RemoteControl

FileDescription : RemoteControl

InternalName : RemoteControl

LegalCopyright : Copyright © 2005

OriginalFilename : RemoteControl.EXE

 

#:39 [ad-aware.exe]

FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Professional\

ProcessID : 3608

ThreadCreationTime : 24-11-2007 23:10:13

BasePriority : Normal

FileVersion : 6.2.0.238

ProductVersion : SE 106

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft AB Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

 

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 37

 

 

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 37

 

 

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 37

 

 

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

 

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 37

 

 

 

Deep scanning and examining files (C:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Disk Scan Result for C:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 37

 

 

Deep scanning and examining files (D:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : D:\Documents and Settings\Account.3311 (Retrieved after unexpected restart.)\Cookies\[email protected][1].txt

 

Disk Scan Result for D:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 38

 

 

Deep scanning and examining files (K:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Matthew\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Matthew\Cookies\[email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][4].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Matthew\Cookies\[email protected][4].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Matthew\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Matthew\Cookies\[email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Matthew\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Matthew\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Matthew\Cookies\[email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][3].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Matthew\Cookies\[email protected][3].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Matthew\Cookies\[email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Matthew\Cookies\[email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Matthew\Cookies\[email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Matthew\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Matthew\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Matthew\Cookies\[email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Matthew\Cookies\[email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Matthew\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Matthew\Cookies\[email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][3].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Matthew\Cookies\[email protected][3].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Matthew\Cookies\[email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Matthew\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Matthew\Cookies\[email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Matthew\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Matthew\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Matthew\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Matthew\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Matthew\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Matthew\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Matthew\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Matthew\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Matthew\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Matthew\Cookies\[email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][3].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Matthew\Cookies\[email protected][3].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Matthew\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Matthew\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Matthew\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Matthew\Cookies\[email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Matthew\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Matthew\Cookies\[email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Matthew\Cookies\[email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Matthew\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Matthew\Cookies\[email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Matthew\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Matthew\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Matthew\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][3].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][3].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][4].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][4].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][3].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][3].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][3].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][3].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][3].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][3].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][3].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][3].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][3].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][3].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][3].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][3].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][1].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][2].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Cookies\[email protected][2].txt

 

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : [email protected][1].txt

TAC Rating : 3

Category : Data Miner

Comment :

Value : K:\F. Documents and Settings\Sandra\Local Settings\Temp\Cookies\[email protected][1].txt

 

Disk Scan Result for K:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 140

 

 

Scanning Hosts file......

Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Hosts file scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

1 entries scanned.

New critical objects:0

Objects found so far: 140

 

 

 

 

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

 

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 140

 

23:56:33 Scan Complete

 

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:45:58.594

Objects scanned:237045

Objects identified:103

Objects ignored:0

New critical objects:103

Share this post


Link to post
Share on other sites

Hello.mmaatttt & Welcome

 

Sorry for the hold-up in getting help. Run this tool for me.

 

 

Please download

VundoFix.exe

to your desktop.

Double-click VundoFix.exe to run it.

Click the Scan for Vundo button.

Once it's done scanning, click the Remove Vundo button.

You will receive a prompt asking if you want to remove the files,

click YES

Once you click yes, your desktop will go blank as it starts removing

Vundo.

When completed, it will prompt that it will reboot your computer,

click OK.

Please post the contents of C:\vundofix.txt

 

Gogo ;)

Share this post


Link to post
Share on other sites

Hi HJThis,

 

The XP logon screen is back and no more error pop-ups. Windows still takes a while to "load personal settings" after entering password from that screen though.

 

Once i've logged in a error pops-up "Windows Logon UI encountered a problem and needed to close..."

Technical information about this error report include the following files...

 

D:\DOCUME~1\user\LOCALS~1\Temp\WER6cf2.dir00\logonui.exe.mdmp

D:\DOCUME~1\user\LOCALS~1\Temp\WER6cf2.dir00\appcompat.txt

 

 

Also when I try to run certain "Right-Click" functions an error pops-up:

 

"Windows cannot find 'C:\windows\system32\rundll32.exe\'. Make sure you typed the name correctly and then try again. To search for a file, click the start button, and then click search.

 

 

Here is the information you asked for...

 

VUNDUFIX.TXT

 

 

VundoFix V6.6.2

 

Checking Java version...

 

Java version is 1.5.0.2

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.9

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.10

 

Scan started at 11:59:18 25/11/2007

 

Listing files found while scanning....

 

C:\windows\system32\drvtugr.dll

 

Beginning removal...

 

Attempting to delete C:\windows\system32\drvtugr.dll

C:\windows\system32\drvtugr.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

 

 

mmaatttt

Share this post


Link to post
Share on other sites

Hi.mmaatttt

 

Sorry some how I lost you in here. Do this for me next please.

 

Please download Deckard's System Scanner (DSS) to your Desktop.

 

[*]Close all applications and windows.

[*]Double-click on DSS.exe to run it, and follow the prompts.

[*]The scan may take a minute. When the scan is complete, two text files will open - Main.txt and Extra.txt

 

Extra Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags DSS as suspicious. Please allow the Deckard's System Scanner to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)

 

Post the main.txt and extra.txt from the C:\Deckard\System Scanner folder into your next reply.

 

 

=====================

 

NOTE: Before you do the above fix. Go to Start >> Control Panel and uninstall all of these here.

 

Java version is 1.5.0.2

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.9

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.10

 

Then run the DSS tool.

 

Gogo :(

Share this post


Link to post
Share on other sites

I cannot run Add/Remove programs, from Control Panel!

 

Error

 

"Windows cannot find 'C:\WINDOWS\system32\rundll32.exe'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search."

 

:(

Share this post


Link to post
Share on other sites

Hi.mmaatttt

 

Try this donwload it from here and place it into the C:\Windows\System32 folder. Then uninstall the Java old Vers that is. And run DSS show me log.

 

Gogo :(

Share this post


Link to post
Share on other sites

OK here we go...

 

MAIN

 

Deckard's System Scanner v20071014.68

Run by user on 2007-11-27 00:31:39

Computer is in Normal Mode.

--------------------------------------------------------------------------------

 

-- System Restore --------------------------------------------------------------

 

System Restore is disabled; attempting to re-enable...success.

 

 

-- Last 1 Restore Point(s) --

1: 2007-11-27 00:31:41 UTC - RP1 - System Checkpoint

 

 

Backed up registry hives.

Performed disk cleanup.

 

 

 

-- HijackThis (run as user.exe) ------------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:35:35, on 27/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\regsvr32.exe

C:\Program Files\SecCenter\scprot4.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\msiexec.exe

D:\Documents and Settings\user\Desktop\dss.exe

C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hotmail.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Athens Toolbar - {2E560504-B9C8-48AA-982A-08B79C3FD40E} - C:\Program Files\Eduserv Technologies Limited\Athens Toolbar\AthensToolbar.dll

O4 - HKLM\..\Run: [Remote] C:\Program Files\TVR\Remote.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [jibupqne] regsvr32 /u "D:\Documents and Settings\All Users\Application Data\jibupqne.dll"

O4 - HKLM\..\Run: [sC2] C:\Program Files\SecCenter\scprot4.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKLM\..\Policies\Explorer\Run: [isamini.exe] C:\Program Files\Key Generator\isamonitor.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: iiffccd - iiffccd.dll (file missing)

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: MySql - Unknown owner - c:/xampp/mysql/bin/mysqld-nt.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

 

--

End of file - 9655 bytes

 

-- File Associations -----------------------------------------------------------

 

.scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"

 

 

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

 

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil©>

R0 UNPR - c:\windows\system32\unpr.sys

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys

R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys

R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver>

R3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>

R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys

R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>

R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>

 

S2 OMSCAN - \sys? (file missing)

S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>

S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>

S3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys (file missing)

S3 Via4in1 - c:\via4in1.sys (file missing)

S3 XBCD (XBCD Kernel Module) - c:\windows\system32\drivers\xbcd.sys <Not Verified; Redcl0ud; XBCD>

S3 xbreader (MaxDrive XBox Driver (xbreader.sys)) - c:\windows\system32\drivers\xbreader.sys <Not Verified; Thesycon GmbH, Germany; Universal USB Device Driver>

 

 

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

 

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

R2 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe

 

S2 MySql - c:/xampp/mysql/bin/mysqld-nt.exe

S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>

S4 GB-PVR Recording Service - "c:\program files\devnz\gbpvr\gbpvrrecordingservice.exe"

S4 StarWindService (StarWind iSCSI Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindservice.exe (file missing)

 

 

-- Device Manager: Disabled ----------------------------------------------------

 

No disabled devices found.

 

 

-- Scheduled Tasks -------------------------------------------------------------

 

2007-11-21 23:38:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

2005-12-27 10:59:40 258 --a------ C:\WINDOWS\Tasks\Registration reminder 1.job

 

 

-- Files created between 2007-10-27 and 2007-11-27 -----------------------------

 

2007-11-27 00:31:26 0 d-------- D:\Deckard

2007-11-26 16:52:48 0 d-------- C:\WINDOWS\LastGood

2007-11-25 21:22:46 0 d-------- D:\Documents and Settings\user\Application Data\Adobe

2007-11-25 12:28:50 0 d-------- D:\Documents and Settings\user\Application Data\Apple Computer

2007-11-25 01:31:40 317 --ahs---- C:\WINDOWS\system32\tstwa.ini2

2007-11-25 00:44:57 0 d-------- D:\Documents and Settings\user\Application Data\Sun

2007-11-25 00:26:18 0 d-------- C:\Program Files\Trend Micro

2007-11-24 23:04:29 0 d-------- D:\Documents and Settings\user\Application Data\Lavasoft

2007-11-24 22:51:03 14654 --ahs---- C:\WINDOWS\system32\rtstv.ini2

2007-11-24 22:46:35 0 d-------- D:\Documents and Settings\user\Application Data\AdobeUM

2007-11-24 22:33:19 0 d--hs---- D:\Documents and Settings\LocalService.NT AUTHORITY.000\Cookies

2007-11-24 22:33:19 0 d-------- D:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data

2007-11-24 22:33:19 0 d---s---- D:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\Microsoft

2007-11-24 22:33:18 0 d--h----- D:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings

2007-11-24 22:33:17 786432 --ah----- D:\Documents and Settings\LocalService.NT AUTHORITY.000\NTUSER.DAT

2007-11-24 22:33:10 0 d--hs---- D:\Documents and Settings\NetworkService.NT AUTHORITY.000\Cookies

2007-11-24 22:33:10 0 d-------- D:\Documents and Settings\NetworkService.NT AUTHORITY.000\Application Data

2007-11-24 22:33:10 0 d---s---- D:\Documents and Settings\NetworkService.NT AUTHORITY.000\Application Data\Microsoft

2007-11-24 22:33:09 0 d--h----- D:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings

2007-11-24 22:33:08 786432 --ah----- D:\Documents and Settings\NetworkService.NT AUTHORITY.000\NTUSER.DAT

2007-11-24 22:31:03 0 d-------- D:\Documents and Settings\user\Desktop

2007-11-24 22:31:03 0 d-------- D:\Documents and Settings\user\Application Data\vlc

2007-11-24 22:31:01 0 d-------- D:\Documents and Settings\user\Recent

2007-11-24 22:30:58 0 d-------- D:\Documents and Settings\user\Start Menu

2007-11-24 22:30:57 0 d-------- D:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com

2007-11-24 22:28:24 0 d-------- C:\Program Files\Dcads Games Collection

2007-11-24 22:28:17 0 d-------- C:\Program Files\Img2CAD

2007-11-24 22:28:14 0 d-------- C:\Program Files\Security Task Manager

2007-11-24 22:14:38 0 d-------- C:\Program Files\Security Task Manager(2)

2007-11-24 22:02:37 0 d-------- D:\Documents and Settings\user\Application Data\Mozilla

2007-11-24 21:53:18 0 dr------- D:\Documents and Settings\user\Favorites

2007-11-24 21:53:18 0 d--hs---- D:\Documents and Settings\user\Cookies

2007-11-24 21:53:18 0 d-------- D:\Documents and Settings\user\Application Data

2007-11-24 21:53:18 0 d-------- D:\Documents and Settings\user\Application Data\Real

2007-11-24 21:53:18 0 d-------- D:\Documents and Settings\user\Application Data\Macromedia

2007-11-24 21:53:17 0 d-------- D:\Documents and Settings\user\Templates

2007-11-24 21:53:17 0 d-------- D:\Documents and Settings\user\SendTo

2007-11-24 21:53:17 0 d--h----- D:\Documents and Settings\user\NetHood

2007-11-24 21:53:17 0 dr------- D:\Documents and Settings\user\My Documents

2007-11-24 21:53:17 0 d--h----- D:\Documents and Settings\user\Local Settings

2007-11-24 10:38:12 41591 --ahs---- C:\WINDOWS\system32\llkkj.ini2

2007-11-24 00:02:27 9863168 --a------ D:\Documents and Settings\user\ntuser.dat

2007-11-24 00:02:14 6490 --ahs---- C:\WINDOWS\system32\pstwa.ini2

2007-11-24 00:01:48 102912 --a------ C:\WINDOWS\system32\drvtug.dll

2007-11-24 00:01:37 0 --a------ C:\WINDOWS\system32\ddcawts.dll

2007-11-24 00:01:20 0 d-------- C:\WINDOWS\system32\vgfddwtv

2007-11-24 00:01:20 0 d-------- C:\Program Files\SecCenter

2007-11-24 00:01:06 131072 --a------ D:\Documents and Settings\All Users\Application Data\jibupqne.dll

2007-11-24 00:01:05 0 d-------- C:\Program Files\Gfkgzmsb

2007-11-23 23:59:36 0 d-------- C:\Program Files\ngbmpgnc

2007-11-23 23:58:49 2432 --a------ C:\WINDOWS\system32\unpr.sys

2007-11-23 23:52:30 45056 --a------ C:\WINDOWS\system32\WNASPI32.DLL <Not Verified; Adaptec; Adaptec's ASPI Layer>

2007-11-23 23:52:30 16512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS <Not Verified; Adaptec; Adaptec's ASPI Layer>

2007-11-20 14:02:06 0 d-------- C:\Program Files\MSBuild

2007-11-20 13:57:46 0 d-------- C:\WINDOWS\system32\XPSViewer

2007-11-20 13:56:36 0 d-------- C:\Program Files\Reference Assemblies

2007-11-19 15:18:36 208896 --a------ C:\WINDOWS\system32\nsx237.dll

2007-11-14 17:47:18 0 d-------- D:\Documents and Settings\Account.3311 (Retrieved after unexpected restart.)\Application Data\MSNInstaller

2007-11-10 23:39:51 40731 --a------ C:\WINDOWS\system32\superiorads-uninst.exe

2007-11-10 23:39:10 80105 --a------ C:\WINDOWS\system32\dcads-remove.exe

2007-11-08 23:18:43 0 d-------- C:\Program Files\TrustyFiles

2007-11-08 20:25:33 0 d-------- D:\Documents and Settings\Account.3311 (Retrieved after unexpected restart.)\Application Data\BitSpirit

2007-11-08 20:11:44 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>

2007-11-08 20:10:38 0 d-------- C:\Program Files\BitSpirit

2007-11-08 20:08:41 0 d-------- C:\Program Files\BitComet

2007-11-08 19:25:16 0 d-------- C:\Program Files\PCPitstop

2007-11-07 16:59:13 0 d-a------ C:\Program Files\WinZix

2007-11-05 12:35:36 65024 --a------ C:\WINDOWS\system32\spads.dll

2007-11-03 00:14:30 0 d-------- C:\Program Files\HTTP-Tunnel

 

 

-- Find3M Report ---------------------------------------------------------------

 

2007-11-27 00:30:51 0 d-------- C:\Program Files\Java

2007-11-26 11:54:35 0 d-------- C:\Program Files\Common Files

2007-11-25 12:10:03 28672 -----n--- C:\WINDOWS\system32\verclsid.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

2007-11-25 02:25:17 0 d-------- C:\Program Files\SUPERAntiSpyware

2007-11-24 01:37:20 0 d-------- C:\Program Files\Common Files\Symantec Shared

2007-11-23 23:52:07 0 d-------- C:\Program Files\ImTOO

2007-11-18 23:20:30 0 d-------- C:\Program Files\Winamp

2007-11-11 12:28:21 0 d--h----- C:\Program Files\InstallShield Installation Information

2007-11-11 12:06:44 0 d-------- C:\Program Files\Activision

2007-11-03 00:11:12 2548 --a------ C:\WINDOWS\mozver.dat

2007-10-24 18:27:29 0 d-------- C:\Program Files\SSH Tunnel

2007-10-24 13:51:48 0 d-------- C:\Program Files\Microsoft ActiveSync

2007-10-24 13:40:19 0 d-------- C:\Program Files\LimeWire

2007-10-24 07:33:20 0 d-------- C:\Program Files\Artlantis Studio

2007-10-24 07:11:10 0 d-------- C:\Program Files\Graphisoft

2007-10-17 17:23:24 10752 --a------ C:\WINDOWS\system32\WhoisCL.exe <Not Verified; NirSoft; WhoisCL>

2007-10-06 18:15:08 0 d-------- C:\Program Files\IVT Corporation

2007-10-06 17:35:03 724992 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>

2007-10-06 17:29:25 0 d-------- C:\Program Files\TVersity

2007-10-06 16:21:14 0 d-------- C:\Program Files\Windows Media Connect 2

2007-10-06 10:41:37 0 d-------- C:\Program Files\iTunes

2007-10-06 10:41:21 0 d-------- C:\Program Files\iPod

2007-10-06 09:54:09 0 d-------- C:\Program Files\FlashFXP

2007-10-06 01:48:48 0 d-------- C:\Program Files\SatelliteTVforPC

2007-10-06 00:29:03 0 d-------- C:\Program Files\Datel

2007-10-06 00:27:44 0 d-------- C:\Program Files\XBCD

2007-10-03 20:12:09 0 d-------- C:\Program Files\Fire International

2007-09-30 19:22:06 0 d-------- C:\Program Files\Symantec

2007-09-18 23:19:24 4 --a------ C:\WINDOWS\IEdate.dll

 

 

-- Registry Dump ---------------------------------------------------------------

 

*Note* empty entries & legit default entries are not shown

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Remote"="C:\Program Files\TVR\Remote.exe" [25/11/2007 12:07]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [09/01/2007 17:32]

"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [25/11/2007 12:07]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [25/11/2007 12:07]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/12/2005 04:37]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [25/11/2007 12:07]

"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [30/09/2007 19:21]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [26/09/2007 13:42]

"jibupqne"="regsvr32 /u D:\Documents and Settings\All Users\Application Data\jibupqne.dll" []

"SC2"="C:\Program Files\SecCenter\scprot4.exe" [25/11/2007 12:07]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [24/10/2007 07:09]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 16:24]

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30/03/2006 16:45]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableTaskMgr"=0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableTaskMgr"=0 (0x0)

"NoDispAppearancePage"=0 (0x0)

"NoColorChoice"=0 (0x0)

"NoSizeChoice"=0 (0x0)

"NoDispBackgroundPage"=0 (0x0)

"NoDispScrSavPage"=0 (0x0)

"NoDispCPL"=0 (0x0)

"NoVisualStyleChoice"=0 (0x0)

"NoDispSettingsPage"=0 (0x0)

"DisableRegistryTools"=0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoActiveDesktopChanges"=0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"isamini.exe"=C:\Program Files\Key Generator\isamonitor.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoActiveDesktop"=0 (0x0)

"NoSaveSettings"=0 (0x0)

"NoThemesTab"=0 (0x0)

"ForceActiveDesktopOn"=0 (0x0)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [19/01/2007 21:51 77824]

"{ED203331-9C33-49D8-8714-D24A366A04EC}"= C:\WINDOWS\system32\iiffccd.dll [ ]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/10/2006 09:12 258048 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iiffccd]

iiffccd.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\awtst

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk]

path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\VIA RAID TOOL.lnk

backup=C:\WINDOWS\pss\VIA RAID TOOL.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]

"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EACHITCHBATLOCKS]

D:\Documents and Settings\All Users\Application Data\TWOHOLDEACHITCH\Web Noun.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\flag love]

D:\DOCUME~1\user\APPLIC~1\OOZEON~1\Ace user.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]

"C:\Program Files\Microsoft IntelliPoint\point32.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Program Files\QuickTime\qttask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecSche]

"C:\Program Files\TVR\RecSche.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanRegistry]

C:\W

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue Registry Booster]

C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

VTTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]

VTtrayp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDVRCtrl]

C:\WINDOWS\WDVRCtrl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

C:\Program Files\Windows Media Player\WMPNSCFG.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"StarWindService"=2 (0x2)

"SAVScan"=3 (0x3)

"Pml Driver HPZ12"=2 (0x2)

"ose"=3 (0x3)

"MDM"=2 (0x2)

"ISSVC"=2 (0x2)

"IDriverT"=3 (0x3)

"GB-PVR Recording Service"=2 (0x2)

"C-DillaCdaC11BA"=2 (0x2)

"AOL ACS"=2 (0x2)

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25ef4922-f755-11db-81f8-00038a000015}]

AutoRun\command- F:\LaunchU3.exe -a

 

 

 

 

-- Hosts -----------------------------------------------------------------------

 

127.0.0.1 NtKrnlpa.info

 

 

-- End of Deckard's System Scanner: finished at 2007-11-27 00:37:08 ------------

Share this post


Link to post
Share on other sites

EXTRA

 

Deckard's System Scanner v20071014.68

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------

 

-- System Information ----------------------------------------------------------

 

Microsoft Windows XP Home Edition (build 2600) SP 2.0

Architecture: X86; Language: English

 

CPU 0: AMD Sempron Processor 3000+

Percentage of Memory in Use: 40%

Physical Memory (total/avail): 703.48 MiB / 419.56 MiB

Pagefile Memory (total/avail): 1174.78 MiB / 913.4 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1913.04 MiB

 

C: is Fixed (NTFS) - 22.23 GiB total, 5.44 GiB free.

D: is Fixed (NTFS) - 44.48 GiB total, 3.35 GiB free.

E: is CDROM (No Media)

G: is Removable (No Media)

H: is Removable (No Media)

I: is Removable (No Media)

J: is CDROM (No Media)

K: is Fixed (NTFS) - 465.76 GiB total, 431.8 GiB free.

L: is CDROM (No Media)

M: is Removable (No Media)

Z: is Fixed (NTFS) - 114.49 GiB total, 11.02 GiB free.

 

\\.\PHYSICALDRIVE0 - ST380011A - 74.53 GiB - 3 partitions

\PARTITION0 - Unknown - 7.81 GiB

\PARTITION1 (bootable) - Installable File System - 22.23 GiB - C:

\PARTITION2 - Installable File System - 44.48 GiB - D:

 

\\.\PHYSICALDRIVE1 - ST350063 0AS SCSI Disk Device - 465.76 GiB - 1 partition

\PARTITION0 - Installable File System - 465.76 GiB - K:

 

\\.\PHYSICALDRIVE6 - Maxtor 6Y120L0 USB Device - 114.49 GiB - 1 partition

\PARTITION0 - Installable File System - 114.49 GiB - Z:

 

\\.\PHYSICALDRIVE3 - NEODIO USB Storage-CFC USB Device

 

\\.\PHYSICALDRIVE2 - NEODIO USB Storage-MMC USB Device

 

\\.\PHYSICALDRIVE5 - NEODIO USB Storage-MSC USB Device

 

\\.\PHYSICALDRIVE4 - NEODIO USB Storage-SMC USB Device

 

 

 

-- Security Center -------------------------------------------------------------

 

AUOptions is scheduled to auto-install.

Windows Internal Firewall is disabled.

 

FirstRunDisabled is set.

 

FW: Norton Internet Security v2005 (Symantec Corporation)

AV: Norton Internet Security v2005 (Symantec Corporation) Outdated

 

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"

 

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%ProgramFiles%\\AOL 9.0\\aol.exe"="%ProgramFiles%\\AOL 9.0\\aol.exe:*:Enabled:AOL"

"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"="%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA"

"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"="%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe:*:Enabled:PANDORA"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Red Chair Software\\Anapod Explorer\\anamgr.exe"="C:\\Program Files\\Red Chair Software\\Anapod Explorer\\anamgr.exe:*:Enabled:Anapod Xtreamer"

"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"

"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"

"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"

"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"

"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"

"C:\\APPS\\skype\\phone\\Skype.exe"="C:\\APPS\\skype\\phone\\Skype.exe:*:Enabled:Skype"

"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"

"C:\\Program Files\\Common Files\\AOL\\1171300940\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1171300940\\ee\\aolsoftware.exe:*:Enabled:AOL Services"

"C:\\Program Files\\Common Files\\AOL\\1171300940\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1171300940\\ee\\aim6.exe:*:Enabled:AIM"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\\Program Files\\PPMate\\PPMate\\ppmate.exe"="C:\\Program Files\\PPMate\\PPMate\\ppmate.exe:*:Enabled:PPMate"

"C:\\Program Files\\FlashFXP\\FlashFXP.exe"="C:\\Program Files\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3"

"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"

"D:\\Documents and Settings\\user\\Desktop\\utorrent.exe"="D:\\Documents and Settings\\user\\Desktop\\utorrent.exe:*:Enabled:µTorrent"

"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

"C:\\Program Files\\BitSpirit\\BitSpirit.exe"="C:\\Program Files\\BitSpirit\\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client"

"D:\\DOCUME~1\\user\\LOCALS~1\\Temp\\winBC.exe"="D:\\DOCUME~1\\user\\LOCALS~1\\Temp\\winBC.exe:*:Enabled:winBC"

"D:\\Documents and Settings\\user\\Local Settings\\Temp\\winD4.exe"="D:\\Documents and Settings\\user\\Local Settings\\Temp\\winD4.exe:*:Enabled:UK Provider"

 

 

-- Environment Variables -------------------------------------------------------

 

ALLUSERSPROFILE=D:\Documents and Settings\All Users

APPDATA=D:\Documents and Settings\user\Application Data

CLASSPATH=.;C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip

CLIENTNAME=Console

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=049657420245

ComSpec=C:\WINDOWS\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=D:

HOMEPATH=\Documents and Settings\user

LOGONSERVER=\49657420245

NUMBER_OF_PROCESSORS=1

OS=Windows_NT

Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 15 Model 44 Stepping 2, AuthenticAMD

PROCESSOR_LEVEL=15

PROCESSOR_REVISION=2c02

ProgramFiles=C:\Program Files

PROMPT=$P$G

QTJAVA=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=D:\DOCUME~1\user\LOCALS~1\Temp

TMP=D:\DOCUME~1\user\LOCALS~1\Temp

USERDOMAIN=049657420245

USERNAME=user

USERPROFILE=D:\Documents and Settings\user

windir=C:\WINDOWS

 

 

-- User Profiles ---------------------------------------------------------------

 

user (admin)

Microsoft (admin)

 

 

-- Add/Remove Programs ---------------------------------------------------------

 

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

-->

--> "C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe" -lang="en-uk"

--> C:\PROGRA~1\COMMON~1\AOL\ACS\AcsUninstall.exe /c

--> C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\UNWISE.EXE C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\INSTALL.LOG

--> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

--> C:\Program Files\Learn2.com\StRunner\stuninst.exe

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu

--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}

--> MsiExec.exe /I{8B543A39-9401-44F4-B572-069E64C15189}

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A065EA0-0EEC-4E94-A2A0-40812576C122}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AFA4872-16B2-419E-ADCA-8E96E739115D}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

--> VTUninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Timer'

ActionReplay Xbox --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Datel\ActionReplay Xbox\Uninst.isu"

Ad-Aware SE Professional --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG

Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"

Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}

Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

Ahead Nero Burning ROM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

AiO_Scan_CDA -->

AiOSoftwareNPI -->

AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe

Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}

Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}

ArchiCAD 11 INT --> C:\Program Files\Graphisoft\ArchiCAD 11\Uninstall.AC\uninstaller.exe

Ares 2.0.9 --> "C:\Program Files\Ares\uninstall.exe"

Artlantis Studio 1.2 --> C:\Program Files\Artlantis Studio\uninst.exe

Athens Toolbar --> MsiExec.exe /I{E79734B1-B505-42E6-B6AF-65D049C503B0}

AutoCAD 2007 - English --> MsiExec.exe /I{5783F2D7-5001-0409-0002-0060B0CE6BBA}

Autodesk DWF Viewer --> C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove /q0

Azureus --> C:\Program Files\Azureus\Uninstall.exe

BitComet 0.96 --> C:\Program Files\BitComet\uninst.exe

BitSpirit v3.3.1.232 Stable --> "C:\Program Files\BitSpirit\unins000.exe"

BlueSoleil --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\Setup.exe" -l0x9

Browser Optimizer Dcads --> C:\WINDOWS\system32\dcads-remove.exe

Browser Optimizer Superiorads --> C:\WINDOWS\system32\superiorads-uninst.exe

BufferChm -->

Call of Duty® 2 -->

Call of Duty® 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l2057

Call of Duty® 2 Patch 1.3 -->

Call of Duty® 4 - Modern Warfare Demo --> C:\Program Files\InstallShield Installation Information\{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}\setup.exe -runfromtemp -l0x0409

CC_ccProxyExt --> MsiExec.exe /I{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}

ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}

ccPxyCore --> MsiExec.exe /I{FC08587A-4F01-4188-819F-F55880022917}

CDisplay 1.8 --> "C:\Program Files\CDisplay\unins000.exe"

CloneCD --> "C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"

CP_Package_Variety1 -->

CP_Package_Variety2 -->

CP_Package_Variety3 -->

CustomerResearchQFolder -->

DawnOfWar -->

DawnOfWar --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{362D5167-9716-44BE-89FD-BF9EB6EF814B}

Dcads Games Collection --> C:\Program Files\Dcads Games Collection\uninstall.exe

Destinations -->

DeviceManagementQFolder -->

DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN

DocProc -->

Donald Trump´s Real Estate Tycoon --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A8D8F09-75CB-4BB4-8384-9E94B5BAF542}\setup.exe"

eSupportQFolder -->

F300 -->

F300_Help -->

F300Trb -->

Fax_CDA -->

ffdshow --> "C:\Program Files\ffdshow\uninstall.exe"

Fighting Fit --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Europress\Fighting Fit\Uninst.isu"

FlashFXP v3 --> "C:\Program Files\FlashFXP\Uninstall.exe" "C:\Program Files\FlashFXP\install.log" -u

GB-PVR --> MsiExec.exe /X{1E1C56B2-9172-4416-A429-30A793B213D9}

[email protected] 1.9.5 --> MsiExec.exe /I{9F185C48-595B-401A-A1D6-AAB324890DC4}

Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall

Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly

Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly

Google SketchUp 6 Exporters --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EB459C2F-41CA-4222-B9CA-F8EBA40B8DAB}\setup.exe" -l0x9 -removeonly

Google SketchUp LayOut 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C12D609B-EB71-411B-82C3-9BE6D40435D7}\setup.exe" -l0x9 -removeonly

Google SketchUp Pro 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12E75B98-8463-4C1F-8DDA-F6CF31566A55}\setup.exe" -l0x9 -removeonly

HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

HP Extended Capabilities 6.1 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat

HP Imaging Device Functions 6.1 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat

HP Photosmart Essential --> MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}

HP PSC & OfficeJet 6.1.A --> "C:\Program Files\HP\Digital Imaging\{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}\setup\hpzscr01.exe" -datfile hposcr08.dat

HP Software Update --> MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}

HP Solution Center and Imaging Support Tools 6.1 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat

HP USB Disk Storage Format Tool --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}\Setup.exe" -l0x9

HPProductAssistant -->

Img2CAD 1.0 --> "C:\Program Files\Img2CAD\unins000.exe"

ImTOO DVD to iPod Converter --> C:\Program Files\ImTOO\DVD to iPod Converter 4\Uninstall.exe

iPod for Windows 2006-01-10 -->

iPod for Windows 2006-01-10 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033

iPod movie Converter 3 --> C:\Program Files\ImTOO\iPod movie Converter 3\Uninstall.exe

iTunes --> MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306}

Java SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}

Lavasoft Reghance 2.1 --> C:\PROGRA~1\LAVASO~1\UNWISE.EXE C:\PROGRA~1\LAVASO~1\INSTALL.LOG

LimeWire 4.14.10 --> "C:\Program Files\LimeWire\uninstall.exe"

LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE

LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U

Macromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5

Macromedia Shockwave Player --> MsiExec.exe /X{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}

MarketResearch -->

MediaPortal --> MsiExec.exe /I{E95FD367-B0A7-420B-A95A-E8888D3C0C99}

Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"

Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Halo --> "C:\Program Files\Microsoft Games\Halo\UNINSTAL.EXE" /runtemp /addremove

Microsoft IntelliPoint 5.2 -->

Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}

Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}

Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Mozilla Firefox (2.0.0.9) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP

MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}

MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}

MSXML 6.0 SDK --> MsiExec.exe /I{DF67E8C2-1D4C-44E1-93DC-7E26E2D74D00}

NewCopy_CDA -->

Norton AntiSpam --> MsiExec.exe /I{3B29A786-5803-4e9e-9B58-3014A5B4E519}

Norton AntiSpam --> MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F}

Norton AntiVirus 2005 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}

Norton Internet Security --> MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}

Norton Internet Security --> MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}

Norton Internet Security --> MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}

Norton Internet Security --> MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}

Norton Internet Security --> MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}

Norton Internet Security --> MsiExec.exe /I{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}

Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}

Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}

Norton Internet Security --> MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22}

Norton Internet Security 2005 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe /X

Norton WMI Update --> MsiExec.exe /X{E85FA9A1-C241-4698-893B-DD99509B8DB0}

Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}

OfficeForms Filler --> MsiExec.exe /I{BEC1E8D2-5A1D-49EA-B9BC-5AEC613BF07D}

OpenOffice.org 2.0 --> MsiExec.exe /I{BF4C2438-CAFF-4DB0-BB77-48BB1781F313}

Platform -->

ProductContextNPI -->

QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}

Readme -->

Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE

REALTEK GbE & FE Ethernet PCI NIC Driver --> C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe -runfromtemp -l0x0009 -removeonly

S3 S3Display --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display'

S3 S3Gamma2 --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2'

S3 S3Info2 --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2'

S3 S3Overlay --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay'

S3 S3TrayPlus --> vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3TrayPlus'

S3GSetup -->

Scan -->

ScannerCopy -->

Scratch LIVE 1.5 (1517) --> MsiExec.exe /I{00185E7B-E2DE-48D6-A125-584B18F59E5D}

Security Task Manager 1.7 --> C:\Program Files\Security Task Manager\Uninstal.exe "D:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"

Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"

Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"

Skype 2.0 --> "c:\apps\skype\phone\unins000.exe"

SolutionCenter -->

Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}

Sony Ericsson DRM Packager 1.35 --> C:\Program Files\Sony Ericsson\DRM Packager\Uninstall.exe

SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}

Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"

SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"

Status -->

SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}

Symantec Network Drivers Update -->

SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}

System Requirements Lab --> C:\Program Files\Common Files\SystemRequirementsLab\Uninstall.exe

Toolbox -->

TrayApp -->

TrustyFiles 3.1.0.22 --> "C:\Program Files\TrustyFiles\unins000.exe"

TVR --> C:\Program Files\TVR\Uninstal.EXE

Tweak-SE plug-in for Ad-Aware SE --> C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\tweakse\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\tweakse\INSTALL.LOG

UK Driving Secrets Guide --> "C:\Program Files\UK Driving Secrets Guide\unins000.exe"

Uniblue Registry Booster --> "C:\Program Files\Uniblue\Registry Booster\unins000.exe"

UniChrome Pro IGP Display Driver and Utilities --> C:\PROGRA~1\S3\S3\s3setvga.exe -s -fC:\PROGRA~1\S3\S3\S3.uns

Unload -->

VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}

VIA/S3G Display Driver --> C:\PROGRA~1\VIA\UChromeP\s3minset.exe /u C:\PROGRA~1\VIA\UChromeP\UChromeP.uns

VIA/S3G Display Driver 6.14.10.0333 --> C:\PROGRA~1\S3\UChromeP\s3minset.exe /u UChromeP.uns

VideoLAN VLC media player 0.8.4a --> C:\Program Files\VideoLAN\VLC\uninstall.exe

Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u

WebFldrs XP -->

WebReg -->

Wii Video 9 1.94 --> C:\Program Files\Red Kawa\Video Converter\uninst.exe

Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"

WinAVI 3GP MP4 PSP iPod Video Converter v2.0 ÃcÅ餤¤å¤Æª© --> C:\Program Files\WinAVI MP4 Converter\Uninstall WinAVI MP4 Converter.exe

Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}

Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}

Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}

Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}

Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"

Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"

Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}

Windows Vista Upgrade Advisor --> MsiExec.exe /I{B79FBFDD-8B0C-4B8E-B70E-499E39978281}

Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}

WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe

XAMPP 1.6.3a --> "c:\xampp\uninstall.exe"

XBCD 1.07 --> C:\Program Files\XBCD\uninst.exe

XML Paper Specification Shared Components Pack 1.0 -->

Zone Media --> D:\DOCUME~1\user\APPLIC~1\OOZEON~1\Ace user.exe -uninstall

 

 

-- Application Event Log -------------------------------------------------------

 

Event Record #/Type17113 / Error

Event Submitted/Written: 11/27/2007 00:36:03 AM

Event ID/Source: 8 / crypt32

Event Description:

Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

 

Event Record #/Type17112 / Error

Event Submitted/Written: 11/27/2007 00:35:50 AM

Event ID/Source: 8 / crypt32

Event Description:

Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established

 

Event Record #/Type17096 / Error

Event Submitted/Written: 11/26/2007 11:55:05 AM

Event ID/Source: 1004 / Application Error

Event Description:

Faulting application logonui.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x005f0406.

Error in creating result PEAP-TLV in response to received PEAP-TLV (logonui.exe!ld!)

 

Event Record #/Type17095 / Error

Event Submitted/Written: 11/26/2007 11:55:03 AM

Event ID/Source: 1004 / Application Error

Event Description:

Faulting application logonui.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x005f0406.

Error in creating result PEAP-TLV in response to received PEAP-TLV (logonui.exe!ld!)

 

Event Record #/Type17094 / Error

Event Submitted/Written: 11/26/2007 11:54:59 AM

Event ID/Source: 1004 / Application Error

Event Description:

Faulting application logonui.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x005f0406.

Error in creating result PEAP-TLV in response to received PEAP-TLV (logonui.exe!ld!)

 

 

 

-- Security Event Log ----------------------------------------------------------

 

No Errors/Warnings found.

 

 

-- System Event Log ------------------------------------------------------------

 

Event Record #/Type35109 / Error

Event Submitted/Written: 11/27/2007 00:34:11 AM

Event ID/Source: 10005 / DCOM

Event Description:

DCOM got error "%%1058" attempting to start the service MDM with arguments ""

in order to run the server:

{0C0A3666-30C9-11D0-8F20-00805F2CD064}

 

Event Record #/Type35108 / Error

Event Submitted/Written: 11/27/2007 00:34:06 AM

Event ID/Source: 10005 / DCOM

Event Description:

DCOM got error "%%1058" attempting to start the service MDM with arguments ""

in order to run the server:

{0C0A3666-30C9-11D0-8F20-00805F2CD064}

 

Event Record #/Type35103 / Error

Event Submitted/Written: 11/27/2007 00:29:37 AM

Event ID/Source: 7023 / Service Control Manager

Event Description:

The Application Management service terminated with the following error:

%%126

 

Event Record #/Type35100 / Error

Event Submitted/Written: 11/27/2007 00:29:35 AM

Event ID/Source: 7023 / Service Control Manager

Event Description:

The Application Management service terminated with the following error:

%%126

 

Event Record #/Type35097 / Error

Event Submitted/Written: 11/27/2007 00:29:35 AM

Event ID/Source: 7023 / Service Control Manager

Event Description:

The Application Management service terminated with the following error:

%%126

 

 

 

-- End of Deckard's System Scanner: finished at 2007-11-27 00:37:08 ------------

Share this post


Link to post
Share on other sites

Hi.mmaatttt

 

Download SDFix and save it to your Desktop.

 

* Double click SDFix.exe and it will extract the files to %systemdrive%

(Drive that contains the Windows Directory, typically C:\SDFix)

 

* Reboot into Safe Mode: ( without networking support !)

°To get into the Windows Safe Mode, restart your computer and, just before Windows starts to load, tap the F8 key a few times.

Choose Safe Mode from the menu that will appear and press Enter.

 

* Open the extracted SDFix folder and double click RunThis.bat to start the script.

* Type Y to begin the cleanup process.

* It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.

* Press any Key and it will restart the PC.

* When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.

* Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt

(Report.txt will also be copied to Clipboard ready for posting back on the forum).

* Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

 

========================

 

Then run this tool.

 

Please download SmitfraudFix (by S!Ri)

Extract the content (a folder named SmitfraudFix) to your Desktop.

 

Double-click smitfraudfix.exe

Select option #1 - Search by typing 1 and press "Enter". A text file will appear which lists infected files (if present).

Please copy/paste the content of that report into your next reply.

 

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

http://www.beyondlogic.org/consulting/proc...processutil.htm

 

Warning: Do not run Option #2 until you are instructed to do so. Running option #2 on a non infected computer will remove your Desktop background.

 

=======================

 

After come back here with all logs.

 

Gogo ;)

Share this post


Link to post
Share on other sites

SDFix REPORT.TXT

 

 

SDFix: Version 1.115

 

Run by user on 27/11/2007 at 01:52

 

Microsoft Windows XP [Version 5.1.2600]

 

Running From: C:\SDFix

 

Safe Mode:

Checking Services:

 

 

Restoring Windows Registry Values

Restoring Windows Default Hosts File

 

 

and Hijack This report:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 02:04:00, on 27/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\regsvr32.exe

C:\Program Files\SecCenter\scprot4.exe

C:\Program Files\Java\jre1.6.0\bin\jusched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Mozilla Firefox\firefox.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hotmail.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Athens Toolbar - {2E560504-B9C8-48AA-982A-08B79C3FD40E} - C:\Program Files\Eduserv Technologies Limited\Athens Toolbar\AthensToolbar.dll

O4 - HKLM\..\Run: [Remote] C:\Program Files\TVR\Remote.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [jibupqne] regsvr32 /u "D:\Documents and Settings\All Users\Application Data\jibupqne.dll"

O4 - HKLM\..\Run: [sC2] C:\Program Files\SecCenter\scprot4.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: iiffccd - iiffccd.dll (file missing)

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: MySql - Unknown owner - c:/xampp/mysql/bin/mysqld-nt.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

 

--

End of file - 9692 bytes

Share this post


Link to post
Share on other sites

SMITFRAUDFIX Report

 

SmitFraudFix v2.256

 

Scan done at 2:05:56.00, 27/11/2007

Run from D:\Documents and Settings\user\Desktop\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» Process

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\regsvr32.exe

C:\Program Files\SecCenter\scprot4.exe

C:\Program Files\Java\jre1.6.0\bin\jusched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\cmd.exe

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

»»»»»»»»»»»»»»»»»»»»»»»» D:\

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

C:\WINDOWS\system32\1024\ FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

 

 

»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\user

 

 

»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\user\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

 

»»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\user\FAVORI~1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="My Current Home Page"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"

"LoadAppInit_DLLs"=dword:00000001

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport

DNS Server Search Order: 192.168.0.1

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E7D2ACA9-660B-4D57-BF53-EFA67E229295}: DhcpNameServer=192.168.0.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{E7D2ACA9-660B-4D57-BF53-EFA67E229295}: DhcpNameServer=192.168.0.1

HKLM\SYSTEM\CS3\Services\Tcpip\..\{E7D2ACA9-660B-4D57-BF53-EFA67E229295}: DhcpNameServer=192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1

HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

Share this post


Link to post
Share on other sites

Hey.mmaatttt

 

Hm odd SDFix did not get the files I was hoping for. Run this tool for me.

 

Download ComboFix from Here or Here to your Desktop.

 

[*]Double click combofix.exe and follow the prompts.

[*]When finished, it shall produce a log for you. Post that log and a HiJackThis log in your next reply

 

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

 

Gogo ;)

Share this post


Link to post
Share on other sites

ComboFix 07-11-19.4 - user 2007-11-27 2:18:21.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.362 [GMT 0:00]

Running from: D:\Documents and Settings\user\Desktop\ComboFix.exe

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Program Files\internet explorer\iekey.dll

C:\Program Files\SecCenter

C:\Program Files\SecCenter\scprot4.exe

C:\WINDOWS\system32\nsx237.dll

 

.

((((((((((((((((((((((((( Files Created from 2007-10-27 to 2007-11-27 )))))))))))))))))))))))))))))))

.

 

2007-11-27 02:05 53,248 --a------ C:\WINDOWS\system32\Process.exe

2007-11-27 02:05 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2007-11-27 02:05 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe

2007-11-27 01:43 1,582 --a------ D:\Documents and Settings\user\clean.reg

2007-11-27 00:26 33,280 --a------ C:\WINDOWS\system32\rundll32.exe

2007-11-27 00:26 33,280 --a------ C:\WINDOWS\system32\dllcache\rundll32.exe

2007-11-25 12:28 <DIR> d-------- D:\Documents and Settings\user\Application Data\Apple Computer

2007-11-25 11:59 <DIR> d-------- C:\VundoFix Backups

2007-11-25 00:26 <DIR> d-------- C:\Program Files\Trend Micro

2007-11-24 23:04 <DIR> d-------- D:\Documents and Settings\user\Application Data\Lavasoft

2007-11-24 22:51 57,701 --ahs---- C:\WINDOWS\system32\rtstv.ini

2007-11-24 22:51 14,654 --ahs---- C:\WINDOWS\system32\rtstv.ini2

2007-11-24 22:46 <DIR> d-------- D:\Documents and Settings\user\Application Data\AdobeUM

2007-11-24 22:31 <DIR> d-------- D:\Documents and Settings\user\Application Data\vlc

2007-11-24 22:30 <DIR> d-------- D:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com

2007-11-24 22:28 <DIR> d-------- C:\Program Files\Security Task Manager

2007-11-24 22:28 <DIR> d-------- C:\Program Files\Img2CAD

2007-11-24 22:28 <DIR> d-------- C:\Program Files\Dcads Games Collection

2007-11-24 22:14 <DIR> d-------- C:\Program Files\Security Task Manager(2)

2007-11-24 10:38 41,591 --ahs---- C:\WINDOWS\system32\llkkj.ini2

2007-11-24 00:02 6,490 --ahs---- C:\WINDOWS\system32\pstwa.ini2

2007-11-24 00:02 317 --ahs---- C:\WINDOWS\system32\pstwa.ini

2007-11-24 00:01 <DIR> d-------- C:\WINDOWS\system32\vgfddwtv

2007-11-24 00:01 <DIR> d-------- C:\Program Files\Gfkgzmsb

2007-11-24 00:01 131,072 --a------ D:\Documents and Settings\All Users\Application Data\jibupqne.dll

2007-11-24 00:01 102,912 --a------ C:\WINDOWS\system32\drvtug.dll

2007-11-23 23:59 <DIR> d-------- C:\Program Files\ngbmpgnc

2007-11-23 23:58 20,992 --------- C:\WINDOWS\system32\winbug32.dll_tobedeleted_old

2007-11-23 23:52 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL

2007-11-23 23:52 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS

2007-11-20 14:02 <DIR> d-------- C:\Program Files\MSBuild

2007-11-20 13:57 <DIR> d-------- C:\WINDOWS\system32\XPSViewer

2007-11-20 13:56 <DIR> d-------- C:\Program Files\Reference Assemblies

2007-11-20 13:55 14,048 --------- C:\WINDOWS\system32\spmsg2.dll

2007-11-20 13:25 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll

2007-11-20 13:25 116,736 --------- C:\WINDOWS\system32\aaclient.dll

2007-11-10 23:39 80,105 --a------ C:\WINDOWS\system32\dcads-remove.exe

2007-11-08 23:18 <DIR> d-------- C:\Program Files\TrustyFiles

2007-11-08 20:11 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll

2007-11-08 20:10 <DIR> d-------- C:\Program Files\BitSpirit

2007-11-08 20:08 <DIR> d-------- C:\Program Files\BitComet

2007-11-08 19:25 <DIR> d-------- C:\Program Files\PCPitstop

2007-11-07 16:59 <DIR> d-a------ C:\Program Files\WinZix

2007-11-05 12:35 65,024 --a------ C:\WINDOWS\system32\spads.dll

2007-11-03 00:14 <DIR> d-------- C:\Program Files\HTTP-Tunnel

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-27 00:30 --------- d-----w C:\Program Files\Java

2007-11-25 02:25 --------- d-----w C:\Program Files\SUPERAntiSpyware

2007-11-24 22:15 --------- d-----w D:\Documents and Settings\All Users\Application Data\SecTaskMan

2007-11-24 01:37 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-11-23 23:52 --------- d-----w C:\Program Files\ImTOO

2007-11-18 23:20 --------- d-----w C:\Program Files\Winamp

2007-11-11 12:28 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-11-11 12:06 --------- d-----w C:\Program Files\Activision

2007-10-24 18:27 --------- d-----w C:\Program Files\SSH Tunnel

2007-10-24 13:51 --------- d-----w C:\Program Files\Microsoft ActiveSync

2007-10-24 13:40 --------- d-----w C:\Program Files\LimeWire

2007-10-24 07:33 --------- d-----w C:\Program Files\Artlantis Studio

2007-10-24 07:11 --------- d-----w C:\Program Files\Graphisoft

2007-10-06 18:27 --------- d-----w D:\Documents and Settings\All Users\Application Data\Bluetooth

2007-10-06 18:15 --------- d-----w C:\Program Files\IVT Corporation

2007-10-06 17:35 724,992 ----a-w C:\WINDOWS\iun6002.exe

2007-10-06 17:29 --------- d-----w C:\Program Files\TVersity

2007-10-06 16:21 --------- d-----w C:\Program Files\Windows Media Connect 2

2007-10-06 10:41 --------- d-----w C:\Program Files\iTunes

2007-10-06 10:41 --------- d-----w C:\Program Files\iPod

2007-10-06 09:54 --------- d-----w C:\Program Files\FlashFXP

2007-10-06 01:48 --------- d-----w C:\Program Files\SatelliteTVforPC

2007-10-06 00:29 --------- d-----w C:\Program Files\Datel

2007-10-06 00:27 --------- d-----w C:\Program Files\XBCD

2007-10-03 20:12 --------- d-----w C:\Program Files\Fire International

2007-10-03 20:11 --------- d-----w D:\Documents and Settings\All Users\Application Data\FlashFXP

2007-09-30 19:22 --------- d-----w C:\Program Files\Symantec

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24]

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Remote"="C:\Program Files\TVR\Remote.exe" [2007-11-25 12:07]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32]

"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2007-11-25 12:07]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-25 12:07]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-12-01 04:37]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-25 12:07]

"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-09-30 19:21]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-10-24 07:09]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00]

 

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2007-01-19 21:51 77824]

"{ED203331-9C33-49D8-8714-D24A366A04EC}"= C:\WINDOWS\system32\iiffccd.dll [ ]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2006-10-19 09:12 258048 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iiffccd]

iiffccd.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk]

path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\VIA RAID TOOL.lnk

backup=C:\WINDOWS\pss\VIA RAID TOOL.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 -noicon

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EACHITCHBATLOCKS]

D:\Documents and Settings\All Users\Application Data\TWOHOLDEACHITCH\Web Noun.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\flag love]

D:\DOCUME~1\user\APPLIC~1\OOZEON~1\Ace user.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2005-12-15 10:18 49152 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]

2004-06-03 01:50 204800 --a------ C:\Program Files\Microsoft IntelliPoint\point32.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

2001-07-09 02:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\qttask.exe -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecSche]

2005-05-23 08:44 450560 --a------ C:\Program Files\TVR\RecSche.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanRegistry]

C:\W

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2005-05-31 01:04 1415824 --a------ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2007-01-19 21:51 1310720 --a------ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue Registry Booster]

C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

VTTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]

VTtrayp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDVRCtrl]

C:\WINDOWS\WDVRCtrl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2006-10-18 20:05 204288 --a------ C:\Program Files\Windows Media Player\WMPNSCFG.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"StarWindService"=2 (0x2)

"SAVScan"=3 (0x3)

"Pml Driver HPZ12"=2 (0x2)

"ose"=3 (0x3)

"MDM"=2 (0x2)

"ISSVC"=2 (0x2)

"IDriverT"=3 (0x3)

"GB-PVR Recording Service"=2 (0x2)

"C-DillaCdaC11BA"=2 (0x2)

"AOL ACS"=2 (0x2)

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25ef4922-f755-11db-81f8-00038a000015}]

\Shell\AutoRun\command - F:\LaunchU3.exe -a

 

.

Contents of the 'Scheduled Tasks' folder

"2007-11-21 23:38:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2005-12-27 10:59:40 C:\WINDOWS\Tasks\Registration reminder 1.job"

- C:\WINDOWS\system32\OOBE\oobebaln.exe

.

**************************************************************************

 

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-27 02:23:07

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql]

"ImagePath"="c:/xampp/mysql/bin/mysqld-nt.exe"

.

Completion time: 2007-11-27 2:23:54 - machine was rebooted

.

--- E O F ---

Share this post


Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 02:27:34, on 27/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre1.6.0\bin\jusched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hotmail.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Athens Toolbar - {2E560504-B9C8-48AA-982A-08B79C3FD40E} - C:\Program Files\Eduserv Technologies Limited\Athens Toolbar\AthensToolbar.dll

O4 - HKLM\..\Run: [Remote] C:\Program Files\TVR\Remote.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: iiffccd - iiffccd.dll (file missing)

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: MySql - Unknown owner - c:/xampp/mysql/bin/mysqld-nt.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

 

--

End of file - 9330 bytes

Share this post


Link to post
Share on other sites

Hi.mmaatttt

 

Nice work now I'm going to have you run one more tool, for me.

 

Please download

VundoFix.exe

to your desktop.

Double-click VundoFix.exe to run it.

Click the Scan for Vundo button.

Once it's done scanning, click the Remove Vundo button.

You will receive a prompt asking if you want to remove the files,

click YES

Once you click yes, your desktop will go blank as it starts removing

Vundo.

When completed, it will prompt that it will reboot your computer,

click OK.

Please post the contents of C:\vundofix.txt

 

=======================

 

Now after you run this tool, Run the ComboFix once more. Then come back here with the Vundofix.txt and ComboFix.txt also a new HijackThis log.

 

Gogo ;)

Share this post


Link to post
Share on other sites

VundoFix V6.6.2

 

Checking Java version...

 

Java version is 1.5.0.2

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.9

Old versions of java are exploitable and should be removed.

 

Java version is 1.5.0.10

 

Scan started at 11:59:18 25/11/2007

 

Listing files found while scanning....

 

C:\windows\system32\drvtugr.dll

 

Beginning removal...

 

Attempting to delete C:\windows\system32\drvtugr.dll

C:\windows\system32\drvtugr.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

 

VundoFix V6.6.2

 

Checking Java version...

 

Scan started at 02:43:34 27/11/2007

 

Listing files found while scanning....

 

No infected files were found.

 

 

Beginning removal...

 

 

COMBOFIX

 

ComboFix 07-11-19.4 - user 2007-11-27 2:52:55.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.374 [GMT 0:00]

Running from: D:\Documents and Settings\user\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((( Files Created from 2007-10-27 to 2007-11-27 )))))))))))))))))))))))))))))))

.

 

2007-11-27 02:50 32,256 --a------ C:\WINDOWS\system32\OLD20.tmp

2007-11-27 02:50 15,872 --a------ C:\WINDOWS\system32\OLD14.tmp

2007-11-27 02:50 8,192 --a------ C:\WINDOWS\system32\OLD1A.tmp

2007-11-27 02:49 <DIR> d-------- C:\WINDOWS\LastGood

2007-11-27 02:49 20,992 --a------ C:\WINDOWS\system32\OLDB.tmp

2007-11-27 02:05 53,248 --a------ C:\WINDOWS\system32\Process.exe

2007-11-27 02:05 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2007-11-27 02:05 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe

2007-11-27 01:43 1,582 --a------ D:\Documents and Settings\user\clean.reg

2007-11-27 01:36 <DIR> d-------- C:\WINDOWS\ERUNT

2007-11-27 00:26 33,280 --a------ C:\WINDOWS\system32\rundll32.exe

2007-11-27 00:26 33,280 --a------ C:\WINDOWS\system32\dllcache\rundll32.exe

2007-11-25 12:28 <DIR> d-------- D:\Documents and Settings\user\Application Data\Apple Computer

2007-11-25 11:59 <DIR> d-------- C:\VundoFix Backups

2007-11-25 00:26 <DIR> d-------- C:\Program Files\Trend Micro

2007-11-24 23:04 <DIR> d-------- D:\Documents and Settings\user\Application Data\Lavasoft

2007-11-24 22:51 57,701 --ahs---- C:\WINDOWS\system32\rtstv.ini

2007-11-24 22:51 14,654 --ahs---- C:\WINDOWS\system32\rtstv.ini2

2007-11-24 22:46 <DIR> d-------- D:\Documents and Settings\user\Application Data\AdobeUM

2007-11-24 22:31 <DIR> d-------- D:\Documents and Settings\user\Application Data\vlc

2007-11-24 22:30 <DIR> d-------- D:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com

2007-11-24 22:28 <DIR> d-------- C:\Program Files\Security Task Manager

2007-11-24 22:28 <DIR> d-------- C:\Program Files\Img2CAD

2007-11-24 22:28 <DIR> d-------- C:\Program Files\Dcads Games Collection

2007-11-24 22:14 <DIR> d-------- C:\Program Files\Security Task Manager(2)

2007-11-24 10:38 41,591 --ahs---- C:\WINDOWS\system32\llkkj.ini2

2007-11-24 00:02 6,490 --ahs---- C:\WINDOWS\system32\pstwa.ini2

2007-11-24 00:02 317 --ahs---- C:\WINDOWS\system32\pstwa.ini

2007-11-24 00:01 <DIR> d-------- C:\WINDOWS\system32\vgfddwtv

2007-11-24 00:01 <DIR> d-------- C:\Program Files\Gfkgzmsb

2007-11-24 00:01 131,072 --a------ D:\Documents and Settings\All Users\Application Data\jibupqne.dll

2007-11-24 00:01 102,912 --a------ C:\WINDOWS\system32\drvtug.dll

2007-11-23 23:59 <DIR> d-------- C:\Program Files\ngbmpgnc

2007-11-23 23:58 20,992 --------- C:\WINDOWS\system32\winbug32.dll_tobedeleted_old

2007-11-23 23:52 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL

2007-11-23 23:52 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS

2007-11-20 14:02 <DIR> d-------- C:\Program Files\MSBuild

2007-11-20 13:57 <DIR> d-------- C:\WINDOWS\system32\XPSViewer

2007-11-20 13:56 <DIR> d-------- C:\Program Files\Reference Assemblies

2007-11-20 13:55 14,048 --------- C:\WINDOWS\system32\spmsg2.dll

2007-11-20 13:25 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll

2007-11-20 13:25 116,736 --------- C:\WINDOWS\system32\aaclient.dll

2007-11-10 23:39 80,105 --a------ C:\WINDOWS\system32\dcads-remove.exe

2007-11-08 23:18 <DIR> d-------- C:\Program Files\TrustyFiles

2007-11-08 20:11 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll

2007-11-08 20:10 <DIR> d-------- C:\Program Files\BitSpirit

2007-11-08 20:08 <DIR> d-------- C:\Program Files\BitComet

2007-11-08 19:25 <DIR> d-------- C:\Program Files\PCPitstop

2007-11-07 16:59 <DIR> d-a------ C:\Program Files\WinZix

2007-11-05 12:35 65,024 --a------ C:\WINDOWS\system32\spads.dll

2007-11-03 00:14 <DIR> d-------- C:\Program Files\HTTP-Tunnel

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-27 02:01 8,704 ----a-w C:\WINDOWS\system32\wdfmgr.exe

2007-11-27 00:30 --------- d-----w C:\Program Files\Java

2007-11-25 12:10 28,672 ------w C:\WINDOWS\system32\verclsid.exe

2007-11-25 02:25 --------- d-----w C:\Program Files\SUPERAntiSpyware

2007-11-24 22:15 --------- d-----w D:\Documents and Settings\All Users\Application Data\SecTaskMan

2007-11-24 01:37 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-11-23 23:52 --------- d-----w C:\Program Files\ImTOO

2007-11-18 23:20 --------- d-----w C:\Program Files\Winamp

2007-11-11 12:28 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-11-11 12:06 --------- d-----w C:\Program Files\Activision

2007-11-10 23:40 40,731 ----a-w C:\WINDOWS\system32\superiorads-uninst.exe

2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll

2007-10-24 18:27 --------- d-----w C:\Program Files\SSH Tunnel

2007-10-24 13:51 --------- d-----w C:\Program Files\Microsoft ActiveSync

2007-10-24 13:40 --------- d-----w C:\Program Files\LimeWire

2007-10-24 07:33 --------- d-----w C:\Program Files\Artlantis Studio

2007-10-24 07:11 --------- d-----w C:\Program Files\Graphisoft

2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe

2007-10-06 18:27 --------- d-----w D:\Documents and Settings\All Users\Application Data\Bluetooth

2007-10-06 18:15 --------- d-----w C:\Program Files\IVT Corporation

2007-10-06 17:35 724,992 ----a-w C:\WINDOWS\iun6002.exe

2007-10-06 17:29 --------- d-----w C:\Program Files\TVersity

2007-10-06 16:21 --------- d-----w C:\Program Files\Windows Media Connect 2

2007-10-06 10:41 --------- d-----w C:\Program Files\iTunes

2007-10-06 10:41 --------- d-----w C:\Program Files\iPod

2007-10-06 09:54 --------- d-----w C:\Program Files\FlashFXP

2007-10-06 01:48 --------- d-----w C:\Program Files\SatelliteTVforPC

2007-10-06 00:29 --------- d-----w C:\Program Files\Datel

2007-10-06 00:27 --------- d-----w C:\Program Files\XBCD

2007-10-03 20:12 --------- d-----w C:\Program Files\Fire International

2007-10-03 20:11 --------- d-----w D:\Documents and Settings\All Users\Application Data\FlashFXP

2007-09-30 19:22 --------- d-----w C:\Program Files\Symantec

2007-09-05 23:22 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe

.

 

((((((((((((((((((((((((((((( [email protected]_ 2.23.14.20 )))))))))))))))))))))))))))))))))))))))))

.

- 2004-09-19 20:21:24 177,152 -c----w C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe

+ 2007-11-27 02:44:53 169,984 -c----w C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe

+ 2007-11-27 02:49:08 20,992 ----a-w C:\WINDOWS\LastGood\system32\fontview.exe

+ 2007-11-27 02:50:02 15,872 ----a-w C:\WINDOWS\LastGood\system32\perfmon.exe

+ 2007-11-27 02:50:30 8,192 ----a-w C:\WINDOWS\LastGood\system32\winhlp32.exe

+ 2007-11-27 02:50:38 32,256 ----a-w C:\WINDOWS\LastGood\system32\wpnpinst.exe

+ 2004-08-04 14:00:00 20,992 ----a-w C:\WINDOWS\system32\dllcache\fontview.exe

+ 2004-08-04 14:00:00 15,872 ----a-w C:\WINDOWS\system32\dllcache\perfmon.exe

+ 2004-08-04 14:00:00 8,192 ----a-w C:\WINDOWS\system32\dllcache\winhstb.exe

+ 2004-08-04 14:00:00 32,256 ----a-w C:\WINDOWS\system32\dllcache\wpnpinst.exe

- 2004-08-04 14:00:00 28,160 ----a-w C:\WINDOWS\system32\fontview.exe

+ 2004-08-04 14:00:00 20,992 ----a-w C:\WINDOWS\system32\fontview.exe

- 2006-10-17 12:56:10 52,736 ----a-w C:\WINDOWS\system32\mshta.exe

+ 2006-10-17 12:56:10 45,568 ----a-w C:\WINDOWS\system32\mshta.exe

- 2004-08-04 14:00:00 23,040 ----a-w C:\WINDOWS\system32\perfmon.exe

+ 2004-08-04 14:00:00 15,872 ----a-w C:\WINDOWS\system32\perfmon.exe

- 2004-08-04 14:00:00 15,360 ----a-w C:\WINDOWS\system32\winhlp32.exe

+ 2004-08-04 14:00:00 8,192 ----a-w C:\WINDOWS\system32\winhlp32.exe

- 2004-08-04 14:00:00 39,424 ----a-w C:\WINDOWS\system32\wpnpinst.exe

+ 2004-08-04 14:00:00 32,256 ----a-w C:\WINDOWS\system32\wpnpinst.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24]

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Remote"="C:\Program Files\TVR\Remote.exe" [2007-11-25 12:07]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32]

"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2007-11-25 12:07]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-25 12:07]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-12-01 04:37]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-25 12:07]

"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-09-30 19:21]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-10-24 07:09]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00]

 

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2007-01-19 21:51 77824]

"{ED203331-9C33-49D8-8714-D24A366A04EC}"= C:\WINDOWS\system32\iiffccd.dll [ ]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2006-10-19 09:12 258048 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iiffccd]

iiffccd.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk]

path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\VIA RAID TOOL.lnk

backup=C:\WINDOWS\pss\VIA RAID TOOL.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 -noicon

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EACHITCHBATLOCKS]

D:\Documents and Settings\All Users\Application Data\TWOHOLDEACHITCH\Web Noun.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\flag love]

D:\DOCUME~1\user\APPLIC~1\OOZEON~1\Ace user.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2005-12-15 10:18 49152 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]

2004-06-03 01:50 204800 --a------ C:\Program Files\Microsoft IntelliPoint\point32.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

2001-07-09 02:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\qttask.exe -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecSche]

2005-05-23 08:44 450560 --a------ C:\Program Files\TVR\RecSche.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanRegistry]

C:\W

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2005-05-31 01:04 1415824 --a------ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2007-01-19 21:51 1310720 --a------ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue Registry Booster]

C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

VTTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]

VTtrayp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDVRCtrl]

C:\WINDOWS\WDVRCtrl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2006-10-18 20:05 204288 --a------ C:\Program Files\Windows Media Player\WMPNSCFG.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"StarWindService"=2 (0x2)

"SAVScan"=3 (0x3)

"Pml Driver HPZ12"=2 (0x2)

"ose"=3 (0x3)

"MDM"=2 (0x2)

"ISSVC"=2 (0x2)

"IDriverT"=3 (0x3)

"GB-PVR Recording Service"=2 (0x2)

"C-DillaCdaC11BA"=2 (0x2)

"AOL ACS"=2 (0x2)

 

R0 UNPR;UNPR;C:\WINDOWS\system32\unpr.sys

R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys

R3 AVHybrid;AVHybrid service;C:\WINDOWS\system32\DRIVERS\AVHybrid.sys

S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys

S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys

S3 Via4in1;Via4in1;\??\C:\Via4in1.sys

S3 xbreader;MaxDrive XBox Driver (xbreader.sys);C:\WINDOWS\system32\Drivers\xbreader.sys

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25ef4922-f755-11db-81f8-00038a000015}]

\Shell\AutoRun\command - F:\LaunchU3.exe -a

 

.

Contents of the 'Scheduled Tasks' folder

"2007-11-21 23:38:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2005-12-27 10:59:40 C:\WINDOWS\Tasks\Registration reminder 1.job"

- C:\WINDOWS\system32\OOBE\oobebaln.exe

.

**************************************************************************

 

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-27 02:55:10

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

 

HJTHIS

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 02:59, on 2007-11-27

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre1.6.0\bin\jusched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hotmail.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Athens Toolbar - {2E560504-B9C8-48AA-982A-08B79C3FD40E} - C:\Program Files\Eduserv Technologies Limited\Athens Toolbar\AthensToolbar.dll

O4 - HKLM\..\Run: [Remote] C:\Program Files\TVR\Remote.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: iiffccd - iiffccd.dll (file missing)

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: MySql - Unknown owner - c:/xampp/mysql/bin/mysqld-nt.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

 

--

End of file - 9294 bytes

Share this post


Link to post
Share on other sites

Seems to have done the trick!

 

Any chance I can fix my browser, as I cannot access password login/secure websites?

 

Also my start menu items are still showing empty folders!

Share this post


Link to post
Share on other sites

Hi.mmaatttt

 

1. Close any open browsers.

 

2. Open notepad and copy/paste the text in the quote box below into it (but don't include the word: quote). Make sure to use NotePad and nothing else.

 

File::

C:\WINDOWS\system32\OLD20.tmp

C:\WINDOWS\system32\OLD14.tmp

C:\WINDOWS\system32\OLD1A.tmp

C:\WINDOWS\system32\OLDB.tmp

C:\WINDOWS\system32\rtstv.ini

C:\WINDOWS\system32\rtstv.ini2

C:\WINDOWS\system32\llkkj.ini2

C:\WINDOWS\system32\pstwa.ini2

C:\WINDOWS\system32\pstwa.ini

C:\WINDOWS\system32\vgfddwtv

D:\Documents and Settings\All Users\Application Data\jibupqne.dll

C:\WINDOWS\system32\drvtug.dll

C:\WINDOWS\system32\winbug32.dll

C:\WINDOWS\system32\rhttpaa.dll

C:\WINDOWS\system32\aaclient.dll

C:\WINDOWS\system32\iiffccd.dll

 

Registry::

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{ED203331-9C33-49D8-8714-D24A366A04EC}"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iiffccd]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\flag love]

 

Save this as CFScript.txt, in the same location as ComboFix.exe

 

CFScript.gif

 

Refering to the picture above, drag CFScript into ComboFix.exe

 

 

When finished, it will produce a log for you at "C:\ComboFix.txt"

 

 

Note:

Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

=======================

 

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

 

O20 - Winlogon Notify: iiffccd - iiffccd.dll (file missing)

 

Now close all windows and browsers, other than HiJackThis, then click Fix Checked.

 

Close Hijackthis.

 

Then come back here with both the HijackThis log and ComboFix.txt

 

 

Gogo ;)

Share this post


Link to post
Share on other sites

ComboFix 07-11-19.4 - user 2007-11-27 12:44:23.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.397 [GMT 0:00]

Running from: D:\Documents and Settings\user\Desktop\ComboFix.exe

Command switches used :: C:\ComboFix\CFScript.txt

* Created a new restore point

.

 

((((((((((((((((((((((((( Files Created from 2007-10-27 to 2007-11-27 )))))))))))))))))))))))))))))))

.

 

2007-11-27 02:05 53,248 --a------ C:\WINDOWS\system32\Process.exe

2007-11-27 02:05 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2007-11-27 02:05 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe

2007-11-27 01:43 1,582 --a------ D:\Documents and Settings\user\clean.reg

2007-11-27 00:26 33,280 --a------ C:\WINDOWS\system32\rundll32.exe

2007-11-27 00:26 33,280 --a------ C:\WINDOWS\system32\dllcache\rundll32.exe

2007-11-25 12:28 <DIR> d-------- D:\Documents and Settings\user\Application Data\Apple Computer

2007-11-25 11:59 <DIR> d-------- C:\VundoFix Backups

2007-11-25 00:26 <DIR> d-------- C:\Program Files\Trend Micro

2007-11-24 23:04 <DIR> d-------- D:\Documents and Settings\user\Application Data\Lavasoft

2007-11-24 22:51 57,701 --ahs---- C:\WINDOWS\system32\rtstv.ini

2007-11-24 22:51 14,654 --ahs---- C:\WINDOWS\system32\rtstv.ini2

2007-11-24 22:46 <DIR> d-------- D:\Documents and Settings\user\Application Data\AdobeUM

2007-11-24 22:31 <DIR> d-------- D:\Documents and Settings\user\Application Data\vlc

2007-11-24 22:30 <DIR> d-------- D:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com

2007-11-24 22:28 <DIR> d-------- C:\Program Files\Img2CAD

2007-11-24 22:14 <DIR> d-------- C:\Program Files\Security Task Manager(2)

2007-11-24 10:38 41,591 --ahs---- C:\WINDOWS\system32\llkkj.ini2

2007-11-24 00:02 6,490 --ahs---- C:\WINDOWS\system32\pstwa.ini2

2007-11-24 00:02 317 --ahs---- C:\WINDOWS\system32\pstwa.ini

2007-11-24 00:01 <DIR> d-------- C:\WINDOWS\system32\vgfddwtv

2007-11-24 00:01 <DIR> d-------- C:\Program Files\Gfkgzmsb

2007-11-24 00:01 131,072 --a------ D:\Documents and Settings\All Users\Application Data\jibupqne.dll

2007-11-24 00:01 102,912 --a------ C:\WINDOWS\system32\drvtug.dll

2007-11-23 23:59 <DIR> d-------- C:\Program Files\ngbmpgnc

2007-11-23 23:58 20,992 --------- C:\WINDOWS\system32\winbug32.dll_tobedeleted_old

2007-11-23 23:52 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL

2007-11-23 23:52 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS

2007-11-20 14:02 <DIR> d-------- C:\Program Files\MSBuild

2007-11-20 13:57 <DIR> d-------- C:\WINDOWS\system32\XPSViewer

2007-11-20 13:56 <DIR> d-------- C:\Program Files\Reference Assemblies

2007-11-20 13:55 14,048 --------- C:\WINDOWS\system32\spmsg2.dll

2007-11-20 13:25 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll

2007-11-20 13:25 116,736 --------- C:\WINDOWS\system32\aaclient.dll

2007-11-10 23:39 80,105 --a------ C:\WINDOWS\system32\dcads-remove.exe

2007-11-08 23:18 <DIR> d-------- C:\Program Files\TrustyFiles

2007-11-08 20:11 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll

2007-11-08 20:10 <DIR> d-------- C:\Program Files\BitSpirit

2007-11-08 20:08 <DIR> d-------- C:\Program Files\BitComet

2007-11-08 19:25 <DIR> d-------- C:\Program Files\PCPitstop

2007-11-07 16:59 <DIR> d-a------ C:\Program Files\WinZix

2007-11-05 12:35 65,024 --a------ C:\WINDOWS\system32\spads.dll

2007-11-03 00:14 <DIR> d-------- C:\Program Files\HTTP-Tunnel

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-27 03:44 --------- d-----w C:\Program Files\Java

2007-11-27 03:37 --------- d-----w D:\Documents and Settings\All Users\Application Data\SecTaskMan

2007-11-27 02:01 8,704 ----a-w C:\WINDOWS\system32\wdfmgr.exe

2007-11-25 12:10 28,672 ------w C:\WINDOWS\system32\verclsid.exe

2007-11-25 02:25 --------- d-----w C:\Program Files\SUPERAntiSpyware

2007-11-24 01:37 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-11-23 23:52 --------- d-----w C:\Program Files\ImTOO

2007-11-18 23:20 --------- d-----w C:\Program Files\Winamp

2007-11-11 12:28 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-11-11 12:06 --------- d-----w C:\Program Files\Activision

2007-11-10 23:40 40,731 ----a-w C:\WINDOWS\system32\superiorads-uninst.exe

2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll

2007-10-24 18:27 --------- d-----w C:\Program Files\SSH Tunnel

2007-10-24 13:51 --------- d-----w C:\Program Files\Microsoft ActiveSync

2007-10-24 13:40 --------- d-----w C:\Program Files\LimeWire

2007-10-24 07:33 --------- d-----w C:\Program Files\Artlantis Studio

2007-10-24 07:11 --------- d-----w C:\Program Files\Graphisoft

2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe

2007-10-06 18:27 --------- d-----w D:\Documents and Settings\All Users\Application Data\Bluetooth

2007-10-06 18:15 --------- d-----w C:\Program Files\IVT Corporation

2007-10-06 17:35 724,992 ----a-w C:\WINDOWS\iun6002.exe

2007-10-06 17:29 --------- d-----w C:\Program Files\TVersity

2007-10-06 16:21 --------- d-----w C:\Program Files\Windows Media Connect 2

2007-10-06 10:41 --------- d-----w C:\Program Files\iTunes

2007-10-06 10:41 --------- d-----w C:\Program Files\iPod

2007-10-06 09:54 --------- d-----w C:\Program Files\FlashFXP

2007-10-06 01:48 --------- d-----w C:\Program Files\SatelliteTVforPC

2007-10-06 00:29 --------- d-----w C:\Program Files\Datel

2007-10-06 00:27 --------- d-----w C:\Program Files\XBCD

2007-10-03 20:12 --------- d-----w C:\Program Files\Fire International

2007-10-03 20:11 --------- d-----w D:\Documents and Settings\All Users\Application Data\FlashFXP

2007-09-30 19:22 --------- d-----w C:\Program Files\Symantec

2007-09-05 23:22 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe

.

 

((((((((((((((((((((((((((((( [email protected]_ 2.23.14.20 )))))))))))))))))))))))))))))))))))))))))

.

- 2004-09-19 20:21:24 177,152 -c----w C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe

+ 2007-11-27 02:44:53 169,984 -c----w C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe

+ 2004-08-04 14:00:00 20,992 ----a-w C:\WINDOWS\system32\dllcache\fontview.exe

+ 2004-08-04 14:00:00 15,872 ----a-w C:\WINDOWS\system32\dllcache\perfmon.exe

+ 2004-08-04 14:00:00 8,192 ----a-w C:\WINDOWS\system32\dllcache\winhstb.exe

+ 2004-08-04 14:00:00 32,256 ----a-w C:\WINDOWS\system32\dllcache\wpnpinst.exe

- 2004-08-04 14:00:00 28,160 ----a-w C:\WINDOWS\system32\fontview.exe

+ 2004-08-04 14:00:00 20,992 ----a-w C:\WINDOWS\system32\fontview.exe

- 2007-10-24 07:09:36 135,168 ----a-w C:\WINDOWS\system32\java.exe

+ 2007-09-24 22:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe

- 2007-11-27 00:19:27 135,168 ----a-w C:\WINDOWS\system32\javaw.exe

+ 2007-09-24 22:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe

- 2007-11-27 00:28:17 139,264 ----a-w C:\WINDOWS\system32\javaws.exe

+ 2007-09-24 23:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe

- 2006-10-17 12:56:10 52,736 ----a-w C:\WINDOWS\system32\mshta.exe

+ 2006-10-17 12:56:10 45,568 ----a-w C:\WINDOWS\system32\mshta.exe

- 2004-08-04 14:00:00 23,040 ----a-w C:\WINDOWS\system32\perfmon.exe

+ 2004-08-04 14:00:00 15,872 ----a-w C:\WINDOWS\system32\perfmon.exe

- 2004-08-04 14:00:00 15,360 ----a-w C:\WINDOWS\system32\winhlp32.exe

+ 2004-08-04 14:00:00 8,192 ----a-w C:\WINDOWS\system32\winhlp32.exe

- 2004-08-04 14:00:00 39,424 ----a-w C:\WINDOWS\system32\wpnpinst.exe

+ 2004-08-04 14:00:00 32,256 ----a-w C:\WINDOWS\system32\wpnpinst.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24]

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Remote"="C:\Program Files\TVR\Remote.exe" [2007-11-25 12:07]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32]

"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2007-11-25 12:07]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-25 12:07]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-12-01 04:37]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-25 12:07]

"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-09-30 19:21]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00]

 

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2007-01-19 21:51 77824]

"{ED203331-9C33-49D8-8714-D24A366A04EC}"= C:\WINDOWS\system32\iiffccd.dll [ ]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2006-10-19 09:12 258048 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iiffccd]

iiffccd.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk]

path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\VIA RAID TOOL.lnk

backup=C:\WINDOWS\pss\VIA RAID TOOL.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 -noicon

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EACHITCHBATLOCKS]

D:\Documents and Settings\All Users\Application Data\TWOHOLDEACHITCH\Web Noun.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\flag love]

D:\DOCUME~1\user\APPLIC~1\OOZEON~1\Ace user.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2005-12-15 10:18 49152 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]

2004-06-03 01:50 204800 --a------ C:\Program Files\Microsoft IntelliPoint\point32.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

2001-07-09 02:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\qttask.exe -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecSche]

2005-05-23 08:44 450560 --a------ C:\Program Files\TVR\RecSche.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanRegistry]

C:\W

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2005-05-31 01:04 1415824 --a------ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2007-01-19 21:51 1310720 --a------ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue Registry Booster]

C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

VTTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]

VTtrayp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDVRCtrl]

C:\WINDOWS\WDVRCtrl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2006-10-18 20:05 204288 --a------ C:\Program Files\Windows Media Player\WMPNSCFG.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"StarWindService"=2 (0x2)

"SAVScan"=3 (0x3)

"Pml Driver HPZ12"=2 (0x2)

"ose"=3 (0x3)

"MDM"=2 (0x2)

"ISSVC"=2 (0x2)

"IDriverT"=3 (0x3)

"GB-PVR Recording Service"=2 (0x2)

"C-DillaCdaC11BA"=2 (0x2)

"AOL ACS"=2 (0x2)

 

R0 UNPR;UNPR;C:\WINDOWS\system32\unpr.sys

R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys

R3 AVHybrid;AVHybrid service;C:\WINDOWS\system32\DRIVERS\AVHybrid.sys

S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys

S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys

S3 Via4in1;Via4in1;\??\C:\Via4in1.sys

S3 xbreader;MaxDrive XBox Driver (xbreader.sys);C:\WINDOWS\system32\Drivers\xbreader.sys

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25ef4922-f755-11db-81f8-00038a000015}]

\Shell\AutoRun\command - F:\LaunchU3.exe -a

 

.

Contents of the 'Scheduled Tasks' folder

"2007-11-21 23:38:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2005-12-27 10:59:40 C:\WINDOWS\Tasks\Registration reminder 1.job"

- C:\WINDOWS\system32\OOBE\oobebaln.exe

.

**************************************************************************

 

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-27 12:46:55

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql]

"ImagePath"="c:/xampp/mysql/bin/mysqld-nt.exe"

.

Completion time: 2007-11-27 12:47:33

C:\ComboFix2.txt ... 2007-11-27 02:23

.

--- E O F ---

 

 

HJThis

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:48:13, on 27/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\TVR\remote.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hotmail.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Athens Toolbar - {2E560504-B9C8-48AA-982A-08B79C3FD40E} - C:\Program Files\Eduserv Technologies Limited\Athens Toolbar\AthensToolbar.dll

O4 - HKLM\..\Run: [Remote] C:\Program Files\TVR\Remote.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: iiffccd - iiffccd.dll (file missing)

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: MySql - Unknown owner - c:/xampp/mysql/bin/mysqld-nt.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

 

--

End of file - 9289 bytes

Share this post


Link to post
Share on other sites

BUMP

 

My PC seems to be ok at the moment and i'm trying to recover my start-menu's and broken links.

 

My Firefox bwser is not working though, ad Internet Explorer will no access secure login websites..(Hotmail, facebook etc!)!

 

Is there any advise with regards to this matter???

Share this post


Link to post
Share on other sites

After some googling, I managed to find out it was NORTON that messed up with the secure sites etc!!!

 

I managed to un-install it now and am using another SV software!

Share this post


Link to post
Share on other sites

Hi.mmaatttt

 

Sorry for the hold-up here, But it's that time of year and I go were moms goes. :angry:

let's see if we can clean some more off this PC.

 

====================

 

SUPERAntiSpyware: Please disable SuperAntispyware. Right-click on the shortcut from the

system tray, choose View Control Center (preferences/options), on the General and Startup tab, uncheck, Start SUPERAntispyware when Windows starts, click Close to exit.

 

====================

 

1. Close any open browsers.

 

2. Open notepad and copy/paste the text in the quote box below into it (but don't include the word: quote). Make sure to use NotePad and nothing else.

 

File::

C:\WINDOWS\system32\rtstv.ini

C:\WINDOWS\system32\rtstv.ini2

C:\WINDOWS\system32\llkkj.ini2

C:\WINDOWS\system32\pstwa.ini2

C:\WINDOWS\system32\pstwa.ini

D:\Documents and Settings\All Users\Application Data\jibupqne.dll

C:\WINDOWS\system32\drvtug.dll

C:\WINDOWS\system32\winbug32.dll_tobedeleted_old

 

Folder::

C:\WINDOWS\system32\vgfddwtv

C:\Program Files\Gfkgzmsb

C:\Program Files\ngbmpgnc

 

Registry::

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{ED203331-9C33-49D8-8714-D24A366A04EC}"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iiffccd]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EACHITCHBATLOCKS]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\flag love]

 

 

Save this as CFScript.txt, in the same location as ComboFix.exe

 

CFScript.gif

 

Refering to the picture above, drag CFScript into ComboFix.exe

 

 

When finished, it will produce a log for you at "C:\ComboFix.txt"

 

 

Note:

Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

=====================

 

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

 

O20 - Winlogon Notify: iiffccd - iiffccd.dll (file missing)

 

Now close all windows and browsers, other than HiJackThis, then click Fix Checked.

 

Close Hijackthis.

 

=====================

 

Reboot PC after doing all above

 

=====================

 

Then come back here with both the HijackThis log and ComboFix.txt

 

 

Gogo ;)

Share this post


Link to post
Share on other sites
Sign in to follow this