Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Backdoor.Ciadoor


  • Please log in to reply

#1
johnny83

johnny83

    New Member

  • Member
  • Pip
  • 4 posts
hello everyone, i have a virus which has been really difficult to remove. (Backdoor.ciadoor) i searched the forums and have run avg antispyware in safe mode, then followed up with deleting this virus but it still remains in my system. please help as it is a high security issue. TIA
  • 0

Advertisements


#2
Anthony10

Anthony10

    Member

  • Member
  • PipPipPip
  • 314 posts
Hi johnny83,

Please download HijackThis from Here. Then click on the downloaded file to install HijackThis. After it is installed open HijackThis and select Do a system scan and save logfile. Use copy/paste and post that log back here for review.

Anthony.
  • 0

#3
johnny83

johnny83

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
hi anthony, thanks for helping me, here is the hijack this logfile as u requested:

Logfile of HijackThis v1.99.1
Scan saved at 4:28:16 PM, on 4/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijack This!\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.c...uth.srf?lc=1033
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SpyEmergency] "C:\Program Files\NETGATE\Spy Emergency 2006\SpyEmergency.exe"
O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
  • 0

#4
Anthony10

Anthony10

    Member

  • Member
  • PipPipPip
  • 314 posts
Hi johnny83,

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Please post back with SDFix report and dss scan reports main.txt and extra.txt
  • 0

#5
johnny83

johnny83

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
hello again, here is the dss main txt:
==================================================================
Deckard's System Scanner v20070328.36
Run by Compaq_Owner on 2007-04-03 at 12:02:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2007-04-03 16:02:26 UTC - RP51 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Compaq_Owner.exe) ----------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 12:04:08 PM, on 4/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Documents and Settings\Compaq_Owner\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Compaq_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.c...uth.srf?lc=1033
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SpyEmergency] "C:\Program Files\NETGATE\Spy Emergency 2006\SpyEmergency.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 fasttx2k - c:\windows\system32\drivers\fasttx2k.sys
R1 bdftdif (BitDefender Firewall TDI Filter) - c:\program files\common files\softwin\bitdefender firewall\bdftdif.sys
R1 ikhfile (File Security Kernel Anti-Spyware Driver) - c:\windows\system32\drivers\ikhfile.sys
R1 ikhlayer (Kernel Anti-Spyware Driver) - c:\windows\system32\drivers\ikhlayer.sys
R1 SiSkp - c:\windows\system32\drivers\srvkp.sys
R3 AgereSoftModem (Agere Systems Soft Modem) - c:\windows\system32\drivers\agrsm.sys
R3 Bdfndisf (BitDefender Firewall NDIS Filter Service) - c:\windows\system32\drivers\bdfndisf.sys
R3 ialm - c:\windows\system32\drivers\ialmnt5.sys
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys
R3 Ps2 - c:\windows\system32\drivers\ps2.sys
R3 RT61 (Linksys Wireless-G PCI Adapter Driver(RT61)) - c:\windows\system32\drivers\rt61.sys

S3 Nokia USB Port - c:\windows\system32\drivers\nmwcdcj.sys
S3 SiS315 - c:\windows\system32\drivers\sisgrp.sys
S3 viagfx - c:\windows\system32\drivers\vtmini.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 MSCSPTISRV - "c:\program files\common files\sony shared\avlib\mscsptisrv.exe"
S3 PACSPTISVR - "c:\program files\common files\sony shared\avlib\pacsptisvr.exe"
S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe"
S3 SPTISRV (Sony SPTI Service) - "c:\program files\common files\sony shared\avlib\sptisrv.exe"
S3 SSScsiSV (SonicStage SCSI Service) - c:\program files\common files\sony shared\avlib\ssscsisv.exe


-- Files created between 2007-03-03 and 2007-04-03 -----------------------------

2007-04-03 00:07:56 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Lavasoft
2007-04-03 00:07:29 0 d-------- C:\Program Files\Lavasoft
2007-04-02 14:44:17 0 -rahs---- C:\MSDOS.SYS
2007-04-02 14:44:17 0 -rahs---- C:\IO.SYS
2007-04-02 14:35:40 0 d-------- C:\Program Files\Hijack This!<HIJACK~1>
2007-04-02 13:23:56 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Bitdefender<BITDEF~1>
2007-04-02 13:20:13 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender<BITDEF~1>
2007-04-02 02:07:12 0 d-------- C:\Avenger
2007-04-01 20:53:14 0 d-------- C:\Program Files\Enigma Software Group<ENIGMA~1>
2007-04-01 18:25:22 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-01 14:54:13 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Spy Emergency<SPYEME~1>
2007-03-31 13:29:39 0 --a------ C:\WINDOWS\system32\SBRC.dat
2007-03-31 13:29:39 0 --a------ C:\WINDOWS\system32\SBFC.dat
2007-03-31 12:33:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
2007-03-31 06:56:10 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\InterVideo<INTERV~1>
2007-03-31 00:32:22 0 d-------- C:\Program Files\Stardock
2007-03-30 18:46:31 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-03-30 18:46:12 23856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-03-30 14:49:49 36864 --a------ C:\WINDOWS\system32\wbsys.dll
2007-03-30 14:49:49 0 d-------- C:\Program Files\Common Files\Stardock
2007-03-30 14:49:49 0 d-------- C:\Program Files\AlienGUIse<ALIENG~1>
2007-03-30 00:42:16 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-03-30 00:35:29 0 d-------- C:\Program Files\Fitness Assistant<FITNES~1>
2007-03-29 17:41:35 12800 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-03-29 17:41:35 12800 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-03-29 17:41:34 9216 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-03-29 17:41:33 4608 --a------ C:\WINDOWS\system32\nmwcdlog.dll
2007-03-29 17:41:33 138240 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-03-29 17:28:35 30720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll<NMWCDC~1.DLL>
2007-03-29 17:28:34 48128 -ra------ C:\WINDOWS\system32\nmwcdcls.dll
2007-03-29 13:20:31 0 d-------- C:\Program Files\Microsoft ActiveSync<MICROS~3>
2007-03-29 13:17:09 0 d-------- C:\WINDOWS\SHELLNEW
2007-03-29 13:17:06 0 d-------- C:\Program Files\Microsoft.NET<MICROS~1.NET>
2007-03-29 01:47:45 0 d-------- C:\Program Files\Avanquest update<AVANQU~1>
2007-03-29 01:47:23 0 d-------- C:\Program Files\Ringtone Media Studio<RINGTO~1>
2007-03-29 01:47:23 0 d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software<BVRPSO~1>
2007-03-29 01:11:39 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire
2007-03-28 20:45:53 0 d-------- C:\Program Files\DVDFab Decrypter 3<DVDFAB~1>
2007-03-28 14:24:05 0 d-------- C:\Program Files\KeePassPortable<KEEPAS~1>
2007-03-28 13:22:05 153088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-03-28 13:22:05 75264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-03-28 13:22:02 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Simply Super Software<SIMPLY~1>
2007-03-28 12:48:32 89184 -----n--- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-03-28 12:47:00 38912 -ra------ C:\WINDOWS\system32\picn20.dll
2007-03-28 12:46:40 544768 -ra------ C:\WINDOWS\system32\imagx5.dll
2007-03-28 12:46:39 569344 -ra------ C:\WINDOWS\system32\imagr5.dll
2007-03-28 12:46:38 283920 -ra------ C:\WINDOWS\system32\ImagXpr5.dll
2007-03-28 12:46:13 155648 -ra------ C:\WINDOWS\system32\NeroCheck.exe<NEROCH~1.EXE>
2007-03-27 21:07:48 0 d---s---- C:\Documents and Settings\Compaq_Owner\UserData
2007-03-27 19:37:41 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\URSoft
2007-03-27 19:37:27 0 d-------- C:\Program Files\Your Uninstaller 2006<YOURUN~1>
2007-03-27 13:29:20 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\RipIt4Me
2007-03-27 10:10:28 27255 -----n--- C:\WINDOWS\system32\drivers\NWWMUSB.sys
2007-03-27 10:10:09 11510 -----n--- C:\WINDOWS\system32\drivers\VMCUSB.sys
2007-03-27 10:09:42 38951 -----n--- C:\WINDOWS\system32\drivers\NETMDUSB.sys
2007-03-27 10:09:42 36679 -----n--- C:\WINDOWS\system32\drivers\NETMD052.sys
2007-03-27 10:09:42 36232 -----n--- C:\WINDOWS\system32\drivers\NETMD033.sys
2007-03-27 10:09:42 35319 -----n--- C:\WINDOWS\system32\drivers\NETMD031.sys
2007-03-27 10:06:17 765952 --a------ C:\WINDOWS\system32\CDDBUISony.dll<CDDBUI~1.DLL>
2007-03-27 10:06:17 565248 --a------ C:\WINDOWS\system32\CddbMusicIDSony.dll<CDDBMU~1.DLL>
2007-03-27 10:06:17 73728 --a------ C:\WINDOWS\system32\CddbLinkSony.dll<CDDBLI~1.DLL>
2007-03-27 10:06:17 598016 --a------ C:\WINDOWS\system32\CDDBControlSony.dll<CDDBCO~1.DLL>
2007-03-27 09:56:15 0 d-------- C:\WINDOWS\system32\LogFiles
2007-03-26 22:50:36 81984 --a------ C:\WINDOWS\system32\bdod.bin
2007-03-26 22:11:51 0 dr-hs---- C:\cmdcons
2007-03-26 22:11:06 0 d-------- C:\WINDOWS\setupupd
2007-03-26 21:34:54 2560 -----n--- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-03-26 21:34:54 2432 -----n--- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-03-26 18:15:08 356096 -ra------ C:\WINDOWS\system32\drivers\rt61.sys
2007-03-26 18:12:11 0 d-------- C:\WINDOWS\system32\Lang
2007-03-26 18:12:02 159744 --a------ C:\WINDOWS\system32\igfxres.dll
2007-03-26 18:11:39 221184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-03-26 18:11:03 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Symantec
2007-03-26 18:11:03 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Sun
2007-03-26 18:11:03 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\SampleView<SAMPLE~1>
2007-03-26 18:11:03 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Real
2007-03-26 18:11:03 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Apple Computer<APPLEC~1>
2007-03-26 18:11:02 0 d-------- C:\Documents and Settings\Compaq_Owner\WINDOWS
2007-03-26 18:11:02 2621440 --a------ C:\Documents and Settings\Compaq_Owner\NTUSER.DAT
2007-03-26 18:08:25 204800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll<IV828C~1.DLL>
2007-03-26 18:08:25 188416 --a------ C:\WINDOWS\system32\IVIresizePX.dll<IV760B~1.DLL>
2007-03-26 18:08:25 192512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll<IVIRES~4.DLL>
2007-03-26 18:08:25 192512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll<IVIRES~3.DLL>
2007-03-26 18:08:25 200704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll<IVIRES~2.DLL>
2007-03-26 18:08:25 20480 --a------ C:\WINDOWS\system32\IVIresize.dll<IVIRES~1.DLL>
2007-03-26 17:58:28 52864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-03-26 17:58:24 54272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-03-26 17:58:22 2944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-03-26 17:58:21 60800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-03-26 17:58:19 7552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-03-26 17:58:18 4992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-03-26 17:58:17 5376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-03-26 17:58:11 4096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-03-26 17:58:10 60288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-03-26 17:57:30 61056 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys
2007-03-26 17:57:30 6400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-03-26 17:57:29 53248 --a------ C:\WINDOWS\system32\drivers\1394bus.sys
2007-03-26 17:29:43 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-03-26 17:06:20 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-03-26 17:01:10 30592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2007-03-26 17:01:09 51072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2007-03-22 23:25:33 0 d-------- C:\Program Files\CDRWIN
2007-03-22 00:38:36 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\uTorrent
2007-03-21 16:23:55 0 d-------- C:\Program Files\Spyware Doctor<SPYWAR~1>
2007-03-21 15:43:04 0 d-------- C:\Program Files\Common Files\PC Tools<PCTOOL~1>
2007-03-21 11:30:48 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Google
2007-03-19 14:14:04 0 d-------- C:\Documents and Settings\All Users\SonicStage<SONICS~1>
2007-03-19 14:07:08 0 d-------- C:\Program Files\Sony Corporation<SONYCO~1>
2007-03-19 14:06:56 90112 -----n--- C:\WINDOWS\snymsico.dll
2007-03-19 14:05:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony Corporation<SONYCO~1>
2007-03-19 14:05:22 0 d-------- C:\Program Files\Sony
2007-03-19 14:04:49 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Sony Corporation<SONYCO~1>
2007-03-19 14:04:48 0 d-------- C:\Program Files\Common Files\Sony Shared<SONYSH~1>
2007-03-17 16:44:03 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\ImgBurn
2007-03-17 16:09:47 0 d-------- C:\Program Files\ImgBurn
2007-03-16 23:48:22 0 d-------- C:\Program Files\CD_DVD-ROM Generator 1.50<CD_DVD~1.50>
2007-03-16 23:46:00 0 d-------- C:\Program Files\Smart Projects<SMARTP~1>
2007-03-16 19:33:14 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Sonic
2007-03-15 11:23:16 497496 --a------ C:\WINDOWS\system32\XceedZip.dll
2007-03-15 11:19:58 526184 --a------ C:\WINDOWS\system32\XceedCry.dll
2007-03-14 11:28:10 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Leadertech<LEADER~1>
2007-03-09 21:34:36 348160 -ra------ C:\WINDOWS\system\msvcr71.dll
2007-03-09 13:50:46 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\BitTorrent<BITTOR~1>
2007-03-08 01:46:26 87608 --a------ C:\Documents and Settings\Compaq_Owner\Application Data\ezpinst.exe
2007-03-08 01:46:25 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-03-08 01:46:25 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Vso
2007-03-08 01:46:25 47360 --a------ C:\Documents and Settings\Compaq_Owner\Application Data\pcouffin.sys
2007-03-08 01:46:19 0 d-------- C:\Program Files\vso
2007-03-08 01:34:11 0 d--hs---- C:\Documents and Settings\Compaq_Owner\Phone Browser<PHONEB~1>
2007-03-08 01:28:22 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Adobe
2007-03-08 01:24:54 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Nokia
2007-03-08 01:22:58 0 d-------- C:\Program Files\PC Connectivity Solution<PCCONN~1>
2007-03-08 01:17:38 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\PC Suite<PCSUIT~1>
2007-03-08 01:11:39 0 d-------- C:\Program Files\Google
2007-03-08 01:06:06 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\PC Tools<PCTOOL~1>
2007-03-07 21:01:56 0 d-------- C:\Documents and Settings\Compaq_Owner\Contacts
2007-03-07 20:33:17 44823 --a------ C:\WINDOWS\BricoPackUninst.cmd<BRICOP~2.CMD>
2007-03-07 20:29:47 2235 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd<BRICOP~1.CMD>
2007-03-07 20:28:44 0 d-------- C:\WINDOWS\BricoPacks<BRICOP~1>


-- Find3M Report ---------------------------------------------------------------

2007-04-02 02:13:35 0 d---s---- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft<MICROS~1>
2007-04-02 01:42:53 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\AVG7
2007-03-31 00:14:18 0 d-------- C:\Program Files\TopDesk
2007-03-30 00:16:40 0 d-------- C:\Program Files\Common Files\ODBC
2007-03-29 17:43:43 0 d-------- C:\Program Files\Common Files\PCSuite
2007-03-29 17:32:38 0 d-------- C:\Program Files\Common Files\Nokia
2007-03-29 01:47:44 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-28 12:46:05 0 d-------- C:\Program Files\Ahead
2007-03-27 20:06:31 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-03-27 20:06:30 0 d-------- C:\Program Files\LimeWire
2007-03-27 20:05:52 0 d-------- C:\Program Files\Microsoft Works<MIF2B0~1>
2007-03-26 21:51:40 0 d-------- C:\Program Files\Easy Internet signup<EASYIN~1>
2007-03-26 21:40:40 0 d-------- C:\Program Files\Java
2007-03-26 21:35:45 34 --a------ C:\Documents and Settings\Compaq_Owner\Application Data\pcouffin.log
2007-03-26 21:35:41 1144 --a------ C:\Documents and Settings\Compaq_Owner\Application Data\pcouffin.inf
2007-03-26 21:35:41 1074 --a------ C:\Documents and Settings\Compaq_Owner\Application Data\pcouffin.cat
2007-03-26 21:34:52 0 d-------- C:\Program Files\Picasa2
2007-03-26 17:38:41 0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2007-03-26 17:38:38 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-03-26 17:38:37 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-03-26 17:05:59 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-03-26 16:40:46 0 d-------- C:\Program Files\iTunes
2007-03-19 02:33:00 0 d-------- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor<LINKSY~1>
2007-03-19 01:28:05 0 d-------- C:\Program Files\BitTorrent<BITTOR~1>
2007-03-08 01:23:22 0 d-------- C:\Program Files\DIFX
2007-03-08 00:57:10 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-03-07 21:41:20 0 d-------- C:\Program Files\DVD Shrink<DVDSHR~1>
2007-03-07 17:30:27 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla
2007-03-07 16:42:42 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Macromedia<MACROM~1>
2007-03-04 15:11:50 0 d-------- C:\Program Files\Nero
2007-03-01 21:40:12 0 d-------- C:\Program Files\convertx to dvd<CONVER~1>
2007-02-26 14:35:41 0 d-------- C:\Program Files\Thoosje's Sidebar<THOOSJ~1>
2007-02-25 15:18:10 0 d-------- C:\Program Files\SiteAdvisor<SITEAD~1>
2007-02-25 00:10:31 512 --a------ C:\ScanSectorLog.dat<SCANSE~1.DAT>
2007-02-24 23:52:03 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-02-24 18:46:52 0 d-------- C:\Program Files\Common Files\Adobe
2007-02-19 00:27:48 0 d-------- C:\Program Files\Windows Media Connect 2<WINDOW~4>
2007-02-18 22:56:44 0 d-------- C:\Program Files\TechSmith<TECHSM~1>
2007-02-18 20:00:22 0 d-------- C:\Program Files\Common Files\Ahead
2007-02-12 23:05:32 0 d-------- C:\Program Files\NOD32
2007-02-06 12:59:54 0 d-------- C:\Program Files\All Video to VCD SVCD DVD Creator & Burner<ALLVID~1>
2007-02-06 02:00:19 0 d-------- C:\Program Files\Vista Sidebar<VISTAS~1>
2007-01-21 00:09:21 60416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2007-01-19 13:53:04 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
2007-01-19 02:41:03 737280 --a------ C:\WINDOWS\iun6002.exe
2007-01-11 03:12:19 1168 --a------ C:\WINDOWS\mozver.dat
2007-01-08 15:29:40 75512 --a------ C:\WINDOWS\zllsputility.exe<ZLLSPU~1.EXE>


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"SpyEmergency"="\"C:\\Program Files\\NETGATE\\Spy Emergency 2006\\SpyEmergency.exe\""
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"Spyware Doctor"="C:\\PROGRA~1\\SPYWAR~1\\swdoctor.exe /Q"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"VTTimer"="VTTimer.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"SoundMan"="SOUNDMAN.EXE"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"AlcWzrd"="ALCWZRD.EXE"
"Alcmtr"="ALCMTR.EXE"
"BDMCon"="\"C:\\Program Files\\Softwin\\BitDefender10\\bdmcon.exe\" /reg"
"BDAgent"="\"C:\\Program Files\\Softwin\\BitDefender10\\bdagent.exe\""
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="sockspy.dll"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
"PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\
NetworkService REG_MULTI_SZ DnsCache\
DcomLaunch REG_MULTI_SZ DcomLaunchTermService\
rpcss REG_MULTI_SZ RpcSs\
imgsvc REG_MULTI_SZ StiSvc\
termsvcs REG_MULTI_SZ TermService\
WudfServiceGroup REG_MULTI_SZ WUDFSvc\


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{936fa7da-dbe4-11db-ad7c-806d6172696f}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{936fa7dc-dbe4-11db-ad7c-806d6172696f}]
shell\play\command "C:\Program Files\InterVideo\WinDVD\WinDVD.exe" %1

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebcf8775-dcca-11db-ad85-0018f828e343}]
Shell\AutoRun\command setupSNK.exe


-- End of Deckard's System Scanner: finished at 2007-04-03 at 12:04:44 ---------
===================================================================================================

HERE is the extra txt:

Deckard's System Scanner v20070328.36
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.93GHz
Percentage of Memory in Use: 75%
Physical Memory (total/avail): 503.29 MiB / 124.14 MiB
Pagefile Memory (total/avail): 1229.76 MiB / 734.04 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1986.89 MiB

C: is Fixed (NTFS) - 144.38 GiB total, 96.97 GiB free.
D: is Fixed (FAT32) - 4.66 GiB total, 0.57 GiB free.
E: is CDROM (UDF)
F: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: BitDefender Internet Security v10 v7.2 (Softwin)
AV: BitDefender Internet Security v10 v7.2 (Softwin)


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Compaq_Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JONSPC
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Compaq_Owner
LOGONSERVER=\\JONSPC
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp
USERDOMAIN=JONSPC
USERNAME=Compaq_Owner
USERPROFILE=C:\Documents and Settings\Compaq_Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Compaq_Owner (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> Dummy
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x9 UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Professional --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Agere Systems PCI Soft Modem --> agrsmdel
Ahead Nero Burning ROM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
AlienGUIse Theme Manager --> C:\PROGRA~1\ALIENG~1\thememgr.exe /uninstallwise
Avanquest update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -l0x9
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
BitDefender Internet Security v10 --> MsiExec.exe /I{055FBA0A-DDF0-42DB-B914-4880C3D2DE12}
ConvertXtoDVD 2.1.14.223 --> "C:\Program Files\vso\ConvertXtoDVD\unins000.exe"
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVDFab Decrypter 3.0.8.6 --> "C:\Program Files\DVDFab Decrypter 3\unins000.exe"
Help and Support Additions --> C:\PROGRA~1\HELPAN~1\UNWISE.EXE C:\PROGRA~1\HELPAN~1\INSTALL.LOG
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 1.99.1 --> C:\Program Files\Hijack This!\HijackThis.exe /uninstall
IntelliMover Data Transfer Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{01B51908-02EF-453B-87A9-815182E8C2F2}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
KBD --> C:\HP\KBD\KBD.EXE uninstalled
KeyRipper 3.1 --> C:\PROGRA~1\DSSEVO~1.COM\KEYRIP~1\Setup.exe /remove /q0
LimeWire PRO 4.13.0 --> "C:\Program Files\LimeWire\uninstall.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Nokia Connectivity Cable Driver --> MsiExec.exe /X{0FF1922C-B6C4-40BB-AF30-BEF75A482444}
Nokia PC Suite --> MsiExec.exe /I{D89AC4DF-7A00-4D0B-BA99-D582C7974A09}
OpenMG Limited Patch 4.4-06-13-19-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.4-06-13-19-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.4.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{CFB17307-B244-4EAD-AE8E-CDAF440477C2} UNINSTALL
PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
PC Connectivity Solution --> MsiExec.exe /I{AB2347E4-153B-4194-AA3B-97C0A662B369}
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Ringtone Media Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FDD8E223-270B-4BD7-BD67-6E4A60E0BE86}\setup.exe" -l0x9 -removeonly
SnagIt 8 --> MsiExec.exe /I{B6F0BE9B-41D7-45A2-9A76-D3DB1A89EC6A}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
SonicStage 3.4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\101\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 4.0 --> "C:\Program Files\Spyware Doctor\unins000.exe"
TopDesk 1.4.2 --> C:\Program Files\TopDesk\uninst.exe
Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_6B630EE2E66584353C6CD8683D447072872F34D8\pccswpddriver.inf
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567\nokbtmdm.inf
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Your Uninstaller! 2006 Version 5 --> "C:\Program Files\Your Uninstaller 2006\unins000.exe"


-- End of Deckard's System Scanner: finished at 2007-04-03 at 12:04:44 ---------
==================================================================================================

I also scanned with bitdefender and here is the log:


//-----------------------------------------------------------------
//
// Product BitDefender Internet Security v10
// Product 10.2
//
// Created on: 02/04/2007 18:16:30
//
//-----------------------------------------------------------------


Virus Statistics

Scan path : C:\
D:\
Folders : 4650
Files : 533933
Memory processes scanned : 36
Archives : 15969
Runtime packers : 42601
Identified viruses : 2
Infected files : 3
Memory processes infected : 0
Suspect files : 0
Warnings : 0
Disinfected files : 0
Deleted files : 0
Moved files : 0
I/O errors : 124
Scan time : 01:21:15
Scan speed (files/sec) : 109

Spyware Statistics

Registry keys scanned : 1655
Registry keys infected : 0
Cookies scanned : 25
Cookies infected : 0
Spyware files infected : 0
Spyware threats detected : 0


Virus definitions : 454132
Scan plugins : 16
Archive plugins : 41
Unpack plugins : 6
Mail plugins : 6
System plugins : 5

Virus scan options

Detection
[X] Scan boot sectors
[X] Memory Processes
[X] Scan archives
[X] Scan runtime packers
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Move to quarantine
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[X] Move to quarantine
[ ] Prompt user

Virus scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\deep_scan\1175552190.log

Spyware scan options

[X] Scan for riskware
[ ] Skip dial and applications from scan
[X] Registry keys
[X] Cookies


Summary:

C:\RECYCLER\S-1-5-21-1236149474-1124406294-3235563299-1009\Dc80.297\Setup.exe=>(NSIS o)=>zlib_nsis0061 Detected: Application.VirTool.Wfpdisable.A
C:\RECYCLER\S-1-5-21-1236149474-1124406294-3235563299-1009\Dc80.297\Setup.exe=>(NSIS o)=>zlib_nsis0061 Disinfection failed
C:\RECYCLER\S-1-5-21-1236149474-1124406294-3235563299-1009\Dc80.297\Setup.exe=>(NSIS o)=>zlib_nsis0061 Move failed
C:\RECYCLER\S-1-5-21-1344349692-2121881738-1363686665-1009\Dc67.exe=>(CAB Sfx r)=>SETUPA~2.EXE=>(Embedded EXE o)=>(CAB Sfx r)=>Serve2r.exe Infected: MemScan:Backdoor.Ciadoor.13
C:\RECYCLER\S-1-5-21-1344349692-2121881738-1363686665-1009\Dc67.exe=>(CAB Sfx r)=>SETUPA~2.EXE=>(Embedded EXE o)=>(CAB Sfx r)=>Serve2r.exe Disinfection failed
C:\RECYCLER\S-1-5-21-1344349692-2121881738-1363686665-1009\Dc67.exe=>(CAB Sfx r)=>SETUPA~2.EXE=>(Embedded EXE o)=>(CAB Sfx r)=>Serve2r.exe Move failed
C:\RECYCLER\S-1-5-21-3495757028-79995583-1617800750-1009\Dc4290.TMP\setup.exe=>(CAB Sfx r)=>SETUPA~2.EXE=>(Embedded EXE o)=>(CAB Sfx r)=>Serve2r.exe Infected: MemScan:Backdoor.Ciadoor.13
C:\RECYCLER\S-1-5-21-3495757028-79995583-1617800750-1009\Dc4290.TMP\setup.exe=>(CAB Sfx r)=>SETUPA~2.EXE=>(Embedded EXE o)=>(CAB Sfx r)=>Serve2r.exe Disinfection failed
C:\RECYCLER\S-1-5-21-3495757028-79995583-1617800750-1009\Dc4290.TMP\setup.exe=>(CAB Sfx r)=>SETUPA~2.EXE=>(Embedded EXE o)=>(CAB Sfx r)=>Serve2r.exe Move failed


the virus that im trying to get rid of, bitdefender says its in the following file path names above. i have no idea how to access and remove these files. also, i think it is attached to my system restore points. again thanks for ur help.

edit: sorry, here is the sdfix log:


SDFix: Version 1.76

Run by Compaq_Owner - Tue 04/03/2007 - 12:26:37.34

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\Documents and Settings\Compaq_Owner\Desktop\SDFix\SDFix

Safe Mode:
Checking Services:





Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

No Trojan Files Found...




ADS Check:

C:\WINDOWS\system32
No streams found.


Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"="C:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe:*:Enabled:BackWeb for Presario"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"


Remaining Files:
---------------


Checking For Files with Hidden Attributes :

C:\Program Files\DssEvolution.com\KeyRipper\Setup.exe
C:\Program Files\DssEvolution.com\KeyRipper\Setup.ini
C:\Program Files\Common Files\Ahead\AudioPlugins\PNCRT.dll
C:\Program Files\Common Files\Ahead\AudioPlugins\Common\atrc3260.dll
C:\Program Files\Common Files\Ahead\AudioPlugins\Common\auth3260.dll
C:\Program Files\Common Files\Ahead\AudioPlugins\Common\cook3260.dll
C:\Program Files\Common Files\Ahead\AudioPlugins\Common\drv13260.dll
C:\Program Files\Common Files\Ahead\AudioPlugins\Common\drv23260.dll
C:\Program Files\Common Files\Ahead\AudioPlugins\Common\drv33260.dll
C:\Program Files\Common Files\Ahead\AudioPlugins\Common\drv43260.dll
C:\Program Files\Common Files\Ahead\AudioPlugins\Common\pnen3260.dll
C:\Program Files\Common Files\Ahead\AudioPlugins\Common\pnvi3260.dll
C:\Program Files\Common Files\Ahead\AudioPlugins\Common\pnxr3260.dll
C:\Program Files\Common Files\Ahead\AudioPlugins\Common\ramf3260.dll
C:\Program Files\Common Files\Ahead\AudioPlugins\Common\rare3260.dll
C:\Program Files\Common Files\Ahead\AudioPlugins\Common\rims3290.dll
C:\Program Files\Common Files\Ahead\AudioPlugins\Common\rmff3260.dll
C:\Program Files\Common Files\Ahead\AudioPlugins\Common\rmse3290.dll
C:\Program Files\Common Files\Ahead\AudioPlugins\Common\rmwr3260.dll
C:\Program Files\Common Files\Ahead\AudioPlugins\Common\rnlt3260.dll
C:\Program Files\Common Files\Ahead\AudioPlugins\Common\rorw3290.dll
C:\Program Files\Common Files\Ahead\AudioPlugins\Common\rtae3290.dll
C:\Program Files\Common Files\Ahead\AudioPlugins\Common\rtin3290.dll
C:\Program Files\Common Files\Ahead\AudioPlugins\Common\rtve3290.dll
C:\Program Files\Common Files\Ahead\AudioPlugins\Common\rv103260.dll
C:\Program Files\Common Files\Ahead\AudioPlugins\Com

Edited by johnny83, 03 April 2007 - 10:08 AM.

  • 0

#6
johnny83

johnny83

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
hey this was taking too long so i figured out how to remove the infection. thanx though.
  • 0

#7
Anthony10

Anthony10

    Member

  • Member
  • PipPipPip
  • 314 posts
Hi,
  • Rehide files.
- Click Start.
- Click My Computer.
- Select the Tools menu and click Folder Options.
- Select the View Tab.
- Under the Hidden files and folders heading select Do not show hidden files and folders.
- Click OK.

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard to catch and block spyware before it can execute.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
You should also have a good firewall. Here are 3 free ones available for personal use:and a good antivirus (these are also free for personal use):It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit monthly. And to keep your system clean run these free malware scanners weekly, and be aware of what emails you open and websites you visit.To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?

Have a safe and happy computing day!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP