[A70)v(1C]

Logfile of HijackThis v1.99.1
Scan saved at 11:04:03 PM, on 10/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\RUNDLL.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mssenger.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Common Files\AOL\1156480080\ee\AOLSoftware.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\RavMonE.exe
C:\Program Files\Common Files\UPDATE2\Update.exe
C:\WINDOWS\system32\-788610.exe
C:\WINDOWS\system32\4938012.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\-16909.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\bind_40094.exe
C:\WINDOWS\system\realsched.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\setup_wm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\CNNIC\Cdn\cdnup.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Brandon\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....cid={SUB_CLCID}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://client.jogo.c...esearch-en.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://client.jogo.c...msearch-en.html
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Colorwo BHO - {A1A2C6B8-1C34-40E7-B07F-4EC85AC27CF4} - C:\Program Files\Colorwo\Daily.dll
O2 - BHO: (no name) - {ACC24EEC-037F-4B88-8D76-45EC1B2E64F1} - C:\WINDOWS\system32\aspaerdev.dll
O2 - BHO: Subconscious Intruder - {EBBC6E6D-7B65-46be-B509-86CED2D17876} - C:\WINDOWS\system32\Inte32.dll
O2 - BHO: Riptide BHO - {EFBCA345-14DC-4640-994E-4AF1DFDEB4FD} - C:\Program Files\Riptide\Plugin\Plugin.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1156480080\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\RavMonE.exe
O4 - HKLM\..\Run: [Update] C:\Program Files\Common Files\UPDATE2\Update.exe
O4 - HKLM\..\Run: [-788610] C:\WINDOWS\system32\-788610.exe
O4 - HKLM\..\Run: [4938012] C:\WINDOWS\system32\4938012.exe
O4 - HKLM\..\Run: [Daily] C:\Program Files\Colorwo\Daily.exe
O4 - HKLM\..\Run: [realtpsk] C:\WINDOWS\system\realsched.exe
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updatereal] C:\WINDOWS\realupdate.exe other
O4 - HKCU\..\Run: [msnnt] C:\WINDOWS\winampc.exe
O4 - Global Startup: -16909.lnk = C:\WINDOWS\system32\-16909.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &_ÕÒ±¾ÍøÒ³ÒôÊÓƵÁ´½Ó_ - C:\Program Files\Riptide\Plugin\Monitor.htm
O8 - Extra context menu item: Access Internet Keyword - C:\Program Files\CNNIC\Cdn\cnnic.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ¿á±ê - {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} - C:\Program Files\coolsign\coolsign.dll
O9 - Extra button: Chinese Navigation - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra 'Tools' menuitem: Chinese Navigation - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ·¢ÏÖÒôÊÓƵµØÖ· - {CFB84BBD-959B-4fcb-9A03-22ACE091043C} - C:\Program Files\Riptide\Monitor.exe
O9 - Extra 'Tools' menuitem: ·¢ÏÖÒôÊÓƵµØÖ· - {CFB84BBD-959B-4fcb-9A03-22ACE091043C} - C:\Program Files\Riptide\Monitor.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [CDNCLIENT] Chinese Navigation
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...DC_2.2.1.87.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1152220698796
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://advisor.futur...obal/msc311.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Windows Management Multimedia (mssenger) - Unknown owner - C:\WINDOWS\SYSTEM32\mssenger.exe

[Advertisements]

Hi

Yuck

Can you give me the These logs below

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post


Please download ComboFix and save it to your desktop.


Reboot your computer in Safe Mode.

• If the computer is running, shut down Windows, and then turn off the power.
• Wait 30 seconds, and then turn the computer on.
• Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
• Ensure that the Safe Mode option is selected.
• Press Enter. The computer then begins to start in Safe mode.
• Login on your usual account.

Create a Startup List[/u]

• Open HiJackThis
• Click on the "Config..." button on the bottom right
• Click on the tab "Misc Tools"
• Check off the 2 boxes next to the Box that says "Generate StartupList log"
• Click on the button "Generate StartupList log"
• When notepad opens, save the results to your desktop
• Copy and past the StartupList from the notepad into your next post

Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Reboot into normal windows


Please post all three logs, and use two, or three post if necessary making sure none get cut off

Thank you

Edited by loophole, 06 October 2006 - 01:40 PM.

[loophole]

Hi

Yuck

Can you give me the These logs below

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post


Please download ComboFix and save it to your desktop.


Reboot your computer in Safe Mode.

• If the computer is running, shut down Windows, and then turn off the power.
• Wait 30 seconds, and then turn the computer on.
• Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
• Ensure that the Safe Mode option is selected.
• Press Enter. The computer then begins to start in Safe mode.
• Login on your usual account.

Create a Startup List[/u]

• Open HiJackThis
• Click on the "Config..." button on the bottom right
• Click on the tab "Misc Tools"
• Check off the 2 boxes next to the Box that says "Generate StartupList log"
• Click on the button "Generate StartupList log"
• When notepad opens, save the results to your desktop
• Copy and past the StartupList from the notepad into your next post

Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Reboot into normal windows


Please post all three logs, and use two, or three post if necessary making sure none get cut off

Thank you

Edited by loophole, 06 October 2006 - 01:40 PM.

[A70)v(1C]

Ok so you know I did a virus scan and had about 10 different mixes of Trojen Horses, Virus/Wurms, Adware I also had done a spyware scan and had about 8 Spywares. So i made a new HiJackThis Log and followed all of the steps you gave me. Nothing is running better and im still getting a bunch of popups of korean websites having to do with music and games i think just judging by the pictures and the pop ups wont stop they pop up about 1-3 every 2 mins. So hereis all of the logs and i really appreciate your help.

[A70)v(1C]

New HiJackThis Log

Logfile of HijackThis v1.99.1
Scan saved at 9:31:29 AM, on 10/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\SVCH0ST.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mssenger.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RAccess.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
c:\windows\system32\wbem\winlogon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SMSS.EXE
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\svchost.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\UPDATE2\Update.exe
C:\WINDOWS\system32\ucind.exe
C:\WINDOWS\WINLOGON.EXE
C:\WINDOWS\LSASS.exe
C:\WINDOWS\system32\Realplayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\mydown.exe
C:\Documents and Settings\Brandon\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.007788.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://seek.yisou.com/srchasst.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://seek.yisou.com/srchcust.htm
F2 - REG:system.ini: Shell=explorer.exe,C:\WINDOWS\system32\downasp.exe
O1 - Hosts: 59.34.148.98 www.hao123.com
O1 - Hosts: 59.34.148.98 www.4199.com
O1 - Hosts: 59.34.148.98 www.9505.com
O1 - Hosts: 59.34.148.98 www.7322.com
O1 - Hosts: 218.5.76.175 www.huoche.com.cn
O2 - BHO: (no name) - {000FBDB5-8043-4F24-ABCC-22654DA54A22} - C:\PROGRA~1\INTERN~1\PLUGINS\Flash.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\PROGRA~1\DESKAD~1\deskipn.dll
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll
O2 - BHO: 5940bar BHO - {15953528-6C01-481A-8DB4-01888FB85B7D} - C:\WINDOWS\system32\CN5940~1.DLL
O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_5064.dll
O2 - BHO: SYM - {36BF6929-DCBC-4CCD-A620-C5E3BBA77B95} - C:\WINDOWS\system32\usercrd.dll
O2 - BHO: SafeMe Internet Explorer Helper - {3AE06CEE-58A6-4F5F-AF89-6C5350842F16} - C:\WINDOWS\system32\SafeHelper12.dll
O2 - BHO: raObject Class - {46F194EB-B7DB-4B7A-BD42-5FF39FD17664} - C:\PROGRA~1\pcast\hbcast.dll (file missing)
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O2 - BHO: stdup - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS\SYSTEM32\stdup.dll
O2 - BHO: BHOImp Class - {70AFF2CB-9DA2-499C-8D15-900729FCE83D} - C:\WINDOWS\system32\YHBO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {ACC24EEC-037F-4B88-8D76-45EC1B2E64F1} - C:\WINDOWS\system32\aspaerdev.dll
O2 - BHO: Flash 8 ocx - {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} - C:\WINDOWS\system32\flash8.dll
O2 - BHO: OsbornTech Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\WINDOWS\system32\ms.dll
O2 - BHO: Webacc - {CAC068F3-A608-406B-8581-458788A67694} - C:\WINDOWS\system32\svchost.dll
O2 - BHO: ÐÅÏ¢¼ìË÷ - {CE7C3CF0-98A8-474D-B2B5-1ED7E2E3B004} - C:\WINDOWS\system32\IEHelper.dll
O2 - BHO: Subconscious Intruder - {EBBC6E6D-7B65-46be-B509-86CED2D17876} - C:\WINDOWS\system32\Inte32.dll
O3 - Toolbar: 5940bar - {1A45F0FB-9586-4742-8343-8732C7AAFB88} - C:\WINDOWS\system32\CN5940~1.DLL
O3 - Toolbar: ESou ¹¤¾ßÀ¸ - {00BE86F6-2E61-4c1e-A36B-AE233EE21FA2} - C:\Program Files\eSou\ESouBar.dll (file missing)
O3 - Toolbar: Kuaiso Toolsbar - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - C:\Program Files\Kuaiso Toolsbar\Kuaiso_06003.dll (file missing)
O3 - Toolbar: ÑÅ»¢ÖúÊÖ - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O3 - Toolbar: Search Bar - {FBFF8F98-AE9D-4599-975E-E9B31E88EF04} - C:\WINDOWS\system32\BarTool.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [-788610] C:\WINDOWS\system32\-788610.exe
O4 - HKLM\..\Run: [4938012] C:\WINDOWS\system32\4938012.exe
O4 - HKLM\..\Run: [realtpsk] C:\WINDOWS\system\realsched.exe
O4 - HKLM\..\Run: [IntelFile] C:\WINDOWS\system32\IntelFile.exe
O4 - HKLM\..\Run: [RichMedia] C:\WINDOWS\system32\Rundll32.exe "C:\PROGRA~1\pcast\hbcast.dll",WaitWindows
O4 - HKLM\..\Run: [svc] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [sysmini] C:\WINDOWS\system32\sysmini.exe
O4 - HKLM\..\Run: [Update] C:\Program Files\Common Files\UPDATE2\Update.exe
O4 - HKLM\..\Run: [Desktop] C:\WINDOWS\system32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll
O4 - HKLM\..\Run: [spoolsv] C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\Run: [LoadEWXD] C:\WINDOWS\system32\ucind.exe
O4 - HKLM\..\Run: [SoundMam] C:\WINDOWS\system32\SVOHOST.exe
O4 - HKLM\..\Run: [Torjan Program] C:\WINDOWS\WINLOGON.EXE
O4 - HKLM\..\Run: [ToP] C:\WINDOWS\LSASS.exe
O4 - HKLM\..\Run: [TProgram] C:\WINDOWS\SMSS.EXE
O4 - HKLM\..\Run: [C:\WINDOWS\system32\SetupCmd.exe] C:\WINDOWS\system32\SetupCmd.exe
O4 - HKLM\..\Run: [Realplayer.exe] C:\WINDOWS\system32\Realplayer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updatereal] C:\WINDOWS\realupdate.exe other
O4 - HKCU\..\Run: [msnnt] C:\WINDOWS\winampc.exe
O4 - HKCU\..\Run: [svc] C:\WINDOWS\svchost.exe
O4 - Global Startup: -16909.lnk = C:\WINDOWS\system32\-16909.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: >>²ÊÐÅ·¢ËÍ<< - res://C:\PROGRA~1\MMSASS~1\mmsass~1.dll/mms.htm
O8 - Extra context menu item: Access Internet Keyword - C:\Program Files\CNNIC\Cdn\cnnic.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ìí¼Óµ½ÑÅ»¢¶©ÔÄ(&Y) - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ¿á±ê - {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} - C:\Program Files\coolsign\coolsign.dll
O9 - Extra button: Chinese Navigation - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra 'Tools' menuitem: Chinese Navigation - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O9 - Extra 'Tools' menuitem: ²ÊE¾«ÁéÉèÖà - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\quartz32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\quartz32.dll
O11 - Options group: [!CNS] Chinese keywords
O11 - Options group: [CDNCLIENT] Chinese Navigation
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...DC_2.2.1.87.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1152220698796
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KSD2Service - Unknown owner - C:\WINDOWS\system32\SVCH0ST.exe
O23 - Service: Windows Management Multimedia (mssenger) - Unknown owner - C:\WINDOWS\SYSTEM32\mssenger.exe
O23 - Service: Network Logon (NetWorkLogon) - Unknown owner - rundll32.exe (file missing)
O23 - Service: Remote Access - Unknown owner - C:\WINDOWS\system32\RAccess.exe

[A70)v(1C]

Uninstall Lst

????
¿á±¦ Version 2.0 Beta
×ÀÃæýÌå
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.8
Adobe Shockwave Player
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
Chinese Navigation2.4.0.16
Content Match Software
CoolSign
DivX
DivX Converter
DivX Player
DivX Web Player
Easy CD Creator 5 Platinum
HijackThis 1.99.1
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
HSP56 MR Drivers
HydraVision
iTunes
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
Kuaiso Toolsbar
LimeWire 4.12.6
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Calculator Plus
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)
MSN
n788 1.0
NavAngel
QuickTime
Rhapsody Player Engine
Rich Media Cast
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Silkroad
Update for Windows Internet Explorer 7 Beta 3 (KB922880)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Ventrilo Client
VIA Audio Driver Setup Program
Viewpoint Media Player
Vision Communicate
WarRock
Webcastaccelerator
WinDirected 2.0
Windows Defender
Windows Defender Signatures
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7 Beta 3
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
WinStdup

[A70)v(1C]

Startup List

StartupList report, 10/7/2006, 9:38:07 AM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Brandon\Desktop\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.5450.0004)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Brandon\Desktop\HijackThis.exe
C:\WINDOWS\SMSS.EXE
C:\WINDOWS\system32\ctfmon.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Brandon\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
-16909.lnk = C:\WINDOWS\system32\-16909.exe
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

PCTVOICE = pctspk.exe
ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
Windows Defender = "C:\Program Files\Windows Defender\MSASCui.exe" -hide
AdaptecDirectCD = "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
ATICCC = "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
itype = "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
IntelliPoint = "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
-788610 = C:\WINDOWS\system32\-788610.exe
4938012 = C:\WINDOWS\system32\4938012.exe
realtpsk = C:\WINDOWS\system\realsched.exe
IntelFile = C:\WINDOWS\system32\IntelFile.exe
RichMedia = C:\WINDOWS\system32\Rundll32.exe "C:\PROGRA~1\pcast\hbcast.dll",WaitWindows
svc = C:\WINDOWS\svchost.exe
sysmini = C:\WINDOWS\system32\sysmini.exe
Update = C:\Program Files\Common Files\UPDATE2\Update.exe
Desktop = C:\WINDOWS\system32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll
spoolsv = C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer
CdnCtr = C:\Program Files\CNNIC\Cdn\cdnup.exe
LoadEWXD = C:\WINDOWS\system32\ucind.exe
SoundMam = C:\WINDOWS\system32\SVOHOST.exe
Torjan Program = C:\WINDOWS\WINLOGON.EXE
ToP = C:\WINDOWS\LSASS.exe
TProgram = C:\WINDOWS\SMSS.EXE
91cast =
C:\WINDOWS\system32\SetupCmd.exe = C:\WINDOWS\system32\SetupCmd.exe
Realplayer.exe = C:\WINDOWS\system32\Realplayer.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

alsmt.exe = C:\WINDOWS\system32\alsmt.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
swg = C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
updatereal = C:\WINDOWS\realupdate.exe other
msnnt = C:\WINDOWS\winampc.exe
svc = C:\WINDOWS\svchost.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\winfiles\shell\open\command

(Default) = C:\WINDOWS\ExERoute.exe "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=*Registry value not found*

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=explorer.exe C:\WINDOWS\system32\downasp.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\PROGRA~1\INTERN~1\PLUGINS\Flash.dll - {000FBDB5-8043-4F24-ABCC-22654DA54A22}
(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\DESKAD~1\deskipn.dll - {08A312BB-5409-49FC-9347-54BB7D069AC6}
wmpdrm - C:\WINDOWS\system32\wmpdrm.dll - {0E674588-66B7-4E19-9D0E-2053B800F69F}
5940bar BHO - C:\WINDOWS\system32\CN5940~1.DLL - {15953528-6C01-481A-8DB4-01888FB85B7D}
(no name) - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_5064.dll - {16B770A0-0E87-4278-B748-2460D64A8386}
(no name) - C:\WINDOWS\system32\usercrd.dll - {36BF6929-DCBC-4CCD-A620-C5E3BBA77B95}
SafeMe Internet Explorer Helper - C:\WINDOWS\system32\SafeHelper12.dll - {3AE06CEE-58A6-4F5F-AF89-6C5350842F16}
(no name) - C:\PROGRA~1\pcast\hbcast.dll (file missing) - {46F194EB-B7DB-4B7A-BD42-5FF39FD17664}
(no name) - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108}
Vision - C:\PROGRA~1\MMSASS~1\mmsass~1.dll - {6671A431-5C3D-463d-A7CF-5587F9B7E191}
stdup - C:\WINDOWS\SYSTEM32\stdup.dll - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838}
(no name) - C:\WINDOWS\system32\YHBO.dll - {70AFF2CB-9DA2-499C-8D15-900729FCE83D}
(no name) - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
(no name) - C:\WINDOWS\system32\aspaerdev.dll - {ACC24EEC-037F-4B88-8D76-45EC1B2E64F1}
(no name) - C:\WINDOWS\system32\flash8.dll - {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD}
OsbornTech Popup Blocker - C:\WINDOWS\system32\ms.dll - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53}
Webacc - C:\WINDOWS\system32\svchost.dll - {CAC068F3-A608-406B-8581-458788A67694}
(no name) - C:\WINDOWS\system32\IEHelper.dll - {CE7C3CF0-98A8-474D-B2B5-1ED7E2E3B004}
Subconscious Intruder - C:\WINDOWS\system32\Inte32.dll - {EBBC6E6D-7B65-46be-B509-86CED2D17876}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job
MP Scheduled Scan.job
Win_Update_Program.job

--------------------------------------------------

Enumerating Download Program Files:

[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com...ex/qtplugin.cab

[Office Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\OGACheckControl.DLL
CODEBASE = http://go.microsoft....k/?linkid=58813

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\macromed\Director\SwDir.dll
CODEBASE = http://fpdownload.ma...director/sw.cab

[{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}]
CODEBASE = http://www.fileplane...DC_2.2.1.87.cab

[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.micros...ntent/opuc3.cab

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://update.micros...b?1152220698796

[Java Plug-in]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Java Plug-in]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Java Plug-in]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Java Plug-in 1.5.0_06]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx
CODEBASE = http://fpdownload.ma...ent/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\quartz32.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\mswsock.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\rsvpsp.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\quartz32.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
Albus: system32\drivers\Albus.SYS (system)
Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AMD K7 Processor Driver: system32\DRIVERS\amdk7.sys (system)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start)
ASP.NET Work State Service: %SystemRoot%\System32\svchost.exe -k aspwstate (autostart)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)
Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart)
ATI Smart: C:\WINDOWS\system32\ati2sgag.exe (autostart)
ati2mtag: system32\DRIVERS\ati2mtag.sys (manual start)
ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)
NT Data Provider: C:\WINDOWS\SYSTEM32\RUNDLL.EXE C:\WINDOWS\SYSTEM32\WBEM\SMTPCONFS.DLL,Export 1087 (autostart)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
.NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)
COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Disk Driver: system32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
MS IEEE-1284.4 Driver: system32\DRIVERS\Dot4.sys (manual start)
Print Class Driver for IEEE-1284.4: system32\DRIVERS\Dot4Prt.sys (manual start)
Scan Class Driver for IEEE-1284.4: system32\DRIVERS\Dot4Scan.sys (manual start)
Dot4USB Filter Dot4USB Filter: system32\DRIVERS\dot4usb.sys (manual start)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
ENTECH: \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (manual start)
VIA Rhine Family Fast Ethernet Adapter Driver: system32\DRIVERS\fetnd5b.sys (manual start)
Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\DRIVERS\fltMgr.sys (system)
Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)
Game Port Enumerator: system32\DRIVERS\gameenum.sys (manual start)
GEARAspiWDM: System32\Drivers\GEARAspiWDM.sys (manual start)
Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (manual start)
IPv6 Windows Firewall Driver: system32\DRIVERS\Ip6Fw.sys (manual start)
IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
iPod Service: "C:\Program Files\iPod\bin\iPodService.exe" (manual start)
Spectrum24 Events Monitor: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
IPSEC driver: system32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)
JMediaService: C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\MMSASS~1\MMSSVER.DLL,Service (autostart)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
Keyboard HID Driver: system32\DRIVERS\kbdhid.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
KSD2Service: C:\WINDOWS\system32\SVCH0ST.exe (autostart)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" (autostart)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
Unimodem Streaming Filter Device: system32\drivers\MODEMCSA.sys (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)
Sidewinder HID to Joystick Port Enabler: system32\DRIVERS\msgame.sys (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Windows Management Multimedia: mssenger.exe (autostart)
Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)
Microsoft MPU-401 MIDI UART Driver: system32\drivers\msmpu401.sys (manual start)
Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\system32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Network Logon: rundll32.exe KB896475.log,start (autostart)
NetFrame Wireless Configuration: %SystemRoot%\System32\svchost.exe -k NFSWZCSVC (autostart)
Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
NPPTNT2: \??\C:\WINDOWS\system32\npptNT2.sys (system)
NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
NTSIM: \??\C:\WINDOWS\system32\ntsim.sys (manual start)
IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
nwlnksipx: \??\C:\WINDOWS\system32\drivers\nwlnksipx.sys (autostart)
NetMeeting Remote Desktop Agent: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
Parallel port driver: system32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Microsoft IntelliPoint Filter Driver: system32\DRIVERS\point32.sys (manual start)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)
W2K Pctel Serial Device Driver: system32\DRIVERS\ptserial.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: system32\DRIVERS\raspti.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)
Remote Access: C:\WINDOWS\system32\RAccess.exe (autostart)
Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
RGWatch: system32\DRIVERS\RGWatch.sys (system)
Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
rxp: \??\C:\WINDOWS\system32\drivers\rxp.sys (system)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: system32\DRIVERS\secdrv.sys (autostart)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)
Serial port driver: system32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Sony USB Filter Driver (SONYPVU1): system32\DRIVERS\SONYPVU1.SYS (manual start)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: system32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Srv: system32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
StdService: C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\STDSVER.DLL,Service (autostart)
Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{5233DCE5-5AEE-4B68-9A34-1B61C6E486B0} (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)
Application Accelerator: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Terminal Device Driver: system32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
ultra: system32\DRIVERS\ultra.sys (system)
Microcode Update Driver: system32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB Standard Hub Driver: system32\DRIVERS\usbhub.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)
Messenger Sharing USN Journal Reader service: C:\WINDOWS\system32\svchost.exe -k usnsvc (manual start)
User Privilege Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Bus Filter: system32\DRIVERS\viaagp.sys (system)
VIA AGP Filter: system32\DRIVERS\viaagp1.sys (system)
ViaIde: system32\DRIVERS\viaide.sys (system)
VIA AC'97 Audio Controller (WDM): system32\drivers\viaudio.sys (manual start)
W2k Vmodem: system32\DRIVERS\vmodem.sys (system)
W2k Vpctcom: system32\DRIVERS\vpctcom.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
W2k Vvoice: system32\DRIVERS\vvoice.sys (system)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Windows Defender Service: "C:\Program Files\Windows Defender\MsMpEng.exe" (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Media Connect Service: C:\Program Files\Windows Media Connect 2\wmccds.exe (manual start)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
Windows Media Player Network Sharing Service: C:\Program Files\Windows Media Player\WMPNetwk.exe (manual start)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (system)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (manual start)
Windows Driver Foundation - User-mode Driver Framework Reflector: system32\DRIVERS\wudfrd.sys (manual start)
Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (manual start)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
XTrapD12: \??\C:\WINDOWS\system32\XTrapD12.sys (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

Galaxy = rundll32.exe C:\WINDOWS\system32\ppgaxea.dll,Su
Power = rundll32.exe C:\WINDOWS\system32\alxklt.dll,Start
popBlockHlp = rundll32.exe C:\WINDOWS\system32\wbem\wmipop.dll,_S1
SoundMix = rundll32.exe C:\WINDOWS\system32\soundmix.dll,Load
DEFAULT = rundll32.exe C:\WINDOWS\system32\SYSPOL~1.DLL,Start
CONFIGURATION = rundll32.exe C:\WINDOWS\system32\tapidef.dll,Start

--------------------------------------------------

End of report, 37,895 bytes
Report generated in 0.828 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

[A70)v(1C]

ComboFix Log

Brandon - 06-10-07 9:39:40.73 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Brandon\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\setup94.exe
C:\WINDOWS\system32\svchost.dll
C:\WINDOWS\system32\regedit.com


((((((((((((((((((((((((((((((( Files Created from 2006-09-07 to 2006-10-07 ))))))))))))))))))))))))))))))))))


2006-10-07 09:03 222,208 --a------ C:\WINDOWS\system32\mydown.exe
2006-10-07 08:47 222,720 --a------ C:\WINDOWS\system32\downasp.exe
2006-10-07 08:47 20,480 --a------ C:\WINDOWS\system32\bind_40255.exe
2006-10-07 08:46 523,288 --a------ C:\WINDOWS\system32\msupdate.exe
2006-10-07 08:46 222,720 --a------ C:\WINDOWS\system32\mmsn.exe
2006-10-07 06:05 28,672 --a------ C:\WINDOWS\system32\drivers\Albus.SYS
2006-10-07 01:21 32,768 ---hs---- C:\WINDOWS\system32\Realplayer.exe
2006-10-07 01:21 16,896 ---hs---- C:\WINDOWS\system32\Rsvtub.dll
2006-10-07 01:13 90,624 --a------ C:\WINDOWS\system32\ms.dll
2006-10-07 01:09 0 --a------ C:\WINDOWS\system32\nlenmac.dll
2006-10-07 01:08 60,981 --a------ C:\WINDOWS\system32\IELink.exe
2006-10-07 01:08 227,584 --a------ C:\WINDOWS\system32\BDSSetup.exe
2006-10-07 01:07 376,786 --a------ C:\WINDOWS\system32\bdcjlater.exe
2006-10-06 18:19 232,654 --a------ C:\WINDOWS\system32\msvsxml.dll
2006-10-06 17:02 5,018 --a------ C:\WINDOWS\system32\zcktlt.dll
2006-10-06 17:01 81,920 --a------ C:\WINDOWS\system32\ccpgen.dll
2006-10-06 16:54 3,416 --a------ C:\WINDOWS\system32\yptappm.dll
2006-10-06 16:48 102,400 --a------ C:\WINDOWS\system32\sutxre.dll
2006-10-06 15:14 81,920 --a------ C:\WINDOWS\system32\wpsont.dll
2006-10-06 15:14 51,712 --------- C:\WINDOWS\system32\drivers\CnsMinKP.sys
2006-10-06 15:14 32,768 --------- C:\WINDOWS\system32\cns.dll
2006-10-06 15:14 28,672 --------- C:\WINDOWS\system32\cns.exe
2006-10-06 14:48 55,428 --a------ C:\WINDOWS\system32\uninst.exe
2006-10-06 14:48 139,264 --a------ C:\WINDOWS\system32\BarTool.dll
2006-10-06 14:48 110,592 --a------ C:\WINDOWS\system32\SeaBar.dll
2006-10-06 14:47 356,537 --a------ C:\WINDOWS\system32\rjzc008_cns_yassist.exe
2006-10-06 14:46 14,566 --a------ C:\WINDOWS\system32\drivers\cdntran.sys
2006-10-06 14:37 18,347 --a------ C:\WINDOWS\system32\drivers\ProcServ.sys
2006-10-06 14:37 15,872 --a------ C:\WINDOWS\system32\netiup.dll
2006-10-06 14:37 13,824 --a------ C:\WINDOWS\system32\usersrd.dll
2006-10-06 14:26 2,562 --a------ C:\WINDOWS\dhcg.dll
2006-10-06 14:24 379,332 --a------ C:\WINDOWS\system32\sysdmins.exe
2006-10-06 14:24 240 --a------ C:\WINDOWS\system32\fctmlu.dll
2006-10-06 14:23 8,222 --a------ C:\WINDOWS\xtrestmd.dll
2006-10-06 14:22 462,585 --a------ C:\WINDOWS\system32\Kuaiso.exe
2006-10-06 13:42 40,960 --a------ C:\WINDOWS\edodo_install.exe
2006-10-06 13:42 106,496 --a------ C:\WINDOWS\system32\IEHelper.dll
2006-10-06 13:40 26,112 --a------ C:\WINDOWS\system32\drivers\RGWatch.sys
2006-10-06 13:40 114,688 --a------ C:\WINDOWS\system32\quartz32.dll
2006-10-06 13:39 79,872 --a------ C:\WINDOWS\system32\4021ther.exe
2006-10-06 13:39 70,656 --a------ C:\WINDOWS\system32\5004vost.exe
2006-10-06 13:39 62,261 --a------ C:\WINDOWS\system32\linkpicz.exe
2006-10-06 13:39 60,416 --a------ C:\WINDOWS\system32\xxq371.exe
2006-10-06 13:39 50,692 --a------ C:\WINDOWS\system32\13544.exe
2006-10-06 13:39 41,472 --a------ C:\WINDOWS\system32\Setup_QYL.exe
2006-10-06 13:39 40,149 --a------ C:\WINDOWS\system32\bind_40021.exe
2006-10-06 13:39 189,306 --a------ C:\WINDOWS\system32\1758.exe
2006-10-06 13:39 176,128 --a------ C:\WINDOWS\system32\5002.exe
2006-10-06 13:39 143,360 --a------ C:\WINDOWS\system32\Setup-238.exe
2006-10-06 13:39 108 --a------ C:\WINDOWS\system32\sdfbn88zt.baT
2006-10-06 13:38 90 --a------ C:\WINDOWS\system32\xxKDLxx3.bAt
2006-10-06 13:38 56,672 --a------ C:\WINDOWS\system32\hbrich.exe
2006-10-06 13:38 30,213 ---hs---- C:\WINDOWS\system32\r.dll
2006-10-06 13:38 176,128 --a------ C:\WINDOWS\system32\TOTO.exe
2006-10-06 13:38 111,282 --a------ C:\WINDOWS\system32\SkymmstpRAR.exe
2006-10-06 13:37 33,280 ---hs---- C:\WINDOWS\system32\winscok.dll
2006-10-06 13:37 16,384 --a------ C:\WINDOWS\system32\alsmt.exe
2006-10-06 13:37 135,168 --a------ C:\WINDOWS\system32\STDSVER.DLL
2006-10-06 13:37 13,824 --a------ C:\WINDOWS\system32\usercrd.dll
2006-10-06 13:36 816 --a------ C:\WINDOWS\system32\winnvusmb32.dll
2006-10-06 13:36 50,518 -r-hs---- C:\WINDOWS\system32\rundll32.com
2006-10-06 13:36 50,518 -r-hs---- C:\WINDOWS\system32\regedit.com
2006-10-06 13:36 50,518 -r-hs---- C:\WINDOWS\system32\MSCONFIG.COM
2006-10-06 13:36 50,518 -r-hs---- C:\WINDOWS\system32\finder.com
2006-10-06 13:36 50,518 -r-hs---- C:\WINDOWS\system32\dxdiag.com
2006-10-06 13:36 50,518 -r-hs---- C:\WINDOWS\system32\command.pif
2006-10-06 13:36 50,518 -r-hs---- C:\WINDOWS\SMSS.EXE
2006-10-06 13:36 50,518 -r-hs---- C:\WINDOWS\finder.com
2006-10-06 13:36 50,518 -r-hs---- C:\WINDOWS\explorer.com
2006-10-06 13:36 50,518 -r-hs---- C:\WINDOWS\ExERoute.exe
2006-10-06 13:36 50,518 --------- C:\WINDOWS\1.com
2006-10-06 13:36 50,468 -r-hs---- C:\WINDOWS\WINLOGON.EXE
2006-10-06 13:36 48,971 -r-hs---- C:\WINDOWS\LSASS.exe
2006-10-06 13:36 48,971 -r-hs---- C:\WINDOWS\EXERT.exe
2006-10-06 13:36 347,278 --a------ C:\WINDOWS\system32\bdcj01.exe
2006-10-06 13:36 166,522 ---hs---- C:\WINDOWS\system32\SVOHOST.exe
2006-10-06 13:35 138,577 --a------ C:\WINDOWS\system32\dxkr.exe
2006-10-06 13:34 236,544 --a------ C:\WINDOWS\system32\ucind.exe
2006-10-06 13:34 172,416 --a------ C:\WINDOWS\system32\drivers\cdnprot.sys
2006-10-06 13:33 59,392 --a------ C:\WINDOWS\system32\NFSWZWin32.dll
2006-10-06 13:33 544 --a------ C:\WINDOWS\system32\nvwrssvd32.dll
2006-10-06 13:33 28 --a------ C:\WINDOWS\system32\wmvdmoes32.dll
2006-10-06 13:33 240,640 --a------ C:\WINDOWS\system32\aspwswin.dll
2006-10-06 13:33 236,544 --a------ C:\WINDOWS\system32\huacai906.exe
2006-10-06 13:33 20 --a------ C:\WINDOWS\system32\C1C003E6.dll
2006-10-06 13:32 32 --a------ C:\WINDOWS\system32\bat.bat
2006-10-06 13:32 188,416 --a------ C:\WINDOWS\system32\cn5940barToolbar.dll
2006-10-06 13:31 196,608 --a------ C:\WINDOWS\system32\10022.exe
2006-10-06 13:30 8,802 --a------ C:\WINDOWS\system32\SVCH0ST.exe
2006-10-06 13:30 79,872 --a------ C:\WINDOWS\system32\4103ther.exe
2006-10-06 13:30 52,736 --a------ C:\WINDOWS\system32\SetupCmd.exe
2006-10-06 13:30 50,692 --a------ C:\WINDOWS\system32\13528.exe
2006-10-06 13:30 40,161 --a------ C:\WINDOWS\system32\bind_40258.exe
2006-10-06 13:30 18,432 --a------ C:\WINDOWS\winampb.exe
2006-10-06 13:29 340,890 --a------ C:\WINDOWS\system32\bdcjins.exe
2006-10-06 13:28 48,640 --a------ C:\WINDOWS\system32\ppgaxea.dll
2006-10-06 13:28 38,912 --a------ C:\WINDOWS\system32\alxklt.dll
2006-10-06 13:27 189,403 --a------ C:\WINDOWS\system32\3.exe
2006-10-06 13:26 201,386 --a------ C:\WINDOWS\system32\nav5.exe
2006-10-06 13:24 122,880 --a------ C:\WINDOWS\system32\RAccess.exe
2006-10-06 13:24 122,880 --a------ C:\WINDOWS\system32\NetworkDNS.exe
2006-10-06 13:24 118,784 --a------ C:\WINDOWS\system32\zsdm.exe
2006-10-06 13:22 33,280 --a------ C:\WINDOWS\system32\sysmini.exe
2006-10-06 13:22 219,412 --a------ C:\WINDOWS\system32\s_bdextinsU217.exe
2006-10-06 13:21 41,472 --a------ C:\WINDOWS\Setup_YH0017.exe
2006-10-06 08:06 96,256 --a------ C:\WINDOWS\system32\360safe.exe
2006-10-06 00:07 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2006-10-05 23:54 421,376 --a------ C:\WINDOWS\01xb1200_1.9_setup.exe
2006-10-05 23:51 142,569 --a------ C:\WINDOWS\199019003.exe
2006-10-05 23:24 292,341 --a------ C:\WINDOWS\106.exe
2006-10-05 23:10 176,128 --a------ C:\WINDOWS\5001.exe
2006-10-05 22:59 100,355 --a------ C:\WINDOWS\lmdm_setup_2.1_101.exe
2006-10-05 22:57 93,696 --a------ C:\WINDOWS\system32\Inte32.dll
2006-10-05 22:56 370,688 --a------ C:\WINDOWS\setup173.exe
2006-10-05 22:56 283,675 --a------ C:\WINDOWS\ss10202.EXE
2006-10-05 22:54 70,656 --a------ C:\WINDOWS\5002vost.exe
2006-10-05 22:54 317,882 --a------ C:\WINDOWS\Setup_020.exe
2006-10-05 22:54 19,968 --a------ C:\WINDOWS\realupdate.exe
2006-10-05 22:54 18,432 --a------ C:\WINDOWS\winampc.exe
2006-10-05 22:44 41,259 --a------ C:\WINDOWS\bind_40094.exe
2006-10-05 22:00 185,344 --a------ C:\WINDOWS\system32\aspaerdev.dll
2006-10-05 22:00 0 --a------ C:\WINDOWS\ef26ev.dll
2006-10-05 21:59 232,448 --a------ C:\WINDOWS\cert.exe
2006-10-05 16:22 570,880 --a------ C:\WINDOWS\system32\adsimg01.dll
2006-10-05 16:22 11,264 --a------ C:\WINDOWS\system32\fixmfs.dll
2006-10-04 17:30 566,844 --a------ C:\WINDOWS\system32\dmshell.dll
2006-10-04 17:30 176,640 --a------ C:\WINDOWS\system32\mssenger.exe
2006-09-30 22:42 737,280 --a------ C:\WINDOWS\iun6002.exe
2006-09-26 05:04 109,033 --a------ C:\WINDOWS\system32\SystemInput.dll
2006-09-26 00:05 10,725 --a------ C:\WINDOWS\system32\IntelFile.exe
2006-09-25 02:47 10,240 --a------ C:\WINDOWS\system32\rundll.exe
2006-09-22 02:40 102,400 --ahs---- C:\WINDOWS\system32\ACSs.dll
2006-09-21 15:39 172,416 --a------ C:\WINDOWS\system32\drivers\jeaachdd.sys
2006-09-21 06:11 143,360 --a------ C:\WINDOWS\system32\Flash9.dll
2006-09-19 13:40 234,496 --a------ C:\WINDOWS\svchost.exe
2006-09-18 20:07 135,168 --a------ C:\WINDOWS\system32\stdup.dll
2006-09-13 09:25 94,208 --ahs---- C:\WINDOWS\system32\sdmAgent22.dll
2006-09-13 09:25 94,208 --ahs---- C:\WINDOWS\system32\sdmAgent20.dll
2006-09-13 08:36 90,112 --a------ C:\WINDOWS\system32\SafeHelper12.dll
2006-09-13 01:25 106,496 --a------ C:\WINDOWS\system32\01SJHB17.exe
2006-09-09 10:51 94,208 --ahs---- C:\WINDOWS\system32\Nwsapagent.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-07 09:31 -------- d-------- C:\Program Files\Internet Explorer
2006-10-07 09:12 -------- d-------- C:\Program Files\MMSAssist
2006-10-07 08:48 -------- d-------- C:\Program Files\coolsign
2006-10-07 08:48 -------- d-------- C:\Program Files\Common Files\UPDATE2
2006-10-07 01:24 -------- d-------- C:\Program Files\KooWo
2006-10-07 01:09 1424 --a------ C:\Program Files\INSTALL.LOG
2006-10-06 23:41 48971 -r-hs---- C:\Program Files\Common Files\INTEXPLORE.pif
2006-10-06 23:40 50518 -r-hs---- C:\Program Files\Common Files\iexplore.pif
2006-10-06 15:12 7 --a------ C:\Documents and Settings\Brandon\Application Data\dapcon1.2.ini
2006-10-06 14:48 -------- d-------- C:\Program Files\Yahoo!
2006-10-06 13:52 -------- d-------- C:\Program Files\PPRich
2006-10-06 13:52 -------- d-------- C:\Program Files\Common Files\CPUSH
2006-10-06 13:51 -------- d-------- C:\Program Files\SystemInspect
2006-10-06 13:37 -------- d-------- C:\Program Files\Common Files
2006-10-06 13:34 -------- d-------- C:\Program Files\CNNIC
2006-10-06 13:31 -------- d-------- C:\Program Files\DeskAdTop
2006-10-06 10:40 -------- d-------- C:\Program Files\Common Files\AOL
2006-10-06 09:28 -------- dr------- C:\Program Files\Xfire
2006-10-06 09:23 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-06 09:12 -------- d-------- C:\Program Files\Common Files\Adobe
2006-10-06 00:21 -------- d-------- C:\Program Files\pcast
2006-10-05 23:58 -------- d-------- C:\Program Files\GameSpy Arcade
2006-10-05 23:50 -------- d-------- C:\Program Files\Riptide
2006-10-05 23:37 -------- d-------- C:\Program Files\SOHUGAME
2006-10-03 22:17 -------- d-------- C:\Documents and Settings\Brandon\Application Data\Azureus
2006-10-01 13:33 -------- d-------- C:\Program Files\Microsoft IntelliPoint
2006-10-01 13:28 -------- d-------- C:\Program Files\Microsoft IntelliType Pro
2006-10-01 02:31 -------- d-------- C:\Program Files\Replay Converter
2006-09-30 22:53 -------- d-------- C:\Documents and Settings\Brandon\Application Data\LimeWire
2006-09-30 15:00 -------- d-------- C:\Documents and Settings\Brandon\Application Data\Apple Computer
2006-09-30 14:59 -------- d-------- C:\Program Files\iTunes
2006-09-30 14:59 -------- d-------- C:\Program Files\iPod
2006-09-30 14:58 -------- d-------- C:\Program Files\QuickTime
2006-09-30 14:55 -------- d-------- C:\Program Files\Apple Software Update
2006-09-30 05:43 -------- d-------- C:\Program Files\MSN Messenger
2006-09-25 22:23 -------- d-------- C:\Program Files\Microsoft IntelliType Pro 5.5
2006-09-25 22:06 -------- d-------- C:\Program Files\Silkroad
2006-09-25 21:47 -------- d-------- C:\Program Files\Microsoft Hardware
2006-09-18 22:43 -------- d-------- C:\Documents and Settings\Brandon\Application Data\Google
2006-09-15 18:02 -------- d-------- C:\Program Files\WarRock
2006-09-10 00:23 -------- d-------- C:\Program Files\LimeWire
2006-09-02 13:59 -------- d---s---- C:\Documents and Settings\Brandon\Application Data\Microsoft
2006-09-02 13:59 -------- d-------- C:\Documents and Settings\Brandon\Application Data\ATI
2006-09-02 09:49 -------- d-------- C:\Program Files\ATI Technologies
2006-08-31 20:00 -------- d-------- C:\Program Files\MSN
2006-08-31 02:56 5800 --a------ C:\WINDOWS\system32\nt.sys
2006-08-24 22:30 -------- d-------- C:\Documents and Settings\Brandon\Application Data\acccore
2006-08-24 22:29 -------- d-------- C:\Program Files\Viewpoint
2006-08-24 22:28 -------- d-------- C:\Program Files\Common Files\Nullsoft
2006-08-24 22:27 -------- d-------- C:\Documents and Settings\Brandon\Application Data\Mozilla
2006-08-24 08:25 147100 --a------ C:\WINDOWS\system32\17.exe
2006-08-21 06:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 03:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 03:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-29 12:45 57344 --a------ C:\WINDOWS\uneng.exe
2006-07-29 12:45 49152 --a------ C:\WINDOWS\system32\cdrtc.dll
2006-07-29 12:45 45056 --a------ C:\WINDOWS\system32\cdral.dll
2006-07-27 07:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-26 20:39 303104 --a------ C:\WINDOWS\system32\YHBO.dll
2006-07-25 05:34 172032 --a------ C:\WINDOWS\system32\HTTPDll.dll
2006-07-25 05:32 40960 --a------ C:\WINDOWS\system32\lrcsys.exe
2006-07-21 02:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-14 14:51 108144 --a------ C:\WINDOWS\system32\GEARAspi.dll
2006-07-09 07:24 865792 --a------ C:\WINDOWS\system32\sctongji04.dll
2006-07-06 16:59 62 --ahs---- C:\Documents and Settings\Brandon\Application Data\desktop.ini


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
"updatereal"="C:\\WINDOWS\\realupdate.exe other"
"msnnt"="C:\\WINDOWS\\winampc.exe"
"svc"="C:\\WINDOWS\\svchost.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCTVOICE"="pctspk.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"AdaptecDirectCD"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"itype"="\"C:\\Program Files\\Microsoft IntelliType Pro\\itype.exe\""
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\ipoint.exe\""
"-788610"="C:\\WINDOWS\\system32\\-788610.exe"
"4938012"="C:\\WINDOWS\\system32\\4938012.exe"
"realtpsk"="C:\\WINDOWS\\system\\realsched.exe"
"IntelFile"="C:\\WINDOWS\\system32\\IntelFile.exe"
"RichMedia"="C:\\WINDOWS\\system32\\Rundll32.exe \"C:\\PROGRA~1\\pcast\\hbcast.dll\",WaitWindows"
"svc"="C:\\WINDOWS\\svchost.exe"
"sysmini"="C:\\WINDOWS\\system32\\sysmini.exe"
"Update"="C:\\Program Files\\Common Files\\UPDATE2\\Update.exe"
"Desktop"="C:\\WINDOWS\\system32\\rundll32.exe \"C:\\Program Files\\DeskAdTop\\Run.dll\" ,Rundll"
"spoolsv"="C:\\WINDOWS\\system32\\spoolsv\\spoolsv.exe -printer"
"CdnCtr"="C:\\Program Files\\CNNIC\\Cdn\\cdnup.exe"
"LoadEWXD"="C:\\WINDOWS\\system32\\ucind.exe"
"SoundMam"="C:\\WINDOWS\\system32\\SVOHOST.exe"
"Torjan Program"="C:\\WINDOWS\\WINLOGON.EXE"
"ToP"="C:\\WINDOWS\\LSASS.exe"
"TProgram"="C:\\WINDOWS\\SMSS.EXE"
"91cast"=""
"C:\\WINDOWS\\system32\\SetupCmd.exe"="C:\\WINDOWS\\system32\\SetupCmd.exe"
"Realplayer.exe"="C:\\WINDOWS\\system32\\Realplayer.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]
"alsmt.exe"="C:\\WINDOWS\\system32\\alsmt.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices]
"TProgram"="C:\\WINDOWS\\SMSS.EXE"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e4,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{D91AFF37-45BF-4D4D-9E02-2D37C5EA6653}"=""
"{E4C3C044-CE6A-4117-9D18-C1EBEC80D2C9}"=""
"{4BAB150F-DD97-476D-9C1E-41B6CDC0CA7A}"=""
"{E568441B-9EF3-49F8-9A67-4141AC41ADD4}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
"Galaxy"="rundll32.exe C:\\WINDOWS\\system32\\ppgaxea.dll,Su"
"Power"="rundll32.exe C:\\WINDOWS\\system32\\alxklt.dll,Start"
"popBlockHlp"="rundll32.exe C:\\WINDOWS\\system32\\wbem\\wmipop.dll,_S1"
"SoundMix"="rundll32.exe C:\\WINDOWS\\system32\\soundmix.dll,Load"
"DEFAULT"="rundll32.exe C:\\WINDOWS\\system32\\SYSPOL~1.DLL,Start"
"CONFIGURATION"="rundll32.exe C:\\WINDOWS\\system32\\tapidef.dll,Start"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ProcServ

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Win_Update_Program.job

Completion time: Sat 10/07/2006 9:44:53.73
ComboFix.txt

[loophole]

Hi

I'm almost done with your fix, I just need a little more information. Dont leave me now

Please go here: http://www.billsway.com/vbspage/

• Scroll down the page
• Look for "Registry Search Tool"
• Download Registry Search Tool
• Unzip RegSrch.zip to the desktop
• Double click on RegSrch.vbs to run the program
• If you get a warning from your Anti Virus please ignore it and allow this to run.
• The program will start, you will be asked to enter a search phrase
• Please enter this"
  
  nwlnksipx
  
  
• Click OK, it will disappear and won't look as if it's doing anything. When it's done searching, a prompt will come up saying how many instances it found. Click OK, and a notepad will open up. Please copy the contents of that notepad and paste it here.

Please to the same for all of the belowAlbus
cdnprot
jeaachdd
RGWatch
ProcServ
CnsMinKP
Thank you

Edited by loophole, 07 October 2006 - 01:54 PM.