Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

icons help

Started by delsol , Dec 26 2007 05:16 PM

  • Please log in to reply

#1
delsol
Posted 26 December 2007 - 05:16 PM

delsol

    New Member

  • Member
  • Pip
  • 2 posts
Deckard's System Scanner v20071014.68
Run by Peter Del Sol on 2007-12-26 14:52:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
47: 2007-12-26 22:52:19 UTC - RP130 - Deckard's System Scanner Restore Point
46: 2007-12-26 22:29:42 UTC - RP129 - Software Distribution Service 3.0
45: 2007-12-25 22:47:30 UTC - RP128 - SandraRestorePoint
44: 2007-12-25 20:16:38 UTC - RP127 - Software Distribution Service 3.0
43: 2007-12-25 19:14:32 UTC - RP126 - Software Distribution Service 3.0


-- First Restore Point --
1: 2007-12-25 14:43:20 UTC - RP84 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Peter Del Sol.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:55, on 2007-12-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\dss.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Peter Del Sol.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: BndBlock4 BHO Class - {8F9E2BE3-766D-4831-BB0E-766D5B819995} - C:\Program Files\QdrDrive\QdrDrive9.dll (file missing)
O2 - BHO: (no name) - {BBFFA63C-31F3-350B-DA27-3FE677860F98} - C:\WINDOWS\system32\tqgxym.dll (file missing)
O2 - BHO: (no name) - {CA4F0D8D-5F2B-4F16-838A-8D52249EAB21} - (no file)
O2 - BHO: (no name) - {CB301B4C-C068-409E-9E8E-043CBCDFA46D} - C:\WINDOWS\system32\awtst.dll
O2 - BHO: (no name) - {CDCDF14A-A124-42D8-9A90-E69815CD1E6F} - (no file)
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\compaq\cpqsetup\cpqset.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {3269A168-A467-4236-9D77-FF36D8DFB20F} - https://bis.t-mobile...M-PwpClient.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1198608790754
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: bw+0 - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {27A2CC64-EC64-469A-A77D-E99E481C2E98} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe

--
End of file - 16713 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>

S3 catchme - c:\docume~1\admini~1.pet\locals~1\temp\catchme.sys (file missing)
S3 HSF_DP - c:\windows\system32\drivers\hsf_dp.sys (file missing)
S3 HSFHWBS2 - c:\windows\system32\drivers\hsfhwbs2.sys (file missing)
S3 RimUsb (BlackBerry Device) - c:\windows\system32\drivers\rimusb.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S4 gearsec - c:\windows\system32\gearsec.exe <Not Verified; GEAR Software; gearsec>
S4 Roxio UPnP Renderer 9 - "c:\program files\roxio\digital home 9\roxioupnprenderer9.exe" (file missing)
S4 Roxio Upnp Server 9 - "c:\program files\roxio\digital home 9\roxioupnpservice9.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {6BDD1FC5-810F-11D0-BEC7-08002BE2092F}
Description: ALi Fast Infrared Controller
Device ID: ACPI\ALI5123\3
Manufacturer: AcerLabs
Name: ALi Fast Infrared Controller
PNP Device ID: ACPI\ALI5123\3
Service: ALiIRDA


-- Scheduled Tasks -------------------------------------------------------------

2007-12-26 14:36:40 454 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2007-12-23 16:58:47 388 --a------ C:\WINDOWS\Tasks\RegCure.job
2006-12-14 14:18:59 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-11-26 and 2007-12-26 -----------------------------

2007-12-26 14:54:52 0 d-------- C:\Program Files\Trend Micro
2007-12-26 14:30:40 0 dr-h----- C:\Documents and Settings\new\SendTo
2007-12-26 14:30:40 0 d--h----- C:\Documents and Settings\new\Recent
2007-12-26 14:30:40 0 d--h----- C:\Documents and Settings\new\PrintHood
2007-12-26 14:30:40 0 d--h----- C:\Documents and Settings\new\NetHood
2007-12-26 14:30:40 0 dr------- C:\Documents and Settings\new\My Documents
2007-12-26 14:30:40 0 d--h----- C:\Documents and Settings\new\Local Settings
2007-12-26 14:30:40 0 d-------- C:\Documents and Settings\new\Favorites
2007-12-26 14:30:40 0 d-------- C:\Documents and Settings\new\Desktop
2007-12-26 14:30:40 0 d--hs---- C:\Documents and Settings\new\Cookies
2007-12-26 14:30:40 0 dr-h----- C:\Documents and Settings\new\Application Data
2007-12-26 14:30:40 0 d---s---- C:\Documents and Settings\new\Application Data\Microsoft
2007-12-26 14:30:39 0 d--h----- C:\Documents and Settings\new\Templates
2007-12-26 14:30:39 0 dr------- C:\Documents and Settings\new\Start Menu
2007-12-26 14:30:38 524288 --ah----- C:\Documents and Settings\new\NTUSER.DAT
2007-12-26 14:30:07 0 d-------- C:\WINDOWS\LastGood
2007-12-25 21:16:32 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-25 21:16:32 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2007-12-25 21:16:32 81920 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2007-12-25 21:16:32 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-25 21:16:31 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-12-25 21:16:31 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-12-25 14:49:11 0 d-------- C:\Program Files\SiSoftware
2007-12-25 14:40:04 0 dr-h----- C:\Documents and Settings\Peter Del Sol\Recent
2007-12-25 14:16:42 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2007-12-25 10:45:57 0 d-------- C:\Documents and Settings\Peter Del Sol\Application Data\InstallShield
2007-12-24 18:29:47 0 d-------- C:\Documents and Settings\Administrator.PETE\Application Data\Grisoft
2007-12-24 17:46:07 0 d-------- C:\WINDOWS\ServicePackFiles
2007-12-24 11:24:00 18672 --ahs---- C:\WINDOWS\system32\tstwa.ini2
2007-12-24 08:57:53 3670016 --a------ C:\Documents and Settings\Peter Del Sol\ntuser.dat
2007-12-24 08:56:10 337920 -----n--- C:\WINDOWS\system32\awtst.dll
2007-12-24 08:43:39 0 d--h----- C:\Documents and Settings\Administrator.PETE\Templates
2007-12-24 08:43:39 0 dr------- C:\Documents and Settings\Administrator.PETE\Start Menu
2007-12-24 08:43:39 0 dr-h----- C:\Documents and Settings\Administrator.PETE\SendTo
2007-12-24 08:43:39 0 d--h----- C:\Documents and Settings\Administrator.PETE\Recent
2007-12-24 08:43:39 0 d--h----- C:\Documents and Settings\Administrator.PETE\PrintHood
2007-12-24 08:43:39 0 d--h----- C:\Documents and Settings\Administrator.PETE\NetHood
2007-12-24 08:43:39 0 d-------- C:\Documents and Settings\Administrator.PETE\My Documents
2007-12-24 08:43:39 0 d--h----- C:\Documents and Settings\Administrator.PETE\Local Settings
2007-12-24 08:43:39 0 d-------- C:\Documents and Settings\Administrator.PETE\Favorites
2007-12-24 08:43:39 0 d-------- C:\Documents and Settings\Administrator.PETE\Desktop
2007-12-24 08:43:39 0 d--hs---- C:\Documents and Settings\Administrator.PETE\Cookies
2007-12-24 08:43:39 0 dr-h----- C:\Documents and Settings\Administrator.PETE\Application Data
2007-12-24 08:43:39 0 d---s---- C:\Documents and Settings\Administrator.PETE\Application Data\Microsoft
2007-12-24 08:43:38 524288 --ah----- C:\Documents and Settings\Administrator.PETE\ntuser.dat
2007-12-24 06:40:00 0 d-------- C:\Program Files\MSXML 4.0
2007-12-23 18:25:03 0 d-------- C:\WINDOWS\Prefetch
2007-12-23 18:22:38 0 d-------- C:\WINDOWS\Registration
2007-12-23 17:41:01 0 d-------- C:\Program Files\PC Wizard 2008
2007-12-23 16:58:35 0 d-------- C:\Program Files\RegCure
2007-12-23 15:54:45 0 d-------- C:\Program Files\Remote Support System
2007-12-23 13:30:52 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-12-23 07:11:40 1408 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-23 05:32:38 341504 --a------ C:\WINDOWS\system32\awtst.exe
2007-12-23 05:31:01 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Roxio
2007-12-23 05:30:58 0 d-------- C:\Documents and Settings\Peter Del Sol\Application Data\Roxio
2007-12-23 05:30:17 0 d-------- C:\Program Files\WinAble
2007-12-23 05:28:12 256 --a------ C:\WINDOWS\system32\pool.bin
2007-12-23 05:26:52 0 d-------- C:\Program Files\QdrPack
2007-12-22 19:20:00 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallShield
2007-12-22 19:19:49 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sonic
2007-12-22 19:15:59 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Roxio
2007-12-22 19:15:58 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-12-22 19:15:51 0 d-------- C:\Program Files\Common Files\Roxio Shared
2007-12-14 14:18:45 101888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic pour Windows>
2007-12-14 14:18:45 119568 --a------ C:\WINDOWS\system32\VB6FR.DLL <Not Verified; Microsoft Corporation; Environnement Visual Basic>
2007-12-14 14:18:45 21504 --a------ C:\WINDOWS\system32\TABCTFR.DLL <Not Verified; Microsoft Corporation; Bibliothèque d'objets TabCtl32>
2007-12-14 14:18:45 15360 --a------ C:\WINDOWS\system32\inetfr.DLL <Not Verified; Microsoft Corporation; DLL du contrôle Microsoft Internet Transfer>
2007-12-14 14:18:44 141312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL <Not Verified; Microsoft Corporation; COMCTL>
2007-12-14 14:18:44 59904 --a------ C:\WINDOWS\system32\Mscc2fr.dll <Not Verified; Microsoft Corporation; Bibliothèque d'objets de Microsoft Common Controls 2>
2007-12-14 14:18:44 32768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL <Not Verified; Microsoft Corporation; CMDIALOG>
2007-12-14 14:18:43 0 d-------- C:\Program Files\Free Audio Pack
2007-12-10 23:45:19 0 d-------- C:\WINDOWS\network diagnostic


-- Find3M Report ---------------------------------------------------------------

2007-12-26 00:58:33 0 d-ah----- C:\Program Files\WindowsUpdate
2007-12-25 21:59:18 0 d-------- C:\Documents and Settings\Peter Del Sol\Application Data\Adobe
2007-12-24 17:52:38 0 d-------- C:\Program Files\Messenger
2007-12-23 15:03:35 0 d-------- C:\Program Files\Common Files
2007-12-23 13:10:16 0 d-------- C:\Program Files\QuickTime
2007-12-22 19:15:58 0 d-------- C:\Program Files\Common Files\InstallShield
2007-12-22 03:16:44 0 d-------- C:\Documents and Settings\Peter Del Sol\Application Data\LimeWire
2007-11-02 19:48:27 0 d-------- C:\Program Files\COMPAQ
2007-10-31 05:19:00 0 d-------- C:\Program Files\2Wire
2007-10-17 07:57:22 4 --a------ C:\WINDOWS\system32\E1181D


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8F9E2BE3-766D-4831-BB0E-766D5B819995}]
C:\Program Files\QdrDrive\QdrDrive9.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBFFA63C-31F3-350B-DA27-3FE677860F98}]
C:\WINDOWS\system32\tqgxym.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA4F0D8D-5F2B-4F16-838A-8D52249EAB21}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CB301B4C-C068-409E-9E8E-043CBCDFA46D}]
2007-12-24 08:56 337920 --------- C:\WINDOWS\system32\awtst.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CDCDF14A-A124-42D8-9A90-E69815CD1E6F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" []
"Cpqset"="C:\Program Files\compaq\cpqsetup\cpqset.exe" [2007-12-26 14:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-12-26 14:56]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awtst

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^BTTray.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Compaq Client Manager.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Compaq Client Manager.lnk
backup=C:\WINDOWS\pss\Compaq Client Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDownload]
"C:\Program Files\BitDownload\BitDownload.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChkAdmin]
C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
C:\Program Files\compaq\cpqsetup\cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
C:\Program Files\Compaq\EAB\EABSERVR.EXE /Start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Mobile Printing]
C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
"C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LidPolicy]
c:\Program Files\Hewlett-Packard\LidSwitch Policy\pwrschem.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\awtst.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\outlook]
C:\Program Files\outlook\outlook.exe /auto

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhoneBodyPureBolt]
C:\Documents and Settings\All Users.WINDOWS\Application Data\Load Chin Phone Body\Dog Soft.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSVR.EXE]
"C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pure shim]
C:\DOCUME~1\PETERD~1\APPLIC~1\BENDDU~1\tonseachglobal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrModule11]
"C:\Program Files\QdrModule\QdrModule11.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrPack11]
"C:\Program Files\QdrPack\QdrPack11.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask .exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
"C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\mrofinu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uuss]
"C:\PROGRA~1\DOBE~1\attrib.exe" -vt ndrv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
C:\WINDOWS\vVX3000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wdf]
"C:\Documents and Settings\Peter Del Sol\My Documents\?ppPatch\w?crtupd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent]
C:\Program Files\webHancer\Programs\whagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Survey Companion]
C:\Program Files\webHancer\Programs\whsurvey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAble]
C:\Program Files\WinAble\winable.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winlogon]
C:\WINDOWS\csrss

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wltray.exe]
C:\WINDOWS\system32\wltray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"btwdins"=2 (0x2)
"InCDsrvR"=2 (0x2)
"InCDsrv"=2 (0x2)
"WIN32SL"=2 (0x2)
"cpqdmi"=2 (0x2)
"CPQALERT"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"wltrysvc"=2 (0x2)
"usnjsvc"=3 (0x3)
"SoundMAX Agent Service (default)"=2 (0x2)
"RoxWatch9"=2 (0x2)
"RoxMediaDB9"=3 (0x3)
"RoxLiveShare9"=2 (0x2)
"Roxio Upnp Server 9"=2 (0x2)
"Roxio UPnP Renderer 9"=3 (0x3)
"MSCamSvc"=2 (0x2)
"MDM"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"gearsec"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47c4a2d1-2918-11dc-929b-000bcd5fbb81}]
AutoRun\command- F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbb22f21-ee94-11db-9296-000bcd5fbb81}]
AutoRun\command- E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbb22f23-ee94-11db-9296-000bcd5fbb81}]
AutoRun\command- E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbb22f2b-ee94-11db-9296-000bcd5fbb81}]
AutoRun\command- E:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2007-12-26 14:57:28 ------------







can someone help me to fix this
  • 0

Advertisements

#2
racenutalways
Posted 30 December 2007 - 01:00 PM

racenutalways

    Member 1K

  • Retired Staff
  • 1,675 posts
Hello delsol and welcome to G2G, you been hit with a few infections, let's start with this,

Please go HERE and click the "Download VundoFix" link.
Download VundoFix to your desktop
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#3
delsol
Posted 31 December 2007 - 12:44 AM

delsol

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
ComboFix 07-12-31.4 - Peter Del Sol 2007-12-30 11:49:37.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.590 [GMT -6:00]
Running from: C:\Documents and Settings\Peter Del Sol\Local Settings\Temporary Internet Files\Content.IE5\T2ECQK0O\ComboFix[2].exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\awtst.dll
C:\WINDOWS\system32\awtst.exe
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\tstwa.ini
C:\WINDOWS\system32\tstwa.ini2
.
---- Previous Run -------
.
C:\Documents and Settings\Administrator\Favorites\.url
C:\Documents and Settings\Peter Del Sol\My Documents\PPPATC~1
C:\onoes.exe
C:\Program Files\outlook
C:\Program Files\outlook\outlook.exe
C:\Program Files\outlook\p.zip
C:\Program Files\outlook\v.tmp
C:\WINDOWS\system32\awtst.dll
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\hgggggg.dll
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\tstwa.ini
C:\WINDOWS\system32\tstwa.ini2
C:\WINDOWS\system32\wnscpsu.exe

.
((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-31 )))))))))))))))))))))))))))))))
.

2007-12-30 11:45 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-26 18:47 . 2007-12-26 18:47 26 --a------ C:\eabiiupgrade.upg
2007-12-26 18:45 . 2007-12-26 18:45 21 --a------ C:\WINDOWS\Status.mif
2007-12-26 18:44 . 2007-12-26 18:44 2,067 -rahs---- C:\WINDOWS\system32\drivers\HP_Evo N1020v_YN_Evo_Q9X33LDLZ_E_4_I0818h_SHP_VKBC Revision 1820_B0F0A_T030514_WXP2_L409_M992_J30_7Intel_8Pentium 4_91.99_1104C8017_N10EC8139_P104CAC41_Z14F12F00_K_A10B95451_U10330035_G10024337_
OCPQ DVD-ROM DV28EB.MRK
2007-12-26 18:20 . 2007-12-26 18:20 <DIR> d-------- C:\Program Files\Uniblue
2007-12-26 18:20 . 2007-12-26 18:20 <DIR> d-------- C:\Documents and Settings\Peter Del Sol\Application Data\Uniblue
2007-12-26 16:54 . 2007-12-26 16:54 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-26 16:51 . 2007-12-26 16:51 <DIR> d-------- C:\Deckard
2007-12-26 02:58 . 2007-07-30 21:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-26 02:58 . 2007-07-30 21:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-25 16:49 . 2007-12-25 16:49 <DIR> d-------- C:\Program Files\SiSoftware
2007-12-25 16:49 . 2006-08-01 20:14 38,432 --a------ C:\WINDOWS\system32\SanCpl.cpl
2007-12-25 16:16 . 2007-12-25 16:16 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2007-12-25 16:16 . 2007-05-30 06:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-25 14:08 . 2007-12-31 12:21 0 --a------ C:\WINDOWS\system.ini
2007-12-25 13:19 . 2007-12-27 09:12 182 --a------ C:\WINDOWS\win.ini
2007-12-25 12:45 . 2007-12-25 12:45 <DIR> d-------- C:\Documents and Settings\Peter Del Sol\Application Data\InstallShield
2007-12-25 07:53 . 2007-12-25 07:53 341,504 --a------ C:\WINDOWS\system32\RCX11.tmp
2007-12-24 20:29 . 2007-12-24 20:29 <DIR> d-------- C:\Documents and Settings\Administrator.PETE\Application Data\Grisoft
2007-12-24 19:52 . 2004-07-17 13:35 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2007-12-24 19:52 . 2004-07-17 13:36 64,352 --------- C:\WINDOWS\system32\drivers\ativmc20.cod
2007-12-24 19:46 . 2007-12-24 19:46 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-12-24 19:44 . 2004-07-17 13:40 19,528 --a------ C:\WINDOWS\000001_.tmp
2007-12-24 13:24 . 2007-12-24 13:24 341,504 --a------ C:\WINDOWS\system32\RCX8.tmp
2007-12-24 09:24 . 2007-12-24 09:24 341,504 --a------ C:\WINDOWS\system32\RCX7.tmp
2007-12-24 08:40 . 2007-12-24 08:40 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-23 20:32 . 2007-08-13 20:52 66,048 --a------ C:\WINDOWS\ieResetIcons.exe
2007-12-23 19:41 . 2007-12-23 19:41 <DIR> d-------- C:\Program Files\PC Wizard 2008
2007-12-23 19:41 . 2007-09-15 17:11 27,136 --a------ C:\WINDOWS\system32\PCWizard.cpl
2007-12-23 18:58 . 2007-12-27 08:45 <DIR> d-------- C:\Program Files\RegCure
2007-12-23 17:54 . 2007-12-23 17:59 <DIR> d-------- C:\Program Files\Remote Support System
2007-12-23 15:30 . 2007-12-23 17:04 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-12-23 15:07 . 2007-12-23 15:07 341,504 --a------ C:\WINDOWS\system32\RCXD.tmp
2007-12-23 14:35 . 2007-12-23 14:35 341,504 --a------ C:\WINDOWS\system32\RCX15.tmp
2007-12-23 14:31 . 2007-12-23 14:31 341,504 --a------ C:\WINDOWS\system32\RCX14.tmp
2007-12-23 14:03 . 2007-12-23 14:03 341,504 --a------ C:\WINDOWS\system32\RCX13.tmp
2007-12-23 13:41 . 2007-12-23 13:41 341,504 --a------ C:\WINDOWS\system32\RCX12.tmp
2007-12-23 13:02 . 2007-12-23 13:02 341,504 --a------ C:\WINDOWS\system32\RCX1A.tmp
2007-12-23 12:49 . 2007-12-23 12:49 341,504 --a------ C:\WINDOWS\system32\RCX19.tmp
2007-12-23 10:46 . 2007-12-23 10:46 341,504 --a------ C:\WINDOWS\system32\RCX18.tmp
2007-12-23 10:41 . 2007-12-23 10:41 341,504 --a------ C:\WINDOWS\system32\RCX17.tmp
2007-12-23 09:35 . 2007-12-23 09:35 341,504 --a------ C:\WINDOWS\system32\RCX16.tmp
2007-12-23 09:11 . 2007-12-27 08:57 1,092 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-23 09:08 . 2007-12-23 09:08 341,504 --a------ C:\WINDOWS\system32\RCXB5.tmp
2007-12-23 08:43 . 2007-12-29 23:15 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-23 07:31 . 2007-12-23 07:31 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Roxio
2007-12-23 07:30 . 2007-12-23 13:07 <DIR> d-------- C:\Program Files\WinAble
2007-12-23 07:30 . 2007-12-23 07:30 <DIR> d-------- C:\Documents and Settings\Peter Del Sol\Application Data\Roxio
2007-12-23 07:28 . 2007-12-23 07:36 256 --a------ C:\WINDOWS\system32\pool.bin
2007-12-23 07:26 . 2007-12-23 09:25 <DIR> d-------- C:\Program Files\QdrPack
2007-12-22 21:20 . 2007-12-22 21:20 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallShield
2007-12-22 21:19 . 2007-12-22 21:19 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sonic
2007-12-22 21:15 . 2007-12-22 21:19 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2007-12-22 21:15 . 2007-12-22 21:17 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2007-12-22 21:15 . 2007-12-22 21:18 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Roxio
2007-12-22 21:08 . 2007-01-18 12:24 26,496 -ra------ C:\WINDOWS\system32\drivers\RimSerial.sys
2007-12-14 16:18 . 2007-12-14 16:18 <DIR> d-------- C:\Program Files\Free Audio Pack
2007-11-07 22:54 . 2007-11-07 22:54 268 --ah----- C:\sqmdata01.sqm
2007-11-07 22:54 . 2007-11-07 22:54 244 --ah----- C:\sqmnoopt01.sqm
2007-11-04 10:36 . 2007-12-23 07:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-04 10:36 . 2007-11-04 10:36 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-01 22:59 . 2003-02-28 19:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
----a-w		   228,088 2007-12-23 21:07:59  C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9 .exe
----a-w		   172,101 2007-12-27 06:32:13  C:\Program Files\COMPAQ\Cpqsetup\cpqset .exe
----a-w		   651,264 2007-12-23 21:10:16  C:\Program Files\QuickTime\qttask			 .exe
----a-w		   651,264 2007-12-23 21:07:52  C:\Program Files\QuickTime\qttask			.exe
----a-w		   651,264 2007-12-23 20:34:36  C:\Program Files\QuickTime\qttask		   .exe
----a-w		   651,264 2007-12-23 20:31:00  C:\Program Files\QuickTime\qttask		  .exe
----a-w		   651,264 2007-12-23 20:03:09  C:\Program Files\QuickTime\qttask		 .exe
----a-w		   651,264 2007-12-23 19:50:10  C:\Program Files\QuickTime\qttask		.exe
----a-w		   651,264 2007-12-23 19:01:50  C:\Program Files\QuickTime\qttask	   .exe
----a-w		   651,264 2007-12-23 18:44:50  C:\Program Files\QuickTime\qttask	  .exe
----a-w		   651,264 2007-12-23 18:31:22  C:\Program Files\QuickTime\qttask	 .exe
----a-w		   651,264 2007-12-23 16:46:06  C:\Program Files\QuickTime\qttask	.exe
----a-w		   651,264 2007-12-23 16:41:01  C:\Program Files\QuickTime\qttask   .exe
----a-w		   651,264 2007-12-23 15:35:30  C:\Program Files\QuickTime\qttask  .exe
----a-w		   651,264 2007-12-23 15:05:30  C:\Program Files\QuickTime\qttask .exe
----a-w		 1,460,560 2007-12-25 14:52:03  C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
----a-w		 1,885,464 2007-12-27 06:32:58  C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster  .exe
----a-w		 2,272,256 2007-12-27 06:53:53  C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster .exe
----a-w		   158,208 2007-12-27 15:14:39  C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
----a-w			15,360 2007-12-30 05:15:11  C:\WINDOWS\system32\ctfmon .exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8F9E2BE3-766D-4831-BB0E-766D5B819995}]
C:\Program Files\QdrDrive\QdrDrive9.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBFFA63C-31F3-350B-DA27-3FE677860F98}]
C:\WINDOWS\system32\tqgxym.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^BTTray.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\BTTray.lnk
backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Compaq Client Manager.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Compaq Client Manager.lnk
backup=C:\WINDOWS\pss\Compaq Client Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 01:46 57344 --a------ C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2003-11-13 23:10 335872 --a------ C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDownload]
C:\Program Files\BitDownload\BitDownload.exe /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChkAdmin]
C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
2007-12-27 00:53 513536 --a------ C:\Program Files\compaq\cpqsetup\cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 02:56 15360 --a------ C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
C:\Program Files\Compaq\EAB\EABSERVR.EXE /Start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Mobile Printing]
2003-05-23 15:12 630784 --a------ C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -scheduler

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2006-10-30 11:36 256576 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2006-12-30 20:22 32768 --a------ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LidPolicy]
2004-04-27 14:58 24576 --a------ c:\Program Files\Hewlett-Packard\LidSwitch Policy\pwrschem.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2006-10-13 18:01 277296 --a------ C:\Program Files\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\awtst.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2004-04-20 18:50 53248 --a------ c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.Exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\outlook]
C:\Program Files\outlook\outlook.exe /auto

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhoneBodyPureBolt]
C:\Documents and Settings\All Users.WINDOWS\Application Data\Load Chin Phone Body\Dog Soft.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSVR.EXE]
C:\WINDOWS\system32\PRISMSVR.EXE /APPLY

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pure shim]
C:\DOCUME~1\PETERD~1\APPLIC~1\BENDDU~1\tonseachglobal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrModule11]
C:\Program Files\QdrModule\QdrModule11.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrPack11]
C:\Program Files\QdrPack\QdrPack11.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask .exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2007-12-23 15:10 617984 --a------ C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\mrofinu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2007-12-25 14:08 1805824 --a------ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-04-13 05:48 36975 --a------ C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2003-05-23 00:06 610304 --a------ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2003-05-22 23:10 110592 --a------ C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster .exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uuss]
C:\PROGRA~1\DOBE~1\attrib.exe -vt ndrv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
2006-10-13 18:04 707376 --a------ C:\WINDOWS\vVX3000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wdf]
C:\Documents and Settings\Peter Del Sol\My Documents\?ppPatch\w?crtupd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent]
C:\Program Files\webHancer\Programs\whagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Survey Companion]
C:\Program Files\webHancer\Programs\whsurvey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAble]
C:\Program Files\WinAble\winable.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winlogon]
C:\WINDOWS\csrss

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wltray.exe]
2005-06-08 19:32 778318 --a------ C:\WINDOWS\system32\wltray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"btwdins"=2 (0x2)
"InCDsrvR"=2 (0x2)
"InCDsrv"=2 (0x2)
"WIN32SL"=2 (0x2)
"cpqdmi"=2 (0x2)
"CPQALERT"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"wltrysvc"=2 (0x2)
"usnjsvc"=3 (0x3)
"SoundMAX Agent Service (default)"=2 (0x2)
"RoxWatch9"=2 (0x2)
"RoxMediaDB9"=3 (0x3)
"RoxLiveShare9"=2 (0x2)
"Roxio Upnp Server 9"=2 (0x2)
"Roxio UPnP Renderer 9"=3 (0x3)
"MSCamSvc"=2 (0x2)
"MDM"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"gearsec"=2 (0x2)
"SandraTheSrv"=3 (0x3)
"SandraDataSrv"=3 (0x3)
"AVG Anti-Spyware Guard"=2 (0x2)

R3 ALiIRDA;ALi Infrared Device Driver;C:\WINDOWS\system32\DRIVERS\alifir.sys [2001-08-17 07:49]
R3 C4C_BSC2;C4C_BSC2;C:\WINDOWS\system32\DRIVERS\C4C_BSC2.sys [2002-12-11 04:00]
S3 PCX500;Cisco Wireless LAN Adapters Driver;C:\WINDOWS\system32\DRIVERS\pcx500.sys [2004-08-03 23:06]
S3 VX3000;VX-3000;C:\WINDOWS\system32\DRIVERS\VX3000.sys [2006-10-13 18:04]
S4 gearsec;gearsec;C:\WINDOWS\system32\gearsec.exe [2003-12-01 17:27]
S4 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2006-10-13 18:01]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47c4a2d1-2918-11dc-929b-000bcd5fbb81}]
\Shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbb22f21-ee94-11db-9296-000bcd5fbb81}]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbb22f23-ee94-11db-9296-000bcd5fbb81}]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbb22f2b-ee94-11db-9296-000bcd5fbb81}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2007-12-30 12:18:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-31 18:20:53 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-12-24 00:58:47 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-31 12:21:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-31 12:26:14 - machine was rebooted [Peter Del Sol]
C:\qoobox\ComboFix-quarantined-files.txt 2007-12-31 18:26:06
.
2007-12-26 22:31:48 --- E O F ---
that did the trick thanks alot you saved my life
  • 0

#4
racenutalways
Posted 04 January 2008 - 03:11 PM

racenutalways

    Member 1K

  • Retired Staff
  • 1,675 posts
You been hit with the mass spawning vundo infection, this affects some of your legit programs, lucky for us, SuBs created an application that can fix this for us without having you to re-install the programs. We will fix this first, then I will go after the leftovers. :)

  • Download RenV.exe by sUBs to your desktop
  • Double click on it to run it
  • It will search your system drive looking for any modified .exe file and will produce a log for you.
  • Please attach this report to your reply (Do not copy and paste)

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP