Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

BHO helping my browser to not work [RESOLVED]


  • This topic is locked This topic is locked

#1
turdfergasun

turdfergasun

    Banned

  • Banned
  • PipPip
  • 10 posts
read a previous post about this same BHO, but was unable to fully get rid of it, as instructions were fairly case specific. I'm running Avast anti virus, which is catching the malware while it's at work, but unable to remove it, even during a boot scan. I've just run the kaspersky online scanner which has come up with a few hits.

anyway here is my hijack this log. I had previously removed a bho that hijack this had found previously to discovering this website. avast has not reported anymore trojan alerts, and kaspersky seemed to come up negative with anything serious, but will post that log as well if requested.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:55:43 AM, on 2/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Audio Deck\EnMixCPL.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.scroogle....bin/scraper.htm
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\Audio Deck\EnMixCPL.exe 1
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1201589500173
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

--
End of file - 2581 bytes


i will stick with OSX86 until i can resolve this at least i can do all my banking from there as it's on a separate HD, and is a mac journaled partition that the ntfs XP drive cannot access. thank you in advance for any help.

Edited by turdfergasun, 08 February 2008 - 05:27 PM.

  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
turdfergasun

turdfergasun

    Banned

  • Topic Starter
  • Banned
  • PipPip
  • 10 posts
thanks alot! tho i ran into a snag!

not sure why, but dss, always seems to fail near the end of the scan. "encounters a problem needs to close..." all programs are shut down, anti virus is closed, and shut down manually in task manager. i've ran it 3 times, rebooted once with clean startup via msconfig. no go. i will post the contents of the error.

Error signature
AppName: dss(2).exe AppVer: 3.2.8.1 ModName: dss.exe
ModVer: 3.2.8.1 Offset: 00031e06

that is just the basic into, if i "click here" for more info there's about 5 pages of text
  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Try this

Download WinPFind35U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.
  • Open the WinPFind35u folder and double-click on WinPFind35U.exe to start the program.
  • Under Additional Scans check the box beside Reg - Disabled MS Config Items.
  • Under Rootkit Search change that to Yes.
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.

Make sure you attach the report in your reply.
  • 0

#5
turdfergasun

turdfergasun

    Banned

  • Topic Starter
  • Banned
  • PipPip
  • 10 posts
hi, thanks again. here is the report.



[code=auto:0]WinPFind35 logfile created on: 2/10/2008 12:16:40 AM
WinPFind35U Version Beta46 Folder = C:\Documents and Settings\Administrator\Desktop\WinPFind35u
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)

2.00 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 79.17% Memory free
3.85 Gb Paging File | 3.57 Gb Available in Paging File | 92.74% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 116.06 Gb Free Space | 49.84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 127.99 Gb Total Space | 20.12 Gb Free Space | 15.72% Space Free | Partition Type: NTFS

Computer Name: DOUCHE
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4183 | Size = 495616 bytes | Modified Date = 12/4/2007 6:53:58 PM | Attr = ]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4183 | Size = 495616 bytes | Modified Date = 12/4/2007 6:53:58 PM | Attr = ]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 6:36:33 AM | Attr = ]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 5:00:16 AM | Attr = ]
nmsaccessu.exe -> %ProgramFiles%\CDBurnerXP\NMSAccessU.exe -> [Ver = | Size = 71096 bytes | Modified Date = 10/12/2007 8:34:56 AM | Attr = ]
sbiesvc.exe -> %ProgramFiles%\Sandboxie\SbieSvc.exe -> tzuk [Ver = 3.22 | Size = 51200 bytes | Modified Date = 1/13/2008 3:53:38 AM | Attr = ]
enmixcpl.exe -> %ProgramFiles%\Audio Deck\EnMixCPL.exe -> [Ver = 0, 0, 2, 5 | Size = 327680 bytes | Modified Date = 2/6/2006 11:12:38 AM | Attr = ]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 5:00:23 AM | Attr = ]
lwemon.exe -> %ProgramFiles%\Logitech\Gaming Software\LWEMon.exe -> Logitech Inc. [Ver = 5.01.256 | Size = 93208 bytes | Modified Date = 9/25/2007 3:03:30 PM | Attr = ]
rthdcpl.exe -> %SystemRoot%\RTHDCPL.exe -> Realtek Semiconductor Corp. [Ver = 2.1.0.8 | Size = 16269312 bytes | Modified Date = 10/30/2006 7:49:54 PM | Attr = ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.12: 2008020121 | Size = 7655024 bytes | Modified Date = 2/8/2008 9:05:46 AM | Attr = ]
winpfind35u.exe -> %UserDesktop%\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 308224 bytes | Modified Date = 2/7/2008 1:47:38 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr = ]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 12/4/2007 6:36:33 AM | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4183 | Size = 495616 bytes | Modified Date = 12/4/2007 6:53:58 PM | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0027 | Size = 593920 bytes | Modified Date = 9/28/2007 9:05:00 PM | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 12/4/2007 5:00:16 AM | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 12/4/2007 4:59:53 AM | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 12/4/2007 4:59:01 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/3/2004 9:56:50 PM | Attr = ]
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found
(NMSAccessU) NMSAccessU [Win32_Own | Auto | Running] -> %ProgramFiles%\CDBurnerXP\NMSAccessU.exe -> [Ver = | Size = 71096 bytes | Modified Date = 10/12/2007 8:34:56 AM | Attr = ]
(SbieSvc) Sandboxie Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Sandboxie\SbieSvc.exe -> tzuk [Ver = 3.22 | Size = 51200 bytes | Modified Date = 1/13/2008 3:53:38 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Alcmtr -> %SystemRoot%\Alcmtr.exe -> Realtek Semiconductor Corp. [Ver = 1.6.0.2 | Size = 69632 bytes | Modified Date = 5/3/2005 6:43:28 PM | Attr = ]
AtiPTA -> %System32%\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5183 | Size = 344064 bytes | Modified Date = 2/21/2006 5:05:00 PM | Attr = ]
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 12/4/2007 5:00:23 AM | Attr = ]
EnvyHFCPL -> %ProgramFiles%\Audio Deck\EnMixCPL.exe -> [Ver = 0, 0, 2, 5 | Size = 327680 bytes | Modified Date = 2/6/2006 11:12:38 AM | Attr = ]
RTHDCPL -> %SystemRoot%\RTHDCPL.exe -> Realtek Semiconductor Corp. [Ver = 2.1.0.8 | Size = 16269312 bytes | Modified Date = 10/30/2006 7:49:54 PM | Attr = ]
Start WingMan Profiler -> %ProgramFiles%\Logitech\Gaming Software\LWEMon.exe -> Logitech Inc. [Ver = 5.01.256 | Size = 93208 bytes | Modified Date = 9/25/2007 3:03:30 PM | Attr = ]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
AlcoholAutomount -> %ProgramFiles%\Alcohol Soft\Alcohol 120\AxCmd.exe -> Alcohol Soft Development Team [Ver = 1.9.6.5431 | Size = 222080 bytes | Modified Date = 12/21/2007 11:20:59 PM | Attr = ]
SandboxieControl -> %ProgramFiles%\Sandboxie\SbieCtrl.exe -> tzuk [Ver = 3.22 | Size = 370688 bytes | Modified Date = 1/13/2008 3:53:42 AM | Attr = ]
Steam -> %ProgramFiles%\Steam\Steam.exe -> Valve Corporation [Ver = 1.0.0.0 | Size = 1266936 bytes | Modified Date = 1/29/2008 1:22:18 AM | Attr = ]
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{2860C741-8F63-45DA-B029-2B4B148AC499} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4176 | Size = 122880 bytes | Modified Date = 12/4/2007 6:55:20 PM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< HOSTS File > (781 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.scroogle.org/cgi-bin/scraper.htm ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 -> ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{0483FA24-9E00-416C-BA7A-5415D20AB254} -> () ->
{7A0F4903-39BA-4488-884A-00FED5E2A05B} -> (VIA Compatable Fast Ethernet Adapter) ->
{BAA66F2E-8418-4B44-A52C-C3BBBD230E8F} -> (SMC EZ Card 10/100 PCI (SMC1211TX)) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}[HKEY_LOCAL_MACHINE] -> http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab[CKAVWebScan Object] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201589500173[WUWebControl Class] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->


[Registry - Additional Scans - Non-Microsoft Only]
< Disabled MSConfig Services [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services ->
WMPNetworkSvc -> ->
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ ->
SkyTel hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemRoot%\SkyTel.exe -> Realtek Semiconductor Corp. [Ver = 1.0.0.0 | Size = 2879488 bytes | Modified Date = 5/16/2006 6:04:26 PM | Attr = ]
Vidalia hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Vidalia Bundle\Vidalia\vidalia.exe -> [Ver = | Size = 12889088 bytes | Modified Date = 11/22/2007 1:49:44 PM | Attr = ]


[Files/Folders - Created Within 30 days]
766f8fb39860eb8c7c960b6c9d9c76 -> %SystemDrive%\766f8fb39860eb8c7c960b6c9d9c76 -> [Folder | Created Date = 1/28/2008 11:22:28 PM | Attr = ]
AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT -> [Ver = | Size = 0 bytes | Created Date = 1/28/2008 9:12:16 PM | Attr = ]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Created Date = 1/28/2008 12:25:43 PM | Attr = HS]
CONFIG.SYS -> %SystemDrive%\CONFIG.SYS -> [Ver = | Size = 0 bytes | Created Date = 1/28/2008 9:12:16 PM | Attr = ]
Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 2/8/2008 7:52:27 AM | Attr = ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Created Date = 1/28/2008 12:26:32 PM | Attr = ]
Future Weapons -> %SystemDrive%\Future Weapons -> [Folder | Created Date = 2/3/2008 9:53:05 PM | Attr = ]
IO.SYS -> %SystemDrive%\IO.SYS -> [Ver = | Size = 0 bytes | Created Date = 1/28/2008 9:12:16 PM | Attr = RHS]
moovin pictures -> %SystemDrive%\moovin pictures -> [Folder | Created Date = 2/3/2008 9:09:13 PM | Attr = ]
MSDOS.SYS -> %SystemDrive%\MSDOS.SYS -> [Ver = | Size = 0 bytes | Created Date = 1/28/2008 9:12:16 PM | Attr = RHS]
Program Files -> %ProgramFiles% -> [Folder | Created Date = 1/28/2008 12:29:14 PM | Attr = R ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 1/29/2008 12:28:38 AM | Attr = HS]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Created Date = 1/28/2008 12:26:31 PM | Attr = HS]
Toast Titanium.zip -> %SystemDrive%\Toast Titanium.zip -> [Ver = | Size = 54971927 bytes | Created Date = 2/3/2008 10:59:02 PM | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 2/8/2008 7:32:31 AM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Created Date = 1/28/2008 12:21:19 PM | Attr = ]
WUTemp -> %SystemDrive%\WUTemp -> [Folder | Created Date = 2/8/2008 8:15:10 PM | Attr = ]
a3d.dll -> %System32%\dllcache\a3d.dll -> [Ver = 0.00.00 | Size = 254000 bytes | Created Date = 1/29/2008 4:11:00 AM | Attr = ]
big5.nls -> %System32%\dllcache\big5.nls -> [Ver = | Size = 66728 bytes | Created Date = 1/28/2008 9:12:52 PM | Attr = ]
bopomofo.nls -> %System32%\dllcache\bopomofo.nls -> [Ver = | Size = 82172 bytes | Created Date = 1/28/2008 9:12:52 PM | Attr = ]
cap7146.sys -> %System32%\dllcache\cap7146.sys -> Philips Semiconductors GmbH [Ver = 1.00 (XPClient.010817-1148) | Size = 54528 bytes | Created Date = 1/28/2008 9:12:58 PM | Attr = ]
chtskf.dll -> %System32%\dllcache\chtskf.dll -> [Ver = | Size = 173568 bytes | Created Date = 1/28/2008 9:13:00 PM | Attr = ]
c_10001.nls -> %System32%\dllcache\c_10001.nls -> [Ver = | Size = 162850 bytes | Created Date = 1/28/2008 9:12:52 PM | Attr = ]
c_10002.nls -> %System32%\dllcache\c_10002.nls -> [Ver = | Size = 195618 bytes | Created Date = 1/28/2008 9:12:53 PM | Attr = ]
c_10003.nls -> %System32%\dllcache\c_10003.nls -> [Ver = | Size = 177698 bytes | Created Date = 1/28/2008 9:12:53 PM | Attr = ]
c_10004.nls -> %System32%\dllcache\c_10004.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 9:12:53 PM | Attr = ]
c_10005.nls -> %System32%\dllcache\c_10005.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 9:12:53 PM | Attr = ]
c_10006.nls -> %System32%\dllcache\c_10006.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 12:29:06 PM | Attr = ]
c_10007.nls -> %System32%\dllcache\c_10007.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 12:29:08 PM | Attr = ]
c_10008.nls -> %System32%\dllcache\c_10008.nls -> [Ver = | Size = 173602 bytes | Created Date = 1/28/2008 9:12:53 PM | Attr = ]
c_10010.nls -> %System32%\dllcache\c_10010.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 12:29:01 PM | Attr = ]
c_10017.nls -> %System32%\dllcache\c_10017.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 12:29:08 PM | Attr = ]
c_10021.nls -> %System32%\dllcache\c_10021.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 9:12:53 PM | Attr = ]
c_10029.nls -> %System32%\dllcache\c_10029.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 12:29:01 PM | Attr = ]
c_10081.nls -> %System32%\dllcache\c_10081.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 12:29:11 PM | Attr = ]
c_10082.nls -> %System32%\dllcache\c_10082.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 12:29:01 PM | Attr = ]
c_1047.nls -> %System32%\dllcache\c_1047.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 9:12:53 PM | Attr = ]
c_1140.nls -> %System32%\dllcache\c_1140.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 9:12:53 PM | Attr = ]
c_1141.nls -> %System32%\dllcache\c_1141.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 9:12:53 PM | Attr = ]
c_1142.nls -> %System32%\dllcache\c_1142.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 9:12:53 PM | Attr = ]
c_1143.nls -> %System32%\dllcache\c_1143.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 9:12:53 PM | Attr = ]
c_1144.nls -> %System32%\dllcache\c_1144.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 9:12:53 PM | Attr = ]
c_1145.nls -> %System32%\dllcache\c_1145.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 9:12:54 PM | Attr = ]
c_1146.nls -> %System32%\dllcache\c_1146.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 9:12:54 PM | Attr = ]
c_1147.nls -> %System32%\dllcache\c_1147.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 9:12:54 PM | Attr = ]
c_1148.nls -> %System32%\dllcache\c_1148.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 9:12:54 PM | Attr = ]
c_1149.nls -> %System32%\dllcache\c_1149.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 9:12:54 PM | Attr = ]
c_1361.nls -> %System32%\dllcache\c_1361.nls -> [Ver = | Size = 189986 bytes | Created Date = 1/28/2008 9:12:54 PM | Attr = ]
c_20000.nls -> %System32%\dllcache\c_20000.nls -> [Ver = | Size = 180258 bytes | Created Date = 1/28/2008 9:12:54 PM | Attr = ]
c_20001.nls -> %System32%\dllcache\c_20001.nls -> [Ver = | Size = 186402 bytes | Created Date = 1/28/2008 9:12:54 PM | Attr = ]
c_20002.nls -> %System32%\dllcache\c_20002.nls -> [Ver = | Size = 173602 bytes | Created Date = 1/28/2008 9:12:54 PM | Attr = ]
c_20003.nls -> %System32%\dllcache\c_20003.nls -> [Ver = | Size = 185378 bytes | Created Date = 1/28/2008 9:12:54 PM | Attr = ]
c_20004.nls -> %System32%\dllcache\c_20004.nls -> [Ver = | Size = 180258 bytes | Created Date = 1/28/2008 9:12:55 PM | Attr = ]
c_20005.nls -> %System32%\dllcache\c_20005.nls -> [Ver = | Size = 187938 bytes | Created Date = 1/28/2008 9:12:55 PM | Attr = ]
c_20105.nls -> %System32%\dllcache\c_20105.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 9:12:55 PM | Attr = ]
c_20106.nls -> %System32%\dllcache\c_20106.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 9:12:55 PM | Attr = ]
c_20107.nls -> %System32%\dllcache\c_20107.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 9:12:55 PM | Attr = ]
c_20108.nls -> %System32%\dllcache\c_20108.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 9:12:55 PM | Attr = ]
c_20127.nls -> %System32%\dllcache\c_20127.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 12:29:00 PM | Attr = ]
c_20269.nls -> %System32%\dllcache\c_20269.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 9:12:55 PM | Attr = ]
c_20273.nls -> %System32%\dllcache\c_20273.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 9:12:55 PM | Attr = ]
c_20277.nls -> %System32%\dllcache\c_20277.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 9:12:55 PM | Attr = ]
c_20278.nls -> %System32%\dllcache\c_20278.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 9:12:55 PM | Attr = ]
c_20280.nls -> %System32%\dllcache\c_20280.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 9:12:55 PM | Attr = ]
c_20284.nls -> %System32%\dllcache\c_20284.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 9:12:55 PM | Attr = ]
c_20285.nls -> %System32%\dllcache\c_20285.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 9:12:55 PM | Attr = ]
c_20290.nls -> %System32%\dllcache\c_20290.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 9:12:56 PM | Attr = ]
c_20297.nls -> %System32%\dllcache\c_20297.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 9:12:56 PM | Attr = ]
c_20420.nls -> %System32%\dllcache\c_20420.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 9:12:56 PM | Attr = ]
c_20423.nls -> %System32%\dllcache\c_20423.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 9:12:56 PM | Attr = ]
c_20424.nls -> %System32%\dllcache\c_20424.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 9:12:56 PM | Attr = ]
c_20833.nls -> %System32%\dllcache\c_20833.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 9:12:56 PM | Attr = ]
c_20838.nls -> %System32%\dllcache\c_20838.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 9:12:56 PM | Attr = ]
c_20871.nls -> %System32%\dllcache\c_20871.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 9:12:56 PM | Attr = ]
c_20880.nls -> %System32%\dllcache\c_20880.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 9:12:56 PM | Attr = ]
c_20924.nls -> %System32%\dllcache\c_20924.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 9:12:56 PM | Attr = ]
c_20932.nls -> %System32%\dllcache\c_20932.nls -> [Ver = | Size = 180770 bytes | Created Date = 1/28/2008 9:12:56 PM | Attr = ]
c_20936.nls -> %System32%\dllcache\c_20936.nls -> [Ver = | Size = 173602 bytes | Created Date = 1/28/2008 9:12:56 PM | Attr = ]
c_20949.nls -> %System32%\dllcache\c_20949.nls -> [Ver = | Size = 177698 bytes | Created Date = 1/28/2008 9:12:57 PM | Attr = ]
c_21025.nls -> %System32%\dllcache\c_21025.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 9:12:57 PM | Attr = ]
c_21027.nls -> %System32%\dllcache\c_21027.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 9:12:57 PM | Attr = ]
c_28594.nls -> %System32%\dllcache\c_28594.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 12:29:04 PM | Attr = ]
c_28595.nls -> %System32%\dllcache\c_28595.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 12:29:08 PM | Attr = ]
c_28596.nls -> %System32%\dllcache\c_28596.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 9:12:57 PM | Attr = ]
c_28597.nls -> %System32%\dllcache\c_28597.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 12:29:06 PM | Attr = ]
c_28599.nls -> %System32%\dllcache\c_28599.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 12:29:11 PM | Attr = ]
c_28603.nls -> %System32%\dllcache\c_28603.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 12:29:13 PM | Attr = ]
c_708.nls -> %System32%\dllcache\c_708.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 9:12:57 PM | Attr = ]
c_720.nls -> %System32%\dllcache\c_720.nls -> [Ver = | Size = 66594 bytes | Created Date = 1/28/2008 9:12:57 PM | Attr = ]
c_737.nls -> %System32%\dllcache\c_737.nls -> [Ver = | Size = 66594 bytes | Created Date = 1/28/2008 12:29:06 PM | Attr = ]
c_852.nls -> %System32%\dllcache\c_852.nls -> [Ver = | Size = 66594 bytes | Created Date = 1/28/2008 12:29:01 PM | Attr = ]
c_855.nls -> %System32%\dllcache\c_855.nls -> [Ver = | Size = 66594 bytes | Created Date = 1/28/2008 12:29:04 PM | Attr = ]
c_857.nls -> %System32%\dllcache\c_857.nls -> [Ver = | Size = 66594 bytes | Created Date = 1/28/2008 12:29:11 PM | Attr = ]
c_858.nls -> %System32%\dllcache\c_858.nls -> [Ver = | Size = 66594 bytes | Created Date = 1/28/2008 9:12:57 PM | Attr = ]
c_862.nls -> %System32%\dllcache\c_862.nls -> [Ver = | Size = 66594 bytes | Created Date = 1/28/2008 9:12:57 PM | Attr = ]
c_864.nls -> %System32%\dllcache\c_864.nls -> [Ver = | Size = 66594 bytes | Created Date = 1/28/2008 9:12:57 PM | Attr = ]
c_866.nls -> %System32%\dllcache\c_866.nls -> [Ver = | Size = 66594 bytes | Created Date = 1/28/2008 12:29:04 PM | Attr = ]
c_869.nls -> %System32%\dllcache\c_869.nls -> [Ver = | Size = 66594 bytes | Created Date = 1/28/2008 12:29:06 PM | Attr = ]
c_870.nls -> %System32%\dllcache\c_870.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 9:12:57 PM | Attr = ]
c_875.nls -> %System32%\dllcache\c_875.nls -> [Ver = | Size = 66082 bytes | Created Date = 1/28/2008 12:29:06 PM | Attr = ]
dgrpsetu.dll -> %System32%\dllcache\dgrpsetu.dll -> Digi International, Inc. [Ver = 2.3.7 | Size = 176157 bytes | Created Date = 1/28/2008 12:28:59 PM | Attr = ]
dgsetup.dll -> %System32%\dllcache\dgsetup.dll -> Digi International [Ver = v3.7.3.0 | Size = 85020 bytes | Created Date = 1/28/2008 12:28:59 PM | Attr = ]
eqnclass.dll -> %System32%\dllcache\eqnclass.dll -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 103424 bytes | Created Date = 1/28/2008 12:28:59 PM | Attr = ]
esucmd.dll -> %System32%\dllcache\esucmd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 31744 bytes | Created Date = 1/28/2008 9:13:06 PM | Attr = ]
esuimgd.dll -> %System32%\dllcache\esuimgd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 57856 bytes | Created Date = 1/28/2008 9:13:06 PM | Attr = ]
esunid.dll -> %System32%\dllcache\esunid.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 45056 bytes | Created Date = 1/28/2008 9:13:06 PM | Attr = ]
FP4.CAT -> %System32%\dllcache\FP4.CAT -> [Ver = | Size = 31281 bytes | Created Date = 1/28/2008 12:27:08 PM | Attr = ]
fpencode.dll -> %System32%\dllcache\fpencode.dll -> [Ver = | Size = 94208 bytes | Created Date = 1/28/2008 9:13:08 PM | Attr = ]
hanja.lex -> %System32%\dllcache\hanja.lex -> [Ver = | Size = 108827 bytes | Created Date = 1/28/2008 9:13:11 PM | Attr = ]
HPCRDP.CAT -> %System32%\dllcache\HPCRDP.CAT -> [Ver = | Size = 13472 bytes | Created Date = 1/28/2008 12:27:08 PM | Attr = ]
htrn_jis.dll -> %System32%\dllcache\htrn_jis.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 13312 bytes | Created Date = 1/28/2008 9:08:45 PM | Attr = ]
hwxjpn.dll -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Created Date = 1/28/2008 9:13:16 PM | Attr = ]
IASNT4.CAT -> %System32%\dllcache\IASNT4.CAT -> [Ver = | Size = 8574 bytes | Created Date = 1/28/2008 12:27:09 PM | Attr = ]
imekr.lex -> %System32%\dllcache\imekr.lex -> [Ver = | Size = 134339 bytes | Created Date = 1/28/2008 9:13:24 PM | Attr = ]
imjpinst.exe -> %System32%\dllcache\imjpinst.exe -> [Ver = | Size = 196665 bytes | Created Date = 1/28/2008 9:13:26 PM | Attr = ]
IMS.CAT -> %System32%\dllcache\IMS.CAT -> [Ver = | Size = 13753 bytes | Created Date = 1/28/2008 12:27:08 PM | Attr = ]
imscinst.exe -> %System32%\dllcache\imscinst.exe -> [Ver = | Size = 59392 bytes | Created Date = 1/28/2008 9:13:27 PM | Attr = ]
isrdbg32.dll -> %System32%\dllcache\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 32768 bytes | Created Date = 1/28/2008 9:09:58 PM | Attr = ]
korwbrkr.lex -> %System32%\dllcache\korwbrkr.lex -> [Ver = | Size = 1158818 bytes | Created Date = 1/28/2008 9:13:33 PM | Attr = ]
ksc.nls -> %System32%\dllcache\ksc.nls -> [Ver = | Size = 47066 bytes | Created Date = 1/28/2008 9:13:34 PM | Attr = ]
ltts1033.lxa -> %System32%\dllcache\ltts1033.lxa -> [Ver = | Size = 643717 bytes | Created Date = 1/28/2008 12:29:15 PM | Attr = ]
MAPIMIG.CAT -> %System32%\dllcache\MAPIMIG.CAT -> [Ver = | Size = 399645 bytes | Created Date = 1/28/2008 12:27:08 PM | Attr = ]
mediactr.cat -> %System32%\dllcache\mediactr.cat -> [Ver = | Size = 31965 bytes | Created Date = 1/28/2008 12:27:09 PM | Attr = ]
mplayer2.exe -> %System32%\dllcache\mplayer2.exe -> [Ver = | Size = 4639 bytes | Created Date = 1/28/2008 9:10:15 PM | Attr = ]
msinfo.dll -> %System32%\dllcache\msinfo.dll -> [Ver = 7, 0, 0, 0 | Size = 376320 bytes | Created Date = 1/28/2008 9:10:01 PM | Attr = ]
MSMSGS.CAT -> %System32%\dllcache\MSMSGS.CAT -> [Ver = | Size = 9581 bytes | Created Date = 1/28/2008 12:27:08 PM | Attr = ]
msn7.cat -> %System32%\dllcache\msn7.cat -> [Ver = | Size = 24209 bytes | Created Date = 1/28/2008 12:27:09 PM | Attr = ]
msn9.cat -> %System32%\dllcache\msn9.cat -> [Ver = | Size = 11651 bytes | Created Date = 1/28/2008 12:27:09 PM | Attr = ]
MSTSWEB.CAT -> %System32%\dllcache\MSTSWEB.CAT -> [Ver = | Size = 7245 bytes | Created Date = 1/28/2008 12:27:09 PM | Attr = ]
MW770.CAT -> %System32%\dllcache\MW770.CAT -> [Ver = | Size = 37484 bytes | Created Date = 1/28/2008 12:27:08 PM | Attr = ]
netfx.cat -> %System32%\dllcache\netfx.cat -> [Ver = | Size = 141702 bytes | Created Date = 1/28/2008 12:27:09 PM | Attr = ]
nls302en.lex -> %System32%\dllcache\nls302en.lex -> [Ver = | Size = 4399505 bytes | Created Date = 1/28/2008 9:11:12 PM | Attr = ]
NT5.CAT -> %System32%\dllcache\NT5.CAT -> [Ver = | Size = 2012670 bytes | Created Date = 1/28/2008 12:27:08 PM | Attr = ]
NT5IIS.CAT -> %System32%\dllcache\NT5IIS.CAT -> [Ver = | Size = 797189 bytes | Created Date = 1/28/2008 12:27:08 PM | Attr = ]
NT5INF.CAT -> %System32%\dllcache\NT5INF.CAT -> [Ver = | Size = 502724 bytes | Created Date = 1/28/2008 12:27:08 PM | Attr = ]
NTPRINT.CAT -> %System32%\dllcache\NTPRINT.CAT -> [Ver = | Size = 1086058 bytes | Created Date = 1/28/2008 12:27:08 PM | Attr = ]
OEMBIOS.CAT -> %System32%\dllcache\OEMBIOS.CAT -> [Ver = | Size = 7382 bytes | Created Date = 1/28/2008 12:27:09 PM | Attr = ]
pinball.exe -> %System32%\dllcache\pinball.exe -> Cinematronics [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 281088 bytes | Created Date = 1/28/2008 9:08:14 PM | Attr = ]
pintlcsa.dll -> %System32%\dllcache\pintlcsa.dll -> [Ver = | Size = 175104 bytes | Created Date = 1/28/2008 9:13:44 PM | Attr = ]
prc.nls -> %System32%\dllcache\prc.nls -> [Ver = | Size = 83748 bytes | Created Date = 1/28/2008 9:13:45 PM | Attr = ]
prcp.nls -> %System32%\dllcache\prcp.nls -> [Ver = | Size = 83748 bytes | Created Date = 1/28/2008 9:13:46 PM | Attr = ]
r1033tts.lxa -> %System32%\dllcache\r1033tts.lxa -> [Ver = | Size = 605050 bytes | Created Date = 1/28/2008 12:29:15 PM | Attr = ]
rtl8139.sys -> %System32%\dllcache\rtl8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Created Date = 1/29/2008 4:04:33 AM | Attr = ]
rw330ext.dll -> %System32%\dllcache\rw330ext.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 26624 bytes | Created Date = 1/28/2008 9:13:49 PM | Attr = ]
rwia001.dll -> %System32%\dllcache\rwia001.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 1/28/2008 9:13:49 PM | Attr = ]
rwia330.dll -> %System32%\dllcache\rwia330.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 1/28/2008 9:13:49 PM | Attr = ]
sam.sdf -> %System32%\dllcache\sam.sdf -> [Ver = | Size = 888 bytes | Created Date = 1/28/2008 12:29:16 PM | Attr = ]
sam.spd -> %System32%\dllcache\sam.spd -> [Ver = | Size = 1685606 bytes | Created Date = 1/28/2008 12:29:16 PM | Attr = ]
SP2.CAT -> %System32%\dllcache\SP2.CAT -> [Ver = | Size = 1042903 bytes | Created Date = 1/28/2008 12:27:08 PM | Attr = ]
spxcoins.dll -> %System32%\dllcache\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 1/28/2008 12:28:59 PM | Attr = ]
srframe.mmf -> %System32%\dllcache\srframe.mmf -> [Ver = | Size = 984 bytes | Created Date = 1/28/2008 9:10:30 PM | Attr = ]
tabletpc.cat -> %System32%\dllcache\tabletpc.cat -> [Ver = | Size = 110116 bytes | Created Date = 1/28/2008 12:27:09 PM | Attr = ]
wmerrenu.cat -> %System32%\dllcache\wmerrenu.cat -> [Ver = | Size = 7334 bytes | Created Date = 1/28/2008 12:27:08 PM | Attr = ]
xjis.nls -> %System32%\dllcache\xjis.nls -> [Ver = | Size = 28288 bytes | Created Date = 1/28/2008 9:14:06 PM | Attr = ]
aavmker4.sys -> %System32%\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 26624 bytes | Created Date = 1/29/2008 12:31:04 PM | Attr = ]
aswmon.sys -> %System32%\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 93264 bytes | Created Date = 1/29/2008 12:31:03 PM | Attr = ]
aswmon2.sys -> %System32%\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 94544 bytes | Created Date = 1/29/2008 12:31:03 PM | Attr = ]
aswRdr.sys -> %System32%\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 23152 bytes | Created Date = 1/29/2008 12:31:04 PM | Attr = ]
aswTdi.sys -> %System32%\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1098.0 | Size = 42912 bytes | Created Date = 1/29/2008 12:31:04 PM | Attr = ]
ati2erec.dll -> %System32%\drivers\ati2erec.dll -> ATI Technologies Inc. [Ver = 1.0.0.12 | Size = 49152 bytes | Created Date = 1/29/2008 12:33:31 AM | Attr = ]
ati2mtag.sys -> %System32%\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6755 | Size = 2782208 bytes | Created Date = 1/29/2008 12:33:32 AM | Attr = ]
ativcaxx.cpa -> %System32%\drivers\ativcaxx.cpa -> [Ver = | Size = 1311202 bytes | Created Date = 1/29/2008 12:33:29 AM | Attr = ]
ativcaxx.vp -> %System32%\drivers\ativcaxx.vp -> [Ver = | Size = 929 bytes | Created Date = 1/29/2008 12:33:29 AM | Attr = ]
ativckxx.vp -> %System32%\drivers\ativckxx.vp -> [Ver = | Size = 2096 bytes | Created Date = 1/29/2008 12:33:29 AM | Attr = ]
ativdkxx.vp -> %System32%\drivers\ativdkxx.vp -> [Ver = | Size = 2096 bytes | Created Date = 1/29/2008 12:33:29 AM | Attr = ]
ativvpxx.vp -> %System32%\drivers\ativvpxx.vp -> [Ver = | Size = 47360 bytes | Created Date = 1/29/2008 12:33:29 AM | Attr = ]
disdn -> %System32%\drivers\disdn -> [Folder | Created Date = 1/28/2008 12:21:19 PM | Attr = ]
Envy24HF.sys -> %System32%\drivers\Envy24HF.sys -> VIA - IC Ensemble, Inc. [Ver = 5.12.01.3650 built by: WinDDK | Size = 589120 bytes | Created Date = 1/29/2008 4:11:00 AM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Created Date = 1/28/2008 12:21:19 PM | Attr = ]
hosts1.bak -> %System32%\drivers\etc\hosts1.bak -> [Ver = | Size = 734 bytes | Created Date = 1/28/2008 10:51:07 PM | Attr = ]
fetnd5.sys -> %System32%\drivers\fetnd5.sys -> VIA Technologies, Inc. [Ver = 2.66 | Size = 27165 bytes | Created Date = 1/28/2008 12:30:12 PM | Attr = ]
PnkBstrK.sys -> %System32%\drivers\PnkBstrK.sys -> [Ver = | Size = 22328 bytes | Created Date = 1/29/2008 12:47:23 PM | Attr = ]
RtkHDAud.Sys -> %System32%\drivers\RtkHDAud.Sys -> Realtek Semiconductor Corp. [Ver = 5.10.00.5319 built by: WinDDK | Size = 4394496 bytes | Created Date = 2/3/2008 10:09:39 AM | Attr = ]
RTL8139.sys -> %System32%\drivers\RTL8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Created Date = 1/29/2008 4:04:33 AM | Attr = ]
sptd.sys -> %System32%\drivers\sptd.sys -> [Ver = | Size = 716272 bytes | Created Date = 1/29/2008 1:45:51 AM | Attr = ]
UMDF -> %System32%\drivers\UMDF -> [Folder | Created Date = 1/28/2008 11:20:37 PM | Attr = ]
MsftWdf_user_01_00_00.Wdf -> %System32%\drivers\UMDF\MsftWdf_user_01_00_00.Wdf -> [Ver = | Size = 0 bytes | Created Date = 1/28/2008 11:20:38 PM | Attr = H ]
ViBus.sys -> %System32%\drivers\ViBus.sys -> VIA Technologies, Inc. [Ver = 6.0.6000.231 | Size = 16896 bytes | Created Date = 1/29/2008 12:27:01 AM | Attr = R ]
videX32.sys -> %System32%\drivers\videX32.sys -> VIA Technologies, Inc. [Ver = 6.0.6000.182 | Size = 9216 bytes | Created Date = 1/29/2008 12:26:34 AM | Attr = R ]
ViPrt.sys -> %System32%\drivers\ViPrt.sys -> VIA Technologies, Inc. [Ver = 6.0.6000.231 | Size = 52736 bytes | Created Date = 1/29/2008 12:27:01 AM | Attr = R ]
$winnt$.inf -> %System32%\$winnt$.inf -> [Ver = | Size = 261 bytes | Created Date = 1/28/2008 12:25:41 PM | Attr = ]
1025 -> %System32%\1025 -> [Folder | Created Date = 1/28/2008 12:21:19 PM | Attr = ]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
1028 -> %System32%\1028 -> [Folder | Created Date = 1/28/2008 12:21:19 PM | Attr = ]
1031 -> %System32%\1031 -> [Folder | Created Date = 1/28/2008 12:21:19 PM | Attr = ]
1033 -> %System32%\1033 -> [Folder | Created Date = 1/28/2008 12:21:19 PM | Attr = ]
1037 -> %System32%\1037 -> [Folder | Created Date = 1/28/2008 12:21:19 PM | Attr = ]
1041 -> %System32%\1041 -> [Folder | Created Date = 1/28/2008 12:21:19 PM | Attr = ]
1042 -> %System32%\1042 -> [Folder | Created Date = 1/28/2008 12:21:19 PM | Attr = ]
1054 -> %System32%\1054 -> [Folder | Created Date = 1/28/2008 12:21:19 PM | Attr = ]
2052 -> %System32%\2052 -> [Folder | Created Date = 1/28/2008 12:21:19 PM | Attr = ]
3076 -> %System32%\3076 -> [Folder | Created Date = 1/28/2008 12:21:19 PM | Attr = ]
3com_dmi -> %System32%\3com_dmi -> [Folder | Created Date = 1/28/2008 12:21:19 PM | Attr = ]
3ivx.dll -> %System32%\3ivx.dll -> 3ivx Technologies Pty. Ltd. [Ver = 5, 0, 2, 280 | Size = 1155808 bytes | Created Date = 12/21/2008 8:58:56 PM | Attr = ]
3ivxVfWCodec.dll -> %System32%\3ivxVfWCodec.dll -> 3ivx Technologies Pty. Ltd. [Ver = 5, 0, 2, 280 | Size = 332512 bytes | Created Date = 12/21/2008 8:59:00 PM | Attr = ]
A3D.dll -> %System32%\A3D.dll -> [Ver = 0.00.00 | Size = 254000 bytes | Created Date = 1/29/2008 4:11:00 AM | Attr = ]
actskin4.ocx -> %System32%\actskin4.ocx -> [Ver = 4, 2, 7, 3 | Size = 380928 bytes | Created Date = 1/29/2008 12:30:59 PM | Attr = ]
ALSndMgr.Cpl -> %System32%\ALSndMgr.Cpl -> Realtek Semiconductor Corp. [Ver = 1, 0, 0, 10 | Size = 299008 bytes | Created Date = 2/3/2008 10:09:38 AM | Attr = ]
amcompat.tlb -> %System32%\amcompat.tlb -> [Ver = | Size = 16832 bytes | Created Date = 1/28/2008 9:12:14 PM | Attr = ]
appmgmt -> %System32%\appmgmt -> [Folder | Created Date = 1/29/2008 1:45:22 PM | Attr = ]
aswBoot.exe -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 837496 bytes | Created Date = 1/29/2008 12:30:59 PM | Attr = ]
atfaraxx.hlx -> %System32%\atfaraxx.hlx -> [Ver = | Size = 24652 bytes | Created Date = 1/29/2008 12:33:29 AM | Attr = ]
atfchsxx.hlx -> %System32%\atfchsxx.hlx -> [Ver = | Size = 26864 bytes | Created Date = 1/29/2008 12:33:29 AM | Attr = ]
atfchtxx.hlx -> %System32%\atfchtxx.hlx -> [Ver = | Size = 24589 bytes | Created Date = 1/29/2008 12:33:29 AM | Attr = ]
atfcsyxx.hlx -> %System32%\atfcsyxx.hlx -> [Ver = | Size = 24569 bytes | Created Date = 1/29/2008 12:33:29 AM | Attr = ]
atfdanxx.hlx -> %System32%\atfdanxx.hlx -> [Ver = | Size = 24065 bytes | Created Date = 1/29/2008 12:33:29 AM | Attr = ]
atfdeuxx.hlx -> %System32%\atfdeuxx.hlx -> [Ver = | Size = 24557 bytes | Created Date = 1/29/2008 12:33:29 AM | Attr = ]
atfellxx.hlx -> %System32%\atfellxx.hlx -> [Ver = | Size = 25224 bytes | Created Date = 1/29/2008 12:33:29 AM | Attr = ]
atfenuxx.hlp -> %System32%\atfenuxx.hlp -> [Ver = | Size = 23224 bytes | Created Date = 1/29/2008 12:36:22 AM | Attr = ]
atfenuxx.hlx -> %System32%\atfenuxx.hlx -> [Ver = | Size = 23224 bytes | Created Date = 1/29/2008 12:33:29 AM | Attr = ]
atfespxx.hlx -> %System32%\atfespxx.hlx -> [Ver = | Size = 24382 bytes | Created Date = 1/29/2008 12:33:29 AM | Attr = ]
atffinxx.hlx -> %System32%\atffinxx.hlx -> [Ver = | Size = 24260 bytes | Created Date = 1/29/2008 12:33:29 AM | Attr = ]
atffraxx.hlx -> %System32%\atffraxx.hlx -> [Ver = | Size = 24640 bytes | Created Date = 1/29/2008 12:33:29 AM | Att
  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Can you attach the report as some of it is missing
  • 0

#7
turdfergasun

turdfergasun

    Banned

  • Topic Starter
  • Banned
  • PipPip
  • 10 posts
k here ya go. not sure why it would be missing, used ctrl a, ctrl v, no word wrap. anyway here it is. had reg - disabled ms config items, and root kit search set to yes. will run again if you want.

Attached Files


  • 0

#8
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Start WinPFind35U. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> Alcmtr -> %SystemRoot%\Alcmtr.exe
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YN -> {2860C741-8F63-45DA-B029-2B4B148AC499} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. []
[Files/Folders - Created Within 30 days]
YY -> 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
YY -> 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
YY -> Alcmtr.exe -> %SystemRoot%\Alcmtr.exe
[Empty Temp Folders]
[Start Explorer]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Also post a new HijackThis log
  • 0

#9
turdfergasun

turdfergasun

    Banned

  • Topic Starter
  • Banned
  • PipPip
  • 10 posts
alright done, and done.

WINPfind35U fix restarted before it opened a report, but i found what i'm pretty sure is the report under C:\Documents and Settings\Administrator\Desktop\WinPFind35u\MovedFiles. here are the contents of it.

Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Alcmtr deleted successfully.
C:\WINDOWS\Alcmtr.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{2860C741-8F63-45DA-B029-2B4B148AC499} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2860C741-8F63-45DA-B029-2B4B148AC499}\ deleted successfully.
[Files/Folders - Created Within 30 days]
File C:\WINDOWS\Alcmtr.exe not found!
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Temp\~DFC871.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_61c.dat scheduled to be deleted on reboot.
User temp folders emptied.
SystemRoot temp folder emptied.
IE temp folders emptied
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
WinPFind35U Version Beta46 fix logfile created on 02102008_024442





kaspersky showed that it had some positives, i haven't removed anything or changed anything, and i'll leave the window open for changes if recommended. here is the kaspersky report.




-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, February 10, 2008 3:36:03 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 10/02/2008
Kaspersky Anti-Virus database records: 555893
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 84320
Number of viruses found: 4
Number of infected objects: 13
Number of suspicious objects: 0
Duration of the scan process: 00:41:03

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\20080208080910\backup\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mirc631.exe/stream/data0014 Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
C:\Deckard\System Scanner\20080208080910\backup\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mirc631.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
C:\Deckard\System Scanner\20080208080910\backup\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mirc631.exe NSIS: infected - 2 skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Desktop\80gig contents\Local Disk (E)\Documents and Settings\Mumbly Joe\My Documents\BitTorrent Downloads\Microsoft_Windows_XP_Pro_Essential_1.1.iso/$OEM$/$$/System32/cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
C:\Documents and Settings\Administrator\Desktop\80gig contents\Local Disk (E)\Documents and Settings\Mumbly Joe\My Documents\BitTorrent Downloads\Microsoft_Windows_XP_Pro_Essential_1.1.iso ISOimage: infected - 1 skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012008021020080211\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
C:\Program Files\Steam\Steam.log Object is locked skipped
C:\Program Files\Steam\steamapps\call of duty 4 modern warfare content 2.ncf Object is locked skipped
C:\Program Files\Steam\steamapps\call of duty 4 modern warfare content.ncf Object is locked skipped
C:\Program Files\Steam\steamapps\call of duty 4 modern warfare english 2.ncf Object is locked skipped
C:\Program Files\Steam\steamapps\call of duty 4 modern warfare english 3.ncf Object is locked skipped
C:\Program Files\Steam\steamapps\call of duty 4 modern warfare english 4.ncf Object is locked skipped
C:\Program Files\Steam\steamapps\call of duty 4 modern warfare english public.ncf Object is locked skipped
C:\Program Files\Steam\steamapps\cod 4 dat.ncf Object is locked skipped
C:\Program Files\Steam\steamapps\common\call of duty 4\main\iw_11.iwd Object is locked skipped
C:\Program Files\Steam\steamapps\winui.gcf Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{84D8E8CA-09D0-41C9-A568-5E3008423481}\RP3\A0000194.exe/stream/data0001/stream/data0014 Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
C:\System Volume Information\_restore{84D8E8CA-09D0-41C9-A568-5E3008423481}\RP3\A0000194.exe/stream/data0001/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
C:\System Volume Information\_restore{84D8E8CA-09D0-41C9-A568-5E3008423481}\RP3\A0000194.exe/stream/data0001 Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
C:\System Volume Information\_restore{84D8E8CA-09D0-41C9-A568-5E3008423481}\RP3\A0000194.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
C:\System Volume Information\_restore{84D8E8CA-09D0-41C9-A568-5E3008423481}\RP3\A0000194.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{84D8E8CA-09D0-41C9-A568-5E3008423481}\RP5\change.log Object is locked skipped
C:\VundoFix Backups\mljjgdc.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.giq skipped
C:\VundoFix Backups\ssqro.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_614.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
F:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.


thanks again. downloaded a sandbox program to run anything else safely before exposing windows to it.

Edited by turdfergasun, 09 February 2008 - 09:46 PM.

  • 0

#10
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean ! We need to do a few things

You can delete the tools that we used


Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

#11
turdfergasun

turdfergasun

    Banned

  • Topic Starter
  • Banned
  • PipPip
  • 10 posts
thanks alot for your time and effort! cleaned up and went thru the hosts file procedure to avoid anymore fun of this type in the future, as well as the sandbox program i will now use for openning anything from the net first. thanks again!
  • 0

#12
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP