Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

win32.netsky smitfraud ? [RESOLVED]


  • This topic is locked This topic is locked

#1
brown2808

brown2808

    Member

  • Member
  • PipPip
  • 55 posts
Please help. Having serious problems here. From checking around, I believe it is win32.netsky.
I've tried a couple of spyware removal options (SpySweeper, and Stopzilla) to no avail. I even paid the subscription fee for Spysweeper and still could not remove the problem. :)

Then I remembered this forum from awhile back where I got excellant help before.

I have followed all the preparation steps described in the topic "You must read this before posting....."

For some reason the AVG antispyware did not give me a log. I followed all the steps carefully.
I had problems trying to run the Panda Activescan.

I have XP SP 2, and an up to date Norton Antivirus.

Here is my HJ this log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:40:04 PM, on 2/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wentxp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\PromptCast\PromptCast.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/go/PhotoWorks-eLife
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: ekxdvft - {1C7295ED-FCE6-4F90-9624-EE46F6D8DD59} - C:\WINDOWS\ekxdvft.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MSConfig] "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [PromptCast] "C:\Program Files\PromptCast\PromptCast.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Policies\Explorer\Run: [rffbjjnrft.exe] C:\WINDOWS\system\rffbjjnrft.exe
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=48835
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip....bGameLoader.cab
O16 - DPF: {5F3B3060-09E0-44C6-86F7-BC7B02B57BEE} - http://downloads.sho..._ap1001_sp2.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.hotwaxsur...sCamControl.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....02/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/...tall/AxCtp2.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toon...5.22/ttinst.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.co...GameManager.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer....l/installer.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: adsoowf - {4A8545AD-7B1F-42D9-B570-DE5649486FAB} - C:\WINDOWS\adsoowf.dll
O21 - SSODL: bgrlsmn - {F53B64EC-ADC2-4ED4-9D17-02CE5C547C25} - C:\WINDOWS\bgrlsmn.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WinEncrypt service (wencrservice) - WinEncrypt - C:\WINDOWS\SYSTEM32\wentxp.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 12664 bytes


and the uninstall list.

PH Math Course 3
3D Groove Playback Engine
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 9 ActiveX
Adobe Photoshop Album 2.0 Starter Edition
Adobe Photoshop Album Starter Edition
Adobe Reader 7.0.9
Adobe Shockwave Player
AVG Anti-Spyware 7.5
Bejeweled 2 Deluxe
CardRd81
ccCommon
CCScore
CD LabelMaker
CleanUp!
Compaq Connections
Compaq Organize
Coupon Printer for Windows
CR2
Cubis Gold 2
DirectX Media Runtime 5.1
DivX Player
Dora the Explorer: Animal Adventures
Easy Family Tree Deluxe®
Easy Internet Sign-up
ESSBrwr
ESSCDBK
ESScore
ESSCT
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
ESSTUTOR
ESSvpaht
ESSvpot
ewido security suite
ExamView Pro
Gem Shop (remove only)
Guild Wars
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
HLPIndex
HLPPDOCK
HLPRFO
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Deskjet Preloaded Printer Drivers
hp instant support
HP Memories Disc
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 2200 series
hp psc 2200 series
Instant Support
Intel® Extreme Graphics 2 Driver
IntelliMover Data Transfer Demo
InterActual Player
Internet Worm Protection
InterVideo WinDVD Player
Ipswitch WS_FTP Home
iTunes
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.1_02
Java Web Start
Java™ 6 Update 2
Java™ 6 Update 3
Java™ SE Runtime Environment 6 Update 1
Kodak EasyShare software
KSU
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Magic Match
MahJongg Master 3
Media Entertainment Codec v1.6
Men of Valor
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Age of Empires Gold
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Learning and Research Plus Support Files
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Picture It! Express 7.0
Microsoft Plus! Digital Media Edition
Microsoft PowerPoint Viewer 97
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Works 7.0
MS Access 97 SP2
MSN Internet Software
MSN Messenger 5.0
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML4 Parser
Norton AntiVirus 2005
Norton AntiVirus 2005 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SCSSDist MSI
Norton AntiVirus SYMLT MSI
Norton WMI Update
Norton WMI Update
Notifier
NVDVD
NVIDIA Display Driver
NVIDIA Gart Driver
OmniPass
OTtBP
OTtBPSDK
Panda ActiveScan
PCFriendly
PromptCast
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickTime
RealPlayer
RecordNow!
Remove DivX Codec
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
SFR
SHASTA
Shockwave
SimpleMU MUD Client
SKIN0001
SKINXSDK
Sonic Update Manager
SpamSubtract
SPBBC
Spy Sweeper
Spybot - Search & Destroy 1.4
SUPERAntiSpyware Free Edition
Symantec
Symantec Script Blocking Installer
SymNet
The Game Of Life
The Sims Deluxe Edition
Unlocking The Bible Codes
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
VideoLAN VLC media player 0.8.2
Viewpoint Manager (Remove Only)
Virtools 3D Life Player
Virtual Earth 3D (Beta)
VPRINTOL
WebFastConnect
Weblink
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
WinZip
WIRELESS
Yahoo! Toolbar
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You could be right :)

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O3 - Toolbar: ekxdvft - {1C7295ED-FCE6-4F90-9624-EE46F6D8DD59} - C:\WINDOWS\ekxdvft.dll
O4 - HKCU\..\Policies\Explorer\Run: [rffbjjnrft.exe] C:\WINDOWS\system\rffbjjnrft.exe
O21 - SSODL: adsoowf - {4A8545AD-7B1F-42D9-B570-DE5649486FAB} - C:\WINDOWS\adsoowf.dll
O21 - SSODL: bgrlsmn - {F53B64EC-ADC2-4ED4-9D17-02CE5C547C25} - C:\WINDOWS\bgrlsmn.dll
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.1_02
Java™ 6 Update 2
Java™ SE Runtime Environment 6 Update 1


Please note any other programs that you dont recognize in that list in your next response

NEXT

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\ekxdvft.dll
    C:\WINDOWS\system\rffbjjnrft.exe
    C:\WINDOWS\adsoowf.dll
    C:\WINDOWS\bgrlsmn.dll
    C:\WINDOWS\privacy_danger
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

FINALLY FOR NOW

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Logs required : OTMoveit and Combofix
  • 0

#3
brown2808

brown2808

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Thanks for your help. (By the way, I like your avatar)
Everything looks much better. No more "red screen of death" and no pop ups.

When running the Add/Remove I noticed these files that looked questionable but left them alone.
Java Web Start
Java™ 6 Update 3
MSXML 4.0 sp2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4 Parser

After running the OTMoveit I got an error message and no log. But when I tried to run it again,
it said that the files were not found, so evidently it worked.

File/Folder C:\WINDOWS\ekxdvft.dll not found.
File/Folder C:\WINDOWS\system\rffbjjnrft.exe not found.
File/Folder C:\WINDOWS\adsoowf.dll not found.
File/Folder C:\WINDOWS\bgrlsmn.dll not found.
File/Folder C:\WINDOWS\privacy_danger not found.

OTMoveIt2 v1.0.17 log created on 02032008_131242

And here is the HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:40:57 PM, on 2/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wentxp.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\PromptCast\PromptCast.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/go/PhotoWorks-eLife
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MSConfig] "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [PromptCast] "C:\Program Files\PromptCast\PromptCast.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=48835
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip....bGameLoader.cab
O16 - DPF: {5F3B3060-09E0-44C6-86F7-BC7B02B57BEE} - http://downloads.sho..._ap1001_sp2.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.hotwaxsur...sCamControl.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....02/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/...tall/AxCtp2.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toon...5.22/ttinst.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.co...GameManager.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer....l/installer.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: bgrlsmn - {C28C4630-1226-4DB8-8740-9DE86B25744F} - C:\WINDOWS\bgrlsmn.dll (file missing)
O21 - SSODL: adsoowf - {26FAFAF8-7BA0-45EA-9D6F-D889E327BC5F} - C:\WINDOWS\adsoowf.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WinEncrypt service (wencrservice) - WinEncrypt - C:\WINDOWS\SYSTEM32\wentxp.exe

--
End of file - 12619 bytes


And the Combofix

ComboFix 08-02.03.1 - Owner 2008-02-03 13:19:37.1 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Owner\Desktop\Error Cleaner.url
C:\Documents and Settings\Owner\Desktop\Privacy Protector.url
C:\Documents and Settings\Owner\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\Owner\Favorites\Error Cleaner.url
C:\Documents and Settings\Owner\Favorites\Privacy Protector.url
C:\Documents and Settings\Owner\Favorites\Spyware&Malware Protection.url
C:\lswmv.ini
C:\Program Files\Common Files\uninstall information
C:\Program Files\Common Files\WinSoftware
C:\Program Files\pedevice
C:\Program Files\pedevice\communication.xml
C:\Program Files\pedevice\Domain.Watchlist.txt
C:\Program Files\pedevice\pae-options.xml
C:\Program Files\pedevice\search.watchlist.txt
C:\Program Files\pedevice\statistic.xml
C:\Program Files\pedevice\tmp\tmp.html
C:\Program Files\pedevice\watchlist.xml
C:\WINDOWS\dat.txt
C:\WINDOWS\hbyrs.dat
C:\WINDOWS\jagzq.dat
C:\WINDOWS\khitq.dat
C:\WINDOWS\kmdkf.dat
C:\WINDOWS\lrvqw.dat
C:\WINDOWS\mruwx.dat
C:\WINDOWS\ngncb.dat
C:\WINDOWS\ohipy.dat
C:\WINDOWS\qfqxj.dat
C:\WINDOWS\qnqvw.dat
C:\WINDOWS\search_res.txt
C:\WINDOWS\sgsyj.dat
C:\WINDOWS\snchh.dat
C:\WINDOWS\system32\aabsf.dat
C:\WINDOWS\system32\aqiik.dat
C:\WINDOWS\system32\baolr.dat
C:\WINDOWS\system32\bsmto.dat
C:\WINDOWS\system32\cefkp.dat
C:\WINDOWS\system32\eaweg.dat
C:\WINDOWS\system32\fpssd.dat
C:\WINDOWS\system32\giyne.dat
C:\WINDOWS\system32\gwxhm.dat
C:\WINDOWS\system32\jkucg.dat
C:\WINDOWS\system32\lotbi.dat
C:\WINDOWS\system32\nloni.dat
C:\WINDOWS\system32\rgoim.dat
C:\WINDOWS\system32\ztwyg.dat
C:\WINDOWS\vknkx.dat
C:\WINDOWS\wrdjk.dat
C:\WINDOWS\ysawv.dat
C:\WINDOWS\zknpu.dat

----- BITS: Possible infected sites -----

hxxp://softworldnetwork.com
.
((((((((((((((((((((((((( Files Created from 2008-01-03 to 2008-02-03 )))))))))))))))))))))))))))))))
.

2008-02-03 13:11 . 2008-02-03 13:11 <DIR> d-------- C:\_OTMoveIt
2008-02-02 23:39 . 2008-02-02 23:39 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-02 20:59 . 2008-02-02 21:13 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-02 20:59 . 2008-02-02 21:13 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-02 20:59 . 2008-02-02 21:13 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-02 20:58 . 2008-02-02 21:00 <DIR> d-------- C:\WINDOWS\LastGood
2008-02-02 16:53 . 2008-02-02 22:45 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-02 16:53 . 2008-02-02 16:53 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-02-02 16:53 . 2008-02-02 16:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-02 16:52 . 2008-02-02 16:52 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-02 16:49 . 2008-02-02 17:51 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-02-02 14:32 . 2008-02-02 14:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-02-02 14:31 . 2008-02-02 14:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ipswitch
2008-02-02 14:30 . 2003-07-24 04:56 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-02-02 14:30 . 2003-07-26 03:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-02-02 14:30 . 2003-07-24 04:35 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-02-02 14:30 . 2003-07-24 05:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-02-02 14:30 . 2003-07-26 03:57 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\interMute
2008-02-02 14:29 . 2008-02-02 14:29 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-02-02 14:19 . 2008-02-02 14:19 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2008-02-02 14:18 . 2008-02-02 14:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-02 14:18 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-01 21:51 . 2008-02-02 16:30 31,744 --a------ C:\WINDOWS\system32\drivers\kgpfr.cfg
2008-02-01 21:42 . 2008-02-02 13:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-02-01 21:40 . 2008-02-01 21:40 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-02-01 21:40 . 2008-02-02 16:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-02-01 15:58 . 2008-02-01 15:58 <DIR> d-------- C:\Program Files\Webroot
2008-02-01 15:58 . 2008-02-01 15:58 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Webroot
2008-02-01 15:58 . 2008-02-01 15:58 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-02-01 15:58 . 2008-02-01 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-02-01 15:58 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-02-01 15:58 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-02-01 15:58 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-02-01 15:58 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-02-01 15:58 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-02-01 15:55 . 2008-02-01 15:55 164 --a------ C:\install.dat
2008-02-01 09:51 . 2008-01-31 13:56 172,032 --a------ C:\WINDOWS\ffvrdgt.exe
2008-01-14 19:12 . 2008-01-14 19:28 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\U3
2008-01-06 14:33 . 2008-01-06 14:33 <DIR> d-------- C:\Program Files\Coupons

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-03 18:03 --------- d-----w C:\Program Files\Java
2008-02-03 18:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-03 03:44 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-03 03:42 --------- d-----w C:\Program Files\QuickTime
2008-02-03 03:40 --------- d-----w C:\Program Files\PromptCast
2008-02-03 03:38 --------- d-----w C:\Program Files\Norton AntiVirus
2008-02-03 03:14 --------- d-----w C:\Program Files\iTunes
2008-02-03 03:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-02 18:58 --------- d-----w C:\Program Files\Hasbro Interactive
2008-02-02 18:51 --------- d-----w C:\Program Files\Spawn
2008-02-02 18:51 --------- d-----w C:\Program Files\Diablo II
2008-02-02 18:51 --------- d-----w C:\Program Files\Diablo
2008-02-02 18:49 --------- d-----w C:\Program Files\Disney Interactive
2008-02-02 18:46 --------- d-----w C:\Program Files\Conquer 2.0
2008-02-02 18:43 --------- d-----w C:\Program Files\ValuSoft
2008-02-02 18:42 --------- d-----w C:\Program Files\Brunswick Bowling
2008-02-01 19:08 --------- d-----w C:\Program Files\Guild Wars
2008-01-17 22:54 --------- d-----w C:\Program Files\Common Files\Knowledge Adventure
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\lsasrv.dll
2006-01-29 16:33 645 ---ha-w C:\Documents and Settings\Owner\hpothb07.dat
2005-05-07 22:32 164 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"PromptCast"="C:\Program Files\PromptCast\PromptCast.exe" [2004-05-04 16:43 221184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 15:51 118784]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 23:42 212992]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2003-06-17 20:13 118784]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-07-31 22:28 81920]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 15:55 155648]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-05-19 07:39 100056]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-07-14 21:16 58992]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 00:01 110592]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 02:56 158208]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-18 12:33 180269]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 15:45 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-01 10:48 282624]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 02:56 33280 C:\WINDOWS\system32\rundll32.exe]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 09:11:14 27136]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe [2003-07-26 03:57:44 552960]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Compaq Connections.lnk - C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe [2003-07-24 05:03:28 16384]
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-05 23:37:10 323646]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 00:06:58 28672]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{00893370-D7A2-456A-AE04-EB9ABF822FE4}"= C:\DOCUME~1\Owner\LOCALS~1\Temp\aow.dll [ ]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"bgrlsmn"= {C28C4630-1226-4DB8-8740-9DE86B25744F} - C:\WINDOWS\bgrlsmn.dll [ ]
"adsoowf"= {26FAFAF8-7BA0-45EA-9D6F-D889E327BC5F} - C:\WINDOWS\adsoowf.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 2003-02-21 05:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2002-09-16 20:02 2181704 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfSideKick 3]
C:\Program Files\SurfSideKick 3\Ssk.exe

R1 ewido security suite driver;ewido security suite driver;C:\Program Files\ewido\security suite\guard.sys [2004-11-22 09:15]
R2 IOPort;IOPort;C:\WINDOWS\System32\IOPORT.SYS [1998-11-27 21:57]
R2 WENCRNT4;WENCRNT4;C:\WINDOWS\system32\Drivers\WENCRNT4.SYS [2006-05-04 22:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\ar32e301\command - F:\goodies\ar32e301.exe
\Shell\AutoRun\command - F:\AOESETUP.EXE /autorun
\Shell\directx\command - F:\DirectX\dxsetup.exe
\Shell\dplay\command - F:\DirectX\dplay60a.exe
\Shell\dxdiag\command - F:\DirectX\dxdiag.exe
\Shell\dxinfo\command - F:\DirectX\dxinfo.exe
\Shell\dxtest\command - F:\goodies\DirectX\dx5test.exe
\Shell\dxtool\command - F:\goodies\DirectX\dxtool.exe
\Shell\msinfo\command - F:\goodies\msinfo\msinfo32.exe
\Shell\sampler\command - F:\Sampler\Sampler.exe
\Shell\setup\command - F:\AOESETUP.EXE /autorun
\Shell\zone\command - F:\sampler\demos\zone\zoneA501.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

*Newly Created Service* - RKPAVPROC
.
Contents of the 'Scheduled Tasks' folder
"2004-01-18 03:29:59 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1064709798.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2008-02-02 01:00:15 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Owner.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/task:
"2008-02-01 20:58:27 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe&/ScheduleSweep=wrSpySweeperTrialSweep
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
- A:\
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-03 13:27:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Softex\OmniPass\opxpgina.dll
.
Completion time: 2008-02-03 13:32:32
ComboFix-quarantined-files.txt 2008-02-03 18:32:26
.
2008-01-25 08:01:20 --- E O F ---
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

(By the way, I like your avatar)

Specially made for me on the Avast forum :)

Looking better - just the waifs and strays to remove :)

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\ffvrdgt.exe

Folder::
C:\Program Files\SurfSideKick 3

Registry::
[-hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks\{00893370-D7A2-456A-AE04-EB9ABF822FE4}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"bgrlsmn"=- 
"adsoowf"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfSideKick 3]

3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

NEXT

Download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind35u folder and double-click on WinPFind35U.exe to start the program.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and attach the log. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

Logs required : Combofix and Winpfind
  • 0

#5
brown2808

brown2808

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Hi again. I keep getting a new IE icon on my desktop. It is titled eweeeeeeeweeddddddddddddddd.
Other than that everything seems normal

Hijack This Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:12:29 PM, on 2/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wentxp.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\PromptCast\PromptCast.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/go/PhotoWorks-eLife
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MSConfig] "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [PromptCast] "C:\Program Files\PromptCast\PromptCast.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=48835
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip....bGameLoader.cab
O16 - DPF: {5F3B3060-09E0-44C6-86F7-BC7B02B57BEE} - http://downloads.sho..._ap1001_sp2.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.hotwaxsur...sCamControl.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....02/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/...tall/AxCtp2.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toon...5.22/ttinst.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.co...GameManager.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer....l/installer.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WinEncrypt service (wencrservice) - WinEncrypt - C:\WINDOWS\SYSTEM32\wentxp.exe

--
End of file - 12335 bytes

Post too large posting rest in new posts.

Edited by brown2808, 03 February 2008 - 06:24 PM.

  • 0

#6
brown2808

brown2808

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
ComboFix 08-02.03.1 - Owner 2008-02-03 18:46:35.2 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\ffvrdgt.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\ffvrdgt.exe

.
((((((((((((((((((((((((( Files Created from 2008-01-03 to 2008-02-03 )))))))))))))))))))))))))))))))
.

2008-02-03 13:11 . 2008-02-03 13:11 <DIR> d-------- C:\_OTMoveIt
2008-02-02 23:39 . 2008-02-02 23:39 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-02 20:59 . 2008-02-02 21:13 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-02 20:59 . 2008-02-02 21:13 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-02 20:59 . 2008-02-02 21:13 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-02 20:58 . 2008-02-02 21:00 <DIR> d-------- C:\WINDOWS\LastGood
2008-02-02 16:53 . 2008-02-02 22:45 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-02 16:53 . 2008-02-02 16:53 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-02-02 16:53 . 2008-02-02 16:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-02 16:52 . 2008-02-02 16:52 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-02 16:49 . 2008-02-02 17:51 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-02-02 14:32 . 2008-02-02 14:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-02-02 14:31 . 2008-02-02 14:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ipswitch
2008-02-02 14:30 . 2003-07-24 04:56 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-02-02 14:30 . 2003-07-26 03:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-02-02 14:30 . 2003-07-24 04:35 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-02-02 14:30 . 2003-07-24 05:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-02-02 14:30 . 2003-07-26 03:57 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\interMute
2008-02-02 14:29 . 2008-02-02 14:29 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-02-02 14:19 . 2008-02-02 14:19 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2008-02-02 14:18 . 2008-02-02 14:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-02 14:18 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-01 21:51 . 2008-02-02 16:30 31,744 --a------ C:\WINDOWS\system32\drivers\kgpfr.cfg
2008-02-01 21:42 . 2008-02-02 13:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-02-01 21:40 . 2008-02-01 21:40 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-02-01 21:40 . 2008-02-02 16:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-02-01 15:58 . 2008-02-01 15:58 <DIR> d-------- C:\Program Files\Webroot
2008-02-01 15:58 . 2008-02-01 15:58 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Webroot
2008-02-01 15:58 . 2008-02-01 15:58 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-02-01 15:58 . 2008-02-01 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-02-01 15:58 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-02-01 15:58 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-02-01 15:58 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-02-01 15:58 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-02-01 15:58 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-02-01 15:55 . 2008-02-01 15:55 164 --a------ C:\install.dat
2008-01-14 19:12 . 2008-01-14 19:28 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\U3
2008-01-06 14:33 . 2008-01-06 14:33 <DIR> d-------- C:\Program Files\Coupons

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-03 18:03 --------- d-----w C:\Program Files\Java
2008-02-03 18:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-03 03:44 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-03 03:42 --------- d-----w C:\Program Files\QuickTime
2008-02-03 03:40 --------- d-----w C:\Program Files\PromptCast
2008-02-03 03:38 --------- d-----w C:\Program Files\Norton AntiVirus
2008-02-03 03:14 --------- d-----w C:\Program Files\iTunes
2008-02-03 03:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-02 18:58 --------- d-----w C:\Program Files\Hasbro Interactive
2008-02-02 18:51 --------- d-----w C:\Program Files\Spawn
2008-02-02 18:51 --------- d-----w C:\Program Files\Diablo II
2008-02-02 18:51 --------- d-----w C:\Program Files\Diablo
2008-02-02 18:49 --------- d-----w C:\Program Files\Disney Interactive
2008-02-02 18:46 --------- d-----w C:\Program Files\Conquer 2.0
2008-02-02 18:43 --------- d-----w C:\Program Files\ValuSoft
2008-02-02 18:42 --------- d-----w C:\Program Files\Brunswick Bowling
2008-02-01 19:08 --------- d-----w C:\Program Files\Guild Wars
2008-01-17 22:54 --------- d-----w C:\Program Files\Common Files\Knowledge Adventure
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\lsasrv.dll
2006-01-29 16:33 645 ---ha-w C:\Documents and Settings\Owner\hpothb07.dat
2005-05-07 22:32 164 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PromptCast"="C:\Program Files\PromptCast\PromptCast.exe" [2004-05-04 16:43 221184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 15:51 118784]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 23:42 212992]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2003-06-17 20:13 118784]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-07-31 22:28 81920]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 15:55 155648]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-05-19 07:39 100056]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-07-14 21:16 58992]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 00:01 110592]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 02:56 158208]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-18 12:33 180269]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 15:45 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-01 10:48 282624]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 02:56 33280 C:\WINDOWS\system32\rundll32.exe]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 09:11:14 27136]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe [2003-07-26 03:57:44 552960]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Compaq Connections.lnk - C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe [2003-07-24 05:03:28 16384]
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-04-05 23:37:10 323646]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 00:06:58 28672]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{00893370-D7A2-456A-AE04-EB9ABF822FE4}"= C:\DOCUME~1\Owner\LOCALS~1\Temp\aow.dll [ ]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"bgrlsmn"= {C28C4630-1226-4DB8-8740-9DE86B25744F} - C:\WINDOWS\bgrlsmn.dll [ ]
"adsoowf"= {26FAFAF8-7BA0-45EA-9D6F-D889E327BC5F} - C:\WINDOWS\adsoowf.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 2003-02-21 05:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2002-09-16 20:02 2181704 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfSideKick 3]
C:\Program Files\SurfSideKick 3\Ssk.exe

R1 ewido security suite driver;ewido security suite driver;C:\Program Files\ewido\security suite\guard.sys [2004-11-22 09:15]
R2 IOPort;IOPort;C:\WINDOWS\System32\IOPORT.SYS [1998-11-27 21:57]
R2 WENCRNT4;WENCRNT4;C:\WINDOWS\system32\Drivers\WENCRNT4.SYS [2006-05-04 22:12]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\ar32e301\command - F:\goodies\ar32e301.exe
\Shell\AutoRun\command - F:\AOESETUP.EXE /autorun
\Shell\directx\command - F:\DirectX\dxsetup.exe
\Shell\dplay\command - F:\DirectX\dplay60a.exe
\Shell\dxdiag\command - F:\DirectX\dxdiag.exe
\Shell\dxinfo\command - F:\DirectX\dxinfo.exe
\Shell\dxtest\command - F:\goodies\DirectX\dx5test.exe
\Shell\dxtool\command - F:\goodies\DirectX\dxtool.exe
\Shell\msinfo\command - F:\goodies\msinfo\msinfo32.exe
\Shell\sampler\command - F:\Sampler\Sampler.exe
\Shell\setup\command - F:\AOESETUP.EXE /autorun
\Shell\zone\command - F:\sampler\demos\zone\zoneA501.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

*Newly Created Service* - RKPAVPROC
.
Contents of the 'Scheduled Tasks' folder
"2004-01-18 03:29:59 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1064709798.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
"2008-02-02 01:00:15 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Owner.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/task:
"2008-02-01 20:58:27 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe&/ScheduleSweep=wrSpySweeperTrialSweep
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
- A:\
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-03 18:54:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Softex\OmniPass\opxpgina.dll
.
Completion time: 2008-02-03 19:00:06
ComboFix-quarantined-files.txt 2008-02-04 00:00:00
ComboFix2.txt 2008-02-03 18:32:33
.
2008-01-25 08:01:20 --- E O F ---
  • 0

#7
brown2808

brown2808

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
[code=auto:0]
WinPFind35 logfile created on: 2/3/2008 7:10:42 PM
WinPFind35U Version Beta42 Folder = C:\Documents and Settings\Owner\Desktop\WinPFind35u
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)

503.36 Mb Total Physical Memory | 88.27 Mb Available Physical Memory | 17.54% Memory free
1.20 Gb Paging File | 0.56 Gb Available in Paging File | 46.87% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.89 Gb Total Space | 40.83 Gb Free Space | 58.41% Space Free | Partition Type: NTFS
Drive D: | 6.42 Gb Total Space | 2.38 Gb Free Space | 37.13% Space Free | Partition Type: FAT32
Drive E: | 490.69 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded

Computer Name: HOMECOMPUTER
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 103.0.5.2 | Size = 181872 bytes | Modified Date = 7/14/2005 9:16:44 PM | Attr = ]
sndsrvc.exe -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.5.1.6 | Size = 206552 bytes | Modified Date = 4/5/2005 10:17:22 AM | Attr = ]
spbbcsvc.exe -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 1,0,1,47 | Size = 173160 bytes | Modified Date = 7/21/2004 2:24:04 PM | Attr = ]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 103.0.5.2 | Size = 198256 bytes | Modified Date = 7/14/2005 9:16:30 PM | Attr = ]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 100032 bytes | Modified Date = 2/23/2006 11:41:02 AM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr = ]
ewidoctrl.exe -> %ProgramFiles%\ewido\security suite\ewidoctrl.exe -> ewido networks [Ver = 3, 0, 0, 1 | Size = 16448 bytes | Modified Date = 11/11/2004 6:53:03 PM | Attr = ]
navapsvc.exe -> %ProgramFiles%\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 11.0.16.2 | Size = 177264 bytes | Modified Date = 10/19/2005 12:54:14 PM | Attr = ]
npfmntor.exe -> %ProgramFiles%\Norton AntiVirus\IWP\NPFMNTOR.EXE -> Symantec Corporation [Ver = 11.0.16.2 | Size = 46704 bytes | Modified Date = 10/19/2005 12:54:52 PM | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.5672 | Size = 110659 bytes | Modified Date = 3/24/2004 9:04:00 AM | Attr = ]
omniserv.exe -> %ProgramFiles%\Softex\OmniPass\omniServ.exe -> [Ver = | Size = 68704 bytes | Modified Date = 2/21/2003 6:07:06 AM | Attr = ]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1, 8, 54, 534 | Size = 822424 bytes | Modified Date = 5/19/2005 8:21:04 AM | Attr = ]
opxpapp.exe -> %ProgramFiles%\Softex\OmniPass\OPXPApp.exe -> [Ver = | Size = 53248 bytes | Modified Date = 2/21/2003 5:50:10 AM | Attr = ]
spysweeper.exe -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3,5,6,114 | Size = 3572592 bytes | Modified Date = 1/4/2008 8:56:52 PM | Attr = ]
wentxp.exe -> %System32%\wentxp.exe -> WinEncrypt [Ver = 1.0.0.0 | Size = 75776 bytes | Modified Date = 12/12/2006 5:35:00 AM | Attr = ]
ps2.exe -> %System32%\ps2.EXE -> Hewlett-Packard Company [Ver = 1.0.2.1 | Size = 81920 bytes | Modified Date = 7/31/2002 10:28:38 PM | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 103.0.5.2 | Size = 58992 bytes | Modified Date = 7/14/2005 9:16:00 PM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 5/18/2006 12:33:48 PM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 278528 bytes | Modified Date = 2/23/2006 3:45:20 PM | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1 | Size = 282624 bytes | Modified Date = 6/1/2006 10:48:04 AM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 323584 bytes | Modified Date = 2/23/2006 3:45:06 PM | Attr = ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 4:25:42 AM | Attr = ]
spysweeperui.exe -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeperUI.exe -> Webroot Software, Inc. [Ver = 5,5,7,124 | Size = 5367664 bytes | Modified Date = 1/4/2008 8:56:58 PM | Attr = ]
promptcast.exe -> %ProgramFiles%\PromptCast\PromptCast.exe -> NOPWORLD [Ver = 1.03.0001 | Size = 221184 bytes | Modified Date = 5/4/2004 4:43:44 PM | Attr = ]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ]
hpobnz08.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe -> Hewlett-Packard Co. [Ver = 4.2.0.020 | Size = 323646 bytes | Modified Date = 4/5/2003 11:37:10 PM | Attr = ]
hpotdd01.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe -> Hewlett-Packard [Ver = 1, 0, 0, 1 | Size = 28672 bytes | Modified Date = 4/6/2003 12:06:58 AM | Attr = ]
hpoevm08.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe -> Hewlett-Packard Co. [Ver = 4.2.0.020 | Size = 286720 bytes | Modified Date = 4/5/2003 11:45:10 PM | Attr = ]
hposts08.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hposts08.exe -> Hewlett-Packard Co. [Ver = 4.2.0.020 | Size = 311296 bytes | Modified Date = 4/5/2003 11:55:04 PM | Attr = ]
acrord32.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AcroRd32.exe -> Adobe Systems Incorporated [Ver = 7.0.8.2006051600 | Size = 71288 bytes | Modified Date = 5/16/2006 11:15:10 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:35 AM | Attr = ]
hpzipm12.exe -> %System32%\HPZipm12.exe -> HP [Ver = 6, 0, 0, 0 | Size = 65795 bytes | Modified Date = 3/9/2003 3:31:02 PM | Attr = ]
ssu.exe -> %ProgramFiles%\Webroot\Spy Sweeper\ssu.exe -> [Ver = | Size = 214384 bytes | Modified Date = 1/4/2008 8:34:36 PM | Attr = ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 307712 bytes | Modified Date = 1/31/2008 12:38:16 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 100032 bytes | Modified Date = 2/23/2006 11:41:02 AM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 103.0.5.2 | Size = 198256 bytes | Modified Date = 7/14/2005 9:16:30 PM | Attr = ]
(ccPwdSvc) Symantec Password Validation [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\CCPWDSVC.EXE -> Symantec Corporation [Ver = 103.0.5.2 | Size = 79472 bytes | Modified Date = 7/14/2005 9:16:40 PM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 103.0.5.2 | Size = 181872 bytes | Modified Date = 7/14/2005 9:16:44 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr = ]
(ewido security suite control) ewido security suite control [Win32_Own | Auto | Running] -> %ProgramFiles%\ewido\security suite\ewidoctrl.exe -> ewido networks [Ver = 3, 0, 0, 1 | Size = 16448 bytes | Modified Date = 11/11/2004 6:53:03 PM | Attr = ]
(ewido security suite guard) ewido security suite guard [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\ewido\security suite\ewidoguard.exe -> ewido networks [Ver = 3, 0, 0, 1 | Size = 163904 bytes | Modified Date = 7/19/2005 1:25:46 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/3/2005 11:41:10 PM | Attr = ]
(iPodService) iPodService [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 323584 bytes | Modified Date = 2/23/2006 3:45:06 PM | Attr = ]
(KodakCCS) Kodak Camera Connection Software [Win32_Own | On_Demand | Stopped] -> %System32%\drivers\KodakCCS.exe -> Eastman Kodak Company [Ver = 1.1.5100.4 | Size = 411920 bytes | Modified Date = 3/30/2005 4:46:56 PM | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_0.EXE -> Symantec Corporation [Ver = 3.0.0.160 | Size = 2045632 bytes | Modified Date = 2/23/2006 11:41:02 AM | Attr = ]
(navapsvc) Norton AntiVirus Auto-Protect Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 11.0.16.2 | Size = 177264 bytes | Modified Date = 10/19/2005 12:54:14 PM | Attr = ]
(NPFMntor) Norton AntiVirus Firewall Monitor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton AntiVirus\IWP\NPFMNTOR.EXE -> Symantec Corporation [Ver = 11.0.16.2 | Size = 46704 bytes | Modified Date = 10/19/2005 12:54:52 PM | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.5672 | Size = 110659 bytes | Modified Date = 3/24/2004 9:04:00 AM | Attr = ]
(omniserv) Softex OmniPass Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Softex\OmniPass\omniServ.exe -> [Ver = | Size = 68704 bytes | Modified Date = 2/21/2003 6:07:06 AM | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Running] -> %System32%\HPZipm12.exe -> HP [Ver = 6, 0, 0, 0 | Size = 65795 bytes | Modified Date = 3/9/2003 3:31:02 PM | Attr = ]
(SAVScan) SAVScan [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton AntiVirus\SAVSCAN.EXE -> Symantec Corporation [Ver = 9.4.2.1 | Size = 198368 bytes | Modified Date = 3/7/2005 2:59:36 PM | Attr = ]
(SBService) ScriptBlocking Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\Script Blocking\SBSERV.EXE -> Symantec Corporation [Ver = 11.0.16.2 | Size = 67184 bytes | Modified Date = 10/19/2005 12:55:00 PM | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.5.1.6 | Size = 206552 bytes | Modified Date = 4/5/2005 10:17:22 AM | Attr = ]
(SPBBCSvc) Symantec SPBBCSvc [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 1,0,1,47 | Size = 173160 bytes | Modified Date = 7/21/2004 2:24:04 PM | Attr = ]
(Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1, 8, 54, 534 | Size = 822424 bytes | Modified Date = 5/19/2005 8:21:04 AM | Attr = ]
(SymWSC) SymWMI Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\Security Center\SymWSC.exe -> Symantec Corporation [Ver = 2005.1.2.20 | Size = 316544 bytes | Modified Date = 11/2/2004 4:59:50 PM | Attr = ]
(WebrootSpySweeperService) Webroot Spy Sweeper Engine [Win32_Own | Auto | Running] -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeper.exe -> Webroot Software, Inc. [Ver = 3,5,6,114 | Size = 3572592 bytes | Modified Date = 1/4/2008 8:56:52 PM | Attr = ]
(wencrservice) WinEncrypt service [Win32_Own | Auto | Running] -> %System32%\wentxp.exe -> WinEncrypt [Ver = 1.0.0.0 | Size = 75776 bytes | Modified Date = 12/12/2006 5:35:00 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 4:25:42 AM | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 103.0.5.2 | Size = 58992 bytes | Modified Date = 7/14/2005 9:16:00 PM | Attr = ]
HotKeysCmds -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.3889 | Size = 118784 bytes | Modified Date = 8/20/2004 3:51:14 PM | Attr = ]
IgfxTray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.3889 | Size = 155648 bytes | Modified Date = 8/20/2004 3:55:14 PM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 6.0.4.2 | Size = 278528 bytes | Modified Date = 2/23/2006 3:45:20 PM | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.10.5672 | Size = 3309568 bytes | Modified Date = 3/24/2004 9:04:00 AM | Attr = ]
PS2 -> %System32%\ps2.EXE -> Hewlett-Packard Company [Ver = 1.0.2.1 | Size = 81920 bytes | Modified Date = 7/31/2002 10:28:38 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1 | Size = 282624 bytes | Modified Date = 6/1/2006 10:48:04 AM | Attr = ]
Recguard -> %SystemRoot%\SMINST\Recguard.exe -> [Ver = 1, 0, 0, 1 | Size = 212992 bytes | Modified Date = 9/13/2002 11:42:26 PM | Attr = ]
Reminder -> %SystemRoot%\CREATOR\Remind_XP.exe -> SoftThinks [Ver = 1, 0, 2, 1 | Size = 118784 bytes | Modified Date = 6/17/2003 8:13:00 PM | Attr = ]
SpySweeper -> %ProgramFiles%\Webroot\Spy Sweeper\SpySweeperUI.exe -> Webroot Software, Inc. [Ver = 5,5,7,124 | Size = 5367664 bytes | Modified Date = 1/4/2008 8:56:58 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:35 AM | Attr = ]
Symantec NetDriver Monitor -> %ProgramFiles%\SymNetDrv\SNDMon.exe -> Symantec Corporation [Ver = 5.5.1.6 | Size = 100056 bytes | Modified Date = 5/19/2005 7:39:21 AM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 5/18/2006 12:33:48 PM | Attr = ]
UpdateManager -> %CommonProgramFiles%\Sonic\Update Manager\sgtray.exe -> Sonic Solutions [Ver = 1.01.32a | Size = 110592 bytes | Modified Date = 8/19/2003 12:01:00 AM | Attr = ]
< RunOnceEx [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx ->
-> -> File not found
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
PromptCast -> %ProgramFiles%\PromptCast\PromptCast.exe -> NOPWORLD [Ver = 1.03.0001 | Size = 221184 bytes | Modified Date = 5/4/2004 4:43:44 PM | Attr = ]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ]
%AllUsersStartup%\Compaq Connections.lnk -> %ProgramFiles%\Compaq Connections\1940576\Program\BackWeb-1940576.exe -> [Ver = | Size = 16384 bytes | Modified Date = 7/24/2003 5:03:27 AM | Attr = ]
%AllUsersStartup%\hp psc 2000 Series.lnk -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe -> Hewlett-Packard Co. [Ver = 4.2.0.020 | Size = 323646 bytes | Modified Date = 4/5/2003 11:37:10 PM | Attr = ]
%AllUsersStartup%\hpoddt01.exe.lnk -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe -> Hewlett-Packard [Ver = 1, 0, 0, 1 | Size = 28672 bytes | Modified Date = 4/6/2003 12:06:58 AM | Attr = ]
< Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup ->
%UserStartup%\spamsubtract.lnk -> %ProgramFiles%\interMute\SpamSubtract\SpamSubtract.exe -> interMute, Inc. [Ver = 1,0,0,66 | Size = 552960 bytes | Modified Date = 3/21/2003 7:52:06 PM | Attr = ]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{00893370-D7A2-456A-AE04-EB9ABF822FE4} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\DOCUME~1\Owner\LOCALS~1\Temp\aow.dll [] -> File not found
{54D9498B-CF93-414F-8984-8CE7FDE0D391} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ewido\security suite\shellhook.dll [ewido shell guard] -> [Ver = | Size = 39488 bytes | Modified Date = 9/30/2004 7:21:56 AM | Attr = ]
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 7:29:58 AM | Attr = ]
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 12:55:48 PM | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 282624 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ]
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.3889 | Size = 344064 bytes | Modified Date = 8/20/2004 3:50:54 PM | Attr = ]
OPXPGina -> %ProgramFiles%\Softex\OmniPass\OPXPGina.dll -> [Ver = | Size = 40960 bytes | Modified Date = 2/21/2003 5:50:12 AM | Attr = ]
WRNotifier -> %System32%\WRLogonNtf.dll -> Webroot Software, Inc. [Ver = 3,5,6,114 | Size = 219504 bytes | Modified Date = 1/4/2008 8:34:36 PM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< HOSTS File > (21 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft....k/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft....k/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft....k/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft....k/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com/ ->
HKEY_CURRENT_USER\: SearchURL\\ -> [Reg Error: Value provider does not exist or could not be read.] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
HKEY_CURRENT_USER\: ProxyOverride -> localhost ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1034 domain(s) found. ->
77 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 18 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 4:16:42 AM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Reg Error: Value does not exist or could not be read.] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 12:04:00 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr = ]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
SITEguard [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 11.0.16.2 | Size = 218736 bytes | Modified Date = 10/19/2005 12:54:30 PM | Attr = ]
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 11.0.16.2 | Size = 218736 bytes | Modified Date = 10/19/2005 12:54:30 PM | Attr = ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\companion\Installs\cpn\ycomp5_5_7_0.dll [Yahoo! Toolbar] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:34 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr = ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.micro...d...=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{7C68BAFE-9B8A-40FE-8C33-AA2C49F27433} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) ->
{894817F7-0D44-4CC5-B2D9-E3A3E65D18A8} -> (1394 Net Adapter) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[ScriptInocUI Class] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[ScriptInocUI Class] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02BCC737-B171-4746-94C9-0D8A0B2C0089}[HKEY_LOCAL_MACHINE] -> http://office.micros...tes/ieawsdc.cab[Microsoft Office Template and Media Control] ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://www.apple.com...ex/qtplugin.cab[QuickTime Object] ->
{04E214E5-63AF-4236-83C6-A7ADCBF9BD02}[HKEY_LOCAL_MACHINE] -> http://housecall-bet...all/xscan60.cab[HouseCall Control] ->
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.ma...director/sw.cab[Shockwave ActiveX Control] ->
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft....k/?linkid=48835[Windows Genuine Advantage Validation Tool] ->
{233C1507-6A77-46A4-9443-F871F945D258}[HKEY_LOCAL_MACHINE] -> http://fpdownload.ma...director/sw.cab[Shockwave ActiveX Control] ->
{288C5F13-7E52-4ADA-A32E-F5BF9D125F99}[HKEY_LOCAL_MACHINE] -> http://www.miniclip....pGameLoader.dll[CR64Loader Object] ->
{3FE16C08-D6A7-4133-84FC-D5BFB4F7D886}[HKEY_LOCAL_MACHINE] -> http://www.miniclip....bGameLoader.cab[WebGameLoader Class] ->
{5F3B3060-09E0-44C6-86F7-BC7B02B57BEE}[HKEY_LOCAL_MACHINE] -> http://downloads.sho..._ap1001_sp2.cab[Reg Error: Key does not exist or could not be opened.] ->
{74D05D43-3236-11D4-BDCD-00C04F9A3B61}[HKEY_LOCAL_MACHINE] -> http://a840.g.akamai...all/xscan53.cab[HouseCall Control] ->
{77E32299-629F-43C6-AB77-6A1E6D7663F6}[HKEY_LOCAL_MACHINE] -> http://www.nick.com/.../GrooveAX27.cab[Groove Control] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{917623D1-D8E5-11D2-BE8B-00104B06BDE3}[HKEY_LOCAL_MACHINE] -> http://www.hotwaxsur...sCamControl.cab[CamImage Class] ->
{9522B3FB-7A2B-4646-8AF6-36E7F593073C}[HKEY_LOCAL_MACHINE] -> http://a19.g.akamai....02/cpbrkpie.cab[cpbrkpie Control] ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoft...free/asinst.cab[ActiveScan Installer Class] ->
{9FC5238F-12C4-454F-B1B5-74599A21DE47}[HKEY_LOCAL_MACHINE] -> http://community.web...otoUploader.CAB[Webshots Photo Uploader] ->
{BB383206-6DA1-4E80-B62A-3DF950FCC697}[HKEY_LOCAL_MACHINE] -> http://ak.imgag.com/...tall/AxCtp2.cab[Create & Print ActiveX Plug-in] ->
{C02226EB-A5D7-4B1F-BD7E-635E46C2288D}[HKEY_LOCAL_MACHINE] -> http://download.toon...5.22/ttinst.cab[Toontown Installer ActiveX Control] ->
{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.6.0_03] ->
{CC32D4D8-2A0B-4CEB-B105-C9B968379105}[HKEY_LOCAL_MACHINE] -> https://disney.go.co...GameManager.cab[CGameManagerCtrl Object] ->
{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}[HKEY_LOCAL_MACHINE] -> https://www-secure.s...rl/SymAData.cab[ActiveDataInfo Class] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.ma...ash/swflash.cab[Shockwave Flash Object] ->
{D4323BF2-006A-4440-A2F5-27E3E7AB25F8}[HKEY_LOCAL_MACHINE] -> http://3dlifeplayer....l/installer.exe[Virtools WebPlayer Class] ->
{DE22A7AB-A739-4C58-AD52-21F9CD6306B7}[HKEY_LOCAL_MACHINE] -> http://download.micr...04/clearadj.cab[CTAdjust Class] ->
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}[HKEY_LOCAL_MACHINE] -> http://www.popcap.co...aploader_v6.cab[PopCapLoader Object] ->
DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] ->
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] ->
RaptisoftGameLoader[HKEY_LOCAL_MACHINE] -> http://www.miniclip....tgameloader.cab[Reg Error: Key does not exist or could not be opened.] ->

Edited by brown2808, 03 February 2008 - 06:31 PM.

  • 0

#8
brown2808

brown2808

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
[Files/Folders - Created Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 527880192 bytes | Created Date = 2/2/2008 4:25:29 PM | Attr = HS]
install.dat -> %SystemDrive%\install.dat -> [Ver = | Size = 164 bytes | Created Date = 2/1/2008 3:55:24 PM | Attr = ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 2/3/2008 1:18:13 PM | Attr = ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 2/3/2008 1:11:52 PM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 2/2/2008 2:18:21 PM | Attr = ]
kgpfr.cfg -> %System32%\drivers\kgpfr.cfg -> [Ver = | Size = 31744 bytes | Created Date = 2/1/2008 9:51:17 PM | Attr = ]
SSFS0BB9.sys -> %System32%\drivers\SSFS0BB9.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.114 | Size = 20336 bytes | Created Date = 2/1/2008 3:58:25 PM | Attr = ]
sshrmd.sys -> %System32%\drivers\sshrmd.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.114 | Size = 21872 bytes | Created Date = 2/1/2008 3:58:25 PM | Attr = ]
ssidrv.sys -> %System32%\drivers\ssidrv.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.114 | Size = 163696 bytes | Created Date = 2/1/2008 3:58:25 PM | Attr = ]
sskbfd.sys -> %System32%\drivers\sskbfd.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.114 | Size = 23920 bytes | Created Date = 2/1/2008 3:58:25 PM | Attr = ]
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 2/2/2008 8:59:54 PM | Attr = ]
fdsv.exe -> %System32%\fdsv.exe -> Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Created Date = 2/3/2008 1:17:56 PM | Attr = ]
grep.exe -> %System32%\grep.exe -> [Ver = | Size = 80412 bytes | Created Date = 2/3/2008 1:17:56 PM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 2/2/2008 8:59:03 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 2/2/2008 8:59:01 PM | Attr = ]
sed.exe -> %System32%\sed.exe -> [Ver = | Size = 98816 bytes | Created Date = 2/3/2008 1:17:56 PM | Attr = ]
ssiefr.EXE -> %System32%\ssiefr.EXE -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.114 | Size = 16240 bytes | Created Date = 2/1/2008 3:58:14 PM | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 2/3/2008 1:17:56 PM | Attr = ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 2/3/2008 1:17:55 PM | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 2/3/2008 1:17:55 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 2/2/2008 8:59:03 PM | Attr = ]
VFind.exe -> %System32%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 2/3/2008 1:17:56 PM | Attr = ]
WRLogonNtf.dll -> %System32%\WRLogonNtf.dll -> Webroot Software, Inc. [Ver = 3,5,6,114 | Size = 219504 bytes | Created Date = 2/1/2008 3:58:23 PM | Attr = ]
wrlzma.dll -> %System32%\wrlzma.dll -> [Ver = | Size = 26480 bytes | Created Date = 2/1/2008 3:58:15 PM | Attr = ]
zip.exe -> %System32%\zip.exe -> [Ver = | Size = 68096 bytes | Created Date = 2/3/2008 1:17:56 PM | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 2/3/2008 1:18:50 PM | Attr = ]
LastGood -> %SystemRoot%\LastGood -> [Folder | Created Date = 2/2/2008 8:58:40 PM | Attr = ]
Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 2/3/2008 1:17:56 PM | Attr = ]
SxsCaPendDel -> %SystemRoot%\SxsCaPendDel -> [Folder | Created Date = 2/2/2008 4:49:35 PM | Attr = ]
TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 2/3/2008 7:00:13 PM | Attr = ]
WRSetup.dll -> %SystemRoot%\WRSetup.dll -> Webroot Software, Inc. [Ver = 5,5,7,124 | Size = 1526640 bytes | Created Date = 2/1/2008 3:58:14 PM | Attr = ]
wrSpySweeperTrialSweep.job -> %SystemRoot%\tasks\wrSpySweeperTrialSweep.job -> [Ver = | Size = 1522 bytes | Created Date = 2/1/2008 3:58:26 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
4d64ed37473f6afc4090d7282a05 -> %SystemDrive%\4d64ed37473f6afc4090d7282a05 -> [Folder | Modified Date = 2/2/2008 9:17:51 PM | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 2/3/2008 1:03:55 PM | Attr = HS]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 2/2/2008 2:30:16 PM | Attr = ]
ExamView -> %SystemDrive%\ExamView -> [Folder | Modified Date = 1/11/2008 6:07:36 AM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 527880192 bytes | Modified Date = 2/2/2008 8:41:31 PM | Attr = HS]
hpfr5550.xml -> %SystemDrive%\hpfr5550.xml -> [Ver = | Size = 488 bytes | Modified Date = 2/3/2008 7:08:22 PM | Attr = ]
install.dat -> %SystemDrive%\install.dat -> [Ver = | Size = 164 bytes | Modified Date = 2/1/2008 3:55:25 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2/3/2008 1:21:26 PM | Attr = ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 2/3/2008 7:00:07 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2/3/2008 7:00:13 PM | Attr = ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 2/3/2008 1:11:52 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 2/1/2008 9:43:16 PM | Attr = ]
hosts -> %System32%\drivers\etc\hosts -> [Ver = | Size = 21 bytes | Modified Date = 2/2/2008 5:57:44 PM | Attr = ]
kgpfr.cfg -> %System32%\drivers\kgpfr.cfg -> [Ver = | Size = 31744 bytes | Modified Date = 2/2/2008 4:30:39 PM | Attr = ]
SSFS0BB9.sys -> %System32%\drivers\SSFS0BB9.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.114 | Size = 20336 bytes | Modified Date = 1/4/2008 8:34:34 PM | Attr = ]
sshrmd.sys -> %System32%\drivers\sshrmd.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.114 | Size = 21872 bytes | Modified Date = 1/4/2008 8:34:34 PM | Attr = ]
ssidrv.sys -> %System32%\drivers\ssidrv.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.114 | Size = 163696 bytes | Modified Date = 1/4/2008 8:34:34 PM | Attr = ]
sskbfd.sys -> %System32%\drivers\sskbfd.sys -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.114 | Size = 23920 bytes | Modified Date = 1/4/2008 8:34:36 PM | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 2/2/2008 11:23:12 PM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 1/25/2008 3:02:35 AM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 2/2/2008 8:56:42 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 2/2/2008 1:33:34 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 2/3/2008 1:21:10 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 218448 bytes | Modified Date = 2/2/2008 2:28:48 PM | Attr = ]
FxsTmp -> %System32%\FxsTmp -> [Folder | Modified Date = 1/31/2008 6:34:38 PM | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 2/2/2008 9:13:25 PM | Attr = ]
nvapps.xml -> %System32%\nvapps.xml -> [Ver = | Size = 3725 bytes | Modified Date = 2/2/2008 8:44:36 PM | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 2/2/2008 9:13:25 PM | Attr = ]
ssiefr.EXE -> %System32%\ssiefr.EXE -> Webroot Software Inc (www.webroot.com) [Ver = 3.5.6.114 | Size = 16240 bytes | Modified Date = 1/4/2008 8:34:34 PM | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 2/2/2008 9:13:26 PM | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 2/2/2008 9:16:14 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 2/2/2008 8:42:52 PM | Attr = ]
WRLogonNtf.dll -> %System32%\WRLogonNtf.dll -> Webroot Software, Inc. [Ver = 3,5,6,114 | Size = 219504 bytes | Modified Date = 1/4/2008 8:34:36 PM | Attr = ]
wrlzma.dll -> %System32%\wrlzma.dll -> [Ver = | Size = 26480 bytes | Modified Date = 1/4/2008 8:34:36 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 1/8/2008 9:22:57 PM | Attr = H ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 2/2/2008 11:00:26 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2/2/2008 8:41:31 PM | Attr = ]
Disney.ini -> %SystemRoot%\Disney.ini -> [Ver = | Size = 999 bytes | Modified Date = 2/2/2008 1:50:14 PM | Attr = ]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Disney.ini:hjtksr
@Alternate Data Stream - 11736 bytes -> %SystemRoot%\Disney.ini:rqlwgu
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 2/2/2008 11:02:02 PM | Attr = S]
erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 2/3/2008 1:18:50 PM | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 2/2/2008 1:44:18 PM | Attr = R S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 2/2/2008 12:27:36 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2/2/2008 9:00:22 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2/3/2008 1:03:55 PM | Attr = HS]
ka.ini -> %SystemRoot%\ka.ini -> [Ver = | Size = 0 bytes | Modified Date = 2/2/2008 1:41:15 PM | Attr = ]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\ka.ini:nujbji
@Alternate Data Stream - 4870 bytes -> %SystemRoot%\ka.ini:orpowh
LastGood -> %SystemRoot%\LastGood -> [Folder | Modified Date = 2/2/2008 9:00:06 PM | Attr = ]
PolkaDot.ini -> %SystemRoot%\PolkaDot.ini -> [Ver = | Size = 0 bytes | Modified Date = 2/2/2008 1:42:32 PM | Attr = ]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\PolkaDot.ini:zdwht
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2/3/2008 5:22:41 PM | Attr = ]
SIERRA.INI -> %SystemRoot%\SIERRA.INI -> [Ver = | Size = 629 bytes | Modified Date = 2/2/2008 1:56:51 PM | Attr = ]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\SIERRA.INI:rtqyi
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 2/2/2008 11:22:58 PM | Attr = ]
SxsCaPendDel -> %SystemRoot%\SxsCaPendDel -> [Folder | Modified Date = 2/2/2008 5:51:23 PM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 285 bytes | Modified Date = 2/3/2008 6:54:05 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 2/3/2008 7:08:20 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 2/1/2008 3:58:26 PM | Attr = S]
TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 2/3/2008 7:08:22 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 1184 bytes | Modified Date = 2/2/2008 9:11:16 PM | Attr = ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 574 bytes | Modified Date = 2/2/2008 1:40:37 PM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 2/1/2008 9:41:05 PM | Attr = ]
WRSetup.dll -> %SystemRoot%\WRSetup.dll -> Webroot Software, Inc. [Ver = 5,5,7,124 | Size = 1526640 bytes | Modified Date = 1/4/2008 8:56:58 PM | Attr = ]
Norton AntiVirus - Scan my computer - Owner.job -> %SystemRoot%\tasks\Norton AntiVirus - Scan my computer - Owner.job -> [Ver = | Size = 530 bytes | Modified Date = 2/1/2008 8:00:15 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2/2/2008 8:41:38 PM | Attr = H ]
wrSpySweeperTrialSweep.job -> %SystemRoot%\tasks\wrSpySweeperTrialSweep.job -> [Ver = | Size = 1522 bytes | Modified Date = 2/1/2008 3:58:27 PM | Attr = ]
about.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\11.0\Webcache\about.dat -> [Ver = | Size = 1528 bytes | Modified Date = 7/17/2002 8:00:00 PM | Attr = ]
college.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\11.0\Webcache\college.dat -> [Ver = | Size = 327746 bytes | Modified Date = 7/17/2002 8:00:00 PM | Attr = ]
ylpgscat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\11.0\Webcache\ylpgscat.dat -> [Ver = | Size = 12283223 bytes | Modified Date = 7/17/2002 8:00:00 PM | Attr = ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 11098 bytes | Modified Date = 6/15/2007 8:44:07 PM | Attr = ]
data.data -> C:\Documents and Settings\All Users\Application Data\Microsoft\Plus! Digital Media Edition\data\data.dat -> [Ver = | Size = 2408 bytes | Modified Date = 10/1/2003 1:36:32 PM | Attr = ]
CalMRU.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\CalMRU.dat -> [Ver = | Size = 12 bytes | Modified Date = 5/20/2006 3:35:19 PM | Attr = ]
wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [Ver = | Size = 16384 bytes | Modified Date = 9/27/2003 6:49:05 PM | Attr = ]
wklntnts.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntnts.dat -> [Ver = | Size = 990616 bytes | Modified Date = 2/3/2008 6:23:27 PM | Attr = ]
wklntsk.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk.dat -> [Ver = | Size = 990616 bytes | Modified Date = 2/3/2008 6:23:27 PM | Attr = ]

< End of report >
[/code]
  • 0

#9
brown2808

brown2808

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Sorry about multiple posts but I was trying to get everything in.
Thanks again for your help.
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Hi again. I keep getting a new IE icon on my desktop. It is titled eweeeeeeeweeddddddddddddddd.

New one on me, does it appear after deletion ?

No problems on the posts :)

Start WinPFind35. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Registry - Non-Microsoft Only]
< RunOnceEx [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
NY -> ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YY -> {00893370-D7A2-456A-AE04-EB9ABF822FE4} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\DOCUME~1\Owner\LOCALS~1\Temp\aow.dll []
< Internet Explorer Settings [HKEY_CURRENT_USER\] > ->
YN -> HKEY_CURRENT_USER\: SearchURL\\ -> [Reg Error: Value provider does not exist or could not be read.]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {5F3B3060-09E0-44C6-86F7-BC7B02B57BEE}[HKEY_LOCAL_MACHINE] -> http://downloads.sho..._ap1001_sp2.cab[Reg Error: Key does not exist or could not be opened.]
YN -> {74D05D43-3236-11D4-BDCD-00C04F9A3B61}[HKEY_LOCAL_MACHINE] -> http://a840.g.akamai...all/xscan53.cab[HouseCall Control]
YN -> {9522B3FB-7A2B-4646-8AF6-36E7F593073C}[HKEY_LOCAL_MACHINE] -> http://a19.g.akamai....02/cpbrkpie.cab[cpbrkpie Control]
YN -> {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}[HKEY_LOCAL_MACHINE] -> http://www.popcap.co...aploader_v6.cab[PopCapLoader Object]
[Files/Folders - Modified Within 30 days]
YY -> @Alternate Data Stream - 0 bytes -> %SystemRoot%\Disney.ini:hjtksr
YY -> @Alternate Data Stream - 11736 bytes -> %SystemRoot%\Disney.ini:rqlwgu
YY -> @Alternate Data Stream - 0 bytes -> %SystemRoot%\ka.ini:nujbji
YY -> @Alternate Data Stream - 4870 bytes -> %SystemRoot%\ka.ini:orpowh
YY -> @Alternate Data Stream - 0 bytes -> %SystemRoot%\PolkaDot.ini:zdwht
YY -> @Alternate Data Stream - 0 bytes -> %SystemRoot%\SIERRA.INI:rtqyi
[Empty Temp Folders]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new Hijackthis log.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

NEXT

I see you have Superantispyware ..Please run it to clear any orphans I may have missed
  • On the first page select Check for Updates
  • On completion select SCAN YOUR COMPUTER
  • On the next page select COMPLETE SCAN and tick ALL your drives
  • The next stage will take a while as your entire drive(s), memory and registry are scanned
  • When it has completed click NEXT
  • The next screen shows the problems found click OK
  • On the next screen place a tick against all items and select NEXT
  • Now to get the log Go to the PREFERENCES button on the right bottom
  • Select the STATISTICS/LOG tab
  • Highlight the scan just completed and click VIEW LOG
  • This will open a notepad text file copy and paste this to your next reply

Logs required : Superantispyware, Winpfind report and a new Hijackthis and we should nearly be done :)
  • 0

#11
brown2808

brown2808

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Everything seems to be running great. I have not rebooted for some time though. None of the
programs have required a reboot, so I have not done it.

While trying to run the Winpfind it froze up. I tried it twice and it froze both times.
I pasted the recomended quote and clicked run fix. It seemed to run the fix then freeze up,
not allowing me to get a log. So that log is not available.
Task manager says the program is not responding.

SUPERAntiSpyware Scan Log
Generated 02/04/2008 at 08:10 PM

Application Version : 3.6.1000

Core Rules Database Version : 3190
Trace Rules Database Version: 1200

Scan type : Complete Scan
Total Scan Time : 01:55:13

Memory items scanned : 423
Memory threats detected : 0
Registry items scanned : 9215
Registry threats detected : 1
File items scanned : 118986
File threats detected : 16

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

Registry Cleaner Trial
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downloaded Program Files\Install.dll [  ]


HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:12:29 PM, on 2/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wentxp.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\PromptCast\PromptCast.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) =

www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL

= http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

http://www.hp.com/go/PhotoWorks-eLife
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-

784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0

\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

- C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1

\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec

Shared\ccApp.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common

Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MSConfig]

"C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG

Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32

\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy

Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [PromptCast] "C:\Program

Files\PromptCast\PromptCast.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"

/background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program

Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32

\Macromed\Flash\FlashUtil9b.exe
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User

'Default user')
O4 - Startup: spamsubtract.lnk = C:\Program

Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program

Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq

Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-

Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-

00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-

AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-

3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-

A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-

f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-

4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-

00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2

-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader -

http://www.miniclip....tgameloader.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall

Control) - http://housecall-bet...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows

Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?

linkid=48835
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader

Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader

Class) - http://www.miniclip....bGameLoader.cab
O16 - DPF: {5F3B3060-09E0-44C6-86F7-BC7B02B57BEE} -

http://downloads.sho...tall_ap1001_sp2.

cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall

Control) -

http://a840.g.akamai...ll.trendmicro.c

om/housecall/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control)

- http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage

Class) - http://www.hotwaxsur...sCamControl.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control)

-

http://a19.g.akamai....m/r3302/cpbrkpi

e.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan

Installer Class) -

http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo

Uploader) - http://community.web...otoUploader.CAB
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print

ActiveX Plug-in) - http://ak.imgag.com/...tall/AxCtp2.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown

Installer ActiveX Control) -

http://download.toon...5.22/ttinst.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime

Environment 1.4.1_02) -
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105}

(CGameManagerCtrl Object) -

https://disney.go.co...r/DIGGameManage

r.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo

Class) - https://www-

secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools

WebPlayer Class) -

http://3dlifeplayer....l/installer.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader

Object) - http://www.popcap.co...aploader_v6.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program

Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program

Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation

- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec

Corporation - C:\Program Files\Common Files\Symantec

Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec

Corporation - C:\Program Files\Common Files\Symantec

Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program

Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel

32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman

Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1

\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec

Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) -

Symantec Corporation - C:\Program Files\Norton

AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner -

C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32

\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton

AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec

Corporation - C:\Program Files\Common Files\Symantec

Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\Security

Center\SymWSC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) -

Webroot Software, Inc. - C:\Program Files\Webroot\Spy

Sweeper\SpySweeper.exe
O23 - Service: WinEncrypt service (wencrservice) - WinEncrypt -

C:\WINDOWS\SYSTEM32\wentxp.exe

--
End of file - 12372 bytes
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Winpfind did it's work before it threw a hissy fit :)

Now the best part of the day ----- Your log now appears clean :)

Double click OTMoveIt once again and you should see a CleanUp! button, press that button, you may get prompted by your firewall that OTMoveIt wants to contact the internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself



Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done



Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:
  • SpywareBlaster to help prevent spyware from installing in the first place.
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?


Keep safe :)
  • 0

#13
brown2808

brown2808

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
done. Thanks a million. Everything looks good.
I will be sending some $ to your paypal within a couple of weeks.
Granted I don't have a lot so it's not much; :) nowhere near what it's worth.

Thanks again
:)
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Thank you for your Kind words. Dare I say I hope not to see you again :)
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP