ad-aware scan

Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Want to ask a question, reply to a topic, or remove all advertising? It's easy, fast and free. Join today!
Spyware, virus, trojan, fake security or privacy alerts? Please start with our malware cleaning guide.

> Geeks to Go! » Security » Malware Removal - HijackThis� Logs Go Here

ad-aware scan, I scan with ad-aware and my computer shuts down. this is my hijack th

Options

vmus View Member Profile	Jun 21 2008, 05:14 AM Post #1
Member Posts: 10 OS: xp	Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:47:04 AM, on 6/21/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\savedump.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\WINDOWS\system32\dlbtcoms.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Microsoft Hardware\Keyboard\type32.exe C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe C:\Program Files\PCRescue3.0\PCRescue.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll O2 - BHO: (no name) - {f02f6ba3-af81-4627-8f91-136634a63650} - C:\WINDOWS\system32\khfeCrPH.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" O4 - HKLM\..\Run: [Media Codec Update Service] "C:\Program Files\Essentials Codec Pack\update.exe" -silent O4 - HKLM\..\Run: [PCRescue] "C:\Program Files\PCRescue3.0\PCRescue.exe" O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [e8bd5f5b] rundll32.exe "C:\WINDOWS\system32\ufpkggwp.dll",b O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [SearchAndDestroyT] "C:\Program Files\Search And Destroy\SearchAndDestroy.exe" O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: dlbt_device - - C:\WINDOWS\system32\dlbtcoms.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 4709 bytes

kahdah View Member Profile	Jun 21 2008, 06:33 AM Post #2
GeekU Teacher Posts: 10,078 From: Somewhere OS: Windows xp home	Hello vmus Welcome to G2Go. ===================== Please download Deckard's System Scanner (DSS) and save it to your Desktop. Close all other windows before proceeding. Double-click on dss.exe and follow the prompts. When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

kahdah View Member Profile	Jun 21 2008, 08:10 PM Post #4
GeekU Teacher Posts: 10,078 From: Somewhere OS: Windows xp home	*Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.* First, we need to backup your registry: Please go to Start > Run Paste in the following line:regedit /e c:\registrybackup.reg Click OK. It won't appear to be doing anything, that's normal. Your mouse pointer may turn to an hour glass for a minute. Please continue when it no longer has the hour glass. Please open up Notepad and copy all of the items in the code box below. Change the "Save As Type" to "All Files". Save it as fixthis.reg on your Desktop. CODE REGEDIT4 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00 Now double-click fixthis.reg. A window will come up asking if you want to let it merge with the registry. Click yes. =============== Please download the OTMoveIt2 by OldTimer. Save it to your desktop. Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator") Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): CODE C:\WINDOWS\system32\ufpkggwp.dll C:\WINDOWS\system32\HPrCefhk.ini2 C:\WINDOWS\system32\MSVolume.dll C:\install.dat C:\sgxty.exe C:\iwfgofxx.exe C:\WINDOWS\system32\narqwe.sys C:\setupupdate.exe C:\WINDOWS\system32\ufpkggwp.dll C:\WINDOWS\system32\khfeCrPH.dll emptytemp Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light Yellow bar) and choose Paste. Click the red Moveit! button. OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply. Close OTMoveIt2 If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. ============================== Please download Malwarebytes' Anti-Malware from Here or Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley. ============== PLease post the OtMove it log,the Mbam log and a new dss log.

vmus

Jun 22 2008, 05:53 AM

Post #5

Member

Posts: 10
OS: xp

File/Folder C:\WINDOWS\system32\ufpkggwp.dll not found.
C:\WINDOWS\system32\HPrCefhk.ini2 moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\MSVolume.dll
C:\WINDOWS\system32\MSVolume.dll NOT unregistered.
C:\WINDOWS\system32\MSVolume.dll moved successfully.
C:\install.dat moved successfully.
C:\sgxty.exe moved successfully.
C:\iwfgofxx.exe moved successfully.
File move failed. C:\WINDOWS\system32\narqwe.sys scheduled to be moved on reboot.
C:\setupupdate.exe moved successfully.
File/Folder C:\WINDOWS\system32\ufpkggwp.dll not found.
File/Folder C:\WINDOWS\system32\khfeCrPH.dll not found.
< emptytempC:\WINDOWS\system32\ufpkggwp.dll >
File/Folder emptytempC:\WINDOWS\system32\ufpkggwp.dll not found.
File/Folder C:\WINDOWS\system32\HPrCefhk.ini2 not found.
File/Folder C:\WINDOWS\system32\MSVolume.dll not found.
File/Folder C:\install.dat not found.
File/Folder C:\sgxty.exe not found.
File/Folder C:\iwfgofxx.exe not found.
File move failed. C:\WINDOWS\system32\narqwe.sys scheduled to be moved on reboot.
File/Folder C:\setupupdate.exe not found.
File/Folder C:\WINDOWS\system32\ufpkggwp.dll not found.
File/Folder C:\WINDOWS\system32\khfeCrPH.dll not found.
< emptytemp >
File delete failed. C:\DOCUME~1\VERNMU~1\LOCALS~1\Temp\Perflib_Perfdata_e54.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\VERNMU~1\LOCALS~1\Temp\~DF3880.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\VERNMU~1\LOCALS~1\Temp\~DF8F3A.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_138.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT0726a.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT0726d.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06222008_061006

Files moved on Reboot...
File C:\WINDOWS\system32\narqwe.sys not found!
File C:\DOCUME~1\VERNMU~1\LOCALS~1\Temp\Perflib_Perfdata_e54.dat not found!
C:\DOCUME~1\VERNMU~1\LOCALS~1\Temp\~DF3880.tmp moved successfully.
C:\DOCUME~1\VERNMU~1\LOCALS~1\Temp\~DF8F3A.tmp moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_138.dat moved successfully.
C:\WINDOWS\temp\ZLT0726a.TMP moved successfully.
C:\WINDOWS\temp\ZLT0726d.TMP moved successfully.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
Malwarebytes' Anti-Malware 1.18
Database version: 876

6:35:59 AM 6/22/2008
mbam-log-6-22-2008 (06-35-59).txt

Scan type: Quick Scan
Objects scanned: 55278
Time elapsed: 9 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 6
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{f30b1b0b-c305-414e-a4ff-ac93a08de0ac} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\Search And Destroy (Rogue.SearchAndDestroy) -> Quarantined and deleted successfully.
C:\Program Files\Search And Destroy (Rogue.SearchAndDestroy) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Bug Doctor (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vern Musil\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vern Musil\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vern Musil\Application Data\RegistrySmart\Registry Backups (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\Search And Destroy\uninstall.exe (Rogue.SearchAndDestroy) -> Quarantined and deleted successfully.
C:\Program Files\Search And Destroy\Search And Destroy Setup Log.txt (Rogue.SearchAndDestroy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vern Musil\Application Data\RegistrySmart\Log\2008 May 19 - 05_52_31 PM_046.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vern Musil\Application Data\RegistrySmart\Registry Backups\2008-05-19_17-55-18.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\narqwe.sys (Rootkit.Rustok) -> Delete on reboot.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\adaway.lic (Rogue.AdwareAway) -> Quarantined and deleted successfully.
Deckard's System Scanner v20071014.68
Run by Vern Musil on 2008-06-22 06:48:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Vern Musil.exe) ------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:49:05 AM, on 6/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\dlbtcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\PCRescue3.0\PCRescue.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Vern Musil\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\VERNMU~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {f02f6ba3-af81-4627-8f91-136634a63650} - (no file)
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [Media Codec Update Service] "C:\Program Files\Essentials Codec Pack\update.exe" -silent
O4 - HKLM\..\Run: [PCRescue] "C:\Program Files\PCRescue3.0\PCRescue.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: dlbt_device - - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 4966 bytes

-- Files created between 2008-05-22 and 2008-06-22 -----------------------------

2008-06-22 06:19:19 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Malwarebytes
2008-06-22 06:19:13 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-06-22 06:19:12 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-22 06:02:53 57445272 --a------ C:\registrybackup.reg
2008-06-21 16:41:06 0 d-------- C:\Program Files\Spyware Doctor
2008-06-21 16:41:06 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\PC Tools
2008-06-21 07:47:50 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\TrojanHunter
2008-06-21 07:00:09 0 d-------- C:\Program Files\TrojanHunter 5.0
2008-06-21 05:06:55 0 d-------- C:\Program Files\Windows Defender
2008-06-21 04:53:04 0 d--h----- C:\Documents and Settings\LocalService.NT AUTHORITY\SendTo
2008-06-21 04:52:36 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Identities
2008-06-21 04:52:07 0 d--h----- C:\Documents and Settings\LocalService.NT AUTHORITY\NetHood
2008-06-21 04:52:07 0 dr------- C:\Documents and Settings\LocalService.NT AUTHORITY\My Documents
2008-06-21 04:52:02 0 dr-h----- C:\Documents and Settings\LocalService.NT AUTHORITY\Recent
2008-06-21 04:52:02 0 dr------- C:\Documents and Settings\LocalService.NT AUTHORITY\Favorites
2008-06-21 04:52:01 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Desktop
2008-06-20 17:23:04 0 d-------- C:\Documents and Settings\Administrator.HOME-C0IG4074DU\Application Data\Mozilla
2008-06-18 17:41:20 0 d-------- C:\Program Files\Lavasoft
2008-06-18 17:40:50 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-18 03:01:24 0 d-------- C:\Program Files\Trend Micro
2008-06-17 17:30:07 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
2008-06-16 17:02:44 63 --a------ C:\WINDOWS\system\SysSD.dll
2008-06-15 20:35:00 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Google
2008-06-15 15:06:56 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google
2008-06-15 15:06:27 0 d-------- C:\Program Files\FlashGet
2008-06-15 10:51:09 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Leadertech
2008-06-15 10:49:27 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-06-15 05:19:02 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Swift Sound
2008-06-14 18:11:52 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\NCH Software
2008-06-14 17:15:27 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Axara
2008-06-14 17:14:41 0 d-------- C:\Program Files\Common Files\Axara
2008-06-14 17:14:40 438272 --a------ C:\WINDOWS\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6>
2008-06-14 17:14:39 139264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-06-14 17:14:39 524288 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-06-14 17:14:39 261632 --a------ C:\WINDOWS\system32\mcdvd_32.dll <Not Verified; MainConcept; MainConcept DV Codec "2.0.4>
2008-06-14 17:14:38 413760 --a------ C:\WINDOWS\system32\mpg4c32.dll <Not Verified; Microsoft Corporation; Microsoft MPEG-4 Video Codec>
2008-06-06 03:09:07 0 d-------- C:\Program Files\Essentials Codec Pack
2008-06-06 03:05:05 200704 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2008-06-06 03:05:05 114688 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2008-06-06 03:05:05 34820 --a------ C:\WINDOWS\system32\ffdshow.reg
2008-06-06 03:05:01 0 d-------- C:\Program Files\Cucusoft
2008-06-06 03:04:33 0 d-------- C:\Program Files\Common Files\Download Manager
2008-05-25 07:36:13 0 d-------- C:\Program Files\Acoustica CD Label Maker
2008-05-24 11:46:15 0 d-------- C:\Program Files\MagicDVDRipper

-- Find3M Report ---------------------------------------------------------------

2008-06-18 17:40:50 0 d-------- C:\Program Files\Common Files
2008-06-17 17:13:45 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Mozilla
2008-06-16 17:20:07 0 d--h----- C:\Program Files\Google
2008-06-15 20:39:34 4212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-06-15 20:34:00 0 d-------- C:\Program Files\VideoLAN
2008-06-15 08:06:02 92 --a------ C:\Documents and Settings\Vern Musil\Application Data\burnaware.ini
2008-05-23 14:27:04 0 d-------- C:\Program Files\DVD Decrypter
2008-05-23 14:26:26 0 d-------- C:\Program Files\DVD Shrink
2008-05-19 17:18:20 0 d-------- C:\Program Files\ACW
2008-05-12 03:04:23 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-11 18:45:48 0 d-------- C:\Program Files\DivX
2008-05-11 18:27:38 30 --a------ C:\WINDOWS\�G@
2008-05-11 18:21:37 0 d-------- C:\Program Files\Creative
2008-05-11 14:17:58 0 d-------- C:\Program Files\ffdshow
2008-05-11 14:13:28 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\vlc
2008-05-11 14:04:42 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Media Player Classic
2008-05-11 14:03:31 0 d-------- C:\Program Files\XP Codec Pack
2008-05-11 13:36:51 0 d-------- C:\Program Files\AC3Filter
2008-05-11 13:36:50 0 d-------- C:\Program Files\AskSBar
2008-05-10 09:53:08 0 d-------- C:\Program Files\FrostWire
2008-05-10 00:00:14 0 d-------- C:\Program Files\PCRescue3.0
2008-05-09 16:31:23 0 d-------- C:\Program Files\CreataCard
2008-05-07 17:29:38 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\DivX
2008-05-06 14:27:33 0 d-------- C:\Program Files\Java
2008-05-05 16:33:42 0 d-------- C:\Program Files\MP3Gain
2008-05-05 16:27:54 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\FrostWire
2008-05-05 16:17:25 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Sun
2008-05-05 13:54:37 0 d-------- C:\Program Files\Photodex Presenter
2008-05-05 13:54:36 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Netscape
2008-05-05 13:54:17 0 d-------- C:\Program Files\Photodex
2008-05-05 13:51:38 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Photodex
2008-05-04 17:54:26 0 d-------- C:\Program Files\messenger
2008-05-04 12:28:00 60273 --a------ C:\WINDOWS\system32\pthreadGC2.dll <Not Verified; Open Source Software community project; >
2008-05-04 12:28:00 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-04 09:23:19 0 d-------- C:\Program Files\Cheetah Burner
2008-05-04 07:27:42 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Adobe
2008-05-04 07:25:57 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-04 07:20:46 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Macromedia
2008-05-04 06:37:38 0 d-------- C:\Program Files\Aspect one
2008-05-04 06:31:11 0 d-------- C:\Program Files\Acoustica MP3 To Wave Converter PLUS
2008-05-04 05:20:18 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Acoustica
2008-05-04 04:54:34 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-03 21:11:33 0 d-------- C:\Program Files\Movie Maker
2008-05-03 21:11:18 0 d-------- C:\Program Files\Windows NT
2008-05-03 20:17:25 0 d--h----- C:\Program Files\WindowsUpdate
2008-05-03 19:02:19 0 d-------- C:\Program Files\Codec Pack - All In 1
2008-05-03 18:38:22 0 d-------- C:\Program Files\RegistryFix
2008-05-03 13:39:37 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\WinRAR
2008-05-03 13:02:02 0 d-------- C:\Program Files\Microsoft Works
2008-05-03 12:48:51 0 d-------- C:\Program Files\Microsoft Works Suite 2002
2008-05-03 09:09:33 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-03 08:40:39 0 d-------- C:\Documents and Settings\Vern Musil\Application Data\Identities
2008-05-03 08:26:09 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-05-03 07:49:45 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-05-03 07:44:24 0 d-------- C:\Program Files\NoAdware4
2008-05-03 03:14:02 62 --ahs---- C:\Documents and Settings\Vern Musil\Application Data\desktop.ini
2008-03-31 16:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX�>
2008-03-31 16:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX�>
2008-03-31 16:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 16:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 16:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX�>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f02f6ba3-af81-4627-8f91-136634a63650}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [04/02/2008 09:07 PM]
"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [06/12/2001 03:20 AM]
"DLBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [02/22/2007 09:26 AM]
"Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [11/10/2004 02:36 PM]
"Media Codec Update Service"="C:\Program Files\Essentials Codec Pack\update.exe" [04/08/2007 11:44 AM]
"PCRescue"="C:\Program Files\PCRescue3.0\PCRescue.exe" [06/24/2005 09:53 AM]
"NvCplDaemon"="RUNDLL32.exe" [08/04/2004 02:56 AM C:\WINDOWS\system32\rundll32.exe]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 06:19 PM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [04/10/2008 03:14 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [03/23/2006 12:13 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/04/2007 07:31 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnk]
backup=C:\WINDOWS\pss\CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users.win