Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I need help with viruses badly. MAJOR Virus

Started by tylerneedshelp45 , Feb 10 2008 07:51 PM

  • Please log in to reply

#1
tylerneedshelp45
Posted 10 February 2008 - 07:51 PM

tylerneedshelp45

    Member

  • Member
  • PipPip
  • 13 posts
Well my usual name is tylerscool45 but it's now tylerneedshelp45 because I have a major problem worst virus I have ever had in my life and I've had quite a few.
What happend was I was looking for a program trial I could download I found it and downloaded it norton said virus found auto protect so I thought I was okay but I tried task manager and It said it was disabled that I knew there was something wrong I hit the wlan switch on my computer and prayed but it was too late.
I have the following virus protectors full version: Norton,NOD32,Spyware Doctor, and Xoftspy Se each work great except for this time finally this is my problems.
3571 virus appeared in my program files once I delete it comes back.
Accoona virus delete but I comes back
Amsys will delete but comes back
P2pnetwork will delete but comes back
Exact search hijack
Smitfraud
Adbreak (a few)
Accessplugin
Atomwire
Aconti
Cnsmin
Activity Moniter agent (a few)
Accoona toolbar
Absolute Key logger
Ad blaster
adbars
7Fasst


yes they all came from this one but I know that they are coming from one thing what will I do?

Edited by tylerneedshelp45, 10 February 2008 - 08:16 PM.

  • 0

Advertisements

#2
Chopin
Posted 10 February 2008 - 08:11 PM

Chopin

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,639 posts
Hello tylerneedshelp45, and welcome to Geeks to Go! I'm Fredil. I'm currently reading over your post right now and I'll do my best to try to get your system clean :)

Since I'm still in training, there may be a slight delay between my posts because they must be checked by an expert. We'll get your problem solved eventually though :)

Edited by Fredil Yupigo, 10 February 2008 - 08:12 PM.

  • 0

#3
tylerneedshelp45
Posted 10 February 2008 - 08:13 PM

tylerneedshelp45

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
okay thanks and by the way im running it in safe mode (the only way to get the internet for me)
  • 0

#4
Chopin
Posted 10 February 2008 - 08:45 PM

Chopin

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,639 posts
Hello tylerneedshelp45, I'll need some information to get started :)

Please read my entire post before commencing, and please follow my instructions in the order that they are given :) If you don't understand something, don't be afraid to ask!

1. Install and Run HijackThis
------------------------------------------------
Click here to download HJTInstall.exe
  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

2. Deckard's System Scanner
------------------------------------------------
Please download Deckard's System Scanner (DSS) and save it to your Desktop. Close ALL open windows before running the scan.

Note: This program will clear your temporary files.

  • On the first run, Deckard's System Scanner will provide you with two warnings. Press "OK" and allow DSS to scan.
  • The entire scanning process will take about five minutes, often less.
  • During the scan you may get warnings about sigcheck.exe trying to access the Internet; please make sure you allow it to do so.
  • Your antivirus may also warn you about nircmd.exe; please make sure you do not delete nircmd.exe as it will cause DSS to malfunction.
  • Once the scan is complete, you will get two logfiles - a main.txt (which you see) and an extra.txt (which is minimized). Copy the contents of both into a reply.
On subsequent runs, DSS will only provide a significantly shortened main.txt and not an extra.txt.

In your next post
------------------------------------------------
  • HijackThis log
  • DSS main.txt and extra.txt

  • 0

#5
tylerneedshelp45
Posted 10 February 2008 - 08:59 PM

tylerneedshelp45

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hijack this

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rxjddnvj.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\XoftSpySE\XoftSpy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Sure Delete\SD_File.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Harris\Desktop\Harris.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.comcast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.comcast.net
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {4254E07D-1B18-446C-BA07-20A70E629F88} - C:\PROGRA~1\AEVITA~1\SAVEFL~1.DLL
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: Gamburg provider - {6607E676-1BDE-4cb3-9913-4DC5EBCAE35E} - condt32.dll (file missing)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {b4670410-1dd1-11b2-b82a-9eb6b9a9c038} - C:\WINDOWS\gzgfidsb.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &AEVITA Save Flash - {33973600-925A-11D9-A1F6-9234C84D2622} - C:\PROGRA~1\AEVITA~1\SAVEFL~1.DLL
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [XoftSpySE] C:\Program Files\XoftSpySE\xoftspy.exe -s
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe_ID0E3DHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [upgzebqr] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\upgzebqr.dll"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: AEVITA Save Flash - {0C4D904C-697B-4F51-B82F-D5D8D8D36405} - C:\PROGRA~1\AEVITA~1\SAVEFL~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Risk/Images/stg_drm.ocx
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Risk/Images/armhelper.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: AutorunsDisabled - (no CLSID) - (no file)
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

--
End of file - 14484 bytes

Main

Deckard's System Scanner v20071014.68
Run by Harris on 2008-02-10 21:55:28
Computer is in Safe Mode with Networking.
--------------------------------------------------------------------------------



-- HijackThis (run as Harris.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:55:31 PM, on 2/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rxjddnvj.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\XoftSpySE\XoftSpy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Sure Delete\SD_File.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Harris\Desktop\dss.exe
C:\DOCUME~1\Harris\Desktop\Harris.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.comcast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.comcast.net
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {4254E07D-1B18-446C-BA07-20A70E629F88} - C:\PROGRA~1\AEVITA~1\SAVEFL~1.DLL
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: Gamburg provider - {6607E676-1BDE-4cb3-9913-4DC5EBCAE35E} - condt32.dll (file missing)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {b4670410-1dd1-11b2-b82a-9eb6b9a9c038} - C:\WINDOWS\gzgfidsb.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &AEVITA Save Flash - {33973600-925A-11D9-A1F6-9234C84D2622} - C:\PROGRA~1\AEVITA~1\SAVEFL~1.DLL
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [XoftSpySE] C:\Program Files\XoftSpySE\xoftspy.exe -s
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe_ID0E3DHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [upgzebqr] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\upgzebqr.dll"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: AEVITA Save Flash - {0C4D904C-697B-4F51-B82F-D5D8D8D36405} - C:\PROGRA~1\AEVITA~1\SAVEFL~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Risk/Images/stg_drm.ocx
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Risk/Images/armhelper.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: AutorunsDisabled - (no CLSID) - (no file)
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

--
End of file - 14496 bytes

-- Files created between 2008-01-10 and 2008-02-10 -----------------------------

2008-02-10 20:47:59 0 d-------- C:\Program Files\akl
2008-02-10 20:33:52 0 d-------- C:\Program Files\3721
2008-02-10 20:17:47 20992 --a------ C:\WINDOWS\system32\msole32.exe
2008-02-10 20:17:47 14080 --a------ C:\WINDOWS\liqui.dll
2008-02-10 20:17:47 28416 --a------ C:\WINDOWS\fhfmm.exe
2008-02-10 20:17:46 15872 --a------ C:\WINDOWS\xadbrk.dll
2008-02-10 20:17:46 10752 --a------ C:\WINDOWS\wbeCheck.exe
2008-02-10 20:17:46 16384 --a------ C:\WINDOWS\pbsysie.dll
2008-02-10 20:17:46 15104 --a------ C:\WINDOWS\liqad.dll
2008-02-10 20:17:46 15360 --a------ C:\WINDOWS\kvnab.dll
2008-02-10 20:17:46 28672 --a------ C:\WINDOWS\kkcomp.dll
2008-02-10 20:17:46 31744 --a------ C:\WINDOWS\iexplorr23.dll
2008-02-10 20:17:45 8704 --a------ C:\WINDOWS\xxxvideo.exe
2008-02-10 20:17:45 19200 --a------ C:\WINDOWS\system32\ESHOPEE.exe
2008-02-10 20:17:45 28928 --a------ C:\WINDOWS\hotporn.exe
2008-02-10 20:17:45 29696 --a------ C:\WINDOWS\aconti.exe
2008-02-10 20:17:44 0 d-------- C:\Program Files\p2pnetworks
2008-02-10 20:11:41 0 d-------- C:\Program Files\Accoona
2008-02-10 20:09:41 19712 --a------ C:\WINDOWS\xadbrk_.exe
2008-02-10 20:09:41 9984 --a------ C:\WINDOWS\xadbrk.exe
2008-02-10 20:06:24 0 d-------- C:\Documents and Settings\Harris\Application Data\AdobeUM
2008-02-10 20:03:51 0 d-------- C:\Program Files\Sure Delete
2008-02-10 19:51:34 0 d-------- C:\Program Files\amsys
2008-02-10 15:14:42 159744 --a------ C:\WINDOWS\system32\hasher.dll <Not Verified; ; hasher Dynamic Link Library>
2008-02-10 15:14:41 0 d-------- C:\Program Files\Trisnap Technologies
2008-02-09 22:26:00 26368 --a------ C:\WINDOWS\system32\ace16win.dll
2008-02-09 22:25:04 6654 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-09 22:21:57 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-09 22:21:57 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-02-09 22:21:57 85504 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-02-09 22:21:57 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-02-09 22:21:57 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-02-09 22:21:57 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-09 22:03:15 0 d-------- C:\kav
2008-02-09 21:51:49 16640 --a------ C:\WINDOWS\liqui.exe
2008-02-09 21:51:49 29696 --a------ C:\WINDOWS\kkcomp.exe
2008-02-09 21:51:48 27904 --a------ C:\WINDOWS\liqad.exe
2008-02-09 21:51:48 32000 --a------ C:\WINDOWS\kvnab.exe
2008-02-09 21:51:48 31232 --a------ C:\WINDOWS\kvnab$.exe
2008-02-09 21:51:47 11008 --a------ C:\WINDOWS\settn.dll
2008-02-09 21:51:47 17664 --a------ C:\WINDOWS\hcwprn.exe
2008-02-09 21:51:47 19200 --a------ C:\WINDOWS\cbinst$.exe
2008-02-09 14:00:04 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-02-09 13:49:59 0 d-------- C:\Program Files\Common Files\PC Tools
2008-02-09 12:50:09 0 d-------- C:\Documents and Settings\Harris\Application Data\WinRAR
2008-02-09 12:48:35 0 d--hs---- C:\WINDOWS\CSC
2008-02-09 12:34:20 0 d-------- C:\Program Files\Spyware Doctor
2008-02-09 12:34:20 0 d-------- C:\Documents and Settings\Harris\Application Data\PC Tools
2008-02-09 12:33:30 0 d-------- C:\Documents and Settings\Harris\Application Data\WinPatrol
2008-02-09 12:33:21 0 d-------- C:\Program Files\BillP Studios
2008-02-09 12:30:06 0 d-------- C:\Program Files\File Shredder
2008-02-09 11:52:07 16896 --a------ C:\WINDOWS\system32\vxddsk.exe
2008-02-09 11:48:11 9984 --a------ C:\WINDOWS\wbeInst$.exe
2008-02-09 11:48:10 24064 --a------ C:\WINDOWS\7search.dll
2008-02-09 10:42:03 30976 --a------ C:\WINDOWS\system32\wml.exe
2008-02-09 10:42:02 18688 --a------ C:\WINDOWS\pbar.dll
2008-02-09 10:42:02 32512 --a------ C:\WINDOWS\flt.dll
2008-02-09 10:42:02 28416 --a------ C:\WINDOWS\764.exe
2008-02-09 09:31:07 0 d-------- C:\Documents and Settings\Harris\Application Data\Adobe
2008-02-08 18:54:50 0 d-------- C:\Documents and Settings\Harris\Application Data\Intervideo
2008-02-08 18:53:32 0 d-------- C:\Documents and Settings\Harris\Application Data\Mozilla
2008-02-08 18:30:42 0 d-------- C:\Documents and Settings\Harris\Application Data\Real
2008-02-08 18:29:28 0 d--h----- C:\Documents and Settings\Harris\Templates
2008-02-08 18:29:28 0 dr------- C:\Documents and Settings\Harris\Start Menu
2008-02-08 18:29:28 0 dr-h----- C:\Documents and Settings\Harris\SendTo
2008-02-08 18:29:28 0 dr-h----- C:\Documents and Settings\Harris\Recent
2008-02-08 18:29:28 0 d--h----- C:\Documents and Settings\Harris\PrintHood
2008-02-08 18:29:28 0 d--h----- C:\Documents and Settings\Harris\NetHood
2008-02-08 18:29:28 0 dr------- C:\Documents and Settings\Harris\My Documents
2008-02-08 18:29:28 0 d--h----- C:\Documents and Settings\Harris\Local Settings
2008-02-08 18:29:28 0 dr------- C:\Documents and Settings\Harris\Favorites
2008-02-08 18:29:28 0 d-------- C:\Documents and Settings\Harris\Desktop
2008-02-08 18:29:28 0 d--hs---- C:\Documents and Settings\Harris\Cookies
2008-02-08 18:29:28 0 dr-h----- C:\Documents and Settings\Harris\Application Data
2008-02-08 18:29:28 0 d-------- C:\Documents and Settings\Harris\Application Data\Macromedia
2008-02-08 18:29:28 0 d-------- C:\Documents and Settings\Harris\Application Data\Intuit
2008-02-08 18:29:28 0 d-------- C:\Documents and Settings\Harris\Application Data\Identities
2008-02-08 18:29:28 0 d-------- C:\Documents and Settings\Harris\Application Data\Apple Computer
2008-02-08 18:29:27 3932160 --ah----- C:\Documents and Settings\Harris\NTUSER.DAT
2008-02-08 17:14:20 17664 --a------ C:\WINDOWS\eventlowg.dll
2008-02-08 17:14:20 25088 --a------ C:\WINDOWS\daxtime.dll
2008-02-08 17:14:19 11008 --a------ C:\WINDOWS\liqui-Uninstaller.exe
2008-02-08 17:14:18 28416 --a------ C:\WINDOWS\fhfmm-Uninstaller.exe
2008-02-08 17:14:17 15616 --a------ C:\WINDOWS\liqad$.exe
2008-02-08 17:14:17 13568 --a------ C:\WINDOWS\kkcomp$.exe
2008-02-08 17:14:14 27392 --a------ C:\WINDOWS\spredirect.dll
2008-02-08 17:14:14 9728 --a------ C:\WINDOWS\jd2002.dll
2008-02-08 17:14:14 20992 --a------ C:\WINDOWS\adbar.dll
2008-02-08 17:14:14 0 d-------- C:\Program Files\e-zshopper
2008-02-08 17:14:11 12288 --a------ C:\WINDOWS\ie_32.exe
2008-02-08 17:14:10 0 d-------- C:\WINDOWS\system32\acespy
2008-02-08 17:14:10 19968 --a------ C:\WINDOWS\ngd.dll
2008-02-08 17:14:09 20992 --a------ C:\WINDOWS\dp0.dll
2008-02-08 17:14:08 26624 --a------ C:\WINDOWS\vxddsk.exe
2008-02-08 17:14:07 30720 --a------ C:\WINDOWS\wml.exe
2008-02-08 17:03:39 54272 --a------ C:\WINDOWS\system32\condt32.dll <Not Verified; Microsoft; Jop>
2008-02-08 17:03:03 89619 --a------ C:\WINDOWS\system32\rxjddnvj.exe <Not Verified; Microsoft; runbll>
2008-02-08 17:03:03 89619 --a------ C:\WINDOWS\qngxgnqn.exe <Not Verified; Microsoft; runbll>
2008-02-08 17:03:01 68096 --a------ C:\WINDOWS\gzgfidsb.dll
2008-02-08 17:03:01 68096 --a------ C:\Documents and Settings\All Users\Application Data\upgzebqr.dll
2008-02-08 17:03:00 0 d-------- C:\WINDOWS\fargghca
2008-02-08 17:03:00 197120 --a------ C:\WINDOWS\buxwnwvi.dll
2008-02-08 17:02:38 54272 --a------ C:\WINDOWS\system32\unifff.dll <Not Verified; Microsoft; Jop>
2008-02-08 17:02:38 54764 --a------ C:\WINDOWS\system32\4fdw.dll
2008-02-08 17:02:36 58368 --a------ C:\wpohl.exe
2008-02-07 22:35:22 0 d-------- C:\Program Files\YouSendIt
2008-02-07 22:34:35 135168 --a------ C:\WINDOWS\system32\DSKernel2.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS Multimedia Filter Pack>
2008-02-07 22:17:12 0 d-------- C:\Program Files\Replay Converter
2008-02-07 22:12:10 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-02-07 22:11:43 0 d-------- C:\Program Files\Replay AV 8
2008-02-05 20:34:29 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-05 20:32:53 0 d-------- C:\Program Files\Skype
2008-02-05 20:32:53 0 d-------- C:\Program Files\Common Files\Skype
2008-02-05 20:32:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-02-01 23:00:32 309648 --a------ C:\WINDOWS\SesamTV Media Center Uninstaller.exe
2008-02-01 23:00:26 0 d-------- C:\Program Files\Dusco
2008-02-01 22:15:32 0 d-------- C:\Documents and Settings\NetworkService\Application Data\DivX
2008-02-01 15:24:29 36864 --a------ C:\WINDOWS\system32\dxinputdll.dll
2008-02-01 15:24:27 0 d-------- C:\Program Files\KALiNKOsoft
2008-01-31 17:42:22 0 d-------- C:\Program Files\Frets on Fire
2008-01-29 20:20:17 10752 -----n--- C:\WINDOWS\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
2008-01-29 20:19:44 1024000 --a------ C:\WINDOWS\system32\DM.dll <Not Verified; Intervideo®, Inc.; Intervideo Foundation Class™>
2008-01-29 20:19:22 155648 --a------ C:\WINDOWS\system32\log4cpp.dll <Not Verified; Bastiaan Bakker, LifeLine Networks bv; Log library for C++>
2008-01-29 20:19:17 499712 --a------ C:\WINDOWS\system32\iviIPLW7.dll <Not Verified; InterVideo Inc.,; InterVideo Inc., iviIPLW7>
2008-01-29 20:19:17 466944 --a------ C:\WINDOWS\system32\iviIPLPX.dll <Not Verified; InterVideo Inc.,; InterVideo Inc., iviIPLPX>
2008-01-29 20:19:17 442368 --a------ C:\WINDOWS\system32\iviIPLP6.dll <Not Verified; InterVideo Inc.,; InterVideo Inc., iviIPLP6>
2008-01-29 20:19:17 434176 --a------ C:\WINDOWS\system32\iviIPLM6.dll <Not Verified; InterVideo Inc.,; InterVideo Inc., iviIPLM6>
2008-01-29 20:19:17 421888 --a------ C:\WINDOWS\system32\iviIPLM5.dll <Not Verified; InterVideo Inc.,; InterVideo Inc., iviIPLM5>
2008-01-29 20:19:17 491520 --a------ C:\WINDOWS\system32\iviIPLA6.dll <Not Verified; InterVideo Inc.,; InterVideo Inc., iviIPLA6>
2008-01-29 20:19:17 466944 --a------ C:\WINDOWS\system32\iviIPL.dll <Not Verified; InterVideo Inc.,; InterVideo Inc., iviIPL>
2008-01-29 20:19:13 0 d-------- C:\Documents and Settings\All Users\Application Data\InterVideo
2008-01-29 20:19:04 204800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2008-01-29 20:19:04 188416 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2008-01-29 20:19:04 192512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2008-01-29 20:19:04 192512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2008-01-29 20:19:04 200704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2008-01-29 20:19:04 20480 --a------ C:\WINDOWS\system32\IVIresize.dll
2008-01-29 20:18:56 0 d-------- C:\Program Files\Common Files\InterVideo
2008-01-29 20:18:22 0 d-------- C:\Program Files\InterVideo
2008-01-29 20:17:29 0 d-------- C:\Program Files\Adaptec
2008-01-29 20:15:38 585728 -----n--- C:\WINDOWS\system32\msvcr80.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Studio® .NET>
2008-01-29 20:15:37 528384 -----n--- C:\WINDOWS\system32\msvcp80.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Studio® .NET>
2008-01-29 20:15:35 110592 -----n--- C:\WINDOWS\system32\gbtvrate.dll <Not Verified; Conexant Systems Inc.; TV Ratings>
2008-01-29 20:15:34 19712 -----n--- C:\WINDOWS\system32\drivers\avcgbfl.sys <Not Verified; Adaptec, Inc; Adaptec AVC-14x0/15x0 GameBridge>
2008-01-29 20:15:34 125568 -----n--- C:\WINDOWS\system32\drivers\avcgbdr.sys <Not Verified; Adaptec, Inc.; AVC-14X0/15X0>
2008-01-28 19:41:13 0 d-------- C:\117749d82344d6a98d44
2008-01-28 19:16:06 0 d-------- C:\e50a85bedbe9da9bdb315dd92025
2008-01-27 14:43:13 0 d-------- C:\Program Files\Vstplugins
2008-01-26 23:29:17 0 d-------- C:\Program Files\Risk
2008-01-23 18:57:16 12800 --a------ C:\WINDOWS\system\Wing32.dll <Not Verified; Microsoft Corporation; WinG>
2008-01-23 18:57:16 92208 --a------ C:\WINDOWS\system\Wing.dll <Not Verified; Microsoft Corporation; WinG>
2008-01-21 13:57:11 0 d-------- C:\Program Files\directx
2008-01-21 13:56:09 0 d-------- C:\Program Files\Rockstar Games
2008-01-18 18:40:58 0 d-------- C:\Program Files\Total Video Converter
2008-01-13 16:17:33 0 d-------- C:\Documents and Settings\Carrie Harris\Application Data
2008-01-13 16:17:33 0 d-------- C:\Documents and Settings\Carrie Harris\Application Data\Google
2008-01-12 12:48:20 888832 --a------ C:\WINDOWS\system32\securenet.dll
2008-01-11 23:14:03 0 d-------- C:\Program Files\Vongo
2008-01-10 21:24:03 0 d-------- C:\Program Files\Blender Foundation
2008-01-10 17:11:11 0 d-------- C:\Program Files\AEVITA Save Flash


-- Find3M Report ---------------------------------------------------------------

2008-02-10 14:10:43 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-10 14:01:01 8405015 --a------ C:\WINDOWS\TempFile
2008-02-09 22:11:56 0 d-------- C:\Program Files\Common Files
2008-02-09 21:25:31 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-02-08 20:01:16 0 d-------- C:\Program Files\music_now
2008-02-08 15:08:41 0 d-------- C:\Program Files\XoftSpySE
2008-02-07 22:35:24 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-04 20:33:27 0 d-------- C:\Program Files\ezt
2008-01-28 18:39:18 0 d-------- C:\Program Files\Windows Media Connect 2
2008-01-27 14:25:59 0 d-------- C:\Program Files\AIM6
2008-01-19 13:51:51 0 d-------- C:\Program Files\Zeallsoft
2008-01-16 18:48:32 0 d-------- C:\Program Files\Sony
2008-01-12 20:06:16 0 d-------- C:\Program Files\DivX
2008-01-12 14:18:33 0 d-------- C:\Program Files\Java
2008-01-09 15:30:46 0 d-------- C:\Program Files\Steam
2008-01-05 10:53:46 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-12-30 21:53:25 0 d-------- C:\Program Files\PeoplePhone
2007-12-30 16:30:01 2828 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-12-30 14:09:10 0 d-------- C:\Program Files\Enterbrain
2007-12-30 14:07:52 0 d-------- C:\Program Files\RPGVX‘ÌŒ±”Å
2007-12-24 12:58:51 0 d-------- C:\Program Files\QuickTime
2007-12-23 15:28:30 4 --a------ C:\WINDOWS\system32\C4A2C2
2007-12-17 20:07:47 0 d-------- C:\Program Files\MagicDVDRipper
2007-12-16 18:09:51 0 d-------- C:\Program Files\Microsoft Games
2007-12-15 13:10:21 4096 --a------ C:\WINDOWS\d3dx.dat
2007-12-14 08:51:09 1700 --a------ C:\WINDOWS\mozver.dat
2007-12-13 11:36:54 0 d-------- C:\Program Files\StepMania
2007-11-12 20:52:34 533 --a------ C:\WINDOWS\eReg.dat
2007-11-12 20:45:55 147456 --a------ C:\WINDOWS\system32\MvsnPni.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6607E676-1BDE-4cb3-9913-4DC5EBCAE35E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b4670410-1dd1-11b2-b82a-9eb6b9a9c038}]
02/08/2008 05:03 PM 68096 --a------ C:\WINDOWS\gzgfidsb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [03/22/2006 03:17 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [03/22/2006 03:13 PM]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/17/2006 12:22 AM]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [06/19/2006 01:33 PM]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [06/19/2006 12:50 PM]
"NexusServer"="C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [02/13/2007 09:38 PM]
"XoftSpySE"="C:\Program Files\XoftSpySE\xoftspy.exe" [11/26/2007 05:27 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [11/28/2007 07:51 PM]
"Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [02/09/2006 11:52 AM]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [10/11/2005 12:23 PM]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [07/19/2006 05:14 PM]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [01/14/2007 02:11 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"Adobe_ID0E3DHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [02/21/2007 02:44 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [08/11/2005 06:30 PM]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [08/11/2005 06:30 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [03/22/2006 03:17 PM]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [02/16/2005 10:11 PM]
"hcsystray"="C:\Program Files\Kuma Games\hcsystray\hc_tray.exe" []
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 11:56 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 12:59 AM]
"Home Theater SchSvr"="C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" [09/27/2005 05:00 AM]
"WINCINEMAMGR"="C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" [09/27/2005 03:47 AM]
"upgzebqr"="regsvr32 /u C:\Documents and Settings\All Users\Application Data\upgzebqr.dll" []
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [01/27/2008 12:38 AM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [12/10/2007 02:53 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [12/16/2005 11:57 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [03/15/2006 11:00 PM]

C:\Documents and Settings\Harris\Start Menu\Programs\Startup\
Vongo Tray.lnk - C:\Program Files\Vongo\Tray.exe [5/9/2006 3:09:32 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [10/20/2005 7:55:40 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run\AutorunsDisabled]
"user32.dll"=C:\Program Files\Video ActiveX Access\iesmn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Home^Start Menu^Programs^StartUp^Vongo Tray.lnk]
path=C:\Documents and Settings\Home\Start Menu\Programs\StartUp\Vongo Tray.lnk
backup=C:\WINDOWS\pss\Vongo Tray.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files

Edited by tylerneedshelp45, 10 February 2008 - 09:06 PM.

  • 0

#6
tylerneedshelp45
Posted 11 February 2008 - 02:35 PM

tylerneedshelp45

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Just bumping it up for someone to help me
  • 0

#7
tylerneedshelp45
Posted 11 February 2008 - 03:53 PM

tylerneedshelp45

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
anyone
  • 0

#8
tylerneedshelp45
Posted 11 February 2008 - 06:05 PM

tylerneedshelp45

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
bump
  • 0

#9
Chopin
Posted 13 February 2008 - 06:34 PM

Chopin

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,639 posts
Hello tylerneedshelp45, please do not bump your topic. As you can probably see, we are a very busy forum here at Geeks to Go, and get tens of new malware topics a day. Some people have had to wait more than two weeks; I'm sure you can handle two days. So please don't bump :)

You have some pretty interesting stuff on there, let's get started.

Please read my entire post before commencing, and please follow my instructions in the order that they are given :) If you don't understand something, don't be afraid to ask!

1. Move HijackThis
------------------------------------------------
Since HijackThis creates backups wherever it is located, and since backups on the Desktop are likely to get annihilated, let's move HijackThis into a folder of its own before doing anything.
  • Right-click on an empty area of the Desktop and select New > Folder.
  • Name this folder HijackThis.
  • There should be a file called Harris on your Desktop; drag and drop this into this newly created folder, or copy it and then delete it from the Desktop.
  • Whenever I mention Hijack
Now HijackThis has somewhere safe to keep its backups lest any part of our fix go awry :)+

2. Fix Entries with HijackThis
------------------------------------------------
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below (if present).

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: Gamburg provider - {6607E676-1BDE-4cb3-9913-4DC5EBCAE35E} - condt32.dll (file missing)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b4670410-1dd1-11b2-b82a-9eb6b9a9c038} - C:\WINDOWS\gzgfidsb.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [upgzebqr] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\upgzebqr.dll"
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Risk/Images/stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Risk/Images/armhelper.ocx

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

3. Run VundoFix
------------------------------------------------
Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

In your next post
------------------------------------------------
  • DSS main.txt (just double-click on it)
  • VundoFix log

  • 0

#10
tylerneedshelp45
Posted 14 February 2008 - 06:37 PM

tylerneedshelp45

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi again and sorry for bumping
This is different to what im used to



VundoFix V6.7.8

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 6:37:58 PM 2/14/2008

Listing files found while scanning....

C:\WINDOWS\FLV Player\uninstall.exe

Beginning removal...

Attempting to delete C:\WINDOWS\FLV Player\uninstall.exe
C:\WINDOWS\FLV Player\uninstall.exe Has been deleted!

Performing Repairs to the registry.
Done!
Deckard's System Scanner v20071014.68
Run by Harris on 2008-02-14 19:34:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Harris.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:35:06 PM, on 2/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\ehome\McrdSvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Harris\Desktop\dss.exe
C:\DOCUME~1\Harris\Desktop\Harris.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.comcast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.comcast.net
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {4254E07D-1B18-446C-BA07-20A70E629F88} - C:\PROGRA~1\AEVITA~1\SAVEFL~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &AEVITA Save Flash - {33973600-925A-11D9-A1F6-9234C84D2622} - C:\PROGRA~1\AEVITA~1\SAVEFL~1.DLL
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [XoftSpySE] C:\Program Files\XoftSpySE\xoftspy.exe -s
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe_ID0E3DHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: AEVITA Save Flash - {0C4D904C-697B-4F51-B82F-D5D8D8D36405} - C:\PROGRA~1\AEVITA~1\SAVEFL~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: AutorunsDisabled - (no CLSID) - (no file)
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

--
End of file - 13860 bytes

-- Files created between 2008-01-14 and 2008-02-14 -----------------------------

2008-02-14 18:37:58 0 d-------- C:\VundoFix Backups
2008-02-13 13:57:16 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-02-13 13:57:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-02-13 13:55:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intervideo
2008-02-12 19:16:30 0 d-------- C:\Documents and Settings\Harris\Application Data\Corel
2008-02-11 19:11:56 0 d-------- C:\Documents and Settings\Harris\Application Data\acccore
2008-02-11 15:34:49 0 d-------- C:\Program Files\Accoona
2008-02-10 22:30:50 24320 --a------ C:\WINDOWS\xxxvideo.exe
2008-02-10 20:09:41 19712 --a------ C:\WINDOWS\xadbrk_.exe
2008-02-10 20:06:24 0 d-------- C:\Documents and Settings\Harris\Application Data\AdobeUM
2008-02-10 20:03:51 0 d-------- C:\Program Files\Sure Delete
2008-02-10 15:14:42 159744 --a------ C:\WINDOWS\system32\hasher.dll <Not Verified; ; hasher Dynamic Link Library>
2008-02-10 15:14:41 0 d-------- C:\Program Files\Trisnap Technologies
2008-02-09 22:25:04 6654 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-09 22:21:57 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-09 22:21:57 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-02-09 22:21:57 85504 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-02-09 22:21:57 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-02-09 22:21:57 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-02-09 22:21:57 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-09 22:03:15 0 d-------- C:\kav
2008-02-09 14:00:04 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-02-09 13:49:59 0 d-------- C:\Program Files\Common Files\PC Tools
2008-02-09 12:50:09 0 d-------- C:\Documents and Settings\Harris\Application Data\WinRAR
2008-02-09 12:48:35 0 d--hs---- C:\WINDOWS\CSC
2008-02-09 12:34:20 0 d-------- C:\Program Files\Spyware Doctor
2008-02-09 12:34:20 0 d-------- C:\Documents and Settings\Harris\Application Data\PC Tools
2008-02-09 12:33:30 0 d-------- C:\Documents and Settings\Harris\Application Data\WinPatrol
2008-02-09 12:33:21 0 d-------- C:\Program Files\BillP Studios
2008-02-09 12:30:06 0 d-------- C:\Program Files\File Shredder
2008-02-09 11:52:07 16896 --a------ C:\WINDOWS\system32\vxddsk.exe
2008-02-09 11:48:11 9984 --a------ C:\WINDOWS\wbeInst$.exe
2008-02-09 11:48:10 24064 --a------ C:\WINDOWS\7search.dll
2008-02-09 10:42:03 30976 --a------ C:\WINDOWS\system32\wml.exe
2008-02-09 10:42:02 18688 --a------ C:\WINDOWS\pbar.dll
2008-02-09 10:42:02 32512 --a------ C:\WINDOWS\flt.dll
2008-02-09 10:42:02 28416 --a------ C:\WINDOWS\764.exe
2008-02-09 09:31:07 0 d-------- C:\Documents and Settings\Harris\Application Data\Adobe
2008-02-08 18:54:50 0 d-------- C:\Documents and Settings\Harris\Application Data\Intervideo
2008-02-08 18:53:32 0 d-------- C:\Documents and Settings\Harris\Application Data\Mozilla
2008-02-08 18:30:42 0 d-------- C:\Documents and Settings\Harris\Application Data\Real
2008-02-08 18:29:28 0 d--h----- C:\Documents and Settings\Harris\Templates
2008-02-08 18:29:28 0 dr------- C:\Documents and Settings\Harris\Start Menu
2008-02-08 18:29:28 0 dr-h----- C:\Documents and Settings\Harris\SendTo
2008-02-08 18:29:28 0 dr-h----- C:\Documents and Settings\Harris\Recent
2008-02-08 18:29:28 0 d--h----- C:\Documents and Settings\Harris\PrintHood
2008-02-08 18:29:28 0 d--h----- C:\Documents and Settings\Harris\NetHood
2008-02-08 18:29:28 0 dr------- C:\Documents and Settings\Harris\My Documents
2008-02-08 18:29:28 0 d--h----- C:\Documents and Settings\Harris\Local Settings
2008-02-08 18:29:28 0 dr------- C:\Documents and Settings\Harris\Favorites
2008-02-08 18:29:28 0 d-------- C:\Documents and Settings\Harris\Desktop
2008-02-08 18:29:28 0 d--hs---- C:\Documents and Settings\Harris\Cookies
2008-02-08 18:29:28 0 dr-h----- C:\Documents and Settings\Harris\Application Data
2008-02-08 18:29:28 0 d-------- C:\Documents and Settings\Harris\Application Data\Macromedia
2008-02-08 18:29:28 0 d-------- C:\Documents and Settings\Harris\Application Data\Intuit
2008-02-08 18:29:28 0 d-------- C:\Documents and Settings\Harris\Application Data\Identities
2008-02-08 18:29:28 0 d-------- C:\Documents and Settings\Harris\Application Data\Apple Computer
2008-02-08 18:29:27 4194304 --ah----- C:\Documents and Settings\Harris\NTUSER.DAT
2008-02-08 17:14:20 17664 --a------ C:\WINDOWS\eventlowg.dll
2008-02-08 17:14:20 25088 --a------ C:\WINDOWS\daxtime.dll
2008-02-08 17:14:19 11008 --a------ C:\WINDOWS\liqui-Uninstaller.exe
2008-02-08 17:14:18 28416 --a------ C:\WINDOWS\fhfmm-Uninstaller.exe
2008-02-08 17:14:17 15616 --a------ C:\WINDOWS\liqad$.exe
2008-02-08 17:14:17 13568 --a------ C:\WINDOWS\kkcomp$.exe
2008-02-08 17:14:14 27392 --a------ C:\WINDOWS\spredirect.dll
2008-02-08 17:14:14 9728 --a------ C:\WINDOWS\jd2002.dll
2008-02-08 17:14:14 20992 --a------ C:\WINDOWS\adbar.dll
2008-02-08 17:14:14 0 d-------- C:\Program Files\e-zshopper
2008-02-08 17:14:11 12288 --a------ C:\WINDOWS\ie_32.exe
2008-02-08 17:14:10 0 d-------- C:\WINDOWS\system32\acespy
2008-02-08 17:14:10 19968 --a------ C:\WINDOWS\ngd.dll
2008-02-08 17:14:09 20992 --a------ C:\WINDOWS\dp0.dll
2008-02-08 17:14:08 26624 --a------ C:\WINDOWS\vxddsk.exe
2008-02-08 17:14:07 30720 --a------ C:\WINDOWS\wml.exe
2008-02-08 17:03:01 68096 --a------ C:\Documents and Settings\All Users\Application Data\upgzebqr.dll
2008-02-08 17:03:00 0 d-------- C:\WINDOWS\fargghca
2008-02-08 17:03:00 197120 --a------ C:\WINDOWS\buxwnwvi.dll
2008-02-08 17:02:38 54764 --a------ C:\WINDOWS\system32\4fdw.dll
2008-02-07 22:35:22 0 d-------- C:\Program Files\YouSendIt
2008-02-07 22:34:35 135168 --a------ C:\WINDOWS\system32\DSKernel2.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS Multimedia Filter Pack>
2008-02-07 22:17:12 0 d-------- C:\Program Files\Replay Converter
2008-02-07 22:12:10 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-02-07 22:11:43 0 d-------- C:\Program Files\Replay AV 8
2008-02-05 20:34:29 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-05 20:32:53 0 d-------- C:\Program Files\Skype
2008-02-05 20:32:53 0 d-------- C:\Program Files\Common Files\Skype
2008-02-05 20:32:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-02-01 23:00:32 309648 --a------ C:\WINDOWS\SesamTV Media Center Uninstaller.exe
2008-02-01 23:00:26 0 d-------- C:\Program Files\Dusco
2008-02-01 22:15:32 0 d-------- C:\Documents and Settings\NetworkService\Application Data\DivX
2008-02-01 15:24:29 36864 --a------ C:\WINDOWS\system32\dxinputdll.dll
2008-02-01 15:24:27 0 d-------- C:\Program Files\KALiNKOsoft
2008-01-31 17:42:22 0 d-------- C:\Program Files\Frets on Fire
2008-01-29 20:20:17 10752 -----n--- C:\WINDOWS\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
2008-01-29 20:19:44 1024000 --a------ C:\WINDOWS\system32\DM.dll <Not Verified; Intervideo®, Inc.; Intervideo Foundation Class™>
2008-01-29 20:19:22 155648 --a------ C:\WINDOWS\system32\log4cpp.dll <Not Verified; Bastiaan Bakker, LifeLine Networks bv; Log library for C++>
2008-01-29 20:19:17 499712 --a------ C:\WINDOWS\system32\iviIPLW7.dll <Not Verified; InterVideo Inc.,; InterVideo Inc., iviIPLW7>
2008-01-29 20:19:17 466944 --a------ C:\WINDOWS\system32\iviIPLPX.dll <Not Verified; InterVideo Inc.,; InterVideo Inc., iviIPLPX>
2008-01-29 20:19:17 442368 --a------ C:\WINDOWS\system32\iviIPLP6.dll <Not Verified; InterVideo Inc.,; InterVideo Inc., iviIPLP6>
2008-01-29 20:19:17 434176 --a------ C:\WINDOWS\system32\iviIPLM6.dll <Not Verified; InterVideo Inc.,; InterVideo Inc., iviIPLM6>
2008-01-29 20:19:17 421888 --a------ C:\WINDOWS\system32\iviIPLM5.dll <Not Verified; InterVideo Inc.,; InterVideo Inc., iviIPLM5>
2008-01-29 20:19:17 491520 --a------ C:\WINDOWS\system32\iviIPLA6.dll <Not Verified; InterVideo Inc.,; InterVideo Inc., iviIPLA6>
2008-01-29 20:19:17 466944 --a------ C:\WINDOWS\system32\iviIPL.dll <Not Verified; InterVideo Inc.,; InterVideo Inc., iviIPL>
2008-01-29 20:19:13 0 d-------- C:\Documents and Settings\All Users\Application Data\InterVideo
2008-01-29 20:19:04 204800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2008-01-29 20:19:04 188416 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2008-01-29 20:19:04 192512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2008-01-29 20:19:04 192512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2008-01-29 20:19:04 200704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2008-01-29 20:19:04 20480 --a------ C:\WINDOWS\system32\IVIresize.dll
2008-01-29 20:18:56 0 d-------- C:\Program Files\Common Files\InterVideo
2008-01-29 20:18:22 0 d-------- C:\Program Files\InterVideo
2008-01-29 20:17:29 0 d-------- C:\Program Files\Adaptec
2008-01-29 20:15:38 585728 -----n--- C:\WINDOWS\system32\msvcr80.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Studio® .NET>
2008-01-29 20:15:37 528384 -----n--- C:\WINDOWS\system32\msvcp80.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Studio® .NET>
2008-01-29 20:15:35 110592 -----n--- C:\WINDOWS\system32\gbtvrate.dll <Not Verified; Conexant Systems Inc.; TV Ratings>
2008-01-29 20:15:34 19712 -----n--- C:\WINDOWS\system32\drivers\avcgbfl.sys <Not Verified; Adaptec, Inc; Adaptec AVC-14x0/15x0 GameBridge>
2008-01-29 20:15:34 125568 -----n--- C:\WINDOWS\system32\drivers\avcgbdr.sys <Not Verified; Adaptec, Inc.; AVC-14X0/15X0>
2008-01-28 19:41:13 0 d-------- C:\117749d82344d6a98d44
2008-01-28 19:16:06 0 d-------- C:\e50a85bedbe9da9bdb315dd92025
2008-01-27 14:43:13 0 d-------- C:\Program Files\Vstplugins
2008-01-26 23:29:17 0 d-------- C:\Program Files\Risk
2008-01-23 18:57:16 12800 --a------ C:\WINDOWS\system\Wing32.dll <Not Verified; Microsoft Corporation; WinG>
2008-01-23 18:57:16 92208 --a------ C:\WINDOWS\system\Wing.dll <Not Verified; Microsoft Corporation; WinG>
2008-01-21 13:57:11 0 d-------- C:\Program Files\directx
2008-01-21 13:56:09 0 d-------- C:\Program Files\Rockstar Games
2008-01-18 18:40:58 0 d-------- C:\Program Files\Total Video Converter


-- Find3M Report ---------------------------------------------------------------

2008-02-14 19:35:31 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-14 19:16:58 8405015 --a------ C:\WINDOWS\TempFile
2008-02-13 22:27:51 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-02-13 21:27:33 0 d-------- C:\Program Files\XoftSpySE
2008-02-13 13:36:54 1100 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-02-12 19:16:37 61678 --a------ C:\Documents and Settings\Harris\Application Data\PFP110JPR.{PB
2008-02-12 19:16:37 12358 --a------ C:\Documents and Settings\Harris\Application Data\PFP110JCM.{PB
2008-02-11 18:18:41 0 d-------- C:\Program Files\Vongo
2008-02-09 22:11:56 0 d-------- C:\Program Files\Common Files
2008-02-08 20:01:16 0 d-------- C:\Program Files\music_now
2008-02-07 22:35:24 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-04 20:33:27 0 d-------- C:\Program Files\ezt
2008-01-28 18:39:18 0 d-------- C:\Program Files\Windows Media Connect 2
2008-01-27 14:25:59 0 d-------- C:\Program Files\AIM6
2008-01-19 13:51:51 0 d-------- C:\Program Files\Zeallsoft
2008-01-16 18:48:32 0 d-------- C:\Program Files\Sony
2008-01-12 20:06:16 0 d-------- C:\Program Files\DivX
2008-01-12 14:18:33 0 d-------- C:\Program Files\Java
2008-01-10 21:24:03 0 d-------- C:\Program Files\Blender Foundation
2008-01-10 17:11:12 0 d-------- C:\Program Files\AEVITA Save Flash
2008-01-09 15:30:46 0 d-------- C:\Program Files\Steam
2008-01-05 10:53:46 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-12-30 21:53:25 0 d-------- C:\Program Files\PeoplePhone
2007-12-30 16:30:01 2828 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-12-30 14:09:10 0 d-------- C:\Program Files\Enterbrain
2007-12-30 14:07:52 0 d-------- C:\Program Files\RPGVX‘ÌŒ±”Å
2007-12-24 12:58:51 0 d-------- C:\Program Files\QuickTime
2007-12-23 15:28:30 4 --a------ C:\WINDOWS\system32\C4A2C2
2007-12-17 20:07:47 0 d-------- C:\Program Files\MagicDVDRipper
2007-12-16 18:09:51 0 d-------- C:\Program Files\Microsoft Games
2007-12-15 13:10:21 4096 --a------ C:\WINDOWS\d3dx.dat
2007-12-14 08:51:09 1700 --a------ C:\WINDOWS\mozver.dat
2007-12-03 03:13:22 888832 --a------ C:\WINDOWS\system32\securenet.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [03/22/2006 03:17 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [03/22/2006 03:13 PM]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/17/2006 12:22 AM]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [06/19/2006 01:33 PM]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [06/19/2006 12:50 PM]
"NexusServer"="C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [02/13/2007 09:38 PM]
"XoftSpySE"="C:\Program Files\XoftSpySE\xoftspy.exe" [11/26/2007 05:27 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [11/28/2007 07:51 PM]
"Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [02/09/2006 11:52 AM]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [10/11/2005 12:23 PM]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [07/19/2006 05:14 PM]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [01/14/2007 02:11 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"Adobe_ID0E3DHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [02/21/2007 02:44 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [08/11/2005 06:30 PM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [08/11/2005 06:30 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [03/22/2006 03:17 PM]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [02/16/2005 10:11 PM]
"hcsystray"="C:\Program Files\Kuma Games\hcsystray\hc_tray.exe" []
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 11:56 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 12:59 AM]
"Home Theater SchSvr"="C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" [09/27/2005 05:00 AM]
"WINCINEMAMGR"="C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" [09/27/2005 03:47 AM]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [01/27/2008 12:38 AM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [12/10/2007 02:53 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 01:11 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [03/15/2006 11:00 PM]

C:\Documents and Settings\Harris\Start Menu\Programs\Startup\
Vongo Tray.lnk - C:\Program Files\Vongo\Tray.exe [5/9/2006 3:09:32 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [10/20/2005 7:55:40 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run\AutorunsDisabled]
"user32.dll"=C:\Program Files\Video ActiveX Access\iesmn.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Home^Start Menu^Programs^StartUp^Vongo Tray.lnk]
path=C:\Documents and Settings\Home\Start Menu\Programs\StartUp\Vongo Tray.lnk
backup=C:\WINDOWS\pss\Vongo Tray.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares ultra]
"C:\Program Files\Ares Ultra\Ares Ultra.exe" -h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
"C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
CHDAudPropShortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
C:\Program Files\IncrediMail\bin\IncMail.exe /c

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07AXLRD_2725531]
"C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE" -m

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic]
C:\PROGRA~1\Magentic\bin\Magentic.exe /c

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
C:\Program Files\Napster\napster.exe /systray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinnacle Game Profiler]
"C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE QWAVE


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-02-14 19:36:20 ------------

Edited by tylerneedshelp45, 14 February 2008 - 06:42 PM.

  • 0

#11
Chopin
Posted 16 February 2008 - 10:20 AM

Chopin

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,639 posts
Hello tylerneedshelp45, time to bring in the artillery :) It's all right to be new to something, as long as you live and learn :)

1. Run ComboFix
------------------------------------------------
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#12
tylerneedshelp45
Posted 18 February 2008 - 09:44 AM

tylerneedshelp45

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thanks alot again heres the combo log first

ComboFix 08-02-17.2 - Harris 2008-02-18 10:32:13.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1451 [GMT -5:00]
Running from: C:\Documents and Settings\Harris\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\upgzebqr.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin1.zip
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\screensavers.com
C:\Program Files\screensavers.com\SSSInst\bin\iebyterange.xml
C:\Program Files\screensavers.com\SSSInst\bin\iebyterange.xml.backup
C:\Program Files\screensavers.com\SSSInst\bin\SSSUninst.exe
C:\Program Files\screensavers.com\SSSInst\temp\dmAD.tmp
C:\Program Files\screensavers.com\Wallpaper\Family Guy - Brian.jpg
C:\Program Files\screensavers.com\Wallpaper\Pucca - Love.jpg
C:\Program Files\screensavers.com\Wallpaper\swpstart.exe
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\absolute key logger.lnk
C:\WINDOWS\aconti.log
C:\WINDOWS\acontidialer.txt
C:\WINDOWS\adbar.dll
C:\WINDOWS\daxtime.dll
C:\WINDOWS\default.htm
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\ie_32.exe
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\rs.txt
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\acespy\__acelog.ndx
C:\WINDOWS\system32\acespy\systune.exe
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk_.exe
D:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://thenetworkcom.com
hxxp://77.91.228.180
hxxp://onsafepro.com
hxxp://77.91.228.182
hxxp://209.160.73.101
.
((((((((((((((((((((((((( Files Created from 2008-01-18 to 2008-02-18 )))))))))))))))))))))))))))))))
.

2008-02-16 21:26 . 2008-02-16 21:26 <DIR> d-------- C:\Documents and Settings\Harris\Application Data\HP
2008-02-16 16:15 . 2008-02-16 16:15 <DIR> d-------- C:\Documents and Settings\Harris\Application Data\InstallShield
2008-02-15 00:33 . 2008-02-15 00:33 545,525 --a------ C:\1442_UniversalRemote_1.2_0202.rar
2008-02-15 00:28 . 2008-02-15 00:28 1,684,233 --a------ C:\13085_WindowsVistaPSP.rar
2008-02-14 18:37 . 2008-02-14 19:14 <DIR> d-------- C:\VundoFix Backups
2008-02-14 16:23 . 2008-02-18 10:21 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-14 16:23 . 2008-02-14 16:23 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-13 13:55 . 2008-02-13 13:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intervideo
2008-02-12 19:16 . 2008-02-12 19:16 <DIR> d-------- C:\Documents and Settings\Harris\Application Data\Corel
2008-02-11 19:11 . 2008-02-11 19:11 <DIR> d-------- C:\Documents and Settings\Harris\Application Data\acccore
2008-02-10 21:49 . 2008-02-10 21:49 <DIR> d-------- C:\Deckard
2008-02-10 20:06 . 2008-02-10 20:06 <DIR> d-------- C:\Documents and Settings\Harris\Application Data\AdobeUM
2008-02-10 20:03 . 2008-02-10 20:03 <DIR> d-------- C:\Program Files\Sure Delete
2008-02-10 15:14 . 2008-02-10 15:14 <DIR> d-------- C:\Program Files\Trisnap Technologies
2008-02-10 15:14 . 2004-03-09 01:00 662,288 --a------ C:\WINDOWS\system32\mscomct2.ocx
2008-02-10 15:14 . 2006-04-13 22:05 159,744 --a------ C:\WINDOWS\system32\hasher.dll
2008-02-09 22:25 . 2008-02-09 22:43 6,654 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-09 22:21 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-02-09 22:21 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-02-09 22:21 . 2008-02-08 23:55 85,504 --a------ C:\WINDOWS\system32\VACFix.exe
2008-02-09 22:21 . 2008-02-08 10:37 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-02-09 22:21 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-09 22:21 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-09 22:03 . 2008-02-09 22:03 <DIR> d-------- C:\kav
2008-02-09 14:00 . 2008-02-09 14:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-02-09 13:55 . 2008-02-09 13:49 218,504 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-02-09 13:49 . 2008-02-09 13:51 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-02-09 12:34 . 2008-02-18 10:30 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-02-09 12:34 . 2008-02-09 12:34 <DIR> d-------- C:\Documents and Settings\Harris\Application Data\PC Tools
2008-02-09 12:34 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-02-09 12:34 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-02-09 12:34 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-02-09 12:34 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-02-09 12:33 . 2008-02-09 12:33 <DIR> d-------- C:\Program Files\BillP Studios
2008-02-09 12:33 . 2008-02-09 12:33 <DIR> d-------- C:\Documents and Settings\Harris\Application Data\WinPatrol
2008-02-09 12:30 . 2008-02-09 12:30 <DIR> d-------- C:\Program Files\File Shredder
2008-02-08 18:54 . 2008-02-08 18:54 <DIR> d-------- C:\Documents and Settings\Harris\Application Data\Intervideo
2008-02-08 18:29 . 2006-09-12 02:29 <DIR> d-------- C:\Documents and Settings\Harris\Application Data\Intuit
2008-02-08 18:29 . 2007-11-20 15:43 <DIR> d-------- C:\Documents and Settings\Harris\Application Data\Apple Computer
2008-02-08 17:03 . 2008-02-08 17:03 <DIR> d-------- C:\WINDOWS\fargghca
2008-02-08 17:03 . 2008-02-08 17:03 197,120 --a------ C:\WINDOWS\buxwnwvi.dll
2008-02-08 17:02 . 2008-02-08 17:02 54,764 --a------ C:\WINDOWS\system32\4fdw.dll
2008-02-08 17:02 . 2008-02-08 17:02 44,544 --a------ C:\WINDOWS\rkxepmxw.exe~
2008-02-07 22:35 . 2008-02-07 22:35 <DIR> d-------- C:\Program Files\YouSendIt
2008-02-07 22:34 . 2007-03-04 07:55 1,936,528 --a------ C:\WINDOWS\system32\ltmm15.dll
2008-02-07 22:34 . 2007-03-04 07:55 135,168 --a------ C:\WINDOWS\system32\DSKernel2.dll
2008-02-07 22:17 . 2008-02-08 00:07 <DIR> d-------- C:\Program Files\Replay Converter
2008-02-07 22:12 . 2008-02-07 22:16 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-02-07 22:11 . 2008-02-08 00:05 <DIR> d-------- C:\Program Files\Replay AV 8
2008-02-05 20:34 . 2008-02-05 20:34 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-05 20:32 . 2008-02-06 07:41 <DIR> d-------- C:\Program Files\Skype
2008-02-05 20:32 . 2008-02-05 20:32 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-02-05 20:32 . 2008-02-05 20:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-02-01 23:00 . 2008-02-01 23:00 <DIR> d-------- C:\Program Files\Dusco
2008-02-01 23:00 . 2008-02-01 23:00 309,648 --a------ C:\WINDOWS\SesamTV Media Center Uninstaller.exe
2008-02-01 22:15 . 2008-02-01 22:15 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\DivX
2008-02-01 15:24 . 2008-02-01 15:24 <DIR> d-------- C:\Program Files\KALiNKOsoft
2008-02-01 15:24 . 2007-10-22 00:46 91,632 --a------ C:\WINDOWS\system32\dsofile.dll
2008-02-01 15:24 . 2007-10-22 00:41 36,864 --a------ C:\WINDOWS\system32\dxinputdll.dll
2008-01-31 17:42 . 2008-01-31 17:42 <DIR> d-------- C:\Program Files\Frets on Fire
2008-01-31 16:13 . 2008-01-31 16:13 0 --a------ C:\WINDOWS\Textart.INI
2008-01-29 20:20 . 2003-12-25 17:48 10,752 --------- C:\WINDOWS\system32\drivers\iviaspi.sys
2008-01-29 20:19 . 2008-01-29 20:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InterVideo
2008-01-29 20:18 . 2008-01-29 20:18 <DIR> d-------- C:\Program Files\InterVideo
2008-01-29 20:18 . 2008-01-29 20:19 <DIR> d-------- C:\Program Files\Common Files\InterVideo
2008-01-29 20:17 . 2008-01-29 20:17 <DIR> d-------- C:\Program Files\Adaptec
2008-01-29 20:15 . 2004-06-24 09:00 585,728 --------- C:\WINDOWS\system32\msvcr80.dll
2008-01-29 20:15 . 2004-06-24 09:02 528,384 --------- C:\WINDOWS\system32\msvcp80.dll
2008-01-29 20:15 . 2005-09-07 22:02 149,471 --------- C:\WINDOWS\system32\gbclcnvt.ax
2008-01-29 20:15 . 2005-09-26 00:08 125,568 --------- C:\WINDOWS\system32\drivers\avcgbdr.sys
2008-01-29 20:15 . 2005-05-23 21:41 114,688 --------- C:\WINDOWS\system32\gbcpntfy.ax
2008-01-29 20:15 . 2005-05-23 21:43 110,592 --------- C:\WINDOWS\system32\gbtvrate.dll
2008-01-29 20:15 . 2005-09-15 01:15 61,440 --------- C:\WINDOWS\system32\gbaudmgr.ax
2008-01-29 20:15 . 2005-05-23 21:44 28,672 --------- C:\WINDOWS\system32\gbproppg.ax
2008-01-29 20:15 . 2005-07-28 03:28 19,712 --------- C:\WINDOWS\system32\drivers\avcgbfl.sys
2008-01-29 20:15 . 2005-09-24 00:49 16,382 --------- C:\WINDOWS\system32\drivers\makoaudc.rom
2008-01-29 20:15 . 2005-05-23 21:45 14,264 --------- C:\WINDOWS\system32\drivers\makoaudb.rom
2008-01-28 19:16 . 2008-01-28 19:25 <DIR> d-------- C:\e50a85bedbe9da9bdb315dd92025
2008-01-27 14:43 . 2008-01-27 14:43 <DIR> d-------- C:\Program Files\Vstplugins
2008-01-26 23:29 . 2008-01-26 23:29 <DIR> d-------- C:\Program Files\Risk
2008-01-23 18:57 . 1994-09-21 03:00 92,208 --a------ C:\WINDOWS\system\Wing.dll
2008-01-23 18:57 . 1994-09-21 03:00 12,800 --a------ C:\WINDOWS\system\Wing32.dll
2008-01-21 13:57 . 2008-01-21 13:57 <DIR> d-------- C:\Program Files\directx
2008-01-21 13:56 . 2008-01-21 13:56 <DIR> d-------- C:\Program Files\Rockstar Games
2008-01-18 18:40 . 2008-01-18 23:51 <DIR> d-------- C:\Program Files\Total Video Converter

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-18 15:30 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-15 02:39 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-14 02:27 --------- d-----w C:\Program Files\XoftSpySE
2008-02-11 23:18 --------- d-----w C:\Program Files\Vongo
2008-02-10 23:15 --------- d-----w C:\Program Files\Eset
2008-02-10 03:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-09 01:01 --------- d-----w C:\Program Files\music_now
2008-02-08 03:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-05 01:33 --------- d-----w C:\Program Files\ezt
2008-01-28 23:39 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-27 19:25 --------- d-----w C:\Program Files\AIM6
2008-01-19 18:51 --------- d-----w C:\Program Files\Zeallsoft
2008-01-16 23:48 --------- d-----w C:\Program Files\Sony
2008-01-16 20:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-16 20:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-01-13 01:06 --------- d-----w C:\Program Files\DivX
2008-01-12 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-01-12 19:18 --------- d-----w C:\Program Files\Java
2008-01-11 02:24 --------- d-----w C:\Program Files\Blender Foundation
2008-01-10 22:11 --------- d-----w C:\Program Files\AEVITA Save Flash
2008-01-09 20:30 --------- d-----w C:\Program Files\Steam
2008-01-06 19:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-05 15:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-12-31 02:53 --------- d-----w C:\Program Files\PeoplePhone
2007-12-30 19:09 --------- d-----w C:\Program Files\Enterbrain
2007-12-30 19:07 --------- d-----w C:\Program Files\RPGVX‘ÌŒ±”Å
2007-12-24 17:58 --------- d-----w C:\Program Files\QuickTime
2007-12-19 20:05 97,216 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-18 01:07 --------- d-----w C:\Program Files\MagicDVDRipper
2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-12-03 08:13 888,832 ----a-w C:\WINDOWS\system32\securenet.dll
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-21 23:51 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-06-17 03:20 382 ----a-w C:\Program Files\Shortcut to Program Files.lnk
2007-01-30 02:24 251 ----a-w C:\Program Files\wt3d.ini
2005-09-24 15:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2007-03-09 08:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
2007-05-26 01:21 104 --sh--r C:\WINDOWS\system32\D18AAF508C.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 23:00 15360]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2006-12-07 15:11 204843]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-22 15:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-22 15:13 77824]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 00:22 794713]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 13:33 163840]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 12:50 40960]
"NexusServer"="C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-02-13 21:38 185896]
"XoftSpySE"="C:\Program Files\XoftSpySE\xoftspy.exe" [2007-11-26 17:27 728576]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51 583048]
"Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [2006-02-09 11:52 643072]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 12:23 1187840]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-19 17:14 102400]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 02:11 771704]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Adobe_ID0E3DHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-02-21 14:44 1884160]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 18:30 81920]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 18:30 249856]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-22 15:17 118784]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152]
"hcsystray"="C:\Program Files\Kuma Games\hcsystray\hc_tray.exe" [ ]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 23:56 64512]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59 115816]
"Home Theater SchSvr"="C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2005-09-27 05:00 106496]
"WINCINEMAMGR"="C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" [2005-09-27 03:47 266240]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-01-27 00:38 316728]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]

C:\Documents and Settings\Randall Harris\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2007-11-21 18:15:09 557568]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Vongo Tray.lnk - C:\Program Files\Vongo\Tray.exe [2006-05-09 15:09:32 73728]

C:\Documents and Settings\Harris\Start Menu\Programs\Startup\
Vongo Tray.lnk - C:\Program Files\Vongo\Tray.exe [2006-05-09 15:09:32 73728]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 19:55:40 18432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Home^Start Menu^Programs^StartUp^Vongo Tray.lnk]
path=C:\Documents and Settings\Home\Start Menu\Programs\StartUp\Vongo Tray.lnk
backup=C:\WINDOWS\pss\Vongo Tray.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-01-03 11:15 50528 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2007-12-21 07:34 1649600 C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares ultra]
C:\Program Files\Ares Ultra\Ares Ultra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
--a------ 2006-10-30 15:27 715888 C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2006-06-02 10:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2006-05-04 00:58 458752 C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
--a------ 2006-12-07 15:11 204843 C:\Program Files\IncrediMail\bin\IncMail.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-11-15 13:11 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07AXLRD_2725531]
--a------ 2006-06-10 04:10 351000 C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic]
C:\PROGRA~1\Magentic\bin\Magentic.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
--a------ 2007-01-12 18:36 323216 C:\Program Files\Napster\napster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
--a------ 2007-07-10 20:59 949376 C:\Program Files\Eset\nod32kui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinnacle Game Profiler]
--a------ 2008-01-23 23:42 2273280 C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 10:56 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2007-05-03 16:43 2019328 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 20:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 19:55]
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys [2006-06-06 15:39]
S1 AEC671X;AEC671X;C:\WINDOWS\system32\drivers\AEC671X.SYS [1998-05-05 11:06]
S1 DMX3191;DMX3191;C:\WINDOWS\system32\drivers\DMX3191.SYS [1999-02-23 01:12]
S2 UDNT;UDNT;C:\WINDOWS\system32\drivers\UDNT.sys [1998-09-18 08:48]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" []
S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys [2006-11-29 00:46]
S3 iComp;HP Analog TV Tuner;C:\WINDOWS\system32\DRIVERS\p2usbwdm.sys [2006-03-17 18:34]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" [2007-02-10 05:29]
S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe [2006-03-15 23:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-02-15 20:46:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-05 01:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Tyler Harris.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
"2008-02-07 12:34:36 C:\WINDOWS\Tasks\SesamTVMC.job"
"2008-02-18 15:21:09 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-02-09 07:59:59 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 10:37:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????L??????`?@?????L?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-18 10:37:39
ComboFix-quarantined-files.txt 2008-02-18 15:37:37
.
2008-02-14 21:00:18 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:57 AM, on 2/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\ehome\RMSvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Harris\Desktop\Harris.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.comcast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.comcast.net
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {4254E07D-1B18-446C-BA07-20A70E629F88} - C:\PROGRA~1\AEVITA~1\SAVEFL~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &AEVITA Save Flash - {33973600-925A-11D9-A1F6-9234C84D2622} - C:\PROGRA~1\AEVITA~1\SAVEFL~1.DLL
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" -SelfLaunch
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [XoftSpySE] C:\Program Files\XoftSpySE\xoftspy.exe -s
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe_ID0E3DHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: AEVITA Save Flash - {0C4D904C-697B-4F51-B82F-D5D8D8D36405} - C:\PROGRA~1\AEVITA~1\SAVEFL~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: AutorunsDisabled - (no CLSID) - (no file)
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

--
End of file - 13168 bytes
  • 0

#13
Chopin
Posted 19 February 2008 - 04:50 PM

Chopin

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,639 posts
Hello tylerneedshelp45, interesting assortment there :) I need to ask a favor of you. Please go into the C:\Program Files folder. Can you please look in there to see if there's a folder with non-English characters (i.e. not abcdefghijklmnopqrstuvwxyz) in it? If you know what it is, and it exists, can you tell me? Thanks :)

Please read my entire post before commencing, and please follow my instructions in the order that they are given :) If you don't understand something, don't be afraid to ask!

1. P2P
------------------------------------------------
I see you are using P2P file-transfer programs. Although the programs themselves (e.g. LimeWire, BitComet) are legal, most people are not so nice and use them for illegal purposes. Many of the files these programs download are infected with malware. Due to this, it would be best if you removed any P2P programs from your computer.

2. Run a ComboFix Script
------------------------------------------------
1. Please open a blank Notepad document.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\QTFont.qfn
C:\WINDOWS\QTFont.for
C:\WINDOWS\buxwnwvi.dll
C:\WINDOWS\system32\4fdw.dll
C:\WINDOWS\rkxepmxw.exe~

Folder::
C:\VundoFix Backups
C:\WINDOWS\fargghca
C:\e50a85bedbe9da9bdb315dd92025


3. Go to File > Save As. Save the file name as CFScript and make sure "Text Documents (*.txt)" is selected in "Save as type". Save it to where you saved Combofix.

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. If it asks you to reboot, let it reboot. Either way, a Combofix log will be made. Post that in your next reply.

3. Submit File for Testing
------------------------------------------------
Please go to this website: Link

Once there, you will see a textbox in the middle of the screen. Copy and paste the following line into the textbox:

C:\WINDOWS\system32\gbclcnvt.ax

Click the large "Send File" button. Your file will be scanned by MANY different antivirus engines, so until the top says Current status: Finished, don't close the window/copy the results! Once the scan is finished, copy and paste the entire table into a reply so it looks like this:

AhnLab-V3 2007.9.29.0 2007.09.28 -
AntiVir 7.6.0.18 2007.09.28 HEUR/Malware
Authentium 4.93.8 2007.09.28 -
Avast 4.7.1043.0 2007.09.28 -
AVG 7.5.0.488 2007.09.28 -
BitDefender 7.2 2007.09.28 -
CAT-QuickHeal 9.00 2007.09.28 (Suspicious) - DNAScan
ClamAV 0.91.2 2007.09.28 -
DrWeb 4.33 2007.09.28 -
eSafe 7.0.15.0 2007.09.23 Suspicious Trojan/Worm
eTrust-Vet 31.2.5169 2007.09.27 -
Ewido 4.0 2007.09.28 -
FileAdvisor 1 2007.09.29 -
Fortinet 3.11.0.0 2007.09.28 -
F-Prot 4.3.2.48 2007.09.27 -
F-Secure 6.70.13030.0 2007.09.28 -
Ikarus T3.1.1.12 2007.09.28 -
Kaspersky 7.0.0.125 2007.09.29 -
McAfee 5130 2007.09.28 -
Microsoft 1.2803 2007.09.29 -
NOD32v2 2558 2007.09.28 -
Norman 5.80.02 2007.09.28 -
Panda 9.0.0.4 2007.09.28 -
Prevx1 V2 2007.09.29 Heuristic: Suspicious Self Modifying EXE
Rising 19.42.42.00 2007.09.28 -
Sophos 4.21.0 2007.09.28 -
Sunbelt 2.2.907.0 2007.09.28 VIPRE.Suspicious
Symantec 10 2007.09.28 -
TheHacker 6.2.6.073 2007.09.28 -
VBA32 3.12.2.4 2007.09.29 -
VirusBuster 4.3.26:9 2007.09.28 -
Webwasher-Gateway 6.0.1 2007.09.28 Heuristic.Malware


Once that is done, please follow the same procedure with this file:

C:\WINDOWS\system32\D18AAF508C.sys

Post both results in your next reply.

In your next post
------------------------------------------------
  • ComboFix log
  • VirusTotal logs

  • 0

#14
tylerneedshelp45
Posted 19 February 2008 - 07:53 PM

tylerneedshelp45

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thanks a lot again I can see result already like task manager works now. And the only non-English characters is from rpgmaker vx its a japanese program I got it quite a while ago it should be fine but if I have to delete it I will. The only p2p program I had was utorrent which I haven't used in months but I deleted it anyway so here they are again.

ComboFix 08-02-17.2 - Harris 2008-02-19 20:08:36.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1636 [GMT -5:00]
Running from: C:\Documents and Settings\Harris\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Harris\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\buxwnwvi.dll
C:\WINDOWS\QTFont.for
C:\WINDOWS\QTFont.qfn
C:\WINDOWS\rkxepmxw.exe~
C:\WINDOWS\system32\4fdw.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\e50a85bedbe9da9bdb315dd92025\bin\
C:\VundoFix Backups
C:\VundoFix Backups\addmorefiles.txt
C:\VundoFix Backups\uninstall.exe.bad
C:\WINDOWS\buxwnwvi.dll
C:\WINDOWS\fargghca
C:\WINDOWS\fargghca\1.png
C:\WINDOWS\fargghca\2.png
C:\WINDOWS\fargghca\3.png
C:\WINDOWS\fargghca\4.png
C:\WINDOWS\fargghca\5.png
C:\WINDOWS\fargghca\6.png
C:\WINDOWS\fargghca\7.png
C:\WINDOWS\fargghca\8.png
C:\WINDOWS\fargghca\9.png
C:\WINDOWS\fargghca\bottom-rc.gif
C:\WINDOWS\fargghca\config.png
C:\WINDOWS\fargghca\content.png
C:\WINDOWS\fargghca\download.gif
C:\WINDOWS\fargghca\frame-bg.gif
C:\WINDOWS\fargghca\frame-bottom-left.gif
C:\WINDOWS\fargghca\frame-h1bg.gif
C:\WINDOWS\fargghca\head.png
C:\WINDOWS\fargghca\icon.png
C:\WINDOWS\fargghca\indexwp.html
C:\WINDOWS\fargghca\main.css
C:\WINDOWS\fargghca\memory-prots.png
C:\WINDOWS\fargghca\net.png
C:\WINDOWS\fargghca\pc-mag.gif
C:\WINDOWS\fargghca\pc.gif
C:\WINDOWS\fargghca\poloska1.png
C:\WINDOWS\fargghca\poloska2.png
C:\WINDOWS\fargghca\poloska3.png
C:\WINDOWS\fargghca\promowp1.html
C:\WINDOWS\fargghca\promowp2.html
C:\WINDOWS\fargghca\promowp3.html
C:\WINDOWS\fargghca\promowp4.html
C:\WINDOWS\fargghca\promowp5.html
C:\WINDOWS\fargghca\reg.png
C:\WINDOWS\fargghca\repair.png
C:\WINDOWS\fargghca\scr-1.png
C:\WINDOWS\fargghca\scr-2.png
C:\WINDOWS\fargghca\start.png
C:\WINDOWS\fargghca\styles.css
C:\WINDOWS\fargghca\Thumbs.db
C:\WINDOWS\fargghca\top-rc.gif
C:\WINDOWS\fargghca\vline.gif
C:\WINDOWS\fargghca\wp.png
C:\WINDOWS\QTFont.for
C:\WINDOWS\QTFont.qfn
C:\WINDOWS\rkxepmxw.exe~
C:\WINDOWS\system32\4fdw.dll
C:\e50a85bedbe9da9bdb315dd92025

.
((((((((((((((((((((((((( Files Created from 2008-01-20 to 2008-02-20 )))))))))))))))))))))))))))))))
.

2008-02-19 11:13 . 2008-02-19 11:13 <DIR> d-------- C:\Documents and Settings\Harris\Application Data\DivX
2008-02-19 11:12 . 2008-02-19 11:12 <DIR> d-------- C:\Documents and Settings\Harris\Application Data\Sony
2008-02-16 21:26 . 2008-02-16 21:26 <DIR> d-------- C:\Documents and Settings\Harris\Application Data\HP
2008-02-16 16:15 . 2008-02-16 16:15 <DIR> d-------- C:\Documents and Settings\Harris\Application Data\InstallShield
2008-02-15 00:33 . 2008-02-15 00:33 545,525 --a------ C:\1442_UniversalRemote_1.2_0202.rar
2008-02-15 00:28 . 2008-02-15 00:28 1,684,233 --a------ C:\13085_WindowsVistaPSP.rar
2008-02-13 13:55 . 2008-02-13 13:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intervideo
2008-02-12 19:16 . 2008-02-12 19:16 <DIR> d-------- C:\Documents and Settings\Harris\Application Data\Corel
2008-02-11 19:11 . 2008-02-11 19:11 <DIR> d-------- C:\Documents and Settings\Harris\Application Data\acccore
2008-02-10 21:49 . 2008-02-10 21:49 <DIR> d-------- C:\Deckard
2008-02-10 20:06 . 2008-02-10 20:06 <DIR> d-------- C:\Documents and Settings\Harris\Application Data\AdobeUM
2008-02-10 20:03 . 2008-02-10 20:03 <DIR> d-------- C:\Program Files\Sure Delete
2008-02-10 15:14 . 2008-02-10 15:14 <DIR> d-------- C:\Program Files\Trisnap Technologies
2008-02-10 15:14 . 2004-03-09 01:00 662,288 --a------ C:\WINDOWS\system32\mscomct2.ocx
2008-02-10 15:14 . 2006-04-13 22:05 159,744 --a------ C:\WINDOWS\system32\hasher.dll
2008-02-09 22:25 . 2008-02-09 22:43 6,654 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-09 22:21 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-02-09 22:21 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-02-09 22:21 . 2008-02-08 23:55 85,504 --a------ C:\WINDOWS\system32\VACFix.exe
2008-02-09 22:21 . 2008-02-08 10:37 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-02-09 22:21 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-09 22:21 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-09 22:03 . 2008-02-09 22:03 <DIR> d-------- C:\kav
2008-02-09 14:00 . 2008-02-09 14:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-02-09 13:55 . 2008-02-09 13:49 218,504 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-02-09 13:49 . 2008-02-09 13:51 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-02-09 12:34 . 2008-02-18 16:18 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-02-09 12:34 . 2008-02-09 12:34 <DIR> d-------- C:\Documents and Settings\Harris\Application Data\PC Tools
2008-02-09 12:34 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-02-09 12:34 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-02-09 12:34 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-02-09 12:34 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-02-09 12:33 . 2008-02-09 12:33 <DIR> d-------- C:\Program Files\BillP Studios
2008-02-09 12:33 . 2008-02-09 12:33 <DIR> d-------- C:\Documents and Settings\Harris\Application Data\WinPatrol
2008-02-09 12:30 . 2008-02-09 12:30 <DIR> d-------- C:\Program Files\File Shredder
2008-02-08 18:54 . 2008-02-08 18:54 <DIR> d-------- C:\Documents and Settings\Harris\Application Data\Intervideo
2008-02-08 18:29 . 2006-09-12 02:29 <DIR> d-------- C:\Documents and Settings\Harris\Application Data\Intuit
2008-02-08 18:29 . 2007-11-20 15:43 <DIR> d-------- C:\Documents and Settings\Harris\Application Data\Apple Computer
2008-02-07 22:35 . 2008-02-07 22:35 <DIR> d-------- C:\Program Files\YouSendIt
2008-02-07 22:34 . 2007-03-04 07:55 1,936,528 --a------ C:\WINDOWS\system32\ltmm15.dll
2008-02-07 22:34 . 2007-03-04 07:55 135,168 --a------ C:\WINDOWS\system32\DSKernel2.dll
2008-02-07 22:17 . 2008-02-08 00:07 <DIR> d-------- C:\Program Files\Replay Converter
2008-02-07 22:12 . 2008-02-07 22:16 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-02-07 22:11 . 2008-02-08 00:05 <DIR> d-------- C:\Program Files\Replay AV 8
2008-02-05 20:34 . 2008-02-05 20:34 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-05 20:32 . 2008-02-06 07:41 <DIR> d-------- C:\Program Files\Skype
2008-02-05 20:32 . 2008-02-05 20:32 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-02-05 20:32 . 2008-02-05 20:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-02-01 23:00 . 2008-02-01 23:00 <DIR> d-------- C:\Program Files\Dusco
2008-02-01 23:00 . 2008-02-01 23:00 309,648 --a------ C:\WINDOWS\SesamTV Media Center Uninstaller.exe
2008-02-01 22:15 . 2008-02-01 22:15 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\DivX
2008-02-01 15:24 . 2008-02-01 15:24 <DIR> d-------- C:\Program Files\KALiNKOsoft
2008-02-01 15:24 . 2007-10-22 00:46 91,632 --a------ C:\WINDOWS\system32\dsofile.dll
2008-02-01 15:24 . 2007-10-22 00:41 36,864 --a------ C:\WINDOWS\system32\dxinputdll.dll
2008-01-31 17:42 . 2008-01-31 17:42 <DIR> d-------- C:\Program Files\Frets on Fire
2008-01-31 16:13 . 2008-01-31 16:13 0 --a------ C:\WINDOWS\Textart.INI
2008-01-29 20:20 . 2003-12-25 17:48 10,752 --------- C:\WINDOWS\system32\drivers\iviaspi.sys
2008-01-29 20:19 . 2008-01-29 20:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InterVideo
2008-01-29 20:18 . 2008-01-29 20:18 <DIR> d-------- C:\Program Files\InterVideo
2008-01-29 20:18 . 2008-01-29 20:19 <DIR> d-------- C:\Program Files\Common Files\InterVideo
2008-01-29 20:17 . 2008-01-29 20:17 <DIR> d-------- C:\Program Files\Adaptec
2008-01-29 20:15 . 2004-06-24 09:00 585,728 --------- C:\WINDOWS\system32\msvcr80.dll
2008-01-29 20:15 . 2004-06-24 09:02 528,384 --------- C:\WINDOWS\system32\msvcp80.dll
2008-01-29 20:15 . 2005-09-07 22:02 149,471 --------- C:\WINDOWS\system32\gbclcnvt.ax
2008-01-29 20:15 . 2005-09-26 00:08 125,568 --------- C:\WINDOWS\system32\drivers\avcgbdr.sys
2008-01-29 20:15 . 2005-05-23 21:41 114,688 --------- C:\WINDOWS\system32\gbcpntfy.ax
2008-01-29 20:15 . 2005-05-23 21:43 110,592 --------- C:\WINDOWS\system32\gbtvrate.dll
2008-01-29 20:15 . 2005-09-15 01:15 61,440 --------- C:\WINDOWS\system32\gbaudmgr.ax
2008-01-29 20:15 . 2005-05-23 21:44 28,672 --------- C:\WINDOWS\system32\gbproppg.ax
2008-01-29 20:15 . 2005-07-28 03:28 19,712 --------- C:\WINDOWS\system32\drivers\avcgbfl.sys
2008-01-29 20:15 . 2005-09-24 00:49 16,382 --------- C:\WINDOWS\system32\drivers\makoaudc.rom
2008-01-29 20:15 . 2005-05-23 21:45 14,264 --------- C:\WINDOWS\system32\drivers\makoaudb.rom
2008-01-27 14:43 . 2008-01-27 14:43 <DIR> d-------- C:\Program Files\Vstplugins
2008-01-26 23:29 . 2008-01-26 23:29 <DIR> d-------- C:\Program Files\Risk
2008-01-23 18:57 . 1994-09-21 03:00 92,208 --a------ C:\WINDOWS\system\Wing.dll
2008-01-23 18:57 . 1994-09-21 03:00 12,800 --a------ C:\WINDOWS\system\Wing32.dll
2008-01-21 13:57 . 2008-01-21 13:57 <DIR> d-------- C:\Program Files\directx
2008-01-21 13:56 . 2008-01-21 13:56 <DIR> d-------- C:\Program Files\Rockstar Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-20 01:15 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-15 02:39 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-14 02:27 --------- d-----w C:\Program Files\XoftSpySE
2008-02-11 23:18 --------- d-----w C:\Program Files\Vongo
2008-02-10 23:15 --------- d-----w C:\Program Files\Eset
2008-02-10 03:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-09 01:01 --------- d-----w C:\Program Files\music_now
2008-02-08 03:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-05 01:33 --------- d-----w C:\Program Files\ezt
2008-01-28 23:39 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-27 19:25 --------- d-----w C:\Program Files\AIM6
2008-01-19 18:51 --------- d-----w C:\Program Files\Zeallsoft
2008-01-19 04:51 --------- d-----w C:\Program Files\Total Video Converter
2008-01-16 23:48 --------- d-----w C:\Program Files\Sony
2008-01-16 20:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-16 20:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-01-13 01:06 --------- d-----w C:\Program Files\DivX
2008-01-12 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-01-12 19:18 --------- d-----w C:\Program Files\Java
2008-01-11 02:24 --------- d-----w C:\Program Files\Blender Foundation
2008-01-10 22:11 --------- d-----w C:\Program Files\AEVITA Save Flash
2008-01-09 20:30 --------- d-----w C:\Program Files\Steam
2008-01-06 19:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-05 15:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-12-31 02:53 --------- d-----w C:\Program Files\PeoplePhone
2007-12-30 19:09 --------- d-----w C:\Program Files\Enterbrain
2007-12-30 19:07 --------- d-----w C:\Program Files\RPGVX‘ÌŒ±”Å
2007-12-24 17:58 --------- d-----w C:\Program Files\QuickTime
2007-06-17 03:20 382 ----a-w C:\Program Files\Shortcut to Program Files.lnk
2007-01-30 02:24 251 ----a-w C:\Program Files\wt3d.ini
2007-03-09 08:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
2007-05-26 01:21 104 --sh--r C:\WINDOWS\system32\D18AAF508C.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 23:00 15360]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2006-12-07 15:11 204843]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-22 15:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-22 15:13 77824]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 00:22 794713]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 13:33 163840]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 12:50 40960]
"NexusServer"="C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-02-13 21:38 185896]
"XoftSpySE"="C:\Program Files\XoftSpySE\xoftspy.exe" [2007-11-26 17:27 728576]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51 583048]
"Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [2006-02-09 11:52 643072]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 12:23 1187840]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-19 17:14 102400]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 02:11 771704]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Adobe_ID0E3DHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-02-21 14:44 1884160]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 18:30 81920]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 18:30 249856]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-22 15:17 118784]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152]
"hcsystray"="C:\Program Files\Kuma Games\hcsystray\hc_tray.exe" [ ]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 23:56 64512]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59 115816]
"Home Theater SchSvr"="C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2005-09-27 05:00 106496]
"WINCINEMAMGR"="C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" [2005-09-27 03:47 266240]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-01-27 00:38 316728]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]

C:\Documents and Settings\Randall Harris\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2007-11-21 18:15:09 557568]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Vongo Tray.lnk - C:\Program Files\Vongo\Tray.exe [2006-05-09 15:09:32 73728]

C:\Documents and Settings\Harris\Start Menu\Programs\Startup\
Vongo Tray.lnk - C:\Program Files\Vongo\Tray.exe [2006-05-09 15:09:32 73728]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 19:55:40 18432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Home^Start Menu^Programs^StartUp^Vongo Tray.lnk]
path=C:\Documents and Settings\Home\Start Menu\Programs\StartUp\Vongo Tray.lnk
backup=C:\WINDOWS\pss\Vongo Tray.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-01-03 11:15 50528 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2007-12-21 07:34 1649600 C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares ultra]
C:\Program Files\Ares Ultra\Ares Ultra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
--a------ 2006-10-30 15:27 715888 C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2006-06-02 10:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2006-05-04 00:58 458752 C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
--a------ 2006-12-07 15:11 204843 C:\Program Files\IncrediMail\bin\IncMail.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-11-15 13:11 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07AXLRD_2725531]
--a------ 2006-06-10 04:10 351000 C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic]
C:\PROGRA~1\Magentic\bin\Magentic.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
--a------ 2007-01-12 18:36 323216 C:\Program Files\Napster\napster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
--a------ 2007-07-10 20:59 949376 C:\Program Files\Eset\nod32kui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinnacle Game Profiler]
--a------ 2008-01-23 23:42 2273280 C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 10:56 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2007-05-03 16:43 2019328 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 20:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 19:55]
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys [2006-06-06 15:39]
S1 4fdw;4fdw;C:\WINDOWS\system32\4fdw.dll []
S1 AEC671X;AEC671X;C:\WINDOWS\system32\drivers\AEC671X.SYS [1998-05-05 11:06]
S1 DMX3191;DMX3191;C:\WINDOWS\system32\drivers\DMX3191.SYS [1999-02-23 01:12]
S2 UDNT;UDNT;C:\WINDOWS\system32\drivers\UDNT.sys [1998-09-18 08:48]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" []
S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys [2006-11-29 00:46]
S3 iComp;HP Analog TV Tuner;C:\WINDOWS\system32\DRIVERS\p2usbwdm.sys [2006-03-17 18:34]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" [2007-02-10 05:29]
S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe [2006-03-15 23:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-02-15 20:46:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-19 01:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Tyler Harris.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
"2008-02-07 12:34:36 C:\WINDOWS\Tasks\SesamTVMC.job"
"2008-02-20 01:14:34 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-02-09 07:59:59 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-19 20:15:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????W??????`?@?????L?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\ehome\McrdSvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
.
**************************************************************************
.
Completion time: 2008-02-19 20:19:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-20 01:19:46
ComboFix2.txt 2008-02-18 15:37:40
.
2008-02-14 21:00:18 --- E O F ---

gbclcnvt.ax

Antivirus Version Last Update Result
AhnLab-V3 2008.2.20.0 2008.02.19 -
AntiVir 7.6.0.67 2008.02.19 -
Authentium 4.93.8 2008.02.20 -
Avast 4.7.1098.0 2008.02.18 -
AVG 7.5.0.516 2008.02.20 -
BitDefender 7.2 2008.02.20 -
CAT-QuickHeal 9.50 2008.02.18 -
ClamAV 0.92.1 2008.02.19 -
DrWeb 4.44.0.09170 2008.02.20 -
eSafe 7.0.15.0 2008.02.17 -
eTrust-Vet 31.3.5549 2008.02.20 -
Ewido 4.0 2008.02.19 -
FileAdvisor 1 2008.02.20 -
Fortinet 3.14.0.0 2008.02.19 -
F-Prot 4.4.2.54 2008.02.19 -
F-Secure 6.70.13260.0 2008.02.19 -
Ikarus T3.1.1.20 2008.02.19 -
Kaspersky 7.0.0.125 2008.02.20 -
McAfee 5232 2008.02.18 -
Microsoft 1.3204 2008.02.19 -
NOD32v2 2887 2008.02.20 -
Norman 5.80.02 2008.02.19 -
Panda 9.0.0.4 2008.02.19 -
Prevx1 V2 2008.02.20 -
Rising 20.32.12.00 2008.02.19 -
Sophos 4.26.0 2008.02.19 -
Sunbelt 3.0.884.0 2008.02.19 -
Symantec 10 2008.02.20 -
TheHacker 6.2.9.224 2008.02.19 -
VBA32 3.12.6.1 2008.02.17 -
VirusBuster 4.3.26:9 2008.02.19 -
Webwasher-Gateway 6.6.2 2008.02.19 -

D18AAF508C.sys

Antivirus Version Last Update Result
AhnLab-V3 2008.2.20.0 2008.02.19 -
AntiVir 7.6.0.67 2008.02.19 -
Authentium 4.93.8 2008.02.20 -
Avast 4.7.1098.0 2008.02.18 -
AVG 7.5.0.516 2008.02.20 -
BitDefender 7.2 2008.02.20 -
CAT-QuickHeal 9.50 2008.02.18 -
ClamAV 0.92.1 2008.02.19 -
DrWeb 4.44.0.09170 2008.02.20 -
eSafe 7.0.15.0 2008.02.17 -
eTrust-Vet 31.3.5549 2008.02.20 -
Ewido 4.0 2008.02.19 -
FileAdvisor 1 2008.02.20 -
Fortinet 3.14.0.0 2008.02.19 -
F-Prot 4.4.2.54 2008.02.19 -
F-Secure 6.70.13260.0 2008.02.19 -
Ikarus T3.1.1.20 2008.02.19 -
Kaspersky 7.0.0.125 2008.02.20 -
McAfee 5232 2008.02.18 -
Microsoft 1.3204 2008.02.19 -
NOD32v2 2887 2008.02.20 -
Norman 5.80.02 2008.02.19 -
Panda 9.0.0.4 2008.02.19 -
Prevx1 V2 2008.02.20 -
Rising 20.32.12.00 2008.02.19 -
Sophos 4.26.0 2008.02.19 -
Sunbelt 3.0.884.0 2008.02.19 -
Symantec 10 2008.02.20 -
TheHacker 6.2.9.224 2008.02.19 -
VBA32 3.12.6.1 2008.02.17 -
VirusBuster 4.3.26:9 2008.02.19 -
Webwasher-Gateway 6.6.2 2008.02.19
  • 0

#15
Chopin
Posted 24 February 2008 - 05:06 PM

Chopin

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,639 posts
Hello tylerneedshelp45, ComboFix did its job. Let's get an online scan.

1. Scan with ActiveScan
------------------------------------------------
Please go HERE to run Panda's ActiveScan.

Note:You must use Internet Explorer for this scan.
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP