Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Rootkit and trojan horses [RESOLVED]


  • This topic is locked This topic is locked

#1
darko2021

darko2021

    Member

  • Member
  • PipPip
  • 66 posts
Evey time I restart my computer it says that my cpu has changed, also I keep getting notifications that a rootkit or a trojan is trying to load onto my computer. in addition, most of the time my wifi connects to an unknown access point so I can't even get internet most of the time. Please Help!!


Logfile of HijackThis v1.99.1
Scan saved at 7:11:20 AM, on 2/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\AOL\1142909488\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\SpyCatcher\Protector.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\SpyCatcher\Scheduler daemon.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SpyCatcher\Fingerprint compiler.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\hijackthis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher\SCActiveBlock.dll
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142909488\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpyCatcher Reminder] C:\Program Files\SpyCatcher\SpyCatcher.exe reminder
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\FilePlanet\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: Epson printer Registration.lnk = E:\Titles\EpsonReg\EpsonReg.EXE
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher\Protector.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {8B6193F1-837F-11D4-89E6-0050DA666184} (Sol2axctl Class) - http://download.soli...d/solitaire.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O20 - AppInit_DLLs: secuload.dll,wbsys.dll c:\progra~1\google\google~3\goec62~1.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: WUSB54GSSVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54GS.exe (file missing)
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
darko2021

darko2021

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Here is the Main.txt


Deckard's System Scanner v20071014.68
Run by Jon Foster on 2008-02-13 19:06:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
87: 2008-02-14 00:06:21 UTC - RP882 - Deckard's System Scanner Restore Point
86: 2008-02-13 16:47:22 UTC - RP881 - System Checkpoint
85: 2008-02-12 16:23:14 UTC - RP880 - System Checkpoint
84: 2008-02-11 16:22:34 UTC - RP879 - System Checkpoint
83: 2008-02-10 16:05:17 UTC - RP878 - System Checkpoint


-- First Restore Point --
1: 2007-11-16 03:38:12 UTC - RP796 - Removed Battlefield 2™


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Jon Foster.exe) ------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 7:07:20 PM, on 2/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\AOL\1142909488\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\SpyCatcher\Protector.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\SpyCatcher\Scheduler daemon.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Jon Foster\Desktop\dss.exe
C:\PROGRA~1\Jon Foster.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher\SCActiveBlock.dll
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142909488\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpyCatcher Reminder] C:\Program Files\SpyCatcher\SpyCatcher.exe reminder
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\FilePlanet\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: Epson printer Registration.lnk = E:\Titles\EpsonReg\EpsonReg.EXE
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher\Protector.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {8B6193F1-837F-11D4-89E6-0050DA666184} (Sol2axctl Class) - http://download.soli...d/solitaire.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O20 - AppInit_DLLs: secuload.dll,wbsys.dll c:\progra~1\google\google~3\goec62~1.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: WUSB54GSSVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54GS.exe (file missing)


-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71
.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\system32\giveio.sys
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R0 viasraid - c:\windows\system32\drivers\viasraid.sys <Not Verified; VIA Technologies inc,.ltd; Raid controller 6420 driver>
R1 atitray - c:\program files\radeon omega drivers\v3.8.360\ati tray tools\atitray.sys
R1 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
R2 atksgt - c:\windows\system32\drivers\atksgt.sys
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.0.0) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.7>
R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S1 ATITool (ATITool Overclocking Utility) - c:\windows\system32\drivers\atitool.sys <Not Verified; W1zzard; ATITool Driver>
S3 jbridgep - c:\docume~1\jonfos~1\locals~1\temp\jbridgep.sys (file missing)
S3 Memctl - c:\program files\abit\flashmenu\memctl.sys
S3 NSNDIS5 (NSNDIS5 NDIS Protocol Driver) - c:\windows\system32\nsndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); NetStumbler>
S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S3 samhid - c:\windows\system32\drivers\samhid.sys
S3 vncdrv - c:\windows\system32\drivers\vncdrv.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT® Operating System>
S3 WINFLASH - c:\program files\abit\flashmenu\winflash.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VIA Networking Velocity Family Giga-bit Ethernet Adapter
Device ID: PCI\VEN_1106&DEV_3119&SUBSYS_1415147B&REV_11\3&13C0B0C5&0&70
Manufacturer: VIA Networking Technologies, Inc.
Name: VIA Networking Velocity Family Giga-bit Ethernet Adapter
PNP Device ID: PCI\VEN_1106&DEV_3119&SUBSYS_1415147B&REV_11\3&13C0B0C5&0&70
Service: GETNDIS


-- Scheduled Tasks -------------------------------------------------------------

2008-02-13 09:05:00 438 --a------ C:\WINDOWS\Tasks\iTunes.job
2008-02-07 10:39:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-01-13 and 2008-02-13 -----------------------------

2008-02-13 19:07:12 218112 --a------ C:\Program Files\Jon Foster.exe <Not Verified; Soeperman Enterprises Ltd.; HijackThis>
2008-02-04 14:40:09 0 d-------- C:\Program Files\Pegasys Inc
2008-02-04 09:11:38 0 d-------- C:\Program Files\Movavi Video Converter 6
2008-02-03 19:33:25 0 d-------- C:\Program Files\Blaze Media Pro
2008-02-03 19:33:11 0 d-------- C:\Documents and Settings\All Users\Application Data\{CFAB4006-0AE0-414D-866A-DCB2C46553CF}
2008-02-02 00:17:57 0 d-------- C:\Documents and Settings\Jon Foster\Application Data\skypePM
2008-02-02 00:17:57 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-02 00:16:42 0 d-------- C:\Documents and Settings\Jon Foster\Application Data\Skype
2008-02-02 00:16:27 0 d-------- C:\Program Files\Skype
2008-02-02 00:16:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-02-01 23:35:06 0 d-------- C:\Documents and Settings\Jon Foster\Application Data\Globe7
2008-02-01 23:34:59 0 d-------- C:\Program Files\Globe7
2008-02-01 11:05:20 11010048 --a------ C:\Documents and Settings\Jon Foster\ntuser.dat
2008-01-20 12:21:52 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Azureus
2008-01-18 10:44:16 0 d-------- C:\Program Files\BZFlag2.0.10
2008-01-18 10:37:19 0 d-------- C:\Program Files\Ciel
2008-01-18 10:30:23 0 d-------- C:\Program Files\Audacity
2008-01-18 10:21:32 0 d-------- C:\Documents and Settings\All Users\Application Data\RoboForm
2008-01-18 10:20:52 0 d-------- C:\Program Files\Siber Systems
2008-01-18 10:20:37 0 d-------- C:\Program Files\AutoHotkey
2008-01-18 09:54:44 0 d-------- C:\Documents and Settings\Jon Foster\Application Data\Tenebril
2008-01-18 09:47:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Tenebril
2008-01-18 09:45:52 40960 --a-s---- C:\WINDOWS\system32\ProcessKiller.dll
2008-01-18 09:45:51 0 d-------- C:\WINDOWS\system32\tenarchlib
2008-01-18 09:45:51 180224 --a-s---- C:\WINDOWS\system32\archlib.dll <Not Verified; Tenebril Incorporated; Tenebril architecture technology>
2008-01-18 09:45:51 0 d-------- C:\Program Files\SpyCatcher
2008-01-18 09:23:53 0 d-------- C:\Program Files\Alwil Software
2008-01-14 22:26:12 0 d-------- C:\Program Files\Picasa2
2008-01-13 18:30:19 0 d-------- C:\Program Files\SystemRequirementsLab
2008-01-13 18:29:52 0 d-------- C:\Documents and Settings\Jon Foster\Application Data\SystemRequirementsLab


-- Find3M Report ---------------------------------------------------------------

2008-02-13 19:07:20 10887 --a------ C:\Program Files\hijackthis.log
2008-02-13 19:07:20 0 d-------- C:\Program Files\FlashGet
2008-02-10 10:22:48 0 d-------- C:\Documents and Settings\Jon Foster\Application Data\Azureus
2008-02-09 01:37:24 0 d-------- C:\Documents and Settings\Jon Foster\Application Data\dvdcss
2008-02-08 23:59:33 0 d-------- C:\Documents and Settings\Jon Foster\Application Data\uTorrent
2008-02-08 18:57:19 0 d-------- C:\Documents and Settings\Jon Foster\Application Data\AVG7
2008-02-04 14:40:12 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-04 09:11:38 0 d-------- C:\Program Files\Common Files
2008-01-28 09:06:35 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-28 09:05:46 0 d-------- C:\Program Files\NBC Direct
2008-01-19 03:54:21 0 d-------- C:\Program Files\Azureus
2008-01-18 10:07:48 0 d-------- C:\Program Files\MultiRes
2008-01-12 13:08:24 0 d-------- C:\Documents and Settings\Jon Foster\Application Data\Move Networks
2008-01-11 20:20:41 119 --a------ C:\Documents and Settings\Jon Foster\Application Data\FixVTS.ini
2008-01-10 12:59:14 0 d-------- C:\Program Files\DVDFab HD Decrypter 4
2008-01-09 08:26:01 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-07 21:33:07 0 d-------- C:\Documents and Settings\Jon Foster\Application Data\Adobe
2008-01-07 21:28:49 0 d-------- C:\Program Files\OpenCASE


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 01:50 PM]
"SoundMan"="SOUNDMAN.EXE" [05/14/2004 05:47 PM C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 03:00 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [12/21/2007 09:52 AM]
"AtiPTA"="atiptaxx.exe" [02/21/2006 07:05 PM C:\WINDOWS\system32\atiptaxx.exe]
"HostManager"="C:\Program Files\Common Files\AOL\1142909488\ee\AOLSoftware.exe" [05/09/2006 07:24 PM]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" []
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [02/17/2006 11:59 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/2007 08:41 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/01/2007 03:51 PM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [10/23/2007 07:17 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 08:00 AM]
"SpyCatcher Reminder"="C:\Program Files\SpyCatcher\SpyCatcher.exe" [10/16/2007 12:05 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"igndlm.exe"="C:\Program Files\FilePlanet\Download Manager\DLM.exe" [03/05/2007 12:57 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [09/02/2007 10:30 AM]
"Active Desktop Calendar"="C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe" []
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [10/23/2007 04:18 PM]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [01/18/2008 10:20 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 12/21/2001 12:34 AM 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=secuload.dll,wbsys.dll c:\progra~1\google\google~3\goec62~1.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4254ed41-6feb-11d9-87ae-806d6172696f}]
AutoRun\command- D:\setup.exe




-- End of Deckard's System Scanner: finished at 2008-02-13 19:08:02 ------------


And Here is the Extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 4000+
Percentage of Memory in Use: 31%
Physical Memory (total/avail): 2047.48 MiB / 1411.66 MiB
Pagefile Memory (total/avail): 10033.92 MiB / 9545.3 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.29 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.53 GiB total, 26.77 GiB free.
D: is CDROM (No Media)
E: is CDROM (Unformatted)
F: is Fixed (NTFS) - 153.38 GiB total, 48.37 GiB free.

\\.\PHYSICALDRIVE1 - HDS72251 6VLSA80 SCSI Disk Device - 153.38 GiB - 1 partition
\PARTITION0 - Extended w/Extended Int 13 - 153.38 GiB - F:

\\.\PHYSICALDRIVE0 - ST380817 AS SCSI Disk Device - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.53 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG 7.5.516 v7.5.516 (Grisoft)
AV: avast! antivirus 4.7.1098 [VPS 080213-1] v4.7.1098 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1142909488\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1142909488\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1142909488\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1142909488\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\ItsDeductible2006\\ItsDeductible10.exe"="C:\\Program Files\\ItsDeductible2006\\ItsDeductible10.exe:*:Enabled:TurboTax ItsDeductible 2006"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Jon Foster\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DARKO
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jon Foster
LOGONSERVER=\\DARKO
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\Program Files\Mozilla Firefox\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 7 Stepping 10, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=070a
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\JONFOS~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\JONFOS~1\LOCALS~1\Temp
USERDOMAIN=DARKO
USERNAME=Jon Foster
USERPROFILE=C:\Documents and Settings\Jon Foster
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Jon Foster (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uninstall.exe"
123 Audio Video Merger --> "F:\misc. programs\123 Audio Video Merger\unins000.exe"
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
AI RoboForm (All Users) --> "C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
AlienGUIse --> C:\PROGRA~1\ALIENG~1\thememgr.exe /uninstallwise
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft Software Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE7C3A14-1D20-49F6-B903-491561076F0F}\SETUP.EXE" -l0x9
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
ATI Display Driver (Omega 3.8.360) --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
AutoHotkey 1.0.47.05 --> C:\Program Files\AutoHotkey\uninst.exe
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
AVG Free Edition --> C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
BitTorrent 5.0.7 --> "C:\Program Files\BitTorrent\uninstall.exe"
BZFlag 2.0.10 (remove only) --> "C:\Program Files\BZFlag2.0.10\uninstall.exe"
C-Organizer Pro --> "C:\Program Files\C-Organizer Pro\unins000.exe"
Cartes du Ciel --> "C:\Program Files\Ciel\Uninstall.exe" "C:\Program Files\Ciel\install.log"
cladDVD .NET v3.5.6 --> MsiExec.exe /I{76BD2E01-DBD1-424C-8CB4-7B55CC4B2452}
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
Cucusoft DVD to iPod + iPod Video Converter Suite 3.12.3.22 --> "C:\Program Files\Cucusoft\ipod-converter\unins000.exe"
DH Driver Cleaner Professional Edition --> C:\Program Files\Driver Cleaner Pro\Uninstall.exe
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
DVDFab Decrypter 3.0.9.6 --> "F:\burn\DVDFab Decrypter 3\unins000.exe"
DVDFab HD Decrypter 4.0.5.0 --> "C:\Program Files\DVDFab HD Decrypter 4\unins000.exe"
EphPod --> C:\PROGRA~1\EphPod\UNWISE.EXE C:\PROGRA~1\EphPod\INSTALL.LOG
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
FilePlanet Download Manager 2.1 --> C:\Program Files\FilePlanet\Download Manager\uninst.exe
FlashGet(Jetcar) 1.80 --> C:\PROGRA~1\FlashGet\_UNWISE.EXE
FlashMenu --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0555CC40-C007-11D4-B257-0050BAA96AA5}\Setup.exe" -l0x9
Free iPod Video Converter 1.34 --> "F:\misc. programs\Free iPod Video Converter\unins000.exe"
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
GGE909 PC Recoil Pad --> C:\PROGRA~1\GAMEEL~1\GGE909~1\UNWISE.EXE C:\PROGRA~1\GAMEEL~1\GGE909~1\INSTALL.LOG
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Half-Life 2 Awakening 1.1 --> c:\Program Files\Valve\Steam\SteamApps\SourceMods\Uninstal.exe
Half-Life 2: Deathmatch --> "C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/320
Half-Life 2: Lost Coast --> "C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/340
Half-Life® 2 --> MsiExec.exe /I{D45EC259-4A19-4656-B588-C2C360DD18EA}
HijackThis 1.99.1 --> C:\DOCUME~1\JONFOS~1\LOCALS~1\Temp\Rar$EX00.547\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
ImgBurn (Remove Only) --> "F:\burn\ImgBurn\uninstall.exe"
InCD --> C:\WINDOWS\NuNInst.exe /UNINSTALL
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
IObit SmartDefrag Beta3 --> "C:\Program Files\IObit\IObit SmartDefrag\unins000.exe"
iPod for Windows 2005-03-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{44A537A5-859C-43A6-8285-C0668142A090}
iPod for Windows 2005-09-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC} /l1033
iPod for Windows 2006-03-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /l1033
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
iTunes --> MsiExec.exe /I{553E56C3-7AA1-45FE-A2FC-2C43DC27F765}
iTunes Art Importer --> MsiExec.exe /I{D8D8B308-B172-43DB-96F1-6A3F84851D61}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
J2SE Runtime Environment 5.0 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Linksys Wireless-G USB Network Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}\setup.exe" -l0x9
Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
MathPlayer --> C:\Program Files\Design Science\MathPlayer\Setup.exe -u
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Connection Center --> C:\Program Files\MSN\MSNIA\CC\MSNCC\ccrestore.exe /Uninstall
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MultiRes (remove only) --> C:\Program Files\MultiRes\uninstal.exe
NBC Direct Beta --> MsiExec.exe /I{C91EF330-F152-44ED-A33A-0F4FF3FAF813}
Nero Digital --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express Content --> C:\WINDOWS\UNNVEContent.exe /UNINSTALL
Netflix Movie Viewer --> MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
Network Stumbler 0.4.0 (remove only) --> "C:\Program Files\Network Stumbler\uninst.exe"
Nikon Message Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x9 UNINSTALL
Open Video Joiner version 3.1 --> "F:\misc. programs\OpenVideoJoiner\unins000.exe"
OpenCASE Media Agent --> MsiExec.exe /I{1771FDC8-D846-4B77-996A-C80DAD42C03F}
Personal Finances 2000 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{001F6658-E55E-4CF0-947C-6A1231EE1046}\Setup.exe"
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
PictureProject --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe" -l0x9 UNINSTALL
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
Radeon Omega Drivers v3.8.221 Setup Files and Tools --> "C:\WINDOWS\Radeon Omega Drivers v3.8.221 Uninstall.exe" "/U:C:\Program Files\Radeon Omega Drivers\v3.8.221\Omega Uninstall.xml"
Radeon Omega Drivers v3.8.360 Setup Files and Tools --> "C:\WINDOWS\Radeon Omega Drivers v3.8.360 Uninstall.exe" "/U:C:\Program Files\Radeon Omega Drivers\v3.8.360\Omega Uninstall.xml"
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Registry Care v6.0 --> "F:\misc. programs\Registry Care\unins000.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Smart Link 56K Voice Modem --> C:\WINDOWS\Modio\SLAMR2KV\Setup.exe /Remove
Source SDK Base --> "C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/215
SpeedFan (remove only) --> "F:\misc. programs\SpeedFan\uninstall.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpyCatcher Express 2007 --> "C:\Program Files\SpyCatcher\unins000.exe"
Star Wars®: Knights of the Old Republic ™ --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}\setup.exe" -l0x9
Steam™ --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
Theme Manager --> C:\PROGRA~1\ALIENG~1\thememgr.exe /uninstallwise
TuneXP 1.5 --> C:\WINDOWS\iun6002.exe "C:\Program Files\TuneXP\irunin.ini"
TurboTax Deluxe Deduction Maximizer 2006 --> C:\Program Files\TurboTax\Deluxe 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2006\Uninstall.log" -NoGui
TurboTax ItsDeductible 2006 --> MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Ventrilo Server --> MsiExec.exe /I{85DD724B-15E5-4572-81BF-CF9031D83848}
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Videora iPod Converter 0.91 --> C:\Program Files\VideoraiPodConverter\uninst.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WDTPCTR-ScreenSaver-V1.0Beta --> C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\WDTPCTR-ScreenSaver-V1.0Beta\ST5UNST.LOG"
WexTech AnswerWorks --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WordPerfect Office 2002 --> C:\WINDOWS\Corel\uninst32.exe
WordPerfect Office 2002 --> C:\WINDOWS\Corel\Uninst32.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type10049 / Error
Event Submitted/Written: 02/12/2008 08:16:45 AM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800706BA from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Event Record #/Type10042 / Warning
Event Submitted/Written: 02/12/2008 07:21:00 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type10041 / Error
Event Submitted/Written: 02/12/2008 07:18:10 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application rundll32.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type10039 / Error
Event Submitted/Written: 02/12/2008 07:15:44 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application explorer.exe, version 6.0.2900.3156, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type10037 / Error
Event Submitted/Written: 02/12/2008 07:13:21 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application explorer.exe, version 6.0.2900.3156, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type99161 / Error
Event Submitted/Written: 02/13/2008 07:07:27 PM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The SmartLinkService service has reported an invalid current state 0.

Event Record #/Type99160 / Warning
Event Submitted/Written: 02/13/2008 06:17:06 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001217A13D60. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type99159 / Warning
Event Submitted/Written: 02/13/2008 06:16:27 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 001217A13D60. The IP address being used is 169.254.94.250.

Event Record #/Type99157 / Warning
Event Submitted/Written: 02/13/2008 03:51:05 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 001217A13D60. The IP address being used is 169.254.94.250.

Event Record #/Type99154 / Warning
Event Submitted/Written: 02/13/2008 11:13:03 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-02-13 19:08:02 ------------
  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

You have two anti-virues, AVG and Avast, you need to remove one of these


1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Please download and unzip Icesword to its own folder on your desktop


If you get a lot of "red entries" in an IceSword log, don't panic.

Step 1 : Close all windows and run IceSword. Click the Processes tab and watch for processes displayed in red color. A red colored process in this list indicates that it's hidden. Write down the PathName of any processes in red color. Then click on LOG at the top left. It will prompt you to save the log, call this Processes and save it to your desktop.


Step 2 : Click the Win32 Services tab and look out for red colored entries in the services list. Write down the Module name of any services in red color, you will need to expand out the Module tab to see the full name. Then click on LOG. It will prompt you to save the log, call this Services and save it to your desktop.


Step 3 : Click the Startup tab and look out for red colored entries in the startup list. Write down the Path of any startup entries in red color. Then click on LOG. It will prompt you to save the log, call this Startup and save it to your desktop.


Step 4 : Click the SSDT tab and check for red colored entries. If there are any, write down the KModule name.


Step 5 : Click the Message Hooks tab and check for any entries that are underneath Type and labelled WH_KEYBOARD. Write down the Process Path of these entries if present.



Now post all of the data collected under the headings for :

Processes
Win32 Services
Startup
SSDT
Message Hooks

  • 0

#5
darko2021

darko2021

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Process:

System Idle Process
System
C:\WINDOWS\explorer.exe
C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\AOL\1142909488\ee\aolsoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\SpyCatcher\Protector.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\SpyCatcher\Scheduler daemon.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Documents and Settings\Jon Foster\Desktop\IceSword122en\IceSword122en\IceSword.exe

Started Service:

Service Name:Alerter Display Name:Alerter
Service Name:aswUpdSv Display Name:avast! iAVS4 Control Service
Service Name:Ati HotKey Poller Display Name:Ati HotKey Poller
Service Name:AudioSrv Display Name:Windows Audio
Service Name:avast! Antivirus Display Name:avast! Antivirus
Service Name:avast! Mail Scanner Display Name:avast! Mail Scanner
Service Name:avast! Web Scanner Display Name:avast! Web Scanner
Service Name:BITS Display Name:Background Intelligent Transfer Service
Service Name:CryptSvc Display Name:Cryptographic Services
Service Name:DcomLaunch Display Name:DCOM Server Process Launcher
Service Name:Dhcp Display Name:DHCP Client
Service Name:Dnscache Display Name:DNS Client
Service Name:ERSvc Display Name:Error Reporting Service
Service Name:Eventlog Display Name:Event Log
Service Name:EventSystem Display Name:COM+ Event System
Service Name:FastUserSwitchingCompatibility Display Name:Fast User Switching Compatibility
Service Name:helpsvc Display Name:Help and Support
Service Name:InCDsrv Display Name:InCD Helper
Service Name:iPod Service Display Name:iPod Service
Service Name:lanmanserver Display Name:Server
Service Name:lanmanworkstation Display Name:Workstation
Service Name:LmHosts Display Name:TCP/IP NetBIOS Helper
Service Name:Netman Display Name:Network Connections
Service Name:Nla Display Name:Network Location Awareness (NLA)
Service Name:OpenCASE Media Agent Display Name:OpenCASE Media Agent
Service Name:PlugPlay Display Name:Plug and Play
Service Name:PolicyAgent Display Name:IPSEC Services
Service Name:ProtectedStorage Display Name:Protected Storage
Service Name:RasMan Display Name:Remote Access Connection Manager
Service Name:RpcSs Display Name:Remote Procedure Call (RPC)
Service Name:SamSs Display Name:Security Accounts Manager
Service Name:Schedule Display Name:Task Scheduler
Service Name:seclogon Display Name:Secondary Logon
Service Name:SENS Display Name:System Event Notification
Service Name:ShellHWDetection Display Name:Shell Hardware Detection
Service Name:Spooler Display Name:Print Spooler
Service Name:srservice Display Name:System Restore Service
Service Name:SSDPSRV Display Name:SSDP Discovery Service
Service Name:stisvc Display Name:Windows Image Acquisition (WIA)
Service Name:TapiSrv Display Name:Telephony
Service Name:TermService Display Name:Terminal Services
Service Name:Themes Display Name:Themes
Service Name:TrkWks Display Name:Distributed Link Tracking Client
Service Name:W32Time Display Name:Windows Time
Service Name:WebClient Display Name:WebClient
Service Name:winmgmt Display Name:Windows Management Instrumentation
Service Name:wuauserv Display Name:Automatic Updates
Service Name:WUSB54GSSVC Display Name:WUSB54GSSVC
Service Name:WZCSVC Display Name:Wireless Zero Configuration

Startup:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NeroFilterCheck
C:\WINDOWS\system32\NeroCheck.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SoundMan
SOUNDMAN.EXE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SunJavaUpdateSched
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AtiPTA
atiptaxx.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HostManager
C:\Program Files\Common Files\AOL\1142909488\ee\AOLSoftware.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Microsoft Works Update Detection
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IPHSend
C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
QuickTime Task
"C:\Program Files\QuickTime\qttask.exe" -atboottime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
iTunesHelper
"C:\Program Files\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Google Desktop Search
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
avast!
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SpyCatcher Reminder
C:\Program Files\SpyCatcher\SpyCatcher.exe reminder

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Steam


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
MsnMsgr
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
igndlm.exe
C:\Program Files\FilePlanet\Download Manager\DLM.exe /windowsstart /startifwork

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
swg
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Active Desktop Calendar
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Picasa Media Detector
C:\Program Files\Picasa2\PicasaMediaDetector.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
RoboForm
"C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
desktop.ini


C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech SetPoint.lnk
C:\Program Files\Logitech\SetPoint\SetPoint.exe (Remark£º)

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
NkbMonitor.exe.lnk
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe (Remark£º)

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
SpyCatcher Protector.lnk
C:\Program Files\SpyCatcher\Protector.exe (Remark£ºBlocks spyware from running and infecting your computer)

C:\Documents and Settings\Jon Foster\Start Menu\Programs\Startup
desktop.ini


C:\Documents and Settings\Jon Foster\Start Menu\Programs\Startup
Epson printer Registration.lnk
E:\Titles\EpsonReg\EpsonReg.EXE (Remark£ºEpson printer Registration)

C:\Documents and Settings\Jon Foster\Start Menu\Programs\Startup
Scheduler.lnk
C:\Program Files\SpyCatcher\Scheduler daemon.exe (Remark£ºScheduler daemon)

There were no red entries for anything. The only thing I did notice was under the message hooks tab. The process paths for these are as follows:
C:\WINDOWS\system32\ati2evxx.exe
C:\Programfiles\SpyCatcher\Protector.exe
These two were under the WH_KeyBoard
  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Looking good, one more final scan then we are done

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#7
darko2021

darko2021

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
Ok

Edited by darko2021, 14 February 2008 - 08:06 AM.

  • 0

#8
darko2021

darko2021

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, February 14, 2008 1:20:45 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 14/02/2008
Kaspersky Anti-Virus database records: 565487
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 85630
Number of viruses found: 2
Number of infected objects: 5
Number of suspicious objects: 0
Duration of the scan process: 01:03:03

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Jon Foster\Application Data\Mozilla\Firefox\Profiles\w8m2945t.default\cert8.db Object is locked skipped
C:\Documents and Settings\Jon Foster\Application Data\Mozilla\Firefox\Profiles\w8m2945t.default\flashgot.log Object is locked skipped
C:\Documents and Settings\Jon Foster\Application Data\Mozilla\Firefox\Profiles\w8m2945t.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Jon Foster\Application Data\Mozilla\Firefox\Profiles\w8m2945t.default\history.dat Object is locked skipped
C:\Documents and Settings\Jon Foster\Application Data\Mozilla\Firefox\Profiles\w8m2945t.default\key3.db Object is locked skipped
C:\Documents and Settings\Jon Foster\Application Data\Mozilla\Firefox\Profiles\w8m2945t.default\parent.lock Object is locked skipped
C:\Documents and Settings\Jon Foster\Application Data\Mozilla\Firefox\Profiles\w8m2945t.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Jon Foster\Application Data\Mozilla\Firefox\Profiles\w8m2945t.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Jon Foster\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jon Foster\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Jon Foster\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jon Foster\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jon Foster\Local Settings\Application Data\Mozilla\Firefox\Profiles\w8m2945t.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Jon Foster\Local Settings\Application Data\Mozilla\Firefox\Profiles\w8m2945t.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Jon Foster\Local Settings\Application Data\Mozilla\Firefox\Profiles\w8m2945t.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Jon Foster\Local Settings\Application Data\Mozilla\Firefox\Profiles\w8m2945t.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Jon Foster\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jon Foster\Local Settings\Temp\fnm5E.tmp Object is locked skipped
C:\Documents and Settings\Jon Foster\Local Settings\Temp\fnmA6.tmp Object is locked skipped
C:\Documents and Settings\Jon Foster\Local Settings\Temp\fnmC1.tmp Object is locked skipped
C:\Documents and Settings\Jon Foster\Local Settings\Temp\fnmC2.tmp Object is locked skipped
C:\Documents and Settings\Jon Foster\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jon Foster\ntuser.dat Object is locked skipped
C:\Documents and Settings\Jon Foster\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\Jon Foster\Shared\GBA - Gameboy Advance - 1060 - Advance Wars 2 - Black Hole Rising (U).zip/advance wars - sturm.zip/setup.exe/data0001 Infected: Trojan-Downloader.Win32.IstBar.lu skipped
C:\Documents and Settings\Jon Foster\Shared\GBA - Gameboy Advance - 1060 - Advance Wars 2 - Black Hole Rising (U).zip/advance wars - sturm.zip/setup.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.nn skipped
C:\Documents and Settings\Jon Foster\Shared\GBA - Gameboy Advance - 1060 - Advance Wars 2 - Black Hole Rising (U).zip/advance wars - sturm.zip/setup.exe Infected: Trojan-Downloader.Win32.IstBar.nn skipped
C:\Documents and Settings\Jon Foster\Shared\GBA - Gameboy Advance - 1060 - Advance Wars 2 - Black Hole Rising (U).zip/advance wars - sturm.zip Infected: Trojan-Downloader.Win32.IstBar.nn skipped
C:\Documents and Settings\Jon Foster\Shared\GBA - Gameboy Advance - 1060 - Advance Wars 2 - Black Hole Rising (U).zip ZIP: infected - 4 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\OpenCASE\OpenCASE Media Agent\logs\csm.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{8A55C197-31BD-44C4-A709-F108E4089390}\RP884\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{4EDD0239-EE0A-4A24-9EA0-C1BC41AE0CEB}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_6fc.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
F:\Movies\FullDisc\Friends\MainMovie\THUMBSUCKER\VIDEO_TS\VTS_01_1.VOB Object is locked skipped
F:\Movies\FullDisc\Friends\MainMovie\THUMBSUCKER\VIDEO_TS\VTS_01_2.VOB Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\_restore{8A55C197-31BD-44C4-A709-F108E4089390}\RP884\change.log Object is locked skipped

Scan process completed.
  • 0

#9
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Delete this file in bold

C:\Documents and Settings\Jon Foster\Shared\GBA - Gameboy Advance - 1060 - Advance Wars 2 - Black Hole Rising (U).zip


You can delete the tools that we used


You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here



Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

#10
darko2021

darko2021

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
I still seem to be having the same issue. I keep getting a virus scan alert telling me that a rootkit is tring to embed itself. Also every time I restart my computer I get a message before windows loads saying that my computer has changed and gives me the option to go into my BIOS. Here is a new Hijackthis.

Logfile of HijackThis v1.99.1
Scan saved at 5:31:55 PM, on 2/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\AOL\1142909488\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\SpyCatcher\Protector.exe
C:\Program Files\SpyCatcher\Scheduler daemon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
C:\Program Files\NBC Direct\StoreFrontPlayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hijackthis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher\SCActiveBlock.dll
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142909488\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpyCatcher Reminder] C:\Program Files\SpyCatcher\SpyCatcher.exe reminder
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\FilePlanet\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: Epson printer Registration.lnk = E:\Titles\EpsonReg\EpsonReg.EXE
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher\Protector.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {8B6193F1-837F-11D4-89E6-0050DA666184} (Sol2axctl Class) - http://download.soli...d/solitaire.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O20 - AppInit_DLLs: secuload.dll,wbsys.dll c:\progra~1\google\google~3\goec62~1.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: WUSB54GSSVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54GS.exe (file missing)
  • 0

Advertisements


#11
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall


keep getting a virus scan alert telling me that a rootkit is tring to embed itself.

What program is saying this ? Does it tell you the file path ?
  • 0

#12
darko2021

darko2021

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
The program that keeps telling me there is a rootkit is spycatcher



ComboFix 08-02-19.2 - Jon Foster 2008-02-19 8:08:12.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1520 [GMT -5:00]
Running from: C:\Documents and Settings\Jon Foster\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-19 to 2008-02-19 )))))))))))))))))))))))))))))))
.

2008-02-18 01:59 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-18 01:58 . 2008-02-18 01:58 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-18 01:57 . 2008-02-18 01:58 15,852,952 --a------ C:\Program Files\jre-6u4-windows-i586-p.exe
2008-02-14 09:07 . 2008-02-14 09:07 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-14 09:07 . 2008-02-14 09:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-13 23:10 . 2008-02-13 23:10 <DIR> d-------- C:\Program Files\backups
2008-02-13 19:07 . 2005-12-08 15:44 218,112 --a------ C:\Program Files\Jon Foster.exe
2008-02-13 19:05 . 2008-02-13 19:05 <DIR> d-------- C:\Deckard
2008-02-04 14:40 . 2008-02-04 14:40 <DIR> d-------- C:\Program Files\Pegasys Inc
2008-02-04 09:11 . 2008-02-08 23:59 <DIR> d-------- C:\Program Files\Movavi Video Converter 6
2008-02-03 19:33 . 2008-02-08 23:59 <DIR> d-------- C:\Program Files\Blaze Media Pro
2008-02-03 19:33 . 2008-02-08 23:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{CFAB4006-0AE0-414D-866A-DCB2C46553CF}
2008-02-02 00:17 . 2008-02-08 17:27 <DIR> d-------- C:\Documents and Settings\Jon Foster\Application Data\skypePM
2008-02-02 00:17 . 2008-02-02 00:17 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-02 00:16 . 2008-02-08 23:59 <DIR> d-------- C:\Program Files\Skype
2008-02-02 00:16 . 2008-02-08 23:59 <DIR> d-------- C:\Documents and Settings\Jon Foster\Application Data\Skype
2008-02-02 00:16 . 2008-02-08 23:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-02-01 23:35 . 2008-02-08 23:59 <DIR> d-------- C:\Documents and Settings\Jon Foster\Application Data\Globe7
2008-02-01 23:34 . 2008-02-08 23:59 <DIR> d-------- C:\Program Files\Globe7
2008-01-20 12:21 . 2008-02-10 10:24 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Azureus

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-19 04:53 --------- d-----w C:\Program Files\FlashGet
2008-02-18 22:31 9,994 ----a-w C:\Program Files\hijackthis.log
2008-02-18 22:27 --------- d-----w C:\Program Files\MultiRes
2008-02-18 19:16 --------- d-----w C:\Program Files\NBC Direct
2008-02-18 06:59 --------- d-----w C:\Program Files\Java
2008-02-18 06:56 1,919 ----a-w C:\Program Files\1203317775065-integrated.jnlp
2008-02-18 06:55 1,919 ----a-w C:\Program Files\1203317726271-integrated.jnlp
2008-02-17 06:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-02-14 12:33 --------- d-----w C:\Documents and Settings\Jon Foster\Application Data\dvdcss
2008-02-10 15:22 --------- d-----w C:\Documents and Settings\Jon Foster\Application Data\Azureus
2008-02-09 04:59 --------- d-----w C:\Documents and Settings\Jon Foster\Application Data\uTorrent
2008-02-04 19:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-04 03:22 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-19 08:54 --------- d-----w C:\Program Files\Azureus
2008-01-18 15:44 --------- d-----w C:\Program Files\BZFlag2.0.10
2008-01-18 15:37 --------- d-----w C:\Program Files\Ciel
2008-01-18 15:30 --------- d-----w C:\Program Files\Audacity
2008-01-18 15:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\RoboForm
2008-01-18 15:20 --------- d-----w C:\Program Files\Siber Systems
2008-01-18 15:20 --------- d-----w C:\Program Files\AutoHotkey
2008-01-18 14:54 --------- d-----w C:\Documents and Settings\Jon Foster\Application Data\Tenebril
2008-01-18 14:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Tenebril
2008-01-18 14:45 --------- d-----w C:\Program Files\SpyCatcher
2008-01-18 14:23 --------- d-----w C:\Program Files\Alwil Software
2008-01-16 01:22 --------- d-----w C:\Program Files\Picasa2
2008-01-13 23:30 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-01-13 23:30 --------- d-----w C:\Documents and Settings\Jon Foster\Application Data\SystemRequirementsLab
2008-01-12 18:08 --------- d-----w C:\Documents and Settings\Jon Foster\Application Data\Move Networks
2008-01-10 17:59 --------- d-----w C:\Program Files\DVDFab HD Decrypter 4
2008-01-09 13:26 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-08 02:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\ExtendMedia
2008-01-08 02:28 --------- d-----w C:\Program Files\OpenCASE
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-11-06 15:19 1,949 ----a-w C:\Program Files\events.bin
2007-11-06 15:15 966 ----a-w C:\Program Files\savings.bin
2007-11-06 15:15 902 ----a-w C:\Program Files\budget.bin
2007-11-06 15:15 1,729 ----a-w C:\Program Files\chekbook.bin
2007-11-06 15:13 21 ----a-w C:\Program Files\prefs.bin
2007-11-06 15:12 10,848 ---ha-w C:\Program Files\pf2000.GID
2007-10-27 13:28 1,164,456 ----a-w C:\Program Files\install_flash_player.exe
2007-10-24 00:17 1,833,520 ----a-w C:\Program Files\GoogleDesktopSetup.exe
2007-07-05 17:45 25,687,891 ----a-w C:\Program Files\rad_w2kxp_omega_38360_7z.exe
2007-05-29 20:36 28,721,934 ----a-w C:\Program Files\rad_w2kxp_omega_38360.exe
2007-04-08 03:52 87,608 ----a-w C:\Documents and Settings\Jon Foster\Application Data\ezpinst.exe
2007-04-08 03:52 47,360 ----a-w C:\Documents and Settings\Jon Foster\Application Data\pcouffin.sys
2007-03-08 02:11 642,199 ----a-w C:\Program Files\cladDVD .NET v3.5.6.zip
2007-03-07 23:34 5,846,826 ----a-w C:\Program Files\DVDFabPlatinum3086.exe
2006-12-14 03:13 2,082,062 ----a-w C:\Program Files\DVDFabDecrypter3040.exe
2006-05-08 02:32 1,252,395 ----a-w C:\Program Files\FilmLoopSetup.exe
2006-04-09 01:42 0 ----a-w C:\Program Files\sm.001
2006-03-26 06:50 9,289,328 ----a-w C:\Program Files\ead-installer.exe
2006-03-13 06:00 31,556 ----a-w C:\Program Files\Contig.zip
2006-03-13 05:54 31,556 ----a-w C:\Program Files\PowerDefragmenterGUI.zip
2006-03-11 21:35 12,231,105 ----a-w C:\Program Files\americasarmy260_fileplanet.exe.DLMCache
2006-03-11 06:59 5,037,072 ----a-w C:\Program Files\spybotsd14.exe
2006-03-09 08:10 1,045,658 ----a-w C:\Program Files\TuneXP_15.exe
2006-03-09 07:03 630,000 ----a-w C:\Program Files\exctrlst_setup.exe
2006-03-09 04:41 2,817,354 ----a-w C:\Program Files\DCProSetup_15.zip
2006-03-08 04:53 24,070,527 ----a-w C:\Program Files\rad_w2kxp_omega_38221_7z.exe
2006-03-03 04:02 367,383 ----a-w C:\Program Files\cpu-z-132.zip
2006-02-25 23:50 1,117,491 ----a-w C:\Program Files\DVD_to_DVD.exe
2006-02-25 23:08 7,222,581 ----a-w C:\Program Files\DVD_to_CD.exe
2006-02-25 23:06 1,318,000 ----a-w C:\Program Files\Decrypter.exe
2006-02-24 20:37 55,147,664 ----a-w C:\Program Files\bf2_editorsetup_jan04.exe
2006-02-22 06:23 27,805,137 ----a-w C:\Program Files\BFIIUpdate1_1.exe
2006-02-20 19:23 25,768,495 ----a-w C:\Program Files\rad_w2kxp_omega_38221.exe
2006-02-12 07:27 8,205 ----a-w C:\Program Files\index.htm
2006-02-02 22:54 304,365 ----a-w C:\Program Files\jediacademydemo_gsi.exe.DLMCache
2006-01-22 10:15 208,383 ----a-w C:\Program Files\airsnort-0.2.7e.tar.gz
2006-01-08 02:17 11,817,800 ----a-w C:\Program Files\GoogleEarth.exe
2005-12-09 03:39 1,956,011 ----a-w C:\Program Files\Jigsaw.zip
2005-12-09 01:23 2,560,240 ----a-w C:\Program Files\spywareblastersetup34.exe
2005-12-08 20:44 218,112 ----a-w C:\Program Files\hijackthis.exe
2005-12-08 20:09 318,775 ----a-w C:\Program Files\CleanUp40.exe
2005-12-07 01:06 16,150,144 ----a-w C:\Program Files\avg71free_371a669.exe
2005-12-05 03:08 5,025,732 ----a-w C:\Program Files\BitTorrent-4.2.1.exe
2005-12-05 01:48 800,041 ----a-w C:\Program Files\Back In Black - Video 1998.rm
2005-12-02 11:37 25,267,400 ----a-w C:\Program Files\rad_w2kxp_omega_2683.exe
2005-12-02 02:54 145,539 ----a-w C:\Program Files\helios.zip
2005-11-30 00:07 5,225,384 ----a-w C:\Program Files\Firefox Setup 1.5.exe
2005-11-26 07:23 1,059,159 ----a-w C:\Program Files\ATITool_0.24.exe
2005-11-17 07:32 1,918,871 ----a-w C:\Program Files\Jigsaw.desktop
2005-10-17 04:51 2,855,080 ----a-w C:\Program Files\aawsepersonal.exe
2005-09-20 22:10 369 ----a-w C:\Program Files\gunboundwc_gis_400.exe.FilePlanetCache
2005-09-08 20:23 34,432,712 ----a-w C:\Program Files\5-8_xp-2k_dd_ccc_wdm_enu_25203.exe
2005-09-07 22:26 196,924 ----a-w C:\Program Files\sfchaerilidae.zip
2005-09-03 01:11 6,720,809 ----a-w C:\Program Files\bf1942_v1.6_to_v1.61b.exe
2005-08-30 19:14 2,660,008 ----a-w C:\Program Files\DeepBurner1.exe
2005-07-07 08:06 603,080 ----a-w C:\Program Files\kazaa_setup.exe
2005-04-09 21:00 93,483 ----a-w C:\Program Files\CleanUp.hlp
2005-04-09 21:00 409,600 ----a-w C:\Program Files\Cleanup.exe
2002-03-07 23:59 557,113 ----a-w C:\Program Files\MOHAA_server.exe
2002-03-06 19:24 2,756 ----a-w C:\Program Files\PatchReadme111.txt
2001-03-25 04:58 2,154,496 ----a-w C:\Program Files\pf2000.exe
2001-03-15 06:09 879 ----a-w C:\Program Files\pf2000.cnt
2001-03-15 06:09 37,289 ----a-w C:\Program Files\pf2000.hlp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"igndlm.exe"="C:\Program Files\FilePlanet\Download Manager\DLM.exe" [2007-03-05 12:57 1103480]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-02 10:30 68856]
"Active Desktop Calendar"="C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe" [ ]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 16:18 443968]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-01-18 10:20 160592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 13:50 155648]
"SoundMan"="SOUNDMAN.EXE" [2004-05-14 17:47 67072 C:\WINDOWS\SOUNDMAN.EXE]
"AtiPTA"="atiptaxx.exe" [2006-02-21 19:05 344064 C:\WINDOWS\system32\atiptaxx.exe]
"HostManager"="C:\Program Files\Common Files\AOL\1142909488\ee\AOLSoftware.exe" [2006-05-09 19:24 50760]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [ ]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 11:59 124520]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 15:51 257088]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-23 19:17 29744]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 08:00 79224]
"SpyCatcher Reminder"="C:\Program Files\SpyCatcher\SpyCatcher.exe" [2007-10-16 12:05 103864]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-02-20 18:24:22 434176]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2005-07-03 18:38:05 118784]
SpyCatcher Protector.lnk - C:\Program Files\SpyCatcher\Protector.exe [2008-01-18 09:45:53 91576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-21 00:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=secuload.dll,wbsys.dll c:\progra~1\google\google~3\goec62~1.dll

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2004-04-28 14:17]
R1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v3.8.360\ATI Tray Tools\atitray.sys [2007-05-22 04:04]
R2 OpenCASE Media Agent;OpenCASE Media Agent;"C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe" [2008-01-16 15:58]
R2 WUSB54GSSVC;WUSB54GSSVC;"C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54GS.exe" []
R3 USB_RNDIS_XP;Linksys Wireless-G USB Network Adapter with SpeedBooster Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 07:00]
S3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\getnd5b.sys [2003-09-02 10:22]
S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-23 19:17]
S3 jbridgep;jbridgep;C:\DOCUME~1\JONFOS~1\LOCALS~1\Temp\jbridgep.sys []
S3 Memctl;Memctl;C:\Program Files\ABIT\FlashMenu\Memctl.sys [2001-11-29 22:49]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-23 21:12]
S3 samhid;samhid;C:\WINDOWS\system32\drivers\samhid.sys [2006-01-07 12:09]
S3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2002-11-20 21:45]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4254ed41-6feb-11d9-87ae-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-14 15:39:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-18 14:05:00 C:\WINDOWS\Tasks\iTunes.job"
- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes\iTunes.lnk
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-19 08:11:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\Logitech\SetPoint\GameHook.dll
.
Completion time: 2008-02-19 8:11:54
.
2008-02-14 08:02:01 --- E O F ---



And Here is the Hijackthis log.



Logfile of HijackThis v1.99.1
Scan saved at 8:13:53 AM, on 2/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GS.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\AOL\1142909488\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SpyCatcher\Protector.exe
C:\Program Files\SpyCatcher\Scheduler daemon.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hijackthis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher\SCActiveBlock.dll
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142909488\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpyCatcher Reminder] C:\Program Files\SpyCatcher\SpyCatcher.exe reminder
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\FilePlanet\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: Epson printer Registration.lnk = E:\Titles\EpsonReg\EpsonReg.EXE
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher\Protector.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {8B6193F1-837F-11D4-89E6-0050DA666184} (Sol2axctl Class) - http://download.soli...d/solitaire.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O20 - AppInit_DLLs: secuload.dll,wbsys.dll c:\progra~1\google\google~3\goec62~1.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: WUSB54GSSVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54GS.exe (file missing)

Edited by darko2021, 19 February 2008 - 07:15 AM.

  • 0

#13
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Where does it say the rootkit is ?
  • 0

#14
darko2021

darko2021

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts
I'm not sure it gives a directory but I will check the next time it happens.
  • 0

#15
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
I wouldn't worry about it, your logs are clean

Few things to do

Now lets uninstall Combofix:
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
The above procedure will do the following:
  • Delete ComboFix and its associated files and folders.
  • Delete VundoFix backups, if present
  • Delete the C:\Deckard folder, if present
  • Delete the C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP