Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

hijack this logs and others [RESOLVED]

Started by snowtiger , Jan 29 2008 04:08 PM

This topic is locked

#1
snowtiger

Posted 29 January 2008 - 04:08 PM

New Member

Member
9 posts

hi everyone....im really hoping you can help me on this one.....a few days ago i started getting popup ie windows of ads...i decided to run housecall....it found and attempted to remove a bunch of trojans and virtumonde.....i have gone step by step through the processes recommended by this site.....with one exception...i could not run ATF cleaner till after all the others....i have tried removing all of the virus's and im not sure if the programs worked....i also have hundreds...possibly thousands of "pos" files scattered all over my pc.....i will post all the logs i have saved....i really appreciate you taking the time to look at this for me....thanks in advance...........terry

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:53:52 PM, on 1/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\terry\Desktop\VundoFix.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....me/displaylogin
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.ca...amp;ibd=0060914
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\terry\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....030/CTSUEng.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecu...vex/TmHcmsX.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by119fd.bay11...es/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://lucindabella....ad/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystan...acheManager.CAB
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15030/CTPID.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Print Spooler Service (v8uhi1buuee5irw) - Unknown owner - C:\WINDOWS\system32\um.exe (file missing)
O24 - Desktop Component 0: (no name) - C:\Program Files\Messenger\profsycys.html

--
End of file - 10051 bytes

Uninstall list
Adobe Flash Player ActiveX
Adobe Reader 7.0.9
Advanced Uninstaller PRO 2004 - version 6
Apple Software Update
ArcSoft VideoImpression 1.6FP
ATI Control Panel
ATI Display Driver
AVG Anti-Spyware 7.5
Canon iP1700
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
CDG Autoname
Classic PhoneTools
CloneCD
Conexant D850 56K V.9x DFVc Modem
Corel Photo Album 6
Creative Audio Console
Creative MediaSource
Cruise Ship Tycoon
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
DellSupport
Digital Line Detect
DivX 4.12 Codec
Easy-WebPrint
FinePixViewer Ver.2.0
FUJIFILM USB Driver
Google Desktop
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Intel A/V Codecs V2.0
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Jasc Paint Shop Pro 9
Java™ 6 Update 2
Java™ 6 Update 3
Java™ SE Runtime Environment 6 Update 1
Kaspersky Anti-Virus 6.0 SOS
Kaspersky Anti-Virus 6.0 SOS
KJ Pro
LimeWire 4.12.6
LiveSuite
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft Office Outlook 2003 with Business Contact Manager Update
Microsoft Office Professional Edition 2003
Microsoft Office Small Business Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
mIRC
Modem Helper
Mp3 To Wave Converter PLUS 2.03
MP3+G Toolz
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
NetWaiting
Nokia Multimedia Converter Pro v2.0
Panda ActiveScan
PineCam Z100
Pinnacle InstantCD/DVD Suite
Puzzle Pirates
QuickTime
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Sax & Dottys Karaoke Utilities
Sax & Dottys Karaoke Zip Player
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Sonic Activation Module
Sonic Advanced Decoder
Sonic Update Manager
Sound Blaster X-Fi
SUPERAntiSpyware Free Edition
The Sims Unleashed
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update Manager
Viewpoint Media Player
WebCyberCoach 3.2 Dell
Winamp (remove only)
Windows Defender
Windows Internet Explorer 7
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
WinRAR archiver
WinZip
WordPerfect OfficeReady
WordPerfect® Office X3 - Home Edition
Yahoo! Install Manager
Yahoo! Messenger

combo fix quarantine list

2007-09-23 19:05 279600 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\pac.txt.vir
2008-01-08 23:44 28747 --a------ C:\Qoobox\Quarantine\C\Temp\1cb\syscheck.log.vir
2008-01-26 17:45 38400 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\gebyvvu.dll.vir
2008-01-26 19:31 22 --a------ C:\Qoobox\Quarantine\C\WINDOWS\Fonts\a.zip.vir
2008-01-27 09:15 1142684 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\stymfeul.ini.vir
2008-01-27 18:24 333312 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\jkkjj.dll.vir
2008-01-28 17:04 1162207 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tfjbhvot.ini.vir
2008-01-28 17:07 1162276 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\kdfblvnq.ini.vir
2008-01-28 17:08 1162336 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\jkguaylk.ini.vir
2008-01-28 17:08 363 --a------ C:\Qoobox\Quarantine\C\WINDOWS\cookies.ini.vir
2008-01-28 20:21 76352 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\dagwtqlt.dll.vir
2008-01-28 22:38 88640 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\scaabnfo.dll.vir
2008-01-29 12:31 32060 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\diisougj.dllbox.vir
2008-01-29 12:36 1167185 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ofnbaacs.ini.vir
2008-01-29 12:44 258753 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\jjkkj.ini2.vir
2008-01-29 12:45 258753 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\jjkkj.ini.vir
2008-01-29 12:45 846 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_DOMAINSERVICE.reg.dat
2008-01-29 12:46 313 --a------ C:\Qoobox\Quarantine\catchme.log
2008-01-29 12:46 450331 --a------ C:\Qoobox\Quarantine\catchme2008-01-29_125247.01.zip
2008-01-29 12:49 163904 --ah----- C:\Qoobox\Quarantine\C\WINDOWS\system32\diisougj.dll.vir

ComboFix 08-01-29.3 - terry 2008-01-29 12:38:07.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.508 [GMT -6:00]
Running from: C:\Documents and Settings\terry\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\diisougj.dll
C:\WINDOWS\system32\jkkjj.dll
C:\Program Files\Temporary
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\system32\dagwtqlt.dll
C:\WINDOWS\system32\diisougj.dll
C:\WINDOWS\system32\diisougj.dllbox
C:\WINDOWS\system32\gebyvvu.dll
C:\WINDOWS\system32\jjkkj.ini
C:\WINDOWS\system32\jjkkj.ini2
C:\WINDOWS\system32\jkguaylk.ini
C:\WINDOWS\system32\jkkjj.dll
C:\WINDOWS\system32\kdfblvnq.ini
C:\WINDOWS\system32\ofnbaacs.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\scaabnfo.dll
C:\WINDOWS\system32\stymfeul.ini
C:\WINDOWS\system32\tfjbhvot.ini
C:\WINDOWS\Fonts\'

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE

((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-29 )))))))))))))))))))))))))))))))
.

2008-01-28 23:34 . 2008-01-28 23:34 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-01-28 23:31 . 2006-09-14 07:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Creative
2008-01-28 23:26 . 2008-01-28 23:26 <DIR> d-------- C:\Documents and Settings\terry\Application Data\Grisoft
2008-01-28 23:25 . 2008-01-28 23:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-28 23:25 . 2007-05-30 06:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-28 20:01 . 2007-11-19 11:24 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-28 17:37 . 2008-01-29 12:52 4,748,832 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-28 17:37 . 2008-01-29 12:51 64,652 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-28 17:37 . 2008-01-29 12:53 11,296 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-28 17:37 . 2008-01-29 12:51 2,108 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-28 17:35 . 2008-01-28 17:35 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-01-28 17:35 . 2008-01-29 12:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-28 17:34 . 2008-01-28 17:34 <DIR> d-------- C:\KAV
2008-01-28 17:12 . 2008-01-28 22:24 <DIR> d-------- C:\VundoFix Backups
2008-01-27 10:16 . 2008-01-27 10:16 268 --ah----- C:\sqmdata04.sqm
2008-01-27 10:16 . 2008-01-27 10:16 244 --ah----- C:\sqmnoopt04.sqm
2008-01-27 09:34 . 2008-01-27 09:34 <DIR> d-------- C:\Program Files\Windows Defender
2008-01-26 21:42 . 2008-01-26 21:57 1,045 --a------ C:\WINDOWS\eReg.dat
2008-01-26 21:16 . 2008-01-26 21:35 <DIR> d-------- C:\Program Files\Maxis
2008-01-26 19:40 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys
2008-01-26 17:48 . 2008-01-28 19:33 <DIR> d-------- C:\Program Files\Dot1XCfg
2008-01-26 17:45 . 2008-01-26 19:40 <DIR> d-------- C:\WINDOWS\system32\nGpxx18
2008-01-26 17:45 . 2008-01-26 19:31 <DIR> d-------- C:\WINDOWS\system32\aa3
2008-01-26 17:45 . 2008-01-26 17:45 <DIR> d-------- C:\Temp\gTiis19
2008-01-26 17:45 . 2008-01-26 17:45 <DIR> d-------- C:\Temp\cXzz9
2008-01-26 17:43 . 2008-01-26 17:44 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-24 12:40 . 2008-01-24 12:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell
2008-01-21 22:37 . 2008-01-26 19:40 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-21 22:37 . 2008-01-26 19:37 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-21 22:37 . 2008-01-26 19:37 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-21 22:37 . 2008-01-26 19:37 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-21 21:19 . 2008-01-21 21:27 <DIR> d-------- C:\Documents and Settings\Guest\.housecall6.6
2008-01-16 10:06 . 2008-01-16 10:18 <DIR> d-------- C:\ozzy cd
2008-01-08 18:00 . 2008-01-08 18:00 <DIR> d-------- C:\Documents and Settings\Cyn Baby\Application Data\AdobeUM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-27 04:53 --------- d-----w C:\Program Files\Paltalk Messenger
2008-01-27 04:53 --------- d-----w C:\Program Files\Elaborate Bytes
2008-01-27 04:53 --------- d-----w C:\Documents and Settings\terry\Application Data\Paltalk
2008-01-27 03:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-27 01:41 --------- d-----w C:\Program Files\MSN Messenger
2008-01-27 01:41 --------- d-----w C:\Program Files\FinePixViewer
2008-01-27 01:41 --------- d-----w C:\Program Files\DellSupport
2008-01-27 01:40 --------- d-----w C:\Program Files\LimeWire
2008-01-27 01:40 --------- d-----w C:\Program Files\Google
2008-01-26 20:10 --------- d-----w C:\Documents and Settings\Guest\Application Data\LimeWire
2008-01-17 01:26 --------- d-----w C:\Program Files\MP3+G Toolz .NET 4
2008-01-17 01:21 --------- d-----w C:\Program Files\Sax & Dottys Karaoke Zip Player
2008-01-15 03:29 --------- d-----w C:\Program Files\Kjpro
2007-12-22 21:46 --------- d-----w C:\Program Files\Swift Elite 4
2007-12-22 21:46 --------- d-----w C:\Program Files\Swift Elite 2.0
2007-12-22 16:48 40,352 ----a-w C:\WINDOWS\system32\drivers\USBkey.sys
2007-12-22 16:48 40,352 ----a-w C:\WINDOWS\inf\USBkey.sys
2007-12-22 16:47 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-12-22 04:08 --------- d-----w C:\Program Files\Swift Elite 1.0
2007-12-22 04:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-12-18 02:46 --------- d-----w C:\Program Files\DivXCodec
2007-12-18 02:34 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-18 02:12 --------- d-----w C:\Program Files\Nokia
2007-12-18 01:38 --------- d-----w C:\Program Files\TMPGEnc
2007-12-15 15:26 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-12-13 17:22 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-13 14:08 --------- d-----w C:\Documents and Settings\terry\Application Data\AdobeUM
2007-03-16 14:09 0 ----a-w C:\Documents and Settings\terry\Application Data\wklnhst.dat
2006-07-23 20:30 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2006-11-10 02:30 88 --sh--r C:\WINDOWS\system32\D82FDD3864.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 18:28 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2006-12-12 10:46 19456 C:\WINDOWS\system32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-12-12 10:46 20480 C:\WINDOWS\system32\Ctxfihlp.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 20:05 344064]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 02:12 94208]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 18:07 49152]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 04:20 122940]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-09-14 07:57 169984]
"CloneCDElbyCDFL"="C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 00:33 45056]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-13 19:10 409600]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 17:01 277296]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00 45056]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 11:01 122880]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 16:06 406016]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 16:55 267064]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe" [2007-11-19 14:40 231952]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 03:25 6731312]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-09-14 07:48:21 24576]
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2007-09-22 23:37:37 212992]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 21:07:32 81920]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Messenger\profsycys.html
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys [2003-08-01 14:47]
R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys [2004-07-06 17:06]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2006-10-13 17:01]
R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys [2004-06-01 12:41]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-12-19 08:36]
R3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-10-13 17:04]
S0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys []
S2 v8uhi1buuee5irw;Print Spooler Service;C:\WINDOWS\system32\um.exe []
S3 DivioUSBDCam;PineCam Z100;C:\WINDOWS\system32\DRIVERS\pcam.sys [2000-10-09 10:22]
S3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-01-21 20:36:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-29 18:55:25 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-29 12:53:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-01-29 13:00:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-29 19:00:34
.
2008-01-09 13:31:21 --- E O F ---

thanks again for checking this out
terry

#2
Rorschach112

Posted 01 February 2008 - 03:30 PM

Ralphie

Retired Staff
47,710 posts

Hello

Delete your version of ComboFix.exe and the folder C:\qoobox then do this

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

#3
snowtiger

Posted 03 February 2008 - 05:46 PM

New Member

Topic Starter
Member
9 posts

here is my new combofix log and the new hijackthis logs.............
ComboFix 08-02.03.1 - terry 2008-02-03 17:25:32.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.438 [GMT -6:00]
Running from: C:\Documents and Settings\terry\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://www.download.windowsupdate.com
.
((((((((((((((((((((((((( Files Created from 2008-01-03 to 2008-02-03 )))))))))))))))))))))))))))))))
.

2008-01-30 08:26 . 2008-01-30 08:26 <DIR> d-------- C:\Documents and Settings\Cyn Baby\Application Data\Grisoft
2008-01-29 19:46 . 2008-01-29 19:46 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Grisoft
2008-01-29 13:04 . 2008-01-29 13:05 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-29 13:04 . 2008-01-29 13:04 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-29 13:04 . 2008-01-29 13:04 <DIR> d-------- C:\Documents and Settings\terry\Application Data\SUPERAntiSpyware.com
2008-01-29 13:04 . 2008-01-29 13:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-28 23:34 . 2008-01-28 23:34 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-01-28 23:31 . 2006-09-14 07:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Creative
2008-01-28 23:26 . 2008-01-28 23:26 <DIR> d-------- C:\Documents and Settings\terry\Application Data\Grisoft
2008-01-28 23:25 . 2008-01-28 23:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-28 23:25 . 2007-05-30 06:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-28 20:01 . 2007-11-19 11:24 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-28 17:37 . 2008-02-03 17:30 5,919,008 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-28 17:37 . 2008-01-29 15:27 65,036 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-28 17:37 . 2008-02-03 17:31 45,856 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-28 17:37 . 2008-01-29 15:27 2,396 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-28 17:35 . 2008-01-28 17:35 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-01-28 17:35 . 2008-01-30 08:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-28 17:34 . 2008-01-28 17:34 <DIR> d-------- C:\KAV
2008-01-28 17:12 . 2008-01-29 15:36 <DIR> d-------- C:\VundoFix Backups
2008-01-27 10:16 . 2008-01-27 10:16 268 --ah----- C:\sqmdata04.sqm
2008-01-27 10:16 . 2008-01-27 10:16 244 --ah----- C:\sqmnoopt04.sqm
2008-01-27 09:34 . 2008-01-27 09:34 <DIR> d-------- C:\Program Files\Windows Defender
2008-01-26 21:42 . 2008-01-26 21:57 1,045 --a------ C:\WINDOWS\eReg.dat
2008-01-26 21:16 . 2008-01-26 21:35 <DIR> d-------- C:\Program Files\Maxis
2008-01-26 19:40 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys
2008-01-26 17:48 . 2008-01-28 19:33 <DIR> d-------- C:\Program Files\Dot1XCfg
2008-01-26 17:45 . 2008-01-26 19:40 <DIR> d-------- C:\WINDOWS\system32\nGpxx18
2008-01-26 17:45 . 2008-01-26 19:31 <DIR> d-------- C:\WINDOWS\system32\aa3
2008-01-26 17:45 . 2008-01-26 17:45 <DIR> d-------- C:\Temp\gTiis19
2008-01-26 17:45 . 2008-01-26 17:45 <DIR> d-------- C:\Temp\cXzz9
2008-01-26 17:43 . 2008-01-26 17:44 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-24 12:40 . 2008-01-24 12:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell
2008-01-21 22:37 . 2008-01-29 15:40 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-21 22:37 . 2008-01-29 15:38 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-21 22:37 . 2008-01-29 15:38 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-21 22:37 . 2008-01-29 15:38 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-21 21:19 . 2008-01-21 21:27 <DIR> d-------- C:\Documents and Settings\Guest\.housecall6.6
2008-01-16 10:06 . 2008-01-16 10:18 <DIR> d-------- C:\ozzy cd
2008-01-08 18:00 . 2008-01-08 18:00 <DIR> d-------- C:\Documents and Settings\Cyn Baby\Application Data\AdobeUM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-03 02:19 --------- d-----w C:\Documents and Settings\Guest\Application Data\LimeWire
2008-02-01 03:24 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-01-29 21:44 --------- d-----w C:\Program Files\Trend Micro
2008-01-27 04:53 --------- d-----w C:\Program Files\Paltalk Messenger
2008-01-27 04:53 --------- d-----w C:\Program Files\Elaborate Bytes
2008-01-27 04:53 --------- d-----w C:\Documents and Settings\terry\Application Data\Paltalk
2008-01-27 03:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-27 01:41 --------- d-----w C:\Program Files\MSN Messenger
2008-01-27 01:41 --------- d-----w C:\Program Files\FinePixViewer
2008-01-27 01:41 --------- d-----w C:\Program Files\DellSupport
2008-01-27 01:40 --------- d-----w C:\Program Files\LimeWire
2008-01-27 01:40 --------- d-----w C:\Program Files\Google
2008-01-17 01:26 --------- d-----w C:\Program Files\MP3+G Toolz .NET 4
2008-01-17 01:21 --------- d-----w C:\Program Files\Sax & Dottys Karaoke Zip Player
2008-01-15 03:29 --------- d-----w C:\Program Files\Kjpro
2007-12-22 21:46 --------- d-----w C:\Program Files\Swift Elite 4
2007-12-22 21:46 --------- d-----w C:\Program Files\Swift Elite 2.0
2007-12-22 16:48 8,968 ----a-w C:\WINDOWS\system32\KL2DLL.DLL
2007-12-22 16:48 77,824 ----a-w C:\WINDOWS\system32\NWKL2_32.DLL
2007-12-22 16:48 7,440 ----a-w C:\WINDOWS\system32\ppmon.dll
2007-12-22 16:48 40,352 ----a-w C:\WINDOWS\system32\drivers\USBkey.sys
2007-12-22 16:48 40,352 ----a-w C:\WINDOWS\inf\USBkey.sys
2007-12-22 16:48 33,792 ----a-w C:\WINDOWS\system32\regini.exe
2007-12-22 16:48 33,792 ----a-w C:\WINDOWS\system32\dllcache\regini.exe
2007-12-22 16:48 28,672 ----a-w C:\WINDOWS\system32\KL2DLL32.DLL
2007-12-22 16:48 24,136 ----a-w C:\WINDOWS\system32\ppmon.exe
2007-12-22 16:48 12,480 ----a-w C:\WINDOWS\system32\KL2N.DLL
2007-12-22 16:47 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-12-22 04:08 --------- d-----w C:\Program Files\Swift Elite 1.0
2007-12-22 04:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-12-18 02:46 --------- d-----w C:\Program Files\DivXCodec
2007-12-18 02:34 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-18 02:12 --------- d-----w C:\Program Files\Nokia
2007-12-18 01:38 --------- d-----w C:\Program Files\TMPGEnc
2007-12-15 15:26 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-12-13 17:22 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-13 14:08 --------- d-----w C:\Documents and Settings\terry\Application Data\AdobeUM
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-03-16 14:09 0 ----a-w C:\Documents and Settings\terry\Application Data\wklnhst.dat
2006-07-23 20:30 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2006-11-10 02:30 88 --sh--r C:\WINDOWS\system32\D82FDD3864.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 18:28 68856]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2006-12-12 10:46 19456 C:\WINDOWS\system32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-12-12 10:46 20480 C:\WINDOWS\system32\Ctxfihlp.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 20:05 344064]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 02:12 94208]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 18:07 49152]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 04:20 122940]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-09-14 07:57 169984]
"CloneCDElbyCDFL"="C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 00:33 45056]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-13 19:10 409600]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 17:01 277296]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00 45056]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 11:01 122880]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 16:06 406016]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 16:55 267064]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe" [2007-11-19 14:40 231952]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 03:25 6731312]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-09-14 07:48:21 24576]
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2007-09-22 23:37:37 212992]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 21:07:32 81920]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Messenger\profsycys.html
FriendlyName=

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys [2003-08-01 14:47]
R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys [2004-07-06 17:06]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2006-10-13 17:01]
R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys [2004-06-01 12:41]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-12-19 08:36]
R3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-10-13 17:04]
S0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys []
S2 v8uhi1buuee5irw;Print Spooler Service;C:\WINDOWS\system32\um.exe []
S3 DivioUSBDCam;PineCam Z100;C:\WINDOWS\system32\DRIVERS\pcam.sys [2000-10-09 10:22]
S3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-01-21 20:36:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-03 07:52:19 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-03 17:31:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\Google\Google Desktop Search\GoogleDesktopDeskbar2.dll
-> C:\Program Files\Google\Google Desktop Search\GoogleDesktopHyper.dll
-> C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll
.
Completion time: 2008-02-03 17:32:46
ComboFix-quarantined-files.txt 2008-02-03 23:32:42
ComboFix2.txt 2008-01-29 19:00:38
.
2008-01-30 00:18:43 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:42:13 PM, on 2/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.siast.sk....me/displaylogin
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.ca...amp;ibd=0060914
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\terry\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....030/CTSUEng.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecu...vex/TmHcmsX.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by119fd.bay11...es/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://lucindabella....ad/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystan...acheManager.CAB
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15030/CTPID.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Print Spooler Service (v8uhi1buuee5irw) - Unknown owner - C:\WINDOWS\system32\um.exe (file missing)
O24 - Desktop Component 0: (no name) - C:\Program Files\Messenger\profsycys.html

--
End of file - 9983 bytes

Thanks again....i appreciate your help

#4
Rorschach112

Posted 03 February 2008 - 06:11 PM

Ralphie

Retired Staff
47,710 posts

Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
C:\Program Files\Dot1XCfg
C:\WINDOWS\system32\nGpxx18
C:\WINDOWS\system32\aa3
C:\Temp\gTiis19
C:\Temp\cXzz9

Driver::
v8uhi1buuee5irw

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Reboot and post a new HijackThis log

#5
snowtiger

Posted 03 February 2008 - 06:49 PM

New Member

Topic Starter
Member
9 posts

new hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:42:11 PM, on 2/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.siast.sk....me/displaylogin
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.ca...amp;ibd=0060914
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\terry\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....030/CTSUEng.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecu...vex/TmHcmsX.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by119fd.bay11...es/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://lucindabella....ad/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystan...acheManager.CAB
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15030/CTPID.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Messenger\profsycys.html

--
End of file - 9526 bytes

#6
Rorschach112

Posted 04 February 2008 - 07:47 AM

Ralphie

Retired Staff
47,710 posts

Can you post the ComboFix log and do this

Download and scan with SUPERAntiSpyware Free for Home Users

Double-click SUPERAntiSpyware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
Under "Configuration and Preferences", click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
Click the "Close" button to leave the control center screen.
Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
On the left, make sure you check C:\Fixed Drive.
On the right, under "Complete Scan", choose Perform Complete Scan.
Click "Next" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
Make sure everything has a checkmark next to it and click "Next".
A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
If asked if you want to reboot, click "Yes".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

#7
snowtiger

Posted 04 February 2008 - 08:06 AM

New Member

Topic Starter
Member
9 posts

i have already run superantispyware but i will do it again....here is the combofix log.....it stalled on restart so i had to run it twice

ComboFix 08-01-29.3 - terry 2008-01-29 12:38:07.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.508 [GMT -6:00]
Running from: C:\Documents and Settings\terry\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\diisougj.dll
C:\WINDOWS\system32\jkkjj.dll
C:\Program Files\Temporary
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\system32\dagwtqlt.dll
C:\WINDOWS\system32\diisougj.dll
C:\WINDOWS\system32\diisougj.dllbox
C:\WINDOWS\system32\gebyvvu.dll
C:\WINDOWS\system32\jjkkj.ini
C:\WINDOWS\system32\jjkkj.ini2
C:\WINDOWS\system32\jkguaylk.ini
C:\WINDOWS\system32\jkkjj.dll
C:\WINDOWS\system32\kdfblvnq.ini
C:\WINDOWS\system32\ofnbaacs.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\scaabnfo.dll
C:\WINDOWS\system32\stymfeul.ini
C:\WINDOWS\system32\tfjbhvot.ini
C:\WINDOWS\Fonts\'

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE

((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-29 )))))))))))))))))))))))))))))))
.

2008-01-28 23:34 . 2008-01-28 23:34 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-01-28 23:31 . 2006-09-14 07:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Creative
2008-01-28 23:26 . 2008-01-28 23:26 <DIR> d-------- C:\Documents and Settings\terry\Application Data\Grisoft
2008-01-28 23:25 . 2008-01-28 23:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-28 23:25 . 2007-05-30 06:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-28 20:01 . 2007-11-19 11:24 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-28 17:37 . 2008-01-29 12:52 4,748,832 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-28 17:37 . 2008-01-29 12:51 64,652 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-28 17:37 . 2008-01-29 12:53 11,296 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-28 17:37 . 2008-01-29 12:51 2,108 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-28 17:35 . 2008-01-28 17:35 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-01-28 17:35 . 2008-01-29 12:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-28 17:34 . 2008-01-28 17:34 <DIR> d-------- C:\KAV
2008-01-28 17:12 . 2008-01-28 22:24 <DIR> d-------- C:\VundoFix Backups
2008-01-27 10:16 . 2008-01-27 10:16 268 --ah----- C:\sqmdata04.sqm
2008-01-27 10:16 . 2008-01-27 10:16 244 --ah----- C:\sqmnoopt04.sqm
2008-01-27 09:34 . 2008-01-27 09:34 <DIR> d-------- C:\Program Files\Windows Defender
2008-01-26 21:42 . 2008-01-26 21:57 1,045 --a------ C:\WINDOWS\eReg.dat
2008-01-26 21:16 . 2008-01-26 21:35 <DIR> d-------- C:\Program Files\Maxis
2008-01-26 19:40 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys
2008-01-26 17:48 . 2008-01-28 19:33 <DIR> d-------- C:\Program Files\Dot1XCfg
2008-01-26 17:45 . 2008-01-26 19:40 <DIR> d-------- C:\WINDOWS\system32\nGpxx18
2008-01-26 17:45 . 2008-01-26 19:31 <DIR> d-------- C:\WINDOWS\system32\aa3
2008-01-26 17:45 . 2008-01-26 17:45 <DIR> d-------- C:\Temp\gTiis19
2008-01-26 17:45 . 2008-01-26 17:45 <DIR> d-------- C:\Temp\cXzz9
2008-01-26 17:43 . 2008-01-26 17:44 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-24 12:40 . 2008-01-24 12:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell
2008-01-21 22:37 . 2008-01-26 19:40 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-21 22:37 . 2008-01-26 19:37 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-21 22:37 . 2008-01-26 19:37 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-21 22:37 . 2008-01-26 19:37 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-21 21:19 . 2008-01-21 21:27 <DIR> d-------- C:\Documents and Settings\Guest\.housecall6.6
2008-01-16 10:06 . 2008-01-16 10:18 <DIR> d-------- C:\ozzy cd
2008-01-08 18:00 . 2008-01-08 18:00 <DIR> d-------- C:\Documents and Settings\Cyn Baby\Application Data\AdobeUM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-27 04:53 --------- d-----w C:\Program Files\Paltalk Messenger
2008-01-27 04:53 --------- d-----w C:\Program Files\Elaborate Bytes
2008-01-27 04:53 --------- d-----w C:\Documents and Settings\terry\Application Data\Paltalk
2008-01-27 03:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-27 01:41 --------- d-----w C:\Program Files\MSN Messenger
2008-01-27 01:41 --------- d-----w C:\Program Files\FinePixViewer
2008-01-27 01:41 --------- d-----w C:\Program Files\DellSupport
2008-01-27 01:40 --------- d-----w C:\Program Files\LimeWire
2008-01-27 01:40 --------- d-----w C:\Program Files\Google
2008-01-26 20:10 --------- d-----w C:\Documents and Settings\Guest\Application Data\LimeWire
2008-01-17 01:26 --------- d-----w C:\Program Files\MP3+G Toolz .NET 4
2008-01-17 01:21 --------- d-----w C:\Program Files\Sax & Dottys Karaoke Zip Player
2008-01-15 03:29 --------- d-----w C:\Program Files\Kjpro
2007-12-22 21:46 --------- d-----w C:\Program Files\Swift Elite 4
2007-12-22 21:46 --------- d-----w C:\Program Files\Swift Elite 2.0
2007-12-22 16:48 40,352 ----a-w C:\WINDOWS\system32\drivers\USBkey.sys
2007-12-22 16:48 40,352 ----a-w C:\WINDOWS\inf\USBkey.sys
2007-12-22 16:47 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-12-22 04:08 --------- d-----w C:\Program Files\Swift Elite 1.0
2007-12-22 04:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-12-18 02:46 --------- d-----w C:\Program Files\DivXCodec
2007-12-18 02:34 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-18 02:12 --------- d-----w C:\Program Files\Nokia
2007-12-18 01:38 --------- d-----w C:\Program Files\TMPGEnc
2007-12-15 15:26 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-12-13 17:22 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-13 14:08 --------- d-----w C:\Documents and Settings\terry\Application Data\AdobeUM
2007-03-16 14:09 0 ----a-w C:\Documents and Settings\terry\Application Data\wklnhst.dat
2006-07-23 20:30 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2006-11-10 02:30 88 --sh--r C:\WINDOWS\system32\D82FDD3864.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 18:28 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2006-12-12 10:46 19456 C:\WINDOWS\system32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-12-12 10:46 20480 C:\WINDOWS\system32\Ctxfihlp.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 20:05 344064]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 02:12 94208]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 18:07 49152]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 04:20 122940]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-09-14 07:57 169984]
"CloneCDElbyCDFL"="C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 00:33 45056]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-13 19:10 409600]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 17:01 277296]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00 45056]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 11:01 122880]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 16:06 406016]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 16:55 267064]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe" [2007-11-19 14:40 231952]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 03:25 6731312]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-09-14 07:48:21 24576]
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2007-09-22 23:37:37 212992]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 21:07:32 81920]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Messenger\profsycys.html
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys [2003-08-01 14:47]
R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys [2004-07-06 17:06]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2006-10-13 17:01]
R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys [2004-06-01 12:41]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-12-19 08:36]
R3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-10-13 17:04]
S0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys []
S2 v8uhi1buuee5irw;Print Spooler Service;C:\WINDOWS\system32\um.exe []
S3 DivioUSBDCam;PineCam Z100;C:\WINDOWS\system32\DRIVERS\pcam.sys [2000-10-09 10:22]
S3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-01-21 20:36:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-29 18:55:25 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-29 12:53:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-01-29 13:00:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-29 19:00:34
.
2008-01-09 13:31:21 --- E O F ---

#8
Rorschach112

Posted 04 February 2008 - 08:09 AM

Ralphie

Retired Staff
47,710 posts

Do this as well please

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

#9
snowtiger

Posted 04 February 2008 - 03:48 PM

New Member

Topic Starter
Member
9 posts

here is the other file

Deckard's System Scanner v20071014.68
Run by terry on 2008-02-04 08:12:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
12: 2008-02-04 14:12:41 UTC - RP13 - Deckard's System Scanner Restore Point
11: 2008-02-04 00:23:25 UTC - RP12 - ComboFix created restore point
10: 2008-02-03 23:25:07 UTC - RP11 - ComboFix created restore point
9: 2008-02-02 09:20:00 UTC - RP10 - System Checkpoint
8: 2008-02-01 07:51:49 UTC - RP9 - Software Distribution Service 3.0

-- First Restore Point --
1: 2008-01-29 18:38:44 UTC - RP2 - before virus removal

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as terry.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:15:00 AM, on 2/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\Documents and Settings\terry\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\terry.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.siast.sk....me/displaylogin
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.ca...amp;ibd=0060914
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-684138942-2715311507-2519255305-501\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" (User 'Guest')
O4 - HKUS\S-1-5-21-684138942-2715311507-2519255305-501\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Guest')
O4 - HKUS\S-1-5-21-684138942-2715311507-2519255305-501\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Guest')
O4 - HKUS\S-1-5-21-684138942-2715311507-2519255305-501\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Guest')
O4 - HKUS\S-1-5-21-684138942-2715311507-2519255305-501\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (User 'Guest')
O4 - HKUS\S-1-5-21-684138942-2715311507-2519255305-501\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Guest')
O4 - HKUS\S-1-5-21-684138942-2715311507-2519255305-501\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User 'Guest')
O4 - HKUS\S-1-5-21-684138942-2715311507-2519255305-501\..\Run: [DDC] C:\DOCUME~1\Guest\LOCALS~1\Temp\hrmhnmwi.exe (User 'Guest')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\terry\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....030/CTSUEng.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecu...vex/TmHcmsX.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by119fd.bay11...es/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://lucindabella....ad/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystan...acheManager.CAB
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15030/CTPID.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Messenger\profsycys.html

--
End of file - 11055 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 VOBID - c:\windows\system32\drivers\vobid.sys <Not Verified; Pinnacle Systems; InstantDrive>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R1 vobiw - c:\windows\system32\drivers\vobiw.sys <Not Verified; Pinnacle Systems GmbH; InstantWrite>
R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R3 ASAPIW2K - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; Pinnacle Systems GmbH; asapi>
R3 cdrdrv - c:\windows\system32\drivers\cdrdrv.sys <Not Verified; Pinnacle Systems GmbH; InstantWrite>
R3 ElbyCDFL - c:\windows\system32\drivers\elbycdfl.sys <Not Verified; Elaborate Bytes AG; CloneCD>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S0 stwlfbus - c:\windows\system32\drivers\stwlfbus.sys (file missing)
S3 DivioUSBDCam (PineCam Z100) - c:\windows\system32\drivers\pcam.sys <Not Verified; Divio Inc.; PineCam Z100>
S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 st3wolf - c:\windows\system32\drivers\st3wolf.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description: ST3WOLF SCSI Controller
Device ID: ROOT\*ST3T33\0000
Manufacturer: (Standard mass storage controllers)
Name: ST3WOLF SCSI Controller
PNP Device ID: ROOT\*ST3T33\0000
Service: st3wolf

Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: PnP BIOS Extension
Device ID: ROOT\SYSTEM\0003
Manufacturer: (Standard system devices)
Name: PnP BIOS Extension
PNP Device ID: ROOT\SYSTEM\0003
Service: stwlfbus

-- Scheduled Tasks -------------------------------------------------------------

2008-02-04 02:06:27 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-01-21 14:36:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2008-01-04 and 2008-02-04 -----------------------------

2008-02-03 17:23:27 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-02-03 17:23:27 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-02-03 17:23:27 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-02-03 17:23:27 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-01-30 08:26:23 0 d-------- C:\Documents and Settings\Cyn Baby\Application Data\Grisoft
2008-01-29 19:46:49 0 d-------- C:\Documents and Settings\Guest\Application Data\Grisoft
2008-01-29 13:04:52 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-29 13:04:35 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-01-29 13:04:35 0 d-------- C:\Documents and Settings\terry\Application Data\SUPERAntiSpyware.com
2008-01-29 13:04:12 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-28 23:34:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-01-28 23:31:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-01-28 23:31:57 0 d-------- C:\Documents and Settings\Administrator\Application Data\Creative
2008-01-28 23:31:55 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-01-28 23:31:55 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-01-28 23:31:55 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-01-28 23:31:55 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-01-28 23:31:55 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-01-28 23:31:54 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-01-28 23:31:53 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-01-28 23:31:53 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-01-28 23:31:53 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-01-28 23:31:53 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-01-28 23:31:53 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-01-28 23:31:53 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-01-28 23:31:53 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-01-28 23:31:51 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-01-28 23:26:10 0 d-------- C:\Documents and Settings\terry\Application Data\Grisoft
2008-01-28 23:25:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-28 17:37:12 61728 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-28 17:37:12 6368800 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-28 17:35:04 0 d-------- C:\Program Files\Kaspersky Lab
2008-01-28 17:35:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-28 17:34:27 0 d-------- C:\KAV
2008-01-28 17:12:21 0 d-------- C:\VundoFix Backups
2008-01-27 09:34:06 0 d-------- C:\Program Files\Windows Defender
2008-01-26 21:42:42 1045 --a------ C:\WINDOWS\eReg.dat
2008-01-26 21:16:01 0 d-------- C:\Program Files\Maxis
2008-01-26 19:40:15 8576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-01-26 17:43:37 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-24 12:40:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Dell
2008-01-21 22:37:11 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-21 21:19:46 0 d-------- C:\Documents and Settings\Guest\.housecall6.6
2008-01-19 11:57:58 0 d-------- C:\Documents and Settings\Guest\Application Data\Help
2008-01-16 10:06:25 0 d-------- C:\ozzy cd
2008-01-08 18:00:16 0 d-------- C:\Documents and Settings\Cyn Baby\Application Data\AdobeUM

-- Find3M Report ---------------------------------------------------------------

2008-01-31 21:24:14 4184 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-01-29 15:44:22 0 d-------- C:\Program Files\Trend Micro
2008-01-29 13:04:12 0 d-------- C:\Program Files\Common Files
2008-01-28 22:02:16 0 d-------- C:\Program Files\Messenger
2008-01-28 06:56:58 0 d-------- C:\Program Files\Online Services
2008-01-26 22:53:48 0 d-------- C:\Program Files\Elaborate Bytes
2008-01-26 22:53:33 0 d-------- C:\Program Files\Paltalk Messenger
2008-01-26 22:53:33 0 d-------- C:\Documents and Settings\terry\Application Data\Paltalk
2008-01-26 21:56:10 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-26 19:41:18 0 d-------- C:\Program Files\MSN Messenger
2008-01-26 19:41:14 0 d-------- C:\Program Files\FinePixViewer
2008-01-26 19:41:05 0 d-------- C:\Program Files\DellSupport
2008-01-26 19:40:47 0 d-------- C:\Program Files\LimeWire
2008-01-26 19:40:38 0 d-------- C:\Program Files\Google
2008-01-16 19:26:21 0 d-------- C:\Program Files\MP3+G Toolz .NET 4
2008-01-16 19:21:09 0 d-------- C:\Program Files\Sax & Dottys Karaoke Zip Player
2008-01-14 21:29:39 0 d-------- C:\Program Files\Kjpro
2007-12-22 15:46:45 0 d-------- C:\Program Files\Swift Elite 2.0
2007-12-22 15:46:29 0 d-------- C:\Program Files\Swift Elite 4
2007-12-22 10:48:28 28672 --a------ C:\WINDOWS\system32\KL2DLL32.DLL
2007-12-22 10:48:27 24136 --a------ C:\WINDOWS\system32\ppmon.exe
2007-12-22 10:48:27 7440 --a------ C:\WINDOWS\system32\ppmon.dll
2007-12-22 10:48:27 77824 --a------ C:\WINDOWS\system32\NWKL2_32.DLL
2007-12-22 10:48:27 12480 --a------ C:\WINDOWS\system32\KL2N.DLL
2007-12-22 10:48:27 8968 --a------ C:\WINDOWS\system32\KL2DLL.DLL
2007-12-22 10:47:30 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-12-21 22:08:44 0 d-------- C:\Program Files\Swift Elite 1.0
2007-12-20 23:21:59 0 d-------- C:\Documents and Settings\terry\Application Data\Adobe
2007-12-17 20:46:04 0 d-------- C:\Program Files\DivXCodec
2007-12-17 20:34:33 0 d-------- C:\Program Files\Windows Media Connect 2
2007-12-17 20:12:25 0 d-------- C:\Program Files\Nokia
2007-12-17 19:38:09 0 d-------- C:\Program Files\TMPGEnc
2007-12-15 09:26:35 0 d-------- C:\Program Files\Windows Live Safety Center
2007-12-13 11:22:24 0 d-------- C:\Program Files\Common Files\Adobe
2007-12-13 08:08:05 0 d-------- C:\Documents and Settings\terry\Application Data\AdobeUM

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [12/12/2006 10:46 AM C:\WINDOWS\system32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [12/12/2006 10:46 AM C:\WINDOWS\system32\Ctxfihlp.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/05/2005 08:05 PM]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [10/05/2005 02:12 AM]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [11/04/2005 06:07 PM]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [08/11/2005 04:30 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [08/11/2005 04:30 PM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [09/08/2005 04:20 AM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [09/14/2006 07:57 AM]
"CloneCDElbyCDFL"="C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [11/02/2002 12:33 AM]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [01/13/2004 07:10 PM]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [10/13/2006 05:01 PM]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [06/18/2003 01:00 AM]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [10/14/2005 11:01 AM]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [11/10/2003 04:06 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 06:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/07/2007 04:55 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe" [11/19/2007 02:40 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 03:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 04:00 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/18/2007 06:28 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/27/2007 11:39 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [9/14/2006 7:48:21 AM]
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [9/22/2007 11:37:37 PM]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [5/3/2005 9:07:32 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Messenger\profsycys.html
FriendlyName=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 11:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

-- End of Deckard's System Scanner: finished at 2008-02-04 08:15:49 ------------

#10
snowtiger

Posted 04 February 2008 - 03:54 PM

New Member

Topic Starter
Member
9 posts

i forgot the extra text....here it is

Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® D CPU 3.00GHz
CPU 1: Intel® Pentium® D CPU 3.00GHz
Percentage of Memory in Use: 44%
Physical Memory (total/avail): 1022.07 MiB / 569.61 MiB
Pagefile Memory (total/avail): 2459.43 MiB / 1735.55 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.91 MiB

C: is Fixed (NTFS) - 228.94 GiB total, 111.07 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD2500JS-75NCB3 - 232.83 GiB - 3 partitions
\PARTITION0 - Unknown - 54.88 MiB
\PARTITION1 (bootable) - Installable File System - 228.94 GiB - C:
\PARTITION2 - Unknown - 3.83 GiB

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\terry\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TERRY123
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\terry
LOGONSERVER=\\TERRY123
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0604
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\terry\LOCALS~1\Temp
TMP=C:\DOCUME~1\terry\LOCALS~1\Temp
USERDOMAIN=TERRY123
USERNAME=terry
USERPROFILE=C:\Documents and Settings\terry
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

terry (admin)
Cyn Baby (admin)
Administrator (new local, admin)
Guest (guest)

-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative\Sound Blaster X-Fi\Program\SETUP.EXE" /S /U /W
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E5AA361-4B16-4282-B639-9E5B2B6A2EC8}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E5AA361-4B16-4282-B639-9E5B2B6A2EC8}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EF644C7-1A0D-4B94-9AF5-AD04702094A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EF644C7-1A0D-4B94-9AF5-AD04702094A4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32903944-19A2-418C-901D-4BBAF4C55ABA}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32903944-19A2-418C-901D-4BBAF4C55ABA}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44267176-A318-447F-A62A-0A5FD608C34F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44267176-A318-447F-A62A-0A5FD608C34F}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D8AA0B4-E890-4BF7-A9D1-8E63027E76D3}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D8AA0B4-E890-4BF7-A9D1-8E63027E76D3}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6349CEE9-19F2-49D9-AC9D-B0350E3CBDB1}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6349CEE9-19F2-49D9-AC9D-B0350E3CBDB1}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BF90A01-FA3F-42B9-A071-7D744409967E}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BF90A01-FA3F-42B9-A071-7D744409967E}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B026740-A400-48FF-8F6B-B37C4F61C937}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B026740-A400-48FF-8F6B-B37C4F61C937}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B49BCFF0-64CC-4E0E-AD9D-91BFBD344BAE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B49BCFF0-64CC-4E0E-AD9D-91BFBD344BAE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5AF6143-E738-4768-A5E6-C07C68A464A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5AF6143-E738-4768-A5E6-C07C68A464A4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8DA9EB2-DBEF-4F0A-B90A-45B77D9E65B2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8DA9EB2-DBEF-4F0A-B90A-45B77D9E65B2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C229589D-CC1A-43FF-9507-CDED3AB85325}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C229589D-CC1A-43FF-9507-CDED3AB85325}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D8A544F4-AC5F-4B67-9C74-F3E976798797}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D8A544F4-AC5F-4B67-9C74-F3E976798797}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\SETUP.EXE" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\SETUP.EXE" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Advanced Uninstaller PRO 2004 - version 6 --> "C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO 2004 version 6\unins000.exe"
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft VideoImpression 1.6FP --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\VideoImpression\Uninst.isu"
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Canon iP1700 --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1700\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1700 /L0x0009
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Canon Utilities Easy-PrintToolBox --> C:\WINDOWS\BJPSUNST.EXE
CDG Autoname --> C:\Program Files\CDG Autoname 2.0\uninstall.exe
Classic PhoneTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}\setup.exe" -l0x9 ControlPanel
CloneCD --> "C:\Program Files\Elaborate Bytes\CloneCD\ccd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneCD"
Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Corel Photo Album 6 --> MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354}
Creative Audio Console --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9 /remove
Creative MediaSource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\setup.exe" -l0x9 /remove
Cruise Ship Tycoon --> C:\PROGRA~1\ACTIVI~1\CRUISE~1\UNINST~1\UNINST~1.EXE C:\Program Files\Activision Value\Cruise Ship Tycoon\uninstall\Cruise Ship Tycoon.log
Dell CinePlayer --> MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
DivX 4.12 Codec --> "C:\Program Files\DivXCodec\uninstall.exe"
Dot1XCfg --> "C:\Program Files\Dot1XCfg\Dot1XCfg.exe" -uninstall
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
FinePixViewer Ver.2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE"
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
IMVU Avatar Chat Software --> C:\Program Files\IMVU\Uninstall.exe
Intel A/V Codecs V2.0 --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\CDUninst.isu
Intel® PRO Network Connections Drivers --> Prounstl.exe
Intel® PROSet for Wired Connections --> MsiExec.exe /I{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}
iTunes --> MsiExec.exe /I{B8A204BC-7177-470E-BBDD-47256D05B325}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Jasc Paint Shop Pro 9 --> MsiExec.exe /I{F843C6A3-224D-4615-94F8-3C461BD9AEA0}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky Anti-Virus 6.0 SOS --> MsiExec.exe /I{3AD203DE-D2DE-47F3-B319-76C411E465AC}
Kaspersky Anti-Virus 6.0 SOS --> MsiExec.exe /I{3AD203DE-D2DE-47F3-B319-76C411E465AC}
KJ Pro --> "C:\Program Files\Kjpro\uninstall.exe" C:\PROGRA~1\Kjpro\install.log
LimeWire 4.12.6 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveSuite --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Intercom\LiveSuite\Uninst.isu"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft LifeCam --> MsiExec.exe /X{8CFC7570-DD90-486E-A239-E31D455BDE93}
Microsoft Office Outlook 2003 with Business Contact Manager Update --> MsiExec.exe /I{BA68600E-96D9-4E92-80F2-26B9681B5A63}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Small Business Edition 2003 --> MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
mIRC --> "C:\Myriad\mirc.exe" -uninstall
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mp3 To Wave Converter PLUS 2.03 --> C:\PROGRA~1\ACOUST~1\UNWISE.EXE C:\PROGRA~1\ACOUST~1\INSTALL.LOG
MP3+G Toolz --> MsiExec.exe /I{F50A4470-7A45-4A5A-97F8-806990B736C2}
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Nokia Multimedia Converter Pro v2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Nokia\MMConverterPro2\Setup\{08A4C07B-204D-11D6-AF25-00B0D0797201}\Setup.exe"
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PineCam Z100 --> C:\WINDOWS\pcamrm.exe pcam2
Pinnacle InstantCD/DVD Suite --> MsiExec.exe /I{8B216CB3-F43B-4C7B-B30F-E4111A7F37A7}
Puzzle Pirates --> C:\Program Files\Three Rings Design\Puzzle Pirates\Uninstall-yohoho.exe
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Roxio DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Roxio RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sax & Dottys Karaoke Utilities --> C:\PROGRA~1\SAX&DO~2\KARAOK~1\UNWISE.EXE C:\PROGRA~1\SAX&DO~2\KARAOK~1\INSTALL.LOG
Sax & Dottys Karaoke Zip Player --> C:\PROGRA~1\SAX&DO~1\UNWISE.EXE C:\PROGRA~1\SAX&DO~1\INSTALL.LOG
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sonic Activation Module --> MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Advanced Decoder --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{46C73DE4-E96D-4F7C-8371-F28052183B12}\setup.exe" -l0x9
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sound Blaster X-Fi --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}\setup.exe" -l0x9 /remove
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
The Sims Unleashed --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C32C567-DC0F-4C80-B06C-7873850A2E06}\setup.exe" -l0009
Update Manager --> MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WordPerfect OfficeReady --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{737D7CA8-D05C-46C7-AFED-A76616E8CA3B}\setup.exe"
WordPerfect® Office X3 - Home Edition --> MsiExec.exe /I{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

-- Application Event Log -------------------------------------------------------

Event Record #/Type58263 / Error
Event Submitted/Written: 02/04/2008 02:06:26 AM
Event ID/Source: 5000 / MPSampleSubmission
Event Description:
EventType mptelemetry, P1 80072ee2, P2 endsearch, P3 search, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Event Record #/Type58261 / Warning
Event Submitted/Written: 02/03/2008 09:13:24 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{8A9B8148-DDD7-448F-BD6C-358386D32354}', feature 'PaintShopPhotoAlbum' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'

Event Record #/Type58260 / Warning
Event Submitted/Written: 02/03/2008 09:13:24 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{8A9B8148-DDD7-448F-BD6C-358386D32354}', feature 'PaintShopPhotoAlbum', component '{25F669D8-9DC1-44D1-A06B-28E42E930387}' failed. The resource 'HKEY_CURRENT_USER\Software\Corel\Auto Update\{8A9B8148-DDD7-448F-BD6C-358386D32354}\Interval' does not exist.

Event Record #/Type58259 / Warning
Event Submitted/Written: 02/03/2008 09:13:21 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{8A9B8148-DDD7-448F-BD6C-358386D32354}', feature 'PaintShopPhotoAlbum' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'

Event Record #/Type58258 / Warning
Event Submitted/Written: 02/03/2008 09:13:21 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{8A9B8148-DDD7-448F-BD6C-358386D32354}', feature 'PaintShopPhotoAlbum', component '{25F669D8-9DC1-44D1-A06B-28E42E930387}' failed. The resource 'HKEY_CURRENT_USER\Software\Corel\Auto Update\{8A9B8148-DDD7-448F-BD6C-358386D32354}\Interval' does not exist.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type18090 / Warning
Event Submitted/Written: 02/04/2008 08:15:12 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%TERRY12327 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %TERRY12327 can't undo changes that you allow.

For more information please see the following:
%TERRY123275

Scan ID: {C4C84011-F016-49E6-8A51-D286ACB33E00}

User: TERRY123\Guest

Name: %TERRY123271

ID: %TERRY123272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %TERRY123276

Alert Type: %TERRY123278

Detection Type: 1.1.1593.02

Event Record #/Type18089 / Warning
Event Submitted/Written: 02/04/2008 08:15:12 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%TERRY12327 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %TERRY12327 can't undo changes that you allow.

For more information please see the following:
%TERRY123275

Scan ID: {991D92F6-3388-424B-8D07-B40CC570C464}

User: TERRY123\Guest

Name: %TERRY123271

ID: %TERRY123272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %TERRY123276

Alert Type: %TERRY123278

Detection Type: 1.1.1593.02

Event Record #/Type18088 / Warning
Event Submitted/Written: 02/04/2008 08:15:12 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%TERRY12327 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %TERRY12327 can't undo changes that you allow.

For more information please see the following:
%TERRY123275

Scan ID: {47252752-491D-4784-9F25-7CB3A6757FD8}

User: TERRY123\Guest

Name: %TERRY123271

ID: %TERRY123272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %TERRY123276

Alert Type: %TERRY123278

Detection Type: 1.1.1593.02

Event Record #/Type18087 / Warning
Event Submitted/Written: 02/04/2008 08:15:12 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%TERRY12327 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %TERRY12327 can't undo changes that you allow.

For more information please see the following:
%TERRY123275

Scan ID: {114C8402-B60D-4EB8-B749-87BF0907A73B}

User: TERRY123\Guest

Name: %TERRY123271

ID: %TERRY123272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %TERRY123276

Alert Type: %TERRY123278

Detection Type: 1.1.1593.02

Event Record #/Type18086 / Warning
Event Submitted/Written: 02/04/2008 08:15:12 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%TERRY12327 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %TERRY12327 can't undo changes that you allow.

For more information please see the following:
%TERRY123275

Scan ID: {661DC569-3511-48D4-B0A8-67CAA02579C1}

User: TERRY123\Guest

Name: %TERRY123271

ID: %TERRY123272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %TERRY123276

Alert Type: %TERRY123278

Detection Type: 1.1.1593.02

-- End of Deckard's System Scanner: finished at 2008-02-04 08:15:49 ------------

#11
Rorschach112

Posted 04 February 2008 - 04:13 PM

Ralphie

Retired Staff
47,710 posts

Your logs are clean ! We need to do a few things

You can delete the tools that we used

Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com.../readstep2.html

You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here

Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure

Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.

#12
snowtiger

Posted 04 February 2008 - 04:19 PM

New Member

Topic Starter
Member
9 posts

thank you so much for all your help.........

should i uninstall all those extra virus and spyware programs?

#13
Rorschach112

Posted 04 February 2008 - 05:01 PM

Ralphie

Retired Staff
47,710 posts

Yes go ahead and do that and delete their folders

Let me know if you have any more questions

#14
snowtiger

Posted 04 February 2008 - 05:30 PM

New Member

Topic Starter
Member
9 posts

thanks soooooooooooo much....wow....this computer hasnt been this fast in a long time.........thanks a ton!!!!

#15
Rorschach112

Posted 04 February 2008 - 05:32 PM

Ralphie

Retired Staff
47,710 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.