Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need help Removing Trojan Downloader.xs, *whataboutadog.com [RESOLVED]


  • This topic is locked This topic is locked

#1
JOMO

JOMO

    Member

  • Member
  • PipPip
  • 23 posts
Hello Geeks,

My computer has been infected for over a month. I've called tech support forh my virus removal software but they could not disinfect the computer (Reaching them is another problem :)).

Problems started when I got a yellow triangle in a blank window, followed by a pop-up ad for spyware removal. That was followed by a "New Program Has Been Added message". I never could identify this alledged 'new program'. Then the desktop background changed to a black screen with a message that starts off with "Warning! Spyware threat has been detected on your PC" in red letters, just like the forum poster Iborange Iborange experienced. I try to open The Task Manager but a message says it is disabled by the administrator :) .

My virus protection software identified a few cases of spyware/adware, but kept displaying a pop-up that said the Trojan Downloader.xs had been identified. It quarantines it but the pop-up came back after each scan and reboot.

In the Trusted Sites (Internet Explorer ->Properties), "*.whataboutadog.com", "*whataboutarabbit.com", and "*.doginhispen.com", keep showing up, even after I deleted them. I tried putting them in the Restricted sites but they reappear in the Trusted Sites after each reboot.

I followed the instructions on the "Read This Before Posting A HiJackThis log" page. More than 60 types of Trojans, adware, and spyware were identified that my virus protection software never caught. The Super Anti-Spyware program identified adware from Panda Software. I did not have Microsoft Windows XP SP2 loaded on my system so I followed the instructions and downloaded SP1a. Please let me know when it is safe to download SP2. Hope this enough info to get started. I really appreciate your assistance :) . With that, here are the logs:

  • HiJackThis Log
:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:57:37 PM, on 1/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Dad\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061005
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061005
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Road Runner High Speed Online
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O15 - Trusted Zone: *.doginhispen.com
O15 - Trusted Zone: *.whataboutadog.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1201363922656
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1201363908640
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup163.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 7255 bytes


  • HiJackThis Uninstall Log
:

Abacast Client
Adobe Flash Player 9
Adobe GoLive 6.0
Adobe Photoshop 7.0
Adobe Reader 7.0.8
Adobe SVG Viewer 3.0
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
Apple Software Update
AVG Anti-Spyware 7.5
Conexant D850 56K V.9x DFVc Modem
Corel Photo Album 6
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Support 3.2
Digital Content Portal
Digital Line Detect
Documentation & Support Launcher
EarthLink setup files
EducateU
ELIcon
ESPNMotion
FLV Player 1.3.3
Games, Music, & Photos Launcher
GemMaster Mystic
Get High Speed Internet!
Google Desktop
Google Toolbar for Internet Explorer
Google Video Player
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Intel® Matrix Storage Manager
Internet Service Offers Launcher
Internet Speed Monitor
iTunes
J2SE Runtime Environment 5.0 Update 6
Learn2 Player (Uninstall Only)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft Office 97, Professional Edition
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Works
Modem Helper
MSXML 4.0 SP2 (KB936181)
Musicmatch® Jukebox
NetWaiting
NetZeroInstallers
NVIDIA Drivers
Otto
Panda ActiveScan
Qualxserve Service Agreement
QuickTime
RealPlayer
Replay Converter 2.50
RoadRunner
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
SearchAssist
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
SUPERAntiSpyware Free Edition
Trend Micro PC-cillin Internet Security 14
Trend Micro PC-cillin Internet Security 14
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
Viewpoint Media Player
WildTangent Web Driver
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890927
Windows XP Media Center Edition 2005 KB908246
Yahoo! Toolbar


  • AVG Anti-Spyware Log:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:07:43 AM 1/26/2008

+ Scan result:



HKU\S-1-5-21-2242286368-2252595331-3489106849-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Cleaned with backup (quarantined).
HKU\S-1-5-21-2242286368-2252595331-3489106849-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1ADBCCE8-CF84-441E-9B38-AFC7A19C06A4} -> Adware.ActivShopper : Cleaned with backup (quarantined).
HKU\S-1-5-21-2242286368-2252595331-3489106849-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-2242286368-2252595331-3489106849-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5AF2622-8C75-4DFB-9693-23AB7686A456} -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\p2pnetworks -> Adware.MediaPipe : Cleaned with backup (quarantined).
C:\Program Files\p2pnetworks\amp2pl.exe -> Adware.MediaPipe : Cleaned with backup (quarantined).
C:\Documents and Settings\Dad\Desktop\backups\backup-20071227-130732-392.dll -> Downloader.VB.bvx : Cleaned with backup (quarantined).
C:\Documents and Settings\Dad\Desktop\backups\backup-20071231-071125-831.dll -> Downloader.VB.bvx : Cleaned with backup (quarantined).
C:\Documents and Settings\Dad\Desktop\backups\backup-20071231-072102-623.dll -> Downloader.VB.bvx : Cleaned with backup (quarantined).
C:\info.exe -> Downloader.VB.bwb : Cleaned with backup (quarantined).
C:\WINDOWS\system32\0.5825464.exe -> Downloader.VB.bzi : Cleaned with backup (quarantined).
C:\WINDOWS\system32\lpcywinp.exe -> Downloader.VB.bzi : Cleaned with backup (quarantined).
C:\Program Files\ISM\ism.exe -> Not-A-Virus.Adware.Agent : Cleaned with backup (quarantined).
C:\Program Files\DIGStream\digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream : Cleaned with backup (quarantined).
C:\Documents and Settings\Dad\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dad\Cookies\[email protected][1].txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Dad\Cookies\[email protected][2].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe -> Trojan.Small.uf : Cleaned with backup (quarantined).


::Report end


  • SuperAnti-Spyware Log


SUPERAntiSpyware Scan Log
Generated 01/26/2008 at 10:30 AM

Application Version : 3.6.1000

Core Rules Database Version : 3389
Trace Rules Database Version: 1383

Scan type : Complete Scan
Total Scan Time : 00:57:11

Memory items scanned : 502
Memory threats detected : 1
Registry items scanned : 5606
Registry threats detected : 17
File items scanned : 63834
File threats detected : 34

Trojan.KUReplace/Resident
C:\WINDOWS\EHOME\EHTRAY.EXE
C:\WINDOWS\EHOME\EHTRAY.EXE
C:\WINDOWS\Prefetch\EHTRAY.EXE-337AC592.pf

Adware.AdSponsor/ISM
HKLM\Software\Classes\CLSID\{1BAC9A2A-4755-43c3-A430-D3512C5B8A4E}
HKCR\CLSID\{1BAC9A2A-4755-43C3-A430-D3512C5B8A4E}
HKCR\CLSID\{1BAC9A2A-4755-43C3-A430-D3512C5B8A4E}
HKCR\CLSID\{1BAC9A2A-4755-43C3-A430-D3512C5B8A4E}#AppID
HKCR\CLSID\{1BAC9A2A-4755-43C3-A430-D3512C5B8A4E}\Implemented Categories
HKCR\CLSID\{1BAC9A2A-4755-43C3-A430-D3512C5B8A4E}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{1BAC9A2A-4755-43C3-A430-D3512C5B8A4E}\InprocServer32
HKCR\CLSID\{1BAC9A2A-4755-43C3-A430-D3512C5B8A4E}\InprocServer32#ThreadingModel
HKCR\CLSID\{1BAC9A2A-4755-43C3-A430-D3512C5B8A4E}\ProgID
HKCR\CLSID\{1BAC9A2A-4755-43C3-A430-D3512C5B8A4E}\TypeLib
HKCR\CLSID\{1BAC9A2A-4755-43C3-A430-D3512C5B8A4E}\VersionIndependentProgID
C:\PROGRAM FILES\QDRDRIVE\QDRDRIVE8.DLL
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{1BAC9A2A-4755-43c3-A430-D3512C5B8A4E}
C:\PROGRAM FILES\QDRMODULE\QDRMODULE10.EXE
C:\PROGRAM FILES\QDRPACK\QDRPACK11.EXE

Adware.Tracking Cookie
C:\Documents and Settings\Dad\Cookies\[email protected][2].txt
C:\Documents and Settings\Dad\Cookies\[email protected][1].txt
C:\Documents and Settings\Dad\Cookies\[email protected][1].txt
C:\Documents and Settings\Dad\Cookies\[email protected][2].txt

Trojan.VideoCach/Gen
HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}
HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ProxyStubClsid
HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ProxyStubClsid32
HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\TypeLib
HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\TypeLib#Version

Rogue.SpyDefender Pro
C:\Program Files\SpyDefender Pro\SpyDefender.exe
C:\Program Files\SpyDefender Pro\SpyDefender.ini
C:\Program Files\SpyDefender Pro

Unclassified.Unknown Origin
C:\DOCUMENTS AND SETTINGS\DAD\DESKTOP\BACKUPS\BACKUP-20071227-130732-748.DLL

Rogue.Unclassified/Loader
C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP47\A0032133.EXE

Adware.AdBreak
C:\WINDOWS\FHFMM-UNINSTALLER.EXE
C:\WINDOWS\FHFMM.EXE
C:\WINDOWS\HCWPRN.EXE
C:\WINDOWS\KKCOMP.DLL
C:\WINDOWS\KKCOMP.EXE
C:\WINDOWS\KVNAB.DLL
C:\WINDOWS\KVNAB.EXE
C:\WINDOWS\LIQAD.DLL
C:\WINDOWS\LIQAD.EXE
C:\WINDOWS\LIQUI-UNINSTALLER.EXE
C:\WINDOWS\LIQUI.DLL
C:\WINDOWS\LIQUI.EXE
C:\WINDOWS\PBSYSIE.DLL
C:\WINDOWS\SETTN.DLL
C:\WINDOWS\WBECHECK.EXE
C:\WINDOWS\XADBRK.DLL
C:\WINDOWS\XADBRK.EXE
C:\WINDOWS\XADBRK_.EXE

Unclassified.Unknown Origin/System
C:\WINDOWS\SYSTEM32\ESHOPEE.EXE

Trojan.Fakespy-B
C:\WINDOWS\SYSTEM32\MSOLE32.EXE


  • Panda Software Log:

Incident Status Location

Potentially unwanted tool:application/activitymon Not disinfected c:\program files\amsys
Adware:adware/adbars Not disinfected Windows Registry
Dialer:dialer.xd Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{54645654-2225-4455-44A1-9F4543D34546}
Adware:adware/activesearch Not disinfected Windows Registry
Adware:adware/404search Not disinfected Windows Registry
Adware:adware/adblaster Not disinfected Windows Registry
Adware:adware/adsincontext Not disinfected Windows Registry
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Dad\Cookies\[email protected][1].txt
Virus:Trj/Downloader.RSD Disinfected C:\Documents and Settings\Dad\Local Settings\Temp\1201367966.dat.exe
Adware:Adware/InternetSpeedMonitor Not disinfected C:\Program Files\ISM\Uninstall.exe
Possible Virus. Not disinfected C:\Program Files\QdrDrive\qdrloader.exe
Virus:Trj/Dropper.WF Disinfected C:\Program Files\WinBudget\bin\crap.1191385266.old
Virus:Generic Trojan Disinfected C:\Program Files\WinBudget\bin\crap.1193878561.old
Virus:Trj/Downloader.RSD Disinfected C:\Program Files\WinBudget\bin\crap.1197917671.old
Virus:Trj/Downloader.RSD Disinfected C:\Program Files\WinBudget\bin\crap.1198533220.old
Virus:Trj/Downloader.RSD Disinfected C:\Program Files\WinBudget\bin\matrix.dll
Adware:Adware/WebSearch Not disinfected C:\Program Files\WinBudget\bin\matrix.dll.1193878561.old
Adware:Adware/WebSearch Not disinfected C:\Program Files\WinBudget\bin\matrix.dll.1195178681.old
Virus:Generic Trojan Disinfected C:\Program Files\WinBudget\bin\matrix.dll.1195792651.old
Virus:Generic Trojan Disinfected C:\Program Files\WinBudget\bin\matrix.dll.1197917671.old
Virus:Trj/Downloader.RSD Disinfected C:\Program Files\WinBudget\bin\matrix.dll.1198533220.old
  • 0

Advertisements


#2
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi JOMO ,

Welcome to Geeks To Go,

I'm sorry that we haven't got to you until now, but the forum can get hectic at times.

I am sage5 and I will be helping you with this problem.

First I need you to download the following tools & save them to your Desktop.
SmitfraudFix (by S!Ri)
Deckard's System Scanner

Start the Smitfraud scan:
  • Double-click SmitfraudFix.exe
  • Select option #1 - Search by typing 1 and press "Enter". A text file will appear, which lists infected files (if present). It is saved as C:\rapport.txt
  • Please copy/paste the content of that file into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm

Run Deckard's System Scanner:
  • Close all other windows before proceeding.
  • Double click on the dss.exe file on your Desktop and follow the prompts.
  • Scans will run, and 2 text files will open in Notepad.
  • Close both of the text files.
These files are C:\Deckard\System Scanner\main.txt & extra.txt. I will need you to copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt, extra.txt & C:\rapport.txt in your next reply.


Cheers,

sage5
  • 0

#3
JOMO

JOMO

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hello Sage5,

Nice to meet you. I understand about how busy the forum can get.

I've done the downloaded and run the tools as you described in your reply. The logs are long so I'll split them into 3 different posts. Here is the SmitfraudFix.exe rapport.txt log:


SmitFraudFix v2.277

Scan done at 20:35:46.25, Thu 01/31/2008
Run from C:\Documents and Settings\Dad\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Dad


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Dad\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Dad\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel® 82562V 10/100 Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 66.75.164.90
DNS Server Search Order: 66.75.164.89

HKLM\SYSTEM\CCS\Services\Tcpip\..\{8EFECA66-DA9F-4ECA-B8F4-441DE634219C}: DhcpNameServer=66.75.164.90 66.75.164.89
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8EFECA66-DA9F-4ECA-B8F4-441DE634219C}: DhcpNameServer=66.75.164.90 66.75.164.89
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8EFECA66-DA9F-4ECA-B8F4-441DE634219C}: DhcpNameServer=66.75.164.90 66.75.164.89
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=66.75.164.90 66.75.164.89
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=66.75.164.90 66.75.164.89
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=66.75.164.90 66.75.164.89


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

#4
JOMO

JOMO

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Sage5,

Next is the Deckard System Scan main.txt log:



Deckard's System Scanner v20071014.68
Run by Dad on 2008-01-31 20:40:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
7: 2008-02-01 04:40:52 UTC - RP53 - Deckard's System Scanner Restore Point
6: 2008-01-27 15:09:28 UTC - RP52 - Software Distribution Service 3.0
5: 2008-01-27 03:55:36 UTC - RP51 - Software Distribution Service 3.0
4: 2008-01-27 00:02:25 UTC - RP50 - Software Distribution Service 3.0
3: 2008-01-26 20:31:48 UTC - RP49 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-01-26 16:29:58 UTC - RP47 - Geeks To Go Initial Set-up


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Dad.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:41:28 PM, on 1/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Dad\Desktop\dss.exe
C:\DOCUME~1\Dad\Desktop\Dad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061005
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061005
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Road Runner High Speed Online
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1201363922656
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1201363908640
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup163.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 7221 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\Dad\Desktop\backups\) -----------------

backup-20071227-130732-104 O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
backup-20071227-130732-145 O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
backup-20071227-130732-157 O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
backup-20071227-130732-158 O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
backup-20071227-130732-173 O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
backup-20071227-130732-215 O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
backup-20071227-130732-222 O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
backup-20071227-130732-264 O2 - BHO: (no name) - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - (no file)
backup-20071227-130732-392 O2 - BHO: egmulhxk.msdn_hlp - {477840F3-BA52-44D9-8E41-38D61CAA010F} - C:\WINDOWS\system32\egmulhxk.dll
backup-20071227-130732-399 O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
backup-20071227-130732-419 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
backup-20071227-130732-441 O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
backup-20071227-130732-451 O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
backup-20071227-130732-489 O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
backup-20071227-130732-528 O15 - Trusted Zone: *.doginhispen.com
backup-20071227-130732-531 O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
backup-20071227-130732-587 O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
backup-20071227-130732-596 O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
backup-20071227-130732-602 O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
backup-20071227-130732-634 O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
backup-20071227-130732-639 O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
backup-20071227-130732-660 O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
backup-20071227-130732-730 O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
backup-20071227-130732-748 O2 - BHO: BndShell3 BHO Class - {875A1348-7674-42aa-ADAC-B4F36A004A2D} - C:\Program Files\QdrDrive\QdrDrive8.dll
backup-20071227-130732-752 O15 - Trusted Zone: *.whataboutadog.com
backup-20071227-130732-813 O15 - Trusted Zone: *.whataboutarabit.com
backup-20071227-130732-814 O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
backup-20071227-130732-829 O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
backup-20071227-130732-863 O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
backup-20071227-130732-874 O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
backup-20071227-130732-953 O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
backup-20071231-071125-162 O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
backup-20071231-071125-173 O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
backup-20071231-071125-202 O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
backup-20071231-071125-262 O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
backup-20071231-071125-284 O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
backup-20071231-071125-290 O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
backup-20071231-071125-337 O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
backup-20071231-071125-340 O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
backup-20071231-071125-440 O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
backup-20071231-071125-462 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\lpcywinp.exe,C:\WINDOWS\system32\userinit.exe
backup-20071231-071125-468 O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
backup-20071231-071125-494 O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
backup-20071231-071125-504 O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
backup-20071231-071125-525 O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
backup-20071231-071125-568 O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
backup-20071231-071125-674 O15 - Trusted Zone: *.whataboutadog.com
backup-20071231-071125-679 O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
backup-20071231-071125-696 O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
backup-20071231-071125-703 O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
backup-20071231-071125-767 O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
backup-20071231-071125-831 O2 - BHO: egmulhxk.msdn_hlp - {477840F3-BA52-44D9-8E41-38D61CAA010F} - C:\WINDOWS\system32\egmulhxk.dll
backup-20071231-071125-906 O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
backup-20071231-071125-927 O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
backup-20071231-071125-949 O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
backup-20071231-071125-963 O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
backup-20071231-071125-991 O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
backup-20071231-072102-125 O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
backup-20071231-072102-157 O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
backup-20071231-072102-175 O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
backup-20071231-072102-228 O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
backup-20071231-072102-249 O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
backup-20071231-072102-275 O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
backup-20071231-072102-303 O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
backup-20071231-072102-334 O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
backup-20071231-072102-360 O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
backup-20071231-072102-388 O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
backup-20071231-072102-403 O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
backup-20071231-072102-424 O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
backup-20071231-072102-470 O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
backup-20071231-072102-538 O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
backup-20071231-072102-553 O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
backup-20071231-072102-623 O2 - BHO: egmulhxk.msdn_hlp - {477840F3-BA52-44D9-8E41-38D61CAA010F} - C:\WINDOWS\system32\egmulhxk.dll
backup-20071231-072102-645 O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
backup-20071231-072102-724 O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
backup-20071231-072102-741 O15 - Trusted Zone: *.whataboutadog.com
backup-20071231-072102-745 O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
backup-20071231-072102-784 O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
backup-20071231-072102-790 O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
backup-20071231-072102-798 O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
backup-20071231-072102-826 O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
backup-20071231-072102-905 O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 DSproct - c:\program files\dell support\gtaction\triggers\dsproct.sys <Not Verified; GTek Technologies Ltd.; processt>
S3 NAL (Nal Service ) - c:\windows\system32\drivers\iqvw32.sys <Not Verified; Intel Corporation; Intel® iQVW32.SYS>
S3 SDTHOOK - c:\windows\system32\drivers\sdthook.sys <Not Verified; Panda Software; Panda® Antivirus>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-07-23 11:42:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-12-31 and 2008-01-31 -----------------------------

2008-01-31 20:35:56 1024 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-26 12:38:01 0 d-------- C:\Program Files\MSXML 4.0
2008-01-26 11:49:19 8576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-01-26 11:08:51 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-01-26 11:08:27 8576 --a------ C:\WINDOWS\system32\drivers\bogdogcppjeu.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-01-26 10:53:16 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-26 09:28:00 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-26 09:27:56 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-01-26 09:27:56 0 d-------- C:\Documents and Settings\Dad\Application Data\SUPERAntiSpyware.com
2008-01-26 09:26:28 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-26 08:40:49 0 d-------- C:\Documents and Settings\Dad\Application Data\Grisoft
2008-01-26 08:40:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-26 08:20:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-01-26 08:18:23 0 d-------- C:\WINDOWS\system32\PreInstall
2007-12-31 06:59:43 0 d-------- C:\WINDOWS\pss


-- Find3M Report ---------------------------------------------------------------

2008-01-26 12:42:28 0 d-------- C:\Program Files\Messenger
2008-01-26 12:42:28 0 d-------- C:\Program Files\iTunes
2008-01-26 12:42:28 0 d-------- C:\Program Files\Dell Support
2008-01-26 12:06:47 0 d-------- C:\Program Files\Google
2008-01-26 12:06:30 0 d-------- C:\Program Files\Digital Line Detect
2008-01-26 12:04:57 0 d-------- C:\Program Files\BAE
2008-01-26 10:36:09 0 d-------- C:\Program Files\QdrPack
2008-01-26 10:36:09 0 d-------- C:\Program Files\QdrModule
2008-01-26 10:36:09 0 d-------- C:\Program Files\QdrDrive
2008-01-26 09:26:28 0 d-------- C:\Program Files\Common Files
2008-01-26 09:07:07 0 d-------- C:\Program Files\ISM
2007-12-31 07:17:27 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-12-31 06:33:41 12 --a------ C:\WINDOWS\system32\dpqaqlqx.bin
2007-12-24 18:49:12 0 d-------- C:\Program Files\Trend Micro
2007-12-24 14:51:24 26112 --a------ C:\WINDOWS\eventlowg.dll
2007-12-24 14:51:24 30208 --a------ C:\WINDOWS\daxtime.dll
2007-12-24 14:51:20 30720 --a------ C:\WINDOWS\liqad$.exe
2007-12-24 14:51:20 23808 --a------ C:\WINDOWS\kkcomp$.exe
2007-12-24 14:51:19 20992 --a------ C:\WINDOWS\kvnab$.exe
2007-12-24 14:51:18 10240 --a------ C:\WINDOWS\wbeInst$.exe
2007-12-24 14:51:18 22272 --a------ C:\WINDOWS\cbinst$.exe
2007-12-24 14:51:17 21504 --a------ C:\WINDOWS\iexplorr23.dll
2007-12-24 14:51:17 24320 --a------ C:\WINDOWS\adbar.dll
2007-12-24 14:51:16 18432 --a------ C:\WINDOWS\spredirect.dll
2007-12-24 14:51:16 21248 --a------ C:\WINDOWS\jd2002.dll
2007-12-24 14:51:15 0 d-------- C:\Program Files\amsys
2007-12-24 14:51:13 30464 --a------ C:\WINDOWS\ie_32.exe
2007-12-24 14:51:13 22272 --a------ C:\WINDOWS\aconti.exe
2007-12-24 14:51:12 32512 --a------ C:\WINDOWS\xxxvideo.exe
2007-12-24 14:51:11 16384 --a------ C:\WINDOWS\ngd.dll
2007-12-24 14:51:11 15872 --a------ C:\WINDOWS\hotporn.exe
2007-12-24 14:51:11 18432 --a------ C:\WINDOWS\dp0.dll
2007-12-24 14:51:10 21504 --a------ C:\WINDOWS\vxddsk.exe
2007-12-24 14:51:09 28416 --a------ C:\WINDOWS\wml.exe
2007-12-24 14:51:09 24576 --a------ C:\WINDOWS\system32\wml.exe
2007-12-24 14:51:09 30720 --a------ C:\WINDOWS\system32\vxddsk.exe
2007-12-24 14:51:08 9984 --a------ C:\WINDOWS\pbar.dll
2007-12-24 14:51:08 19712 --a------ C:\WINDOWS\flt.dll
2007-12-24 14:51:08 19712 --a------ C:\WINDOWS\7search.dll
2007-12-24 14:51:08 8192 --a------ C:\WINDOWS\764.exe
2007-12-20 21:07:06 15 --a------ C:\WINDOWS\DDF5-0705-06FA-A283.dat
2007-12-05 18:09:08 0 d--h----- C:\Program Files\InstallShield Installation Information


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06/16/2006 12:39 PM]
"SigmatelSysTrayApp"="stsystra.exe" [07/24/2006 02:20 PM C:\WINDOWS\stsystra.exe]
"@"="" []
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [09/18/2006 01:46 PM]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" [11/21/2006 02:02 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 01:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [08/02/2007 08:08 PM]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" [08/04/2006 04:15 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/27/2007 11:39 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [11/6/2006 6:05:27 AM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 7:05:26 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [10/5/2006 11:48:15 AM]
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [7/10/1997 11:00:00 PM]
Microsoft Office Shortcut Bar.lnk - C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE [7/10/1997 11:00:00 PM]
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [7/10/1997 11:00:00 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 11:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"C:\Program Files\Common Files\InstallShield\UpdateService\bak\bak\isuspm.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\bak\qttask.exe" -atboottime


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe




-- End of Deckard's System Scanner: finished at 2008-01-31 20:42:09 ------------
  • 0

#5
JOMO

JOMO

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Sage5,

And here is the Deckard System Scanner extra.txt log. Thanks for taking the time to help me with this problem

JOMO



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU 6300 @ 1.86GHz
CPU 1: Intel® Core™2 CPU 6300 @ 1.86GHz
Percentage of Memory in Use: 64%
Physical Memory (total/avail): 1021.97 MiB / 360.17 MiB
Pagefile Memory (total/avail): 2458.56 MiB / 1834.94 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1942.73 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 144.31 GiB total, 117.93 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3160812AS - 149.01 GiB - 3 partitions
\PARTITION0 - Unknown - 54.88 MiB
\PARTITION1 (bootable) - Installable File System - 144.31 GiB - C:
\PARTITION2 - Unknown - 4.64 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: PC-cillin Internet Security - Firewall v14 (Trend Micro, Inc.)
AV: PC-cillin Internet Security - Virus Protection v14.60.1195 (Trend Micro, Inc.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Dad\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=THOMASMAIN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Dad
LOGONSERVER=\\THOMASMAIN
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Dad\LOCALS~1\Temp
TMP=C:\DOCUME~1\Dad\LOCALS~1\Temp
USERDOMAIN=THOMASMAIN
USERNAME=Dad
USERPROFILE=C:\Documents and Settings\Dad
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Dad (admin)
Brandon (admin)
Mom (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> MsiExec.exe /I{95D9B4D8-B091-4fab-80EA-313EB4B82FD6}
--> MsiExec.exe /I{EB997E90-5EB0-4eb5-90D0-90B1D2F0CA03}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Abacast Client --> C:\PROGRA~1\Abacast\UNWISE.EXE C:\PROGRA~1\Abacast\client.LOG
Adobe Flash Player 9 --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe GoLive 6.0 --> "C:\Program Files\InstallShield Installation Information\{97E38F11-0FBE-4BC2-9EE1-5B1421C76F27}\setup.exe"
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
AOL Coach Version 1.0(Build:20040229.1 en) --> C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
AOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Corel Photo Album 6 --> MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354}
Dell CinePlayer --> MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Game Console --> "C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe"
Dell Support 3.2 --> MsiExec.exe /X{3846E811-639D-4DE1-844B-30491C0A6C0C}
Digital Content Portal --> MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Documentation & Support Launcher --> MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
EarthLink setup files --> MsiExec.exe /X{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}
EducateU --> MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
ELIcon --> MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}
ESPNMotion --> C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
FLV Player 1.3.3 --> "C:\Brandon's Super Stuff\flvplayer\uninstall.exe"
Games, Music, & Photos Launcher --> MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
Get High Speed Internet! --> MsiExec.exe /I{7A3F0566-5E05-4919-9C98-456F6B5CF831}
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
Google Video Player --> "C:\Program Files\Google\Google Video Player\Uninstall.exe"
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Documents and Settings\Dad\Desktop\HijackThis.exe" /uninstall
Intel® Matrix Storage Manager --> C:\WINDOWS\System32\Imsmudlg.exe
Internet Service Offers Launcher --> MsiExec.exe /X{E42BD75A-FC23-4E3F-9F91-2658334C644F}
Internet Speed Monitor --> C:\Program Files\ISM\Uninstall.exe
iTunes --> MsiExec.exe /I{01B51908-02EF-453B-87A9-815182E8C2F2}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Microsoft Office 97, Professional Edition --> C:\Program Files\Microsoft Office\Office\Setup\Acme.exe /w Off97Pro.STF
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
NetZeroInstallers --> MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Qualxserve Service Agreement --> MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Replay Converter 2.50 --> C:\WINDOWS\iun6002.exe "C:\Brandon's Super Stuff\irunin.ini"
RoadRunner --> MsiExec.exe /I{A73EFA95-4872-4AE3-8EE9-10D2E2D713CF}
Roxio DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Roxio RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
SearchAssist --> C:\DELL\SearchAssist\UninstSA.bat
Sonic Activation Module --> MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Trend Micro PC-cillin Internet Security 14 --> C:\PROGRA~1\TRENDM~1\INTERN~1\remove.exe
Trend Micro PC-cillin Internet Security 14 --> MsiExec.exe /X{EA8C73AA-3D75-44C9-87A2-8E945FC5FEE6}
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
URL Assistant --> regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WildTangent Web Driver --> C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows XP Media Center Edition 2005 KB908246 --> "C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB912067 -->
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type2803 / Error
Event Submitted/Written: 01/27/2008 06:39:48 AM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 564261486.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Event Record #/Type2802 / Error
Event Submitted/Written: 01/27/2008 06:39:40 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module urlmon.dll, version 6.0.2900.3231, fault address 0x0003b5ce.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type2799 / Error
Event Submitted/Written: 01/26/2008 07:26:41 PM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 564261486.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Event Record #/Type2798 / Error
Event Submitted/Written: 01/26/2008 07:26:32 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module urlmon.dll, version 6.0.2900.3231, fault address 0x0003b5ce.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type2797 / Error
Event Submitted/Written: 01/26/2008 07:26:22 PM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 564261486.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type25024 / Error
Event Submitted/Written: 01/28/2008 05:58:59 AM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Event Record #/Type25023 / Error
Event Submitted/Written: 01/28/2008 05:58:59 AM
Event ID/Source: 17 / W32Time
Event Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Event Record #/Type25019 / Error
Event Submitted/Written: 01/28/2008 05:58:44 AM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Event Record #/Type25018 / Error
Event Submitted/Written: 01/28/2008 05:58:44 AM
Event ID/Source: 17 / W32Time
Event Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Event Record #/Type24992 / Error
Event Submitted/Written: 01/27/2008 09:22:34 PM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.



-- End of Deckard's System Scanner: finished at 2008-01-31 20:42:09 ------------
  • 0

#6
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi JOMO ,

Please download the following & save to your Desktop:
Hi JOMO ,

Please download the following & save to your Desktop:
ComboFix

Run ComboFix:
  • Double click combofix.exe and follow the prompts.
  • When finished, it will produce a log for you. Post that log in your next reply
Log file will be C:\Combofix.txt

Note: Do not mouseclick combofix's window while its running. That may cause it to stall


Update AVG Anti-Spyware:
  • Double-click the AVG icon on the desktop to launch the program.
  • On the main screen select Update then select the Update now link.
    • Next select the Start Update button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the Scanner icon at the top of the screen, then select the Settings tab.
  • Once in the Settings screen click on Recommended actions and then select Quarantine.
  • Under Reports
    • Select Do no automatically generate report
    • Un-Select Only if threats were found
  • Reboot your computer into SafeMode.
    • Restart your computer and tap the F8 key, repeatedly until a menu appears.
    • Use your up arrow key to highlight SafeMode then hit Enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the Scanner icon at the top and then the Scan tab then click on Complete System Scan.
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
  • Once the scan is complete do the following:
    • If you have any infections you will prompted, then select Apply all actions
    • Next select the Reports icon at the top.
    • Select the Save report as button in the lower left hand of the screen and save it as C:\avg_as.txt
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode

Post the text from C:\Combofix.txt & C:\avg_as.txt
These could be lenghty as well & may nedd a couple of seperate post windows.


Cheers,

sage5
  • 0

#7
JOMO

JOMO

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Sage5,

The ComboFix log follows below. It is long but I think it will fit in one post.

JOMO



ComboFix 08-02.01.6 - Dad 2008-02-01 19:14:31.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.361 [GMT -8:00]
Running from: C:\Documents and Settings\Dad\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft\Network\Downloader\qmgr0.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Brandon\Application Data\macromedia\Flash Player\#SharedObjects\YV6A2JCR\www.broadcaster.com
C:\Documents and Settings\Brandon\Application Data\macromedia\Flash Player\#SharedObjects\YV6A2JCR\www.broadcaster.com\bc_video_vars.sol
C:\Documents and Settings\Brandon\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Brandon\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Brandon\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\Brandon\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Brandon\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\ISM
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\QdrDrive
C:\Program Files\QdrDrive\qdrloader.exe
C:\Program Files\QdrModule
C:\Program Files\QdrModule\dic.gz
C:\Program Files\QdrModule\kwd.gz
C:\Program Files\QdrPack
C:\Program Files\QdrPack\dicts.gz
C:\Program Files\QdrPack\trgts.gz
C:\Program Files\WinBudget
C:\Program Files\WinBudget\bin\crap.1192310165.old
C:\Program Files\WinBudget\bin\crap.1195178682.old
C:\Program Files\WinBudget\bin\crap.1195792652.old
C:\Program Files\WinBudget\bin\matrix.dat
C:\Program Files\WinBudget\bin\matrix.dll.1192310164.old
C:\Program Files\WinBudget\bin\matrix.dll.1193878561.old
C:\Program Files\WinBudget\bin\matrix.dll.1195178681.old
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\absolute key logger.lnk
C:\WINDOWS\aconti.exe
C:\WINDOWS\aconti.ini
C:\WINDOWS\aconti.log
C:\WINDOWS\aconti.sdb
C:\WINDOWS\acontidialer.txt
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\default.htm
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\flt.dll
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\acespy\systune.exe
C:\WINDOWS\system32\din.ip
C:\WINDOWS\system32\dpqaqlqx.bin
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.gif
C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\shadow_bg.gif
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\stfv.bin
C:\WINDOWS\system32\sznf.ascii
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xxxvideo.exe

----- BITS: Possible infected sites -----

hxxp://80.93.48.74
hxxp://au.download.windowsupdate.com
.
((((((((((((((((((((((((( Files Created from 2008-01-02 to 2008-02-02 )))))))))))))))))))))))))))))))
.

2008-01-31 20:39 . 2008-01-31 20:39 <DIR> d-------- C:\Deckard
2008-01-31 20:35 . 2008-01-31 20:35 1,024 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-26 12:42 . 2008-01-26 12:42 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-01-26 12:38 . 2008-01-26 12:38 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-26 11:49 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys
2008-01-26 11:08 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-01-26 11:08 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\bogdogcppjeu.sys
2008-01-26 10:53 . 2008-01-26 12:19 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-26 10:53 . 2008-01-26 10:53 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-26 10:53 . 2008-01-26 10:53 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-26 10:53 . 2008-01-26 10:53 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-26 09:28 . 2008-01-26 09:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2008-01-26 09:27 . 2008-01-26 13:32 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-26 09:27 . 2008-01-26 09:27 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\SUPERAntiSpyware.com
2008-01-26 09:27 . 2008-01-26 09:27 <DIR> d-------- C:\DOCUME~1\Dad\APPLIC~1\SUPERAntiSpyware.com
2008-01-26 09:26 . 2008-01-26 09:26 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-26 09:15 . 2007-07-09 05:16 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-26 09:15 . 2006-03-20 19:23 23,040 --------- C:\WINDOWS\kb913800.exe
2008-01-26 09:13 . 2006-12-06 20:14 2,330,624 --------- C:\WINDOWS\system32\dllcache\wmvcore.dll
2008-01-26 08:40 . 2008-01-26 08:40 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\Grisoft
2008-01-26 08:40 . 2008-01-26 08:40 <DIR> d-------- C:\DOCUME~1\Dad\APPLIC~1\Grisoft
2008-01-26 08:40 . 2008-01-26 08:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
2008-01-26 08:40 . 2007-05-30 04:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-26 08:15 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-26 08:15 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-26 08:12 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-01-26 08:12 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-01-26 08:12 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-01-26 08:12 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-26 20:42 --------- d-----w C:\Program Files\iTunes
2008-01-26 20:42 --------- d-----w C:\Program Files\Dell Support
2008-01-26 20:06 --------- d-----w C:\Program Files\Google
2008-01-26 20:06 --------- d-----w C:\Program Files\Digital Line Detect
2008-01-26 20:04 --------- d-----w C:\Program Files\BAE
2007-12-25 02:49 --------- d-----w C:\Program Files\Trend Micro
2007-12-25 02:49 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trend Micro
2007-12-06 02:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-22 03:20 13,195 ----a-w C:\Documents and Settings\Brandon\ZGUICFG.DAT
2007-11-14 07:26 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2005-07-14 19:31 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
2007-09-25 20:05 88 --sh--r C:\WINDOWS\system32\F6A44B29FC.sys
2007-09-25 20:05 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-r 313,472 2006-03-30 21:45:08 C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe

----a-w 50,736 2006-09-26 00:52:48 C:\Program Files\Common Files\AOL\1170684274\ee\bak\AOLSoftware.exe

----a-r 71,216 2006-10-23 12:50:37 C:\Program Files\Common Files\AOL\ACS\bak\AOLDial.exe

----a-w 81,920 2005-06-10 15:44:02 C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe

----a-w 27,664 2007-10-03 04:13:34 C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe

----a-w 249,856 2005-06-10 15:44:02 C:\Program Files\Common Files\InstallShield\UpdateService\bak\bak\isuspm.exe

----a-w 249,856 2005-06-10 15:44:02 C:\Program Files\Common Files\InstallShield\UpdateService\bak\bak\isuspm.exe
----a-w 27,664 2007-10-03 04:13:34 C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe

----a-w 94,208 2005-10-05 08:12:00 C:\Program Files\Dell\Media Experience\bak\DMXLauncher.exe

----a-w 389,120 2006-07-17 02:29:54 C:\Program Files\Dell Support\bak\DSAgnt.exe

----a-w 169,984 2006-10-05 19:54:46 C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe

----a-w 151,552 2006-07-06 12:15:00 C:\Program Files\Intel\Intel Matrix Storage Manager\bak\Iaanotif.exe

----a-w 257,088 2007-03-02 23:24:28 C:\Program Files\iTunes\bak\iTunesHelper.exe

----a-w 1,694,208 2004-10-13 16:24:37 C:\Program Files\Messenger\bak\msmsgs.exe

----a-w 282,624 2007-02-16 18:54:04 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 27,664 2007-10-03 04:13:34 C:\Program Files\QuickTime\qttask.exe

----a-w 67,584 2005-09-29 19:01:14 C:\WINDOWS\ehome\bak\ehtray.exe

----a-w 15,360 2004-08-10 10:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-10 10:00:00 C:\WINDOWS\system32\ctfmon.exe

----a-w 122,940 2005-09-08 10:20:00 C:\WINDOWS\system32\DLA\bak\DLACTRLW.EXE

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-02 20:08 68856]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" [2006-08-04 16:15 321040]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [ ]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-16 12:39 7323648]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 14:20 282624 C:\WINDOWS\stsystra.exe]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-09-18 13:46 8192]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" [2006-11-21 14:02 1807960]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 01:25 6731312]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-06 06:05:27 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 19:05:26 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-10-05 11:48:15 24576]
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-07-10 23:00:00 111376]
Microsoft Office Shortcut Bar.lnk - C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE [1997-07-10 23:00:00 333824]
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1997-07-10 23:00:00 51984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-06-10 07:44 249856 C:\Program Files\Common Files\InstallShield\UpdateService\bak\bak\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-02-16 10:54 282624 C:\Program Files\QuickTime\bak\qttask.exe

S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2006-06-05 00:39]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-01 19:17:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-01 19:18:39
ComboFix-quarantined-files.txt 2008-02-02 03:18:37
.
2008-01-27 15:10:00 --- E O F ---
  • 0

#8
JOMO

JOMO

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Sage5,

For some reason the AVG Anti-Spyware log failed to post last night. Here it is again:

JOMO



---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:53:26 PM 2/1/2008

+ Scan result:



C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP47\A0032135.exe -> Downloader.VB.bzi : Cleaned.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP47\A0032139.exe -> Not-A-Virus.Adware.Agent : Cleaned.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP47\A0032138.exe -> Not-A-Virus.Downloader.Win32.DigStream : Cleaned.
C:\Documents and Settings\Dad\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dad\Cookies\[email protected][2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Dad\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Dad\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Dad\Cookies\[email protected][2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Dad\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Dad\Cookies\[email protected][2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Dad\Cookies\[email protected][2].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Dad\Cookies\[email protected][2].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Dad\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Dad\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Dad\Cookies\[email protected][1].txt -> TrackingCookie.Webtrends : Cleaned.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP47\A0032134.exe -> Trojan.Small.uf : Cleaned.


::Report end
  • 0

#9
JOMO

JOMO

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Sage5,

Update - The black screen with the warning message is gone. Now I have a blue screen with all my desktop icons (I hope this is not the dreaded Blue Screen of Death). And my Task Manager is back!! :)

JOMO
  • 0

#10
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi JOMO ,

You have a downloader trojan called Downloader.Agent.awf or Downloader.Agent.ayy. This trojan replaces legitimate files that are common on most computers with an infected file. It then moves the legitimate file to a "bak" or backup folder. Please follow the directions below to run FindAWF so we can identify the files that have been infected and the backups then restore them.

Download FindAWF.exe from here or here, and save it to your desktop.
  • Double-click on the FindAWF.exe file to run it.
  • It will open a command prompt and ask you to "Press any key to continue".
  • You will be presented with a Menu.

    1. Press 1 then Enter to scan for bak folders
    2. Press 2 then Enter to restore files from bak folders
    3. Press 3 then Enter to remove bak folders
    4. Press 4 then Enter to reset domain zones
    5. Press E then Enter to EXIT

  • Press 1, then press Enter
  • It may take a few minutes to complete so be patient.
  • When it is complete, it will open a text file in notepad called AWF.txt.
  • Please copy and paste the contents of the AWF.txt file in your next reply.

Cheers,

sage5
  • 0

Advertisements


#11
JOMO

JOMO

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hello Sage5,

Ok, I've performed the FindAWF.exe as requested. The log is below. I noticed that some of the files listed in the log appeared as missing files. Sometimes a dialog box would pop up stating the files were missing while IE was opened or while shutting down the computer. I've highlighted them in red. Until I saw the log, I thought it was just normal Windows stuff.

JOMO




Find AWF report by noahdfear ©2006
Version 1.40

The current date is: Sat 02/02/2008
The current time is: 21:57:43.65


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\DELLSU~1\BAK

07/16/2006 06:29 PM 389,120 DSAgnt.exe
1 File(s) 389,120 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

03/02/2007 03:24 PM 257,088 iTunesHelper.exe
1 File(s) 257,088 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

10/13/2004 08:24 AM 1,694,208 msmsgs.exe
1 File(s) 1,694,208 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

02/16/2007 10:54 AM 282,624 qttask.exe
1 File(s) 282,624 bytes

Directory of C:\WINDOWS\EHOME\BAK

09/29/2005 11:01 AM 67,584 ehtray.exe
1 File(s) 67,584 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/10/2004 02:00 AM 15,360 ctfmon.exe
1 File(s) 15,360 bytes

Directory of C:\PROGRA~1\DELL\MEDIAE~1\BAK

10/05/2005 12:12 AM 94,208 DMXLauncher.exe
1 File(s) 94,208 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK

10/05/2006 11:54 AM 169,984 GoogleDesktop.exe
1 File(s) 169,984 bytes

Directory of C:\PROGRA~1\INTEL\INTELM~1\BAK

07/06/2006 04:15 AM 151,552 Iaanotif.exe
1 File(s) 151,552 bytes

Directory of C:\WINDOWS\SYSTEM32\DLA\BAK

09/08/2005 02:20 AM 122,940 DLACTRLW.EXE
1 File(s) 122,940 bytes

Directory of C:\PROGRA~1\ADOBE\ACROBA~1.0\READER\BAK

03/30/2006 01:45 PM 313,472 AdobeUpdateManager.exe
1 File(s) 313,472 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\ACS\BAK

10/23/2006 04:50 AM 71,216 AOLDial.exe
1 File(s) 71,216 bytes

Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK

06/10/2005 07:44 AM 81,920 issch.exe
10/02/2007 08:13 PM 27,664 isuspm.exe
2 File(s) 109,584 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\117068~1\EE\BAK

09/25/2006 04:52 PM 50,736 AOLSoftware.exe
1 File(s) 50,736 bytes

Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK\BAK

06/10/2005 07:44 AM 249,856 isuspm.exe
1 File(s) 249,856 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

389120 Jul 16 2006 "C:\Program Files\Dell Support\bak\DSAgnt.exe"
257088 Mar 2 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Mar 10 2007 "C:\WINDOWS\Installer\{01B51908-02EF-453B-87A9-815182E8C2F2}\iTunesIco.exe"
116288 Mar 2 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.1.0.59\iTunesSetupAdmin.exe"
1694208 Oct 13 2004 "C:\Program Files\Messenger\bak\msmsgs.exe"
1694208 Oct 13 2004 "C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe"
27664 Oct 2 2007 "C:\Program Files\QuickTime\qttask.exe"
282624 Feb 16 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
59392 Aug 10 2004 "C:\WINDOWS\$NtUninstallKB900325$\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe"
67584 Sep 29 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
15360 Aug 10 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 10 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
94208 Oct 5 2005 "C:\Program Files\Dell\Media Experience\bak\DMXLauncher.exe"
5007104 Nov 9 2006 "C:\Brandon's Super Stuff\GoogleVideoPlayerSetup.exe"
4997120 Sep 21 2006 "C:\Brandon's Super Stuff\Google Video Player\GoogleVideoPlayer.exe"
52272 Feb 14 2007 "C:\Program Files\Google\googletoolbar4user.exe"
1529400 Aug 30 2006 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe"
68856 Aug 2 2007 "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
4997120 Sep 21 2006 "C:\Program Files\Google\Google Video Player\GoogleVideoPlayer.exe"
583696 Jan 6 2007 "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
138168 Feb 14 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
169984 Oct 5 2006 "C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
151552 Jul 6 2006 "C:\Program Files\Intel\Intel Matrix Storage Manager\bak\Iaanotif.exe"
122940 Sep 8 2005 "C:\Program Files\Roxio\DLA\install\dlactrlw.exe"
122940 Sep 8 2005 "C:\WINDOWS\system32\DLA\bak\DLACTRLW.EXE"
313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"
71216 Oct 23 2006 "C:\Program Files\Common Files\AOL\ACS\bak\AOLDial.exe"
81920 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
27664 Oct 2 2007 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe"
249856 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\bak\isuspm.exe"
27664 Oct 2 2007 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe"
249856 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\bak\isuspm.exe"
50736 Sep 25 2006 "C:\Program Files\Common Files\AOL\1170684274\ee\bak\AOLSoftware.exe"
27664 Oct 2 2007 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe"
249856 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\bak\isuspm.exe"


end of report
  • 0

#12
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi JOMO ,

This will take a couple of runs because one of the files has been processed by the infection twice.

C:\Program Files\Common Files\InstallShield\UpdateService\bak\bak\isuspm.exe



  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Program Files\Dell Support\bak\DSAgnt.exe
    C:\Program Files\iTunes\bak\iTunesHelper.exe
    C:\WINDOWS\Installer\{01B51908-02EF-453B-87A9-815182E8C2F2}\iTunesIco.exe
    C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.1.0.59\iTunesSetupAdmin.exe
    C:\Program Files\Messenger\bak\msmsgs.exe
    C:\Program Files\QuickTime\bak\qttask.exe
    C:\WINDOWS\ehome\bak\ehtray.exe
    C:\WINDOWS\system32\bak\ctfmon.exe
    C:\Program Files\Dell\Media Experience\bak\DMXLauncher.exe
    C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\bak\Iaanotif.exe
    C:\WINDOWS\system32\DLA\bak\DLACTRLW.EXE
    C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe
    C:\Program Files\Common Files\AOL\ACS\bak\AOLDial.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\bak\bak\isuspm.exe

  • Double-click on the FindAWF.exe file to run it.
  • It will open a command prompt and ask you to "Press any key to continue".
  • At the Menu Press 2, then press Enter.
  • Press any key to continue.
  • A Notepad document FindAWF.txt will appear with instructions to click below the line and paste the list of files to be restored.
  • Right click below this line and select Paste, to paste the list of files copied to the clipboard earlier. Save and close the document.
  • The program will proceed to move the legit files and will perform another scan for .bak folder
  • It may take a few minutes to complete so be patient.
  • When it is complete, it will open a text file in notepad called AWF.txt.
  • Please copy and paste the contents of the AWF.txt file in your next reply.


Cheers,

sage5
  • 0

#13
JOMO

JOMO

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hello Sage5,

While performing the steps you outlined, a "Windows File Protection" dialog box came up. It says,

"Files that are required for Windows to run properly have been replaced by unrecognized versions. To maintain system stability, Windows must restore the original versions of these files. Insert your Windows XP Professional CD2 now"

. Is this something I need to do? The scan ran behind the dialog box.

Also, when shutting down the computer, a dialog box pops up that states that the ShellIconHiddenWindow program is not responding. Clicking Cancel will close the window and the computer will shut down gracefully.

Here is the log:

JOMO



Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully

The current date is: Tue 02/05/2008
The current time is: 18:50:39.81


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\DELLSU~1\BAK

07/16/2006 06:29 PM 389,120 DSAgnt.exe
1 File(s) 389,120 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

03/02/2007 03:24 PM 257,088 iTunesHelper.exe
1 File(s) 257,088 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

10/13/2004 08:24 AM 1,694,208 msmsgs.exe
1 File(s) 1,694,208 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

02/16/2007 10:54 AM 282,624 qttask.exe
1 File(s) 282,624 bytes

Directory of C:\WINDOWS\EHOME\BAK

09/29/2005 11:01 AM 67,584 ehtray.exe
1 File(s) 67,584 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/10/2004 02:00 AM 15,360 ctfmon.exe
1 File(s) 15,360 bytes

Directory of C:\PROGRA~1\DELL\MEDIAE~1\BAK

10/05/2005 12:12 AM 94,208 DMXLauncher.exe
1 File(s) 94,208 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK

10/05/2006 11:54 AM 169,984 GoogleDesktop.exe
1 File(s) 169,984 bytes

Directory of C:\PROGRA~1\INTEL\INTELM~1\BAK

07/06/2006 04:15 AM 151,552 Iaanotif.exe
1 File(s) 151,552 bytes

Directory of C:\WINDOWS\SYSTEM32\DLA\BAK

09/08/2005 02:20 AM 122,940 DLACTRLW.EXE
1 File(s) 122,940 bytes

Directory of C:\PROGRA~1\ADOBE\ACROBA~1.0\READER\BAK

03/30/2006 01:45 PM 313,472 AdobeUpdateManager.exe
1 File(s) 313,472 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\ACS\BAK

10/23/2006 04:50 AM 71,216 AOLDial.exe
1 File(s) 71,216 bytes

Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK

06/10/2005 07:44 AM 81,920 issch.exe
10/02/2007 08:13 PM 27,664 isuspm.exe
2 File(s) 109,584 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\117068~1\EE\BAK

09/25/2006 04:52 PM 50,736 AOLSoftware.exe
1 File(s) 50,736 bytes

Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK\BAK

06/10/2005 07:44 AM 249,856 isuspm.exe
1 File(s) 249,856 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

389120 Jul 16 2006 "C:\Program Files\Dell Support\bak\DSAgnt.exe"
257088 Mar 2 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Mar 10 2007 "C:\WINDOWS\Installer\{01B51908-02EF-453B-87A9-815182E8C2F2}\iTunesIco.exe"
116288 Mar 2 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.1.0.59\iTunesSetupAdmin.exe"
1694208 Oct 13 2004 "C:\Program Files\Messenger\bak\msmsgs.exe"
1694208 Oct 13 2004 "C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe"
27664 Oct 2 2007 "C:\Program Files\QuickTime\qttask.exe"
282624 Feb 16 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
59392 Aug 10 2004 "C:\WINDOWS\$NtUninstallKB900325$\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe"
67584 Sep 29 2005 "C:\WINDOWS\ehome\ehtray.exe"
67584 Sep 29 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
15360 Aug 10 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 10 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
94208 Oct 5 2005 "C:\Program Files\Dell\Media Experience\bak\DMXLauncher.exe"
5007104 Nov 9 2006 "C:\Brandon's Super Stuff\GoogleVideoPlayerSetup.exe"
4997120 Sep 21 2006 "C:\Brandon's Super Stuff\Google Video Player\GoogleVideoPlayer.exe"
52272 Feb 14 2007 "C:\Program Files\Google\googletoolbar4user.exe"
1529400 Aug 30 2006 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe"
68856 Aug 2 2007 "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
4997120 Sep 21 2006 "C:\Program Files\Google\Google Video Player\GoogleVideoPlayer.exe"
583696 Jan 6 2007 "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
138168 Feb 14 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
169984 Oct 5 2006 "C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
151552 Jul 6 2006 "C:\Program Files\Intel\Intel Matrix Storage Manager\bak\Iaanotif.exe"
122940 Sep 8 2005 "C:\WINDOWS\system32\DLA\DLACTRLW.EXE"
122940 Sep 8 2005 "C:\Program Files\Roxio\DLA\install\dlactrlw.exe"
122940 Sep 8 2005 "C:\WINDOWS\system32\DLA\bak\DLACTRLW.EXE"
313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"
71216 Oct 23 2006 "C:\Program Files\Common Files\AOL\ACS\bak\AOLDial.exe"
81920 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
27664 Oct 2 2007 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe"
249856 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\bak\isuspm.exe"
27664 Oct 2 2007 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe"
249856 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\bak\isuspm.exe"
50736 Sep 25 2006 "C:\Program Files\Common Files\AOL\1170684274\ee\bak\AOLSoftware.exe"
27664 Oct 2 2007 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe"
249856 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\bak\isuspm.exe"


end of report
  • 0

#14
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi JOMO ,

I don't think that was a success, so we will retry that in Safe Mode.

Reboot into Safe Mode:
  • Restart your Computer
  • As soon as it starts to boot up, tap your F8 key repeatedly.
  • This should bring up the Windows Advanced Options Menu.
  • Use your arrow keys to select Safe Mode and click the Enter key.


  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    "C:\Program Files\Dell Support\bak\DSAgnt.exe"
    "C:\Program Files\iTunes\bak\iTunesHelper.exe"
    "C:\Program Files\Messenger\bak\msmsgs.exe"
    "C:\Program Files\QuickTime\bak\qttask.exe"
    "C:\WINDOWS\ehome\bak\ehtray.exe"
    "C:\WINDOWS\system32\bak\ctfmon.exe"
    "C:\Program Files\Dell\Media Experience\bak\DMXLauncher.exe"
    "C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
    "C:\Program Files\Intel\Intel Matrix Storage Manager\bak\Iaanotif.exe"
    "C:\WINDOWS\system32\DLA\bak\DLACTRLW.EXE"
    "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"
    "C:\Program Files\Common Files\AOL\ACS\bak\AOLDial.exe"
    "C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
    "C:\Program Files\Common Files\InstallShield\UpdateService\bak\bak\isuspm.exe"
    "C:\Program Files\Common Files\InstallShield\UpdateService\bak\bak\isuspm.exe"
    "C:\Program Files\Common Files\AOL\1170684274\ee\bak\AOLSoftware.exe"

  • Double-click on the FindAWF.exe file to run it.
  • It will open a command prompt and ask you to "Press any key to continue".
  • At the Menu Press 2, then press Enter.
  • Press any key to continue.
  • A Notepad document FindAWF.txt will appear with instructions to click below the line and paste the list of files to be restored.
  • Right click below this line and select Paste, to paste the list of files copied to the clipboard earlier. Save and close the document.
  • The program will proceed to move the legit files and will perform another scan for .bak folder
  • It may take a few minutes to complete so be patient.
  • When it is complete, it will open a text file in notepad called AWF.txt.
  • Please copy and paste the contents of the AWF.txt file in your next reply.


Cheers,

sage5
  • 0

#15
JOMO

JOMO

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hi Sage5,

Ok, ran FindAWF procedure in Safe Mode as requested. Log follows below.

I noticed that while in Safe Mode, it says my system is updated to Windows SP2. I downloaded SP1a because I didn't run any of the updates and never upgraded to SP2 when I bought the computer. Is that anything to worry about? It is set up for automatic updates since last week.

Here is the log:

JOMO



Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully

The current date is: Wed 02/06/2008
The current time is: 22:40:45.67


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\DELLSU~1\BAK

07/16/2006 06:29 PM 389,120 DSAgnt.exe
1 File(s) 389,120 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

03/02/2007 03:24 PM 257,088 iTunesHelper.exe
1 File(s) 257,088 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

10/13/2004 08:24 AM 1,694,208 msmsgs.exe
1 File(s) 1,694,208 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

02/16/2007 10:54 AM 282,624 qttask.exe
1 File(s) 282,624 bytes

Directory of C:\WINDOWS\EHOME\BAK

09/29/2005 11:01 AM 67,584 ehtray.exe
1 File(s) 67,584 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/10/2004 02:00 AM 15,360 ctfmon.exe
1 File(s) 15,360 bytes

Directory of C:\PROGRA~1\DELL\MEDIAE~1\BAK

10/05/2005 12:12 AM 94,208 DMXLauncher.exe
1 File(s) 94,208 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK

10/05/2006 11:54 AM 169,984 GoogleDesktop.exe
1 File(s) 169,984 bytes

Directory of C:\PROGRA~1\INTEL\INTELM~1\BAK

07/06/2006 04:15 AM 151,552 Iaanotif.exe
1 File(s) 151,552 bytes

Directory of C:\WINDOWS\SYSTEM32\DLA\BAK

09/08/2005 02:20 AM 122,940 DLACTRLW.EXE
1 File(s) 122,940 bytes

Directory of C:\PROGRA~1\ADOBE\ACROBA~1.0\READER\BAK

03/30/2006 01:45 PM 313,472 AdobeUpdateManager.exe
1 File(s) 313,472 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\ACS\BAK

10/23/2006 04:50 AM 71,216 AOLDial.exe
1 File(s) 71,216 bytes

Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK

06/10/2005 07:44 AM 81,920 issch.exe
06/10/2005 07:44 AM 249,856 isuspm.exe
2 File(s) 331,776 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\117068~1\EE\BAK

09/25/2006 04:52 PM 50,736 AOLSoftware.exe
1 File(s) 50,736 bytes

Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK\BAK

06/10/2005 07:44 AM 249,856 isuspm.exe
1 File(s) 249,856 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

389120 Jul 16 2006 "C:\Program Files\Dell Support\DSAgnt.exe"
389120 Jul 16 2006 "C:\Program Files\Dell Support\bak\DSAgnt.exe"
257088 Mar 2 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
257088 Mar 2 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Mar 10 2007 "C:\WINDOWS\Installer\{01B51908-02EF-453B-87A9-815182E8C2F2}\iTunesIco.exe"
116288 Mar 2 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.1.0.59\iTunesSetupAdmin.exe"
1694208 Oct 13 2004 "C:\Program Files\Messenger\msmsgs.exe"
1694208 Oct 13 2004 "C:\Program Files\Messenger\bak\msmsgs.exe"
1694208 Oct 13 2004 "C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe"
282624 Feb 16 2007 "C:\Program Files\QuickTime\qttask.exe"
282624 Feb 16 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
59392 Aug 10 2004 "C:\WINDOWS\$NtUninstallKB900325$\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe"
67584 Sep 29 2005 "C:\WINDOWS\ehome\ehtray.exe"
67584 Sep 29 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
15360 Aug 10 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 10 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
94208 Oct 5 2005 "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
94208 Oct 5 2005 "C:\Program Files\Dell\Media Experience\bak\DMXLauncher.exe"
5007104 Nov 9 2006 "C:\Brandon's Super Stuff\GoogleVideoPlayerSetup.exe"
4997120 Sep 21 2006 "C:\Brandon's Super Stuff\Google Video Player\GoogleVideoPlayer.exe"
52272 Feb 14 2007 "C:\Program Files\Google\googletoolbar4user.exe"
1529400 Aug 30 2006 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe"
68856 Aug 2 2007 "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
4997120 Sep 21 2006 "C:\Program Files\Google\Google Video Player\GoogleVideoPlayer.exe"
583696 Jan 6 2007 "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
138168 Feb 14 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
169984 Oct 5 2006 "C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
151552 Jul 6 2006 "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
151552 Jul 6 2006 "C:\Program Files\Intel\Intel Matrix Storage Manager\bak\Iaanotif.exe"
122940 Sep 8 2005 "C:\WINDOWS\system32\DLA\DLACTRLW.EXE"
122940 Sep 8 2005 "C:\Program Files\Roxio\DLA\install\dlactrlw.exe"
122940 Sep 8 2005 "C:\WINDOWS\system32\DLA\bak\DLACTRLW.EXE"
313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe"
313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"
71216 Oct 23 2006 "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
71216 Oct 23 2006 "C:\Program Files\Common Files\AOL\ACS\bak\AOLDial.exe"
81920 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe"
81920 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
249856 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe"
249856 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\bak\isuspm.exe"
249856 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe"
249856 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\bak\isuspm.exe"
50736 Sep 25 2006 "C:\Program Files\Common Files\AOL\1170684274\ee\AOLSoftware.exe"
50736 Sep 25 2006 "C:\Program Files\Common Files\AOL\1170684274\ee\bak\AOLSoftware.exe"
249856 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe"
249856 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\bak\isuspm.exe"


end of report
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP