Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Bagle Worm, cant access Antivirus/hijackthis!plz help [RESOLVED]


  • This topic is locked This topic is locked

#16
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
OK, great!

Now lets run OTScanIt:

Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
  • Check the box that says Scan All User Accounts
  • Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days
  • Check the radio button under Rootkit Search for Yes
  • Under Additional Scans check the following:
    • Reg - BotCheck
    • File - Additional Folder Scans
    • File - Lop Check
    • File - Purity Scan
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

If the log is too large to post, please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

Advertisements


#17
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Hey Dave,

In addition to running OTScanIt as outlined above, please run Deckard's System Scanner for me:

Download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, DSS will open two Notepad files: main.txt and extra.txt
  • Use Save As to save both Notepad files to your Desktop and post them in your next reply.
Note: A copy of these files can be found in you root drive, usually C:\Deckard\System Scanner\

Regards,
RatHat
  • 0

#18
verve

verve

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
HERE YOU GO:


[code=auto:0]OTScanIt logfile created on: 2008-03-24 19:37:24
OTScanIt by OldTimer - Version 1.0.6.1 Folder = C:\Documents and Settings\dave\Desktop\OTScanIt
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 78.55% Memory free
3.85 Gb Paging File | 3.59 Gb Available in Paging File | 93.40% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 105.52 Gb Free Space | 45.31% Space Free | Partition Type: NTFS
Drive D: | 610.54 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PISSOFF
Current User Name: dave
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users

[Processes - Non-Microsoft Only]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 2008-01-17 00:49:34 | Attr = ]
smax4.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4.exe -> Analog Devices, Inc. [Ver = 5, 2, 0, 28 | Size = 729088 bytes | Modified Date = 2006-04-10 08:19:46 | Attr = ]
smax4pnp.exe -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe -> Analog Devices, Inc. [Ver = 6, 0, 0, 61 | Size = 843776 bytes | Modified Date = 2006-05-01 10:07:44 | Attr = ]
ctsysvol.exe -> %ProgramFiles%\Creative\SBAudigy\Surround Mixer\CTSysVol.exe -> Creative Technology Ltd [Ver = 1.4.8.0 | Size = 57344 bytes | Modified Date = 2005-10-31 09:51:52 | Attr = ]
ctsched.exe -> %ProgramFiles%\Creative\Shared Files\CTSched.exe -> Creative Technology Ltd [Ver = 1.0.6.0 | Size = 53340 bytes | Modified Date = 2006-01-09 02:43:42 | Attr = ]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2006-02-28 11:42:38 | Attr = ]
devsvc.exe -> %CommonProgramFiles%\InterVideo\DeviceService\DevSvc.exe -> InterVideo Inc. [Ver = 1.0.0.1 | Size = 200704 bytes | Modified Date = 2006-08-11 11:15:36 | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3208 | Size = 180269 bytes | Modified Date = 2007-12-04 19:25:55 | Attr = ]
caissdt.exe -> %ProgramFiles%\CA\eTrust Internet Security Suite\caissdt.exe -> Computer Associates International, Inc. [Ver = Version 2.0.1.1 | Size = 165416 bytes | Modified Date = 2006-04-21 14:42:24 | Attr = ]
atwtusb.exe -> %SystemRoot%\system32\ATWTUSB.EXE -> WALTOP International Corp. [Ver = 2, 47, 2, 0 | Size = 290816 bytes | Modified Date = 2005-09-21 18:08:48 | Attr = ]
iviregmgr.exe -> %CommonProgramFiles%\InterVideo\RegMgr\iviRegMgr.exe -> InterVideo [Ver = 1, 0, 4, 0 | Size = 112152 bytes | Modified Date = 2007-01-04 19:48:52 | Attr = ]
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.124.1 | Size = 61440 bytes | Modified Date = 2006-10-19 13:52:24 | Attr = ]
isuspm.exe -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> Macrovision Corporation [Ver = 5, 01, 100, 47363 | Size = 213936 bytes | Modified Date = 2006-03-20 17:34:50 | Attr = ]
aacenter.exe -> %ProgramFiles%\ASUS\AASP\1.00.01\aaCenter.exe -> [Ver = 0.1.0.1 | Size = 582144 bytes | Modified Date = 2006-06-30 14:57:04 | Attr = ]
nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6375 | Size = 155716 bytes | Modified Date = 2007-10-04 17:14:00 | Attr = ]
setpoint.exe -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> Logitech Inc. [Ver = 2.41.309 | Size = 450560 bytes | Modified Date = 2005-06-16 02:41:00 | Attr = ]
khalmnpr.exe -> %CommonProgramFiles%\Logitech\KHAL\KHALMNPR.EXE -> Logitech Inc. [Ver = 2.41.305 | Size = 28160 bytes | Modified Date = 2005-06-16 02:41:00 | Attr = ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.6.1 | Size = 310784 bytes | Modified Date = 2008-03-24 02:11:08 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 2008-01-17 00:49:34 | Attr = ]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 2007-11-14 21:48:04 | Attr = ]
(Adobe Version Cue CS3) Adobe Version Cue CS3 [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -> Adobe Systems Incorporated [Ver = 3, 0, 0, 0 | Size = 153792 bytes | Modified Date = 2007-03-20 15:41:24 | Attr = ]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 17272 bytes | Modified Date = 2008-03-23 23:38:25 | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 140664 bytes | Modified Date = 2008-03-23 23:38:24 | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 247160 bytes | Modified Date = 2008-03-23 23:38:24 | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 345464 bytes | Modified Date = 2008-03-23 23:38:25 | Attr = ]
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2006-02-28 11:42:38 | Attr = ]
(Capture Device Service) Capture Device Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\InterVideo\DeviceService\DevSvc.exe -> InterVideo Inc. [Ver = 1.0.0.1 | Size = 200704 bytes | Modified Date = 2006-08-11 11:15:36 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 2004-08-03 23:56:50 | Attr = ]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 2007-10-17 11:11:42 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.50.42618 | Size = 69632 bytes | Modified Date = 2005-11-14 00:06:04 | Attr = ]
(IviRegMgr) IviRegMgr [Win32_Own | Auto | Running] -> %CommonProgramFiles%\InterVideo\RegMgr\iviRegMgr.exe -> InterVideo [Ver = 1, 0, 4, 0 | Size = 112152 bytes | Modified Date = 2007-01-04 19:48:52 | Attr = ]
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.124.1 | Size = 61440 bytes | Modified Date = 2006-10-19 13:52:24 | Attr = ]
(MSCSPTISRV) MSCSPTISRV [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\MSCSPTISRV.exe -> Sony Corporation [Ver = 4.5.01.04270 | Size = 53337 bytes | Modified Date = 2006-04-27 16:35:16 | Attr = ]
(NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> Nero AG [Ver = 2, 7, 3, 2 | Size = 779824 bytes | Modified Date = 2007-03-14 19:19:10 | Attr = ]
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> Nero AG [Ver = 2,0,5,0 | Size = 271920 bytes | Modified Date = 2007-03-12 13:49:46 | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6375 | Size = 155716 bytes | Modified Date = 2007-10-04 17:14:00 | Attr = ]
(PACSPTISVR) PACSPTISVR [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\PACSPTISVR.exe -> Sony Corporation [Ver = 4.5.01.04270 | Size = 49241 bytes | Modified Date = 2006-04-27 16:27:06 | Attr = ]
(SPTISRV) Sony SPTI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SPTISRV.exe -> Sony Corporation [Ver = 4.5.01.04270 | Size = 69718 bytes | Modified Date = 2006-04-27 16:16:28 | Attr = ]
(SSScsiSV) SonicStage SCSI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SSScsiSV.exe -> Sony Corporation [Ver = 4.0.00.05080 | Size = 69632 bytes | Modified Date = 2006-05-08 03:24:54 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Adobe_ID0EYTHM -> %CommonProgramFiles%\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe -> Adobe Systems Incorporated [Ver = 3, 0, 0, 0 | Size = 1884160 bytes | Modified Date = 2007-03-20 15:40:44 | Attr = ]
Ai Nap -> %ProgramFiles%\ASUS\Ai Suite\AiNap\AiNap.exe -> [Ver = | Size = 1093632 bytes | Modified Date = 2006-07-10 15:49:34 | Attr = ]
AsusServiceProvider -> %ProgramFiles%\ASUS\AASP\1.00.01\aaCenter.exe -> [Ver = 0.1.0.1 | Size = 582144 bytes | Modified Date = 2006-06-30 14:57:04 | Attr = ]
atwtusb -> %SystemRoot%\system32\ATWTUSB.EXE -> WALTOP International Corp. [Ver = 2, 47, 2, 0 | Size = 290816 bytes | Modified Date = 2005-09-21 18:08:48 | Attr = ]
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1098, 0 | Size = 79224 bytes | Modified Date = 2008-03-23 23:44:52 | Attr = ]
CaISSDT -> %ProgramFiles%\CA\eTrust Internet Security Suite\caissdt.exe -> Computer Associates International, Inc. [Ver = Version 2.0.1.1 | Size = 165416 bytes | Modified Date = 2006-04-21 14:42:24 | Attr = ]
CreativeTaskScheduler -> %ProgramFiles%\Creative\Shared Files\CTSched.exe -> Creative Technology Ltd [Ver = 1.0.6.0 | Size = 53340 bytes | Modified Date = 2006-01-09 02:43:42 | Attr = ]
CTSysVol -> %ProgramFiles%\Creative\SBAudigy\Surround Mixer\CTSysVol.exe -> Creative Technology Ltd [Ver = 1.4.8.0 | Size = 57344 bytes | Modified Date = 2005-10-31 09:51:52 | Attr = ]
eTrustPPAP -> %ProgramFiles%\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe -> Computer Associates [Ver = 8, 0, 0, 3 | Size = 258048 bytes | Modified Date = 2008-01-02 21:14:04 | Attr = ]
ISUSPM -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> Macrovision Corporation [Ver = 5, 01, 100, 47363 | Size = 213936 bytes | Modified Date = 2006-03-20 17:34:50 | Attr = ]
JMB36X Configure -> %SystemRoot%\system32\JMRaidTool.exe -> JMicron Technology Corp. [Ver = 1.10.02 | Size = 385024 bytes | Modified Date = 2006-06-02 08:45:20 | Attr = ]
Logitech Hardware Abstraction Layer -> %SystemRoot%\KHALMNPR.Exe -> Logitech Inc. [Ver = 2.41.305 | Size = 28160 bytes | Modified Date = 2005-06-02 13:22:48 | Attr = ]
NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.11.6375 | Size = 8491008 bytes | Modified Date = 2007-10-04 17:14:00 | Attr = ]
NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll -> NVIDIA Corporation [Ver = 6.14.11.6375 | Size = 81920 bytes | Modified Date = 2007-10-04 17:14:00 | Attr = ]
nwiz -> %SystemRoot%\system32\nwiz.exe -> [Ver = | Size = 1626112 bytes | Modified Date = 2007-10-04 17:14:00 | Attr = ]
P17Helper -> %SystemRoot%\system32\P17.dll -> [Ver = 1.0.1.41 | Size = 64512 bytes | Modified Date = 2005-05-03 11:38:42 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.0.4 | Size = 155648 bytes | Modified Date = 2007-11-14 21:34:31 | Attr = ]
SoundMAX -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4.exe -> Analog Devices, Inc. [Ver = 5, 2, 0, 28 | Size = 729088 bytes | Modified Date = 2006-04-10 08:19:46 | Attr = ]
SoundMAXPnP -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe -> Analog Devices, Inc. [Ver = 6, 0, 0, 61 | Size = 843776 bytes | Modified Date = 2006-05-01 10:07:44 | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3208 | Size = 180269 bytes | Modified Date = 2007-12-04 19:25:55 | Attr = ]
UpdReg -> %SystemRoot%\Updreg.EXE -> Creative Technology Ltd. [Ver = 1.0.2 | Size = 90112 bytes | Modified Date = 2000-05-11 | Attr = ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\Logitech SetPoint.lnk -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> Logitech Inc. [Ver = 2.41.309 | Size = 450560 bytes | Modified Date = 2005-06-16 02:41:00 | Attr = ]
< dave Startup Folder > -> C:\Documents and Settings\dave\Start Menu\Programs\Startup ->
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003] > -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003] > -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 ->
HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 ->
HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 ->
HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 1 ->
HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 ->
HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.msn.com ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.msn.com ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
HKEY_CURRENT_USER\: ProxyOverride -> *.local ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome ->
HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome ->
HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\] > -> ->
HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\: Main\\Start Page -> http://www.msn.com ->
HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\: ProxyEnable -> 0 ->
HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\: ProxyOverride -> *.local ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\] > -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\] > -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 2006-10-22 22:08:42 | Attr = ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{AE7CD045-E861-484f-8273-0445EE161910} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007-03-29 21:11:22 | Attr = ]
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007-03-29 21:11:22 | Attr = ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007-03-29 21:11:22 | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007-03-29 21:11:22 | Attr = ]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\] > -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007-03-29 21:11:22 | Attr = ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
{37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\ButtonText [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\CLSID [HKEY_LOCAL_MACHINE] -> [{0000031A-0000-0000-C000-000000000046}] -> File not found
{37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\Default Visible [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\Exec [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\HotIcon [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\Icon [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\MenuStatusBar [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\MenuText [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Append to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007-03-29 21:11:22 | Attr = ]
Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007-03-29 21:11:22 | Attr = ]
Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007-03-29 21:11:22 | Attr = ]
Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007-03-29 21:11:22 | Attr = ]
Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007-03-29 21:11:22 | Attr = ]
Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007-03-29 21:11:22 | Attr = ]
Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007-03-29 21:11:22 | Attr = ]
Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007-03-29 21:11:22 | Attr = ]
< Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\] > -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\Software\Microsoft\Internet Explorer\Extensions\ ->
{37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\ButtonText [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\CLSID [HKEY_LOCAL_MACHINE] -> [{0000031A-0000-0000-C000-000000000046}] -> File not found
{37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\Default Visible [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\Exec [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\HotIcon [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\Icon [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\MenuStatusBar [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{37236812-C1A2-4529-A9CE-CFE04E3DF08A}\\MenuText [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\] > -> HKEY_USERS\S-1-5-21-299502267-963894560-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\ ->
Append to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007-03-29 21:11:22 | Attr = ]
Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007-03-29 21:11:22 | Attr = ]
Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007-03-29 21:11:22 | Attr = ]
Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007-03-29 21:11:22 | Attr = ]
Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007-03-29 21:11:22 | Attr = ]
Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007-03-29 21:11:22 | Attr = ]
Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007-03-29 21:11:22 | Attr = ]
Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 2007-03-29 21:11:22 | Attr = ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{26B337AB-AA70-4EEF-844C-3A6E6451F64B} -> (Sony Ericsson Device 069 USB Ethernet Emulation (NDIS 5)) ->
{28BBBB4A-B713-49CE-BAC4-AABA146F0A0D} -> (1394 Net Adapter) ->
{502D1DA0-4EF1-4132-A23C-B9F465B4B72A} -> () ->
{765DACF6-5B75-41A0-B3BD-42C491C94C85} -> (Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC) ->
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 2006-02-28 11:42:30 | Attr = ]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{001EE746-A1F9-460E-80AD-269E088D6A01}[HKEY_LOCAL_MACHINE] -> http://site.ebrary.com/lib/tvulrs/support/plugins/ebraryRdr.cab[Infotl Control] ->
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}[HKEY_LOCAL_MACHINE] -> http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab[CKAVWebScan Object] ->
{A90A5822-F108-45AD-8482-9BC8B12DD539}[HKEY_LOCAL_MACHINE] -> http://crucial.com/controls/cpcScanner.cab[Crucial cpcScan] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] ->


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2004-08-03 23:56:44 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.3087 (xpsp_sp2_qfe.070219-2253) | Size = 299008 bytes | Modified Date = 2007-09-20 04:33:25 | Attr = ]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2004-08-03 23:56:44 | Attr = ]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_qfe.070425-0226) | Size = 144896 bytes | Modified Date = 2007-09-20 04:34:39 | Attr = ]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.3027 (xpsp_sp2_qfe.061105-2318) | Size = 49152 bytes | Modified Date = 2007-09-20 04:35:10 | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 792 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM�
  • 0

#19
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
That isn't all of the OTScanIt log. Could you attach it for me, and also include the DSS logs.

Thanks,
RatHat
  • 0

#20
verve

verve

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
here you go


main.txt:
Deckard's System Scanner v20071014.68
Run by dave on 2008-03-24 19:42:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
117: 2008-03-24 19:42:48 UTC - RP213 - Deckard's System Scanner Restore Point
116: 2008-03-24 12:39:49 UTC - RP212 - ComboFix created restore point
115: 2008-03-24 00:43:23 UTC - RP211 - Removed Wirecast
114: 2008-03-23 23:41:31 UTC - RP210 - ComboFix created restore point
113: 2008-03-23 15:38:19 UTC - RP209 - Restore Operation


-- First Restore Point --
1: 2007-12-26 06:58:33 UTC - RP97 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as dave.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:46, on 2008-03-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ASUS\AASP\1.00.01\aaCenter.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\dave\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\dave.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.01\aaCenter.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - C:\Documents and Settings\dave\Desktop\WH GBP Casino.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - C:\Documents and Settings\dave\Desktop\WH GBP Casino.lnk (file missing) (HKCU)
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.c...s/ebraryRdr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/c.../cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 10391 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 JGOGO (JMicron Hot-Plug Driver) - c:\windows\system32\drivers\jgogo.sys <Not Verified; JMicron; SCSI Port upper filter driver>
R0 JRAID - c:\windows\system32\drivers\jraid.sys <Not Verified; JMicron Technology Corp.; JMicron JR036X RAID Driver>
R1 AsIO - c:\windows\system32\drivers\asio.sys
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 TBPanel - c:\windows\system32\drivers\tbpanel.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 RTLE8023xp (Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver) - c:\windows\system32\drivers\rtenicxp.sys <Not Verified; Realtek Semiconductor Corporation; Realtek 10/100/1000 NIC Family all in one NDIS Driver>

S1 srosa (Megadrv3) - c:\windows\system32\drivers\srosa.sys (file missing)
S3 Cardex - c:\windows\system32\drivers\tbpanel.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
S3 catchme - c:\docume~1\dave\locals~1\temp\catchme.sys (file missing)
S3 SDTHOOK - c:\windows\system32\drivers\sdthook.sys <Not Verified; Panda Software; Panda® Antivirus>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 Capture Device Service - "c:\program files\common files\intervideo\deviceservice\devsvc.exe" <Not Verified; InterVideo Inc.; Capture Device Service>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-03-24 17:00:00 430 --a------ C:\WINDOWS\Tasks\XoftSpySE 2.job
2008-01-07 16:23:56 312 --a------ C:\WINDOWS\Tasks\XoftSpySE.job


-- Files created between 2008-02-24 and 2008-03-24 -----------------------------

2008-03-24 19:45:38 0 d-------- C:\Program Files\Trend Micro
2008-03-24 12:42:26 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-03-24 12:39:22 0 d-------- C:\Combo-Fix
2008-03-23 23:40:46 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-23 23:40:46 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-23 23:40:46 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-23 23:40:46 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-21 16:05:40 107520 --a------ C:\WINDOWS\system32\UnCasino5.exe <Not Verified; ; UnCasino Application>
2008-03-21 16:05:08 0 d-------- C:\Program Files\WH GBP Casino
2008-03-21 16:04:00 0 d-------- C:\Program Files\William Hill Poker
2008-03-19 18:56:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Vara Software
2008-03-19 18:50:16 0 d-------- C:\Documents and Settings\dave\Application Data\Vara Software
2008-03-16 14:31:49 3654 --a------ C:\WINDOWS\system32\drivers\Sonyhcp.dll
2008-03-09 12:20:58 0 d-------- C:\958f7957514ceef8862ed3ec8f6dd584
2008-03-03 20:05:59 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-03-03 17:58:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-03 17:58:40 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-03 15:31:00 93184 --a------ C:\WINDOWS\system32\UnPoker.exe <Not Verified; ; UnCasino Application>
2008-03-02 14:11:30 5685 --a------ C:\WINDOWS\system32\drivers\AsIO.sys
2008-03-02 14:11:30 24576 --a------ C:\WINDOWS\system32\AsIO.dll <Not Verified; ; AsIO Dynamic Link Library>
2008-03-02 14:11:27 5120 --a------ C:\WINDOWS\system32\drivers\AsInsHelp64.sys
2008-03-02 14:11:27 3328 --a------ C:\WINDOWS\system32\drivers\AsInsHelp32.sys
2008-03-02 14:11:27 0 d-------- C:\Program Files\ASUS
2008-03-02 14:09:15 0 dr------- C:\WINDOWS\AsDmiHtm
2008-02-29 21:34:44 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-29 21:34:39 0 d-------- C:\Program Files\Classic Menu for Office
2008-02-29 16:48:05 0 d-------- C:\Documents and Settings\dave\Application Data\GridIron
2008-02-29 16:47:06 0 d-------- C:\Documents and Settings\All Users\Application Data\GridIron Software
2008-02-29 15:49:43 0 d-------- C:\Program Files\Microsoft Works
2008-02-29 15:49:33 0 d-------- C:\Program Files\MSBuild
2008-02-29 15:48:04 0 d-------- C:\Program Files\Microsoft.NET
2008-02-29 15:40:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-29 15:39:20 0 dr-h----- C:\MSOCache
2008-02-29 15:18:51 0 d-------- C:\Program Files\PowerISO


-- Find3M Report ---------------------------------------------------------------

2008-03-23 22:22:02 0 d-------- C:\Program Files\Messenger
2008-03-23 22:16:32 0 d-------- C:\Documents and Settings\dave\Application Data\uTorrent
2008-03-23 15:44:14 0 d-------- C:\Program Files\XoftSpySE
2008-03-21 23:32:49 0 d-------- C:\Program Files\Soulseek
2008-03-20 19:02:42 0 d-------- C:\Documents and Settings\dave\Application Data\Adobe
2008-03-20 16:03:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-13 09:54:01 0 d-------- C:\Documents and Settings\dave\Application Data\BSplayer Pro
2008-03-12 00:03:06 0 d-------- C:\Documents and Settings\dave\Application Data\Ahead
2008-03-04 00:14:46 0 d-------- C:\Program Files\Vtune
2008-03-04 00:14:41 0 d-------- C:\Program Files\uTorrent
2008-03-04 00:08:11 0 d-------- C:\Program Files\MagicISO
2008-03-04 00:06:11 0 d-------- C:\Program Files\Common Files\Teleca Shared
2008-03-04 00:05:16 0 d-------- C:\Program Files\Common Files\LightScribe
2008-03-03 23:58:38 0 d-------- C:\Program Files\Bonjour
2008-03-03 23:58:37 0 d-------- C:\Program Files\Avant Browser
2008-02-29 15:49:03 0 d-------- C:\Program Files\Common Files
2008-02-22 14:24:53 0 d-------- C:\Program Files\GenArts
2008-02-14 15:42:11 0 d-------- C:\Program Files\Disc2Phone
2008-02-14 15:30:29 0 d-------- C:\Documents and Settings\dave\Application Data\Teleca
2008-02-14 15:29:53 0 d-------- C:\Documents and Settings\dave\Application Data\Sony Ericsson
2008-02-14 15:27:39 0 d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-02-14 15:27:05 0 d-------- C:\Program Files\Sony Ericsson
2008-02-12 23:56:49 0 d-------- C:\Program Files\Vertus Fluid Mask 3
2008-02-12 23:56:23 1024 --a------ C:\WINDOWS\system32\u1xi0qt.dll
2008-02-12 23:56:22 1024 --a------ C:\WINDOWS\system32\grcauth2.dll
2008-02-12 23:56:22 1024 --a------ C:\WINDOWS\system32\grcauth1.dll
2008-01-31 19:25:52 0 d-------- C:\Program Files\DivX
2008-01-31 13:57:24 0 d-------- C:\Program Files\THQ
2008-01-31 13:37:08 0 d-------- C:\Program Files\Ulead Systems
2008-01-18 18:07:49 1025 --a------ C:\WINDOWS\system32\sysprs7.dll
2008-01-18 18:07:49 1025 --a------ C:\WINDOWS\system32\clauth2.dll
2008-01-18 18:07:49 1025 --a------ C:\WINDOWS\system32\clauth1.dll
2008-01-15 15:40:52 3727360 --a------ C:\WINDOWS\system32\sapphire_ae.dll <Not Verified; GenArts, Inc.; GenArts, Inc. Sapphire Plug-ins>
2008-01-09 11:18:12 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-01-09 11:16:10 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-01-09 11:16:10 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-01-09 11:16:02 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-01-09 11:16:02 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-09 11:16:02 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-09 11:16:02 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 08:19]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-06-02 08:45]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 10:07]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14]
"nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 09:51]
"P17Helper"="P17.dll" [2005-05-03 11:38 C:\WINDOWS\system32\P17.dll]
"CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [2006-01-09 02:43]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 15:40]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-04 19:25]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-23 23:44]
"CaISSDT"="C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe" [2006-04-21 14:42]
"atwtusb"="atwtusb.exe" [2005-09-21 18:08 C:\WINDOWS\system32\ATWTUSB.EXE]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-06-02 13:22 C:\WINDOWS\KHALMNPR.Exe]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"AsusServiceProvider"="C:\Program Files\ASUS\AASP\1.00.01\aaCenter.exe" [2006-06-30 14:57]
"Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [2006-07-10 15:49]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 21:34]
"eTrustPPAP"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [2008-01-02 21:14]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"ShowDeskFix"=regsvr32 /s /n /i:u shell32

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-01-11 16:55:20]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59c4e1c2-9ae8-11dc-bd15-00173183073c}]
AutoRun\command- F:\oufddh.exe
explore\Command- F:\oufddh.exe
open\Command- F:\oufddh.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{608ef21c-7b6c-11dc-bce5-00173183073c}]
Auto\command- F:\activexdebugger32.exe f
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f
explore\Command- F:\activexdebugger32.exe f
open\Command- F:\activexdebugger32.exe f

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61ab118e-9f6d-11dc-bd19-00173183073c}]
auto\command- F:\Knight.exe open
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
explore\command- F:\Knight.exe open
find\command- F:\Knight.exe open
install\command- F:\Knight.exe open
open\command- F:\Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a02e8e40-83de-11dc-bcf7-00173183073c}]
Auto\command- activexdebugger32.exe f
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f
explore\Command- activexdebugger32.exe f
find\command- Knight.exe open
install\command- Knight.exe open
open\Command- activexdebugger32.exe f

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a02e8e43-83de-11dc-bcf7-00173183073c}]
Auto\command- G:\activexdebugger32.exe f
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f
explore\Command- G:\activexdebugger32.exe f
open\Command- G:\activexdebugger32.exe f

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a123f9d6-8ba6-11dc-bd08-00173183073c}]
Auto\command- F:\activexdebugger32.exe f
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f
explore\Command- F:\activexdebugger32.exe f
open\Command- F:\activexdebugger32.exe f

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a123f9d9-8ba6-11dc-bd08-00173183073c}]
Auto\command- F:\activexdebugger32.exe f
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f
explore\Command- F:\activexdebugger32.exe f
open\Command- F:\activexdebugger32.exe f

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4582c0c-8e2b-11dc-bd0c-00173183073c}]
Auto\command- F:\activexdebugger32.exe f
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f
explore\Command- F:\activexdebugger32.exe f
open\Command- F:\activexdebugger32.exe f

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fdec1a0f-818f-11dc-bcf3-00173183073c}]
Auto\command- activexdebugger32.exe f
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f
explore\Command- activexdebugger32.exe f
find\command- Knight.exe open
install\command- Knight.exe open
open\Command- activexdebugger32.exe f




-- End of Deckard's System Scanner: finished at 2008-03-24 19:46:47 ------------
  • 0

#21
verve

verve

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
extra.txt


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU 6300 @ 1.86GHz
CPU 1: Intel® Core™2 CPU 6300 @ 1.86GHz
Percentage of Memory in Use: 23%
Physical Memory (total/avail): 2047.11 MiB / 1565.87 MiB
Pagefile Memory (total/avail): 3939.8 MiB / 3655.86 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1886.33 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 232.88 GiB total, 105.45 GiB free.
D: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - WDC WD2500JS-22NCB1 - 232.88 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 232.88 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: avast! antivirus 4.7.1098 [VPS 080322-0] v4.7.1098 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"="C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"C:\\Program Files\\Avant Browser\\avant.exe"="C:\\Program Files\\Avant Browser\\avant.exe:*:Enabled:Avant Browser"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"
"C:\\Program Files\\Sorenson Media\\Sorenson Squeeze\\Squeeze.exe"="C:\\Program Files\\Sorenson Media\\Sorenson Squeeze\\Squeeze.exe:*:Enabled:Squeeze Application"
"C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"="C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe:*:Enabled:WinDVD"
"C:\\Program Files\\Adobe\\Adobe After Effects CS3\\Support Files\\AfterFX.exe"="C:\\Program Files\\Adobe\\Adobe After Effects CS3\\Support Files\\AfterFX.exe:*:Enabled:Adobe After Effects CS3"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\William Hill Poker\\UA.exe"="C:\\Program Files\\William Hill Poker\\UA.exe:*:Enabled:UA Application"
"C:\\Program Files\\Vara Software\\Wirecast\\Wirecast.exe"="C:\\Program Files\\Vara Software\\Wirecast\\Wirecast.exe:*:Enabled:Wirecast Application"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\dave\Application Data
CLASSPATH=C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PISSOFF
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA8
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\dave
LOGONSERVER=\\PISSOFF
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\Common Files\Ahead\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\dave\LOCALS~1\Temp
TMP=C:\DOCUME~1\dave\LOCALS~1\Temp
USERDOMAIN=PISSOFF
USERNAME=dave
USERPROFILE=C:\Documents and Settings\dave
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

dave (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative\SBAudigy\Program\Setup.exe" /S /U /W
--> "C:\Program Files\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe" --u:{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}
--> "C:\Program Files\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe" REMOVEALL --u:{F37167DD-4436-4641-90B6-329D60632DDA}
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> Dummy
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34449598-3F4B-43B5-A996-84A7345FD15F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B95708FA-609B-4F7F-A50C-76D2338464AE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C64409FA-42A7-49C6-837A-D2E5D813BD57}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C64409FA-42A7-49C6-837A-D2E5D813BD57}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
1200-V2 WIRELESS SCROLL TABLET --> Rmtablet KNL
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Add or Remove Adobe Creative Suite 3 Master Collection --> C:\Program Files\Common Files\Adobe\Installers\8bb24e071e5922899698c2105557bd2\Setup.exe
Adobe After Effects 7.0 --> msiexec /I {DD362256-A7A2-4524-9457-213DDC2AFC2A}
Adobe After Effects CS3 --> MsiExec.exe /I{0A3D355B-4FCC-41AF-8C61-A2BA15D26237}
Adobe After Effects CS3 Presets --> MsiExec.exe /I{185D0A67-E066-44AE-926D-F6305813301C}
Adobe After Effects CS3 Third Party Content --> MsiExec.exe /I{60B87ADA-167E-4239-AD64-40992C8D220F}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Audition 3.0 --> msiexec /I {53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3 --> MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Recommended Settings --> MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings --> MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Creative Suite 3 Master Collection --> MsiExec.exe /I{7162AC2C-733F-4127-ACAD-C5F0F27D123D}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3 --> MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe Encore CS3 --> MsiExec.exe /I{5373C190-2C97-4086-B0F6-E7774B2CF25A}
Adobe Encore CS3 Library --> MsiExec.exe /I{7D62C409-EA5C-40E3-954E-AD4923250923}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\5bc0f8414ec36c555a3e7e5ec2e225e\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}
Adobe Extension Manager CS3 --> MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash CS3 --> MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player 9 Plugin --> MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Video Encoder --> MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe Illustrator CS3 --> MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe InDesign CS3 Icon Handler --> MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files --> MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Premiere Pro CS3 --> MsiExec.exe /I{A6CDBEB9-2DF5-4455-A647-F3DF0441D5C3}
Adobe Premiere Pro CS3 Functional Content --> MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3 Third Party Content --> MsiExec.exe /I{0742B739-DCA3-4A21-AADD-B7CBF49C2058}
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{9BA4F9C5-7CB4-492C-9B97-89E36AFA0AB9}
Adobe Setup --> MsiExec.exe /I{D504303A-717D-414C-BA9F-FE01093E2EF8}
Adobe SING CS3 --> MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Soundbooth CS3 --> MsiExec.exe /I{64B7E533-21EC-4DB3-95DE-6D2DDE81F855}
Adobe Soundbooth CS3 Codecs --> MsiExec.exe /I{99312C08-19A1-4B20-9F1D-3BCEED582278}
Adobe Soundbooth CS3 Scores --> MsiExec.exe /I{92A300C0-E97B-48CC-9702-AB1AAED167E1}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Version Cue CS3 Server {ko_KR} --> MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe Video Profiles --> MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3 --> MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3 --> MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AHV content for Acrobat and Flash --> MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
Ai Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{310BC5E2-31AF-49BB-904D-E71EB93645DC}\setup.exe" -l0x9
Anime Studio Pro 5.5 --> "C:\Program Files\e frontier\Anime Studio Pro\unins000.exe"
ASUSUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\Setup.exe" -l0x9
Avant Browser (remove only) --> "C:\Program Files\Avant Browser\uninst.exe"
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
BSPlayer --> "C:\Program Files\Webteh\BSplayerPro\uninstall.exe"
CA eTrust PestPatrol Anti-Spyware --> "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\cauninst.exe" /u
Classic Menu 3.x for Office 2007 --> "C:\Program Files\Classic Menu for Office\unins000.exe"
Company of Heroes --> MsiExec.exe /X{BA801B94-C28D-46EE-B806-E1E021A3D519}
Creative Software AutoUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 /remove
Disc2Phone --> MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dynamic Library v1.03 --> C:\Program Files\WinampNEW\Plugins\dl\uninst_gen_dl.exe
Flashants SWF2Video Pro 1.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Flashants\SWF2Video Pro 1.0\Uninst.isu"
GenArts Sapphire Plug-ins 2.02 for After Effects and Compatible --> "C:\Program Files\GenArts\SapphireAE\unins000.exe"
GridIron Nucleo Pro 2 --> MsiExec.exe /I{F70A5640-8713-48FA-8AD1-2BBDE2C6D54A}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
InterVideo DeviceService --> MsiExec.exe /I{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}
InterVideo WinDVD 8 --> C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x0409
JRAID --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9 -removeonly
K-Lite Codec Pack 3.5.0 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Knoll Light Factory 2.5 --> C:\WINDOWS\unvise32.exe C:\PROGRAM FILES\ADOBE\ADOBE AFTER EFFECTS CS3\SUPPORT FILES\PLUG-INS\KLF2.5GPU.log
Lipsync MX --> C:\PROGRA~1\LIPSYN~1\Dll\UNWISE.EXE C:\PROGRA~1\LIPSYN~1\Dll\lmx_try.log
Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
Magic ISO Maker v5.3 (build 0216) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Nero 7 Ultra Edition --> MsiExec.exe /I{43FFE159-3199-4188-A1CD-629166AD1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenMG Limited Patch 4.5-06-05-12-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.5-06-05-12-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.5.01 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{3633BA28-67CE-4AC8-A677-3406CA84C3D8} UNINSTALL
particleIllusion 3.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\particleIllusion_3\Uninst.isu"
PC Probe II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\setup.exe" -l0x9
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
REALTEK GbE & FE Ethernet PCI-E NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\Setup.exe" -l0x9 -removeonly
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
SmartSound Quicktracks Plugin --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
SonicStage 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
Sony Ericsson PC Suite --> MsiExec.exe /I{FC906D5C-91F9-4DA4-A765-6DCBB669F317}
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Sorenson Squeeze 4.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6A143FF0-BB9A-4A9C-A318-1688BA366BAE}\setup.exe" -l0x9
SoulSeek Client 156c --> "C:\Program Files\Soulseek\uninstall.exe"
Sound Blaster Audigy --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}\SETUP.EXE" -l0x9 /remove
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" -l0x9 -removeonly
Storyboarder 2.0 --> "C:\Program Files\Storyboarder\unins000.exe"
Toon Boom Studio 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{62616A4E-82E4-424A-A201-3D29ABB6B7FD}\setup.exe" -l0x9 UNINSTALL -removeonly
Trapcode 3DStroke --> C:\WINDOWS\unvise32.exe C:\Program Files\Adobe\Adobe After Effects CS3\Support Files\Plug-ins\trapcode3Dstroke.log
Trapcode Form --> C:\WINDOWS\unvise32.exe C:\Program Files\Adobe\Adobe After Effects CS3\Support Files\Plug-ins\trapcodeform.log
Trapcode Shine --> C:\WINDOWS\unvise32.exe C:\Program Files\Adobe\Adobe After Effects CS3\Support Files\Plug-ins\trapcodeShine.log
Trapcode Starglow --> C:\WINDOWS\unvise32.exe C:\Program Files\Adobe\Adobe After Effects CS3\Support Files\Plug-ins\trapcodeStarglow.log
Ulead DVD MovieFactory 6 --> C:\Program Files\InstallShield Installation Information\{CCC4E428-411E-4605-B515-317D50ABD477}\setup.exe -runfromtemp -l0x0409
Update for Outlook 2007 Junk Email Filter (kb947945) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E397056B-7AE5-4FF1-8B13-276BF8201847}
Vertus Fluid Mask 3 3.0.8 --> "C:\Program Files\Vertus Fluid Mask 3\Uninstall.exe"
Vtune 4.6 --> "C:\Program Files\Vtune\unins000.exe"
WH GBP Casino --> C:\WINDOWS\system32\UnCasino5.exe WilliamHillPoundXPBP9
William Hill Poker --> C:\WINDOWS\system32\UnPoker.exe WilliamHillPokerXP
Winamp --> "C:\Program Files\WinampNEW\UninstWA.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XoftSpySE --> C:\Program Files\XoftSpySE\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type3104 / Warning
Event Submitted/Written: 03/24/2008 04:27:42 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{508CE775-4BA4-4748-82DF-FE28DA9F03B0}', feature 'MsgrFeat', component '{0E91778B-E778-45FF-972F-6921D1E0AC29}' failed. The resource 'E:\' does not exist.

Event Record #/Type3089 / Error
Event Submitted/Written: 03/24/2008 00:34:26 AM
Event ID/Source: 1802 / SecurityCenter
Event Description:
The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Event Record #/Type3042 / Error
Event Submitted/Written: 03/23/2008 11:28:25 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application explorer.exe, version 6.0.2900.3156, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type3039 / Warning
Event Submitted/Written: 03/23/2008 11:26:10 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{508CE775-4BA4-4748-82DF-FE28DA9F03B0}', feature 'MsgrFeat', component '{33EF8657-5705-47D4-B01F-E96A27C1D8BD}' failed. The resource 'HKEY_CLASSES_ROOT\Typelib\{53CED51D-432B-45B2-A3E0-0CE2C24235D4}\' does not exist.

Event Record #/Type3021 / Success
Event Submitted/Written: 03/23/2008 09:50:17 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type11471 / Error
Event Submitted/Written: 03/24/2008 04:28:01 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Wireless Zero Configuration service depends on the NDIS Usermode I/O Protocol service which failed to start because of the following error:
%%1058

Event Record #/Type11458 / Error
Event Submitted/Written: 03/24/2008 00:34:26 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Event Record #/Type11442 / Error
Event Submitted/Written: 03/24/2008 00:33:51 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Wireless Zero Configuration service depends on the NDIS Usermode I/O Protocol service which failed to start because of the following error:
%%1058

Event Record #/Type11441 / Warning
Event Submitted/Written: 03/24/2008 00:33:16 AM
Event ID/Source: 2504 / Server
Event Description:
The server could not bind to the transport \Device\NetBT_Tcpip_{765DACF6-5B75-41A0-B3BD-42C491C94C85}.

Event Record #/Type11440 / Warning
Event Submitted/Written: 03/24/2008 00:33:14 AM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 00173183073C. The IP address being used is 169.254.45.178.



-- End of Deckard's System Scanner: finished at 2008-03-24 19:46:47 ------------
  • 0

#22
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
OK Dave, let's start getting rid of this bugger!

1. Download Flash_Disinfector.exe and save it to your desktop.

2. Download a new version of ComboFix from Here or Here to your Desktop.
Note: The writer of Combofix is aware of your problem and has put this new version up to work around it, so don't worry. :)

***It is important that it is saved directly to your Desktop***

Now close any open browsers (Internet Explorer, FireFox etc.)

Next close/disable all anti virus and anti malware programs so they do not interfere with the fixes below.

Insert your flash drives, or whatever is typically your F:\ and G:\ drives

Now double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
After it has rebooted, double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you. Please post the C:\ComboFix.txt along with a new DSS log, in your next reply.
Regards,
RatHat
  • 0

#23
verve

verve

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
WOW AM I GLAD TO BE IN THIS STAGE FINALLY! THANX MAN!!!



ComboFix 08-03-24.1 - dave 2008-03-24 20:56:15.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1602 [GMT 0:00]
Running from: C:\Documents and Settings\dave\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
TimedOut: progfile.dat
-- Script messages for sUBs --
VFind -td "C:\WINDOWS\system32\baiso*"
CF3572.exe /c " VFind.exe -ltf -s-1300000 -d+2007-12-24 C:\WINDOWS\* >Windir.dat"
VFind.exe -ltf -s-1300000 -d+2007-12-24 C:\WINDOWS\*
CF3572.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*"
CF3572.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
Findstr -MIF:/ sursen
CF3572.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*"
CF3572.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement"
GREP -i "C:\\Program Files\\[^\\]*\\[^\\]*$"
VFind -tf -s282624 "C:\Program Files\????????*[0-9].dll"
CF3572.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-24 "C:\Program Files\*"
CF3572.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"

((((((((((((((((((((((((( Files Created from 2008-02-24 to 2008-03-24 )))))))))))))))))))))))))))))))
.

2008-03-24 21:00 . 2004-08-03 23:56 24,576 --a------ C:\WINDOWS\system32\CF_init.exe
2008-03-24 19:45 . 2008-03-24 19:45 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-24 19:42 . 2008-03-24 19:42 <DIR> d-------- C:\Deckard
2008-03-24 12:39 . 2008-03-24 12:43 <DIR> d-------- C:\Combo-Fix
2008-03-21 16:05 . 2008-03-22 11:34 <DIR> d-------- C:\Program Files\WH GBP Casino
2008-03-21 16:05 . 2007-06-22 17:02 107,520 --a------ C:\WINDOWS\system32\UnCasino5.exe
2008-03-21 16:04 . 2008-03-22 18:26 <DIR> d-------- C:\Program Files\William Hill Poker
2008-03-19 19:10 . 2004-08-04 00:56 16,384 --a------ C:\WINDOWS\system32\ipsink.ax
2008-03-19 19:10 . 2004-08-04 00:56 16,384 --a--c--- C:\WINDOWS\system32\dllcache\ipsink.ax
2008-03-19 19:10 . 2004-08-03 23:10 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2008-03-19 19:10 . 2004-08-03 23:10 15,360 --a--c--- C:\WINDOWS\system32\dllcache\streamip.sys
2008-03-19 19:10 . 2004-08-03 23:10 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2008-03-19 19:10 . 2004-08-03 23:10 11,136 --a--c--- C:\WINDOWS\system32\dllcache\slip.sys
2008-03-19 19:10 . 2004-08-03 23:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2008-03-19 19:10 . 2004-08-03 23:10 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys
2008-03-19 19:10 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-03-19 19:10 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2008-03-19 19:07 . 2004-08-03 23:10 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys
2008-03-19 19:07 . 2004-08-03 23:10 48,128 --a--c--- C:\WINDOWS\system32\dllcache\61883.sys
2008-03-19 18:56 . 2008-03-19 18:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Vara Software
2008-03-19 18:50 . 2008-03-19 18:50 <DIR> d-------- C:\Documents and Settings\dave\Application Data\Vara Software
2008-03-19 18:29 . 2005-08-13 02:11 61,312 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys
2008-03-19 18:29 . 2005-08-13 02:11 61,312 --a--c--- C:\WINDOWS\system32\dllcache\ohci1394.sys
2008-03-19 18:29 . 2004-08-03 23:10 53,248 --a------ C:\WINDOWS\system32\drivers\1394bus.sys
2008-03-19 18:29 . 2004-08-03 23:10 53,248 --a--c--- C:\WINDOWS\system32\dllcache\1394bus.sys
2008-03-19 18:29 . 2001-08-17 13:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2008-03-19 18:29 . 2001-08-17 13:46 6,400 --a--c--- C:\WINDOWS\system32\dllcache\enum1394.sys
2008-03-16 14:31 . 2001-11-05 09:23 299,923 --a------ C:\WINDOWS\system32\drivers\sonyhcs.sys
2008-03-16 14:31 . 2002-10-15 22:41 102,220 --a------ C:\WINDOWS\system32\drivers\sonypvs1.sys
2008-03-16 14:31 . 2001-07-03 20:33 53,248 --a------ C:\WINDOWS\system32\SONYHCY.DLL
2008-03-16 14:31 . 2001-11-05 09:23 38,739 --a------ C:\WINDOWS\system32\drivers\sonyhcc.sys
2008-03-16 14:31 . 2001-11-05 09:23 6,097 --a------ C:\WINDOWS\system32\drivers\sonyhcb.sys
2008-03-16 14:31 . 2001-07-03 20:39 3,654 --a------ C:\WINDOWS\system32\drivers\Sonyhcp.dll
2008-03-05 18:38 . 2008-03-19 18:50 54,156 --a------ C:\WINDOWS\QTFont.qfn
2008-03-05 18:38 . 2008-03-05 18:38 1,409 --a------ C:\WINDOWS\system32\tmp10298.FOT
2008-03-05 18:38 . 2008-03-05 18:38 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-03 20:05 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-03-03 19:45 . 2008-03-03 23:15 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-03 19:45 . 2008-03-03 23:15 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-03-03 17:58 . 2008-03-03 17:58 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-03 17:58 . 2008-03-03 17:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-03 15:31 . 2007-08-01 10:03 93,184 --a------ C:\WINDOWS\system32\UnPoker.exe
2008-03-02 17:07 . 2007-11-28 14:03 1,048,576 --a------ C:\WINDOWS\P5B-ASUS-1803.ROM
2008-03-02 17:05 . 2008-03-02 17:07 606,107 --a------ C:\WINDOWS\P5B-ASUS-1803.zip
2008-03-02 16:51 . 2007-11-02 09:29 1,048,576 --a------ C:\WINDOWS\P5B-ASUS-1705.ROM
2008-03-02 16:48 . 2008-03-02 16:51 603,850 --a------ C:\WINDOWS\P5B1705.zip
2008-03-02 16:31 . 2007-01-30 15:40 1,048,576 --a------ C:\WINDOWS\P5B-ASUS-1102.ROM
2008-03-02 16:31 . 2008-03-02 16:31 583,607 --a------ C:\WINDOWS\P5B-1102.zip
2008-03-02 16:16 . 2006-10-26 20:35 1,048,576 --a------ C:\WINDOWS\P5B-0806.ROM
2008-03-02 16:15 . 2008-03-02 16:16 579,246 --a------ C:\WINDOWS\P5B-0806.zip
2008-03-02 16:01 . 2006-10-02 17:42 1,048,576 --a------ C:\WINDOWS\P5B-0701.ROM
2008-03-02 16:00 . 2008-03-02 16:01 577,571 --a------ C:\WINDOWS\P5B-0701.zip
2008-03-02 15:46 . 2006-09-06 20:32 1,048,576 --a------ C:\WINDOWS\P5B-ASUS-0509.ROM
2008-03-02 15:41 . 2008-03-02 15:46 575,646 --a------ C:\WINDOWS\P5B-0509.zip
2008-03-02 14:11 . 2008-03-02 14:36 <DIR> d-------- C:\Program Files\ASUS
2008-03-02 14:11 . 2006-01-10 08:50 24,576 --a------ C:\WINDOWS\system32\AsIO.dll
2008-03-02 14:11 . 2005-12-22 02:22 5,685 --a------ C:\WINDOWS\system32\drivers\AsIO.sys
2008-03-02 14:11 . 2005-07-05 10:43 5,120 --a------ C:\WINDOWS\system32\drivers\AsInsHelp64.sys
2008-03-02 14:11 . 2005-07-05 10:43 3,328 --a------ C:\WINDOWS\system32\drivers\AsInsHelp32.sys
2008-03-02 14:09 . 2008-03-02 14:09 <DIR> dr------- C:\WINDOWS\AsDmiHtm
2008-02-29 21:34 . 2008-02-29 21:34 <DIR> d-------- C:\Program Files\Classic Menu for Office
2008-02-29 21:34 . 2008-03-23 01:32 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-29 16:48 . 2008-02-29 16:48 <DIR> d-------- C:\Documents and Settings\dave\Application Data\GridIron
2008-02-29 16:47 . 2008-02-29 16:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GridIron Software
2008-02-29 15:51 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-02-29 15:49 . 2008-02-29 15:49 <DIR> d-------- C:\Program Files\MSBuild
2008-02-29 15:49 . 2008-02-29 15:49 <DIR> d-------- C:\Program Files\Microsoft Works
2008-02-29 15:48 . 2008-02-29 15:48 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-02-29 15:40 . 2008-03-12 03:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-29 15:39 . 2008-02-29 15:39 <DIR> dr-h----- C:\MSOCache
2008-02-29 15:18 . 2008-03-04 00:10 <DIR> d-------- C:\Program Files\PowerISO

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-23 22:16 --------- d-----w C:\Documents and Settings\dave\Application Data\uTorrent
2008-03-23 15:44 --------- d-----w C:\Program Files\XoftSpySE
2008-03-21 23:32 --------- d-----w C:\Program Files\Soulseek
2008-03-20 16:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-13 09:54 --------- d-----w C:\Documents and Settings\dave\Application Data\BSplayer Pro
2008-03-12 00:03 --------- d-----w C:\Documents and Settings\dave\Application Data\Ahead
2008-03-04 00:14 --------- d-----w C:\Program Files\Vtune
2008-03-04 00:14 --------- d-----w C:\Program Files\uTorrent
2008-03-04 00:08 --------- d-----w C:\Program Files\MagicISO
2008-03-04 00:06 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-03-04 00:05 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-03-03 23:58 --------- d-----w C:\Program Files\Bonjour
2008-03-03 23:58 --------- d-----w C:\Program Files\Avant Browser
2008-02-22 14:24 --------- d-----w C:\Program Files\GenArts
2008-02-14 15:42 --------- d-----w C:\Program Files\Disc2Phone
2008-02-14 15:30 --------- d-----w C:\Documents and Settings\dave\Application Data\Teleca
2008-02-14 15:29 --------- d-----w C:\Documents and Settings\dave\Application Data\Sony Ericsson
2008-02-14 15:27 --------- d-----w C:\Program Files\Sony Ericsson
2008-02-14 15:27 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared
2008-02-14 15:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
2008-02-14 15:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-02-12 23:56 --------- d-----w C:\Program Files\Vertus Fluid Mask 3
2008-02-12 23:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\VertusTech
2008-01-31 19:25 --------- d-----w C:\Program Files\DivX
2008-01-31 13:57 --------- d-----w C:\Program Files\THQ
2008-01-31 13:37 --------- d-----w C:\Program Files\Ulead Systems
2008-01-24 00:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-01-17 00:49 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-15 15:40 3,727,360 ----a-w C:\WINDOWS\system32\sapphire_ae.dll
2008-01-09 11:18 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-09 11:18 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-09 11:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-01-09 11:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-01-09 11:16 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-09 11:16 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-09 11:16 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-09 11:16 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-09 11:16 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-09 11:16 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2006-06-23 06:48 32,768 ----a-w C:\WINDOWS\inf\UpdateUSB.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 08:19 729088]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-06-02 08:45 385024]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 10:07 843776]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 09:51 57344]
"P17Helper"="P17.dll" [2005-05-03 11:38 64512 C:\WINDOWS\system32\P17.dll]
"CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [2006-01-09 02:43 53340]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 15:40 1884160]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-04 19:25 180269]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-23 23:44 79224]
"CaISSDT"="C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe" [2006-04-21 14:42 165416]
"atwtusb"="atwtusb.exe" [2005-09-21 18:08 290816 C:\WINDOWS\system32\ATWTUSB.EXE]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-06-02 13:22 28160 C:\WINDOWS\KHALMNPR.Exe]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00 90112]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"AsusServiceProvider"="C:\Program Files\ASUS\AASP\1.00.01\aaCenter.exe" [2006-06-30 14:57 582144]
"Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [2006-07-10 15:49 1093632]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 21:34 155648]
"eTrustPPAP"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [2008-01-02 21:14 258048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="regsvr32 /s /n /i:u shell32" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-01-11 16:55:20 450560]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\Avant Browser\\avant.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\Sorenson Media\\Sorenson Squeeze\\Squeeze.exe"=
"C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"C:\\Program Files\\Adobe\\Adobe After Effects CS3\\Support Files\\AfterFX.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\William Hill Poker\\UA.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

S1 aiptektp;HyperPen;C:\WINDOWS\system32\DRIVERS\aiptektp.sys [2004-07-07 16:02]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59c4e1c2-9ae8-11dc-bd15-00173183073c}]
\Shell\AutoRun\command - F:\oufddh.exe
\Shell\explore\Command - F:\oufddh.exe
\Shell\open\Command - F:\oufddh.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{608ef21c-7b6c-11dc-bce5-00173183073c}]
\Shell\Auto\command - F:\activexdebugger32.exe f
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f
\Shell\explore\Command - F:\activexdebugger32.exe f
\Shell\open\Command - F:\activexdebugger32.exe f

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61ab118e-9f6d-11dc-bd19-00173183073c}]
\Shell\auto\command - F:\Knight.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - F:\Knight.exe open
\Shell\find\command - F:\Knight.exe open
\Shell\install\command - F:\Knight.exe open
\Shell\open\command - F:\Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a02e8e40-83de-11dc-bcf7-00173183073c}]
\Shell\Auto\command - activexdebugger32.exe f
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f
\Shell\explore\Command - activexdebugger32.exe f
\Shell\find\command - Knight.exe open
\Shell\install\command - Knight.exe open
\Shell\open\Command - activexdebugger32.exe f

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a02e8e43-83de-11dc-bcf7-00173183073c}]
\Shell\Auto\command - G:\activexdebugger32.exe f
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f
\Shell\explore\Command - G:\activexdebugger32.exe f
\Shell\open\Command - G:\activexdebugger32.exe f

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a123f9d6-8ba6-11dc-bd08-00173183073c}]
\Shell\Auto\command - F:\activexdebugger32.exe f
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f
\Shell\explore\Command - F:\activexdebugger32.exe f
\Shell\open\Command - F:\activexdebugger32.exe f

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a123f9d9-8ba6-11dc-bd08-00173183073c}]
\Shell\Auto\command - F:\activexdebugger32.exe f
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f
\Shell\explore\Command - F:\activexdebugger32.exe f
\Shell\open\Command - F:\activexdebugger32.exe f

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4582c0c-8e2b-11dc-bd0c-00173183073c}]
\Shell\Auto\command - F:\activexdebugger32.exe f
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f
\Shell\explore\Command - F:\activexdebugger32.exe f
\Shell\open\Command - F:\activexdebugger32.exe f

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fdec1a0f-818f-11dc-bcf3-00173183073c}]
\Shell\Auto\command - activexdebugger32.exe f
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f
\Shell\explore\Command - activexdebugger32.exe f
\Shell\find\command - Knight.exe open
\Shell\install\command - Knight.exe open
\Shell\open\Command - activexdebugger32.exe f

.
Contents of the 'Scheduled Tasks' folder
"2008-03-24 21:01:58 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-01-07 16:23:56 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-24 21:02:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
.
**************************************************************************
.
Completion time: 2008-03-24 21:06:15 - machine was rebooted [dave]
ComboFix-quarantined-files.txt 2008-03-24 21:06:13
.
2008-03-12 03:03:09 --- E O F ---
  • 0

#24
verve

verve

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
IS THERE A WAY TO SEE IF IM INFECTED WITH ANYTHING ELSE OR DO YOU ONLY CONCENTRATE ON BAGLE IN THE LOGS? IM JUST ASKING BECAUSE I DID HAVE SOMETHING CALLED KNIGHT AND ACTIVEXDEBUGGER BEFORE...


CHEERS.
  • 0

#25
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
We are getting there David. My thanks goes to sUBs, the writer of Combofix, and Ried who has given me some advice on this.

The Flash Disinfector should have got rid of those tw files, now we will deal with it's registry entries.

Please uninstall the following programs:


µTorrent
SoulSeek Client 156c

  • Go to Start then Settings, then Control Panel
  • Choose Add or Remove Programs
  • Remove all of the above
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\sysprs7.dll

Folder::
C:\Program Files\Soulseek
C:\Program Files\uTorrent

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59c4e1c2-9ae8-11dc-bd15-00173183073c}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{608ef21c-7b6c-11dc-bce5-00173183073c}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61ab118e-9f6d-11dc-bd19-00173183073c}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a02e8e40-83de-11dc-bcf7-00173183073c}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a02e8e43-83de-11dc-bcf7-00173183073c}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a123f9d6-8ba6-11dc-bd08-00173183073c}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a123f9d9-8ba6-11dc-bd08-00173183073c}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4582c0c-8e2b-11dc-bd0c-00173183073c}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fdec1a0f-818f-11dc-bcf3-00173183073c}]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=-
"C:\\Program Files\\Soulseek\\slsk.exe"=-

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new DSS log.

  • 0

Advertisements


#26
verve

verve

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
ComboFix 08-03-24.1 - dave 2008-03-24 21:38:07.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1525 [GMT 0:00]
Running from: C:\Documents and Settings\dave\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\dave\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\sysprs7.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Soulseek
C:\Program Files\Soulseek\attributes.cfg
C:\Program Files\Soulseek\attrstrings.cfg
C:\Program Files\Soulseek\autoaway.cfg
C:\Program Files\Soulseek\chatrooms.cfg
C:\Program Files\Soulseek\chatui.cfg
C:\Program Files\Soulseek\dlbans.cfg
C:\Program Files\Soulseek\extensions.cfg
C:\Program Files\Soulseek\hotlist.cfg
C:\Program Files\Soulseek\ignores.cfg
C:\Program Files\Soulseek\login.cfg
C:\Program Files\Soulseek\pchat.cfg
C:\Program Files\Soulseek\port.cfg
C:\Program Files\Soulseek\queue.cfg
C:\Program Files\Soulseek\queue2.cfg
C:\Program Files\Soulseek\rcmnd.cfg
C:\Program Files\Soulseek\save.cfg
C:\Program Files\Soulseek\search.cfg
C:\Program Files\Soulseek\shared.cfg
C:\Program Files\Soulseek\ticker.cfg
C:\Program Files\Soulseek\transfersview.cfg
C:\Program Files\Soulseek\ui.cfg
C:\Program Files\Soulseek\userinfo.cfg
C:\Program Files\Soulseek\usernotes.cfg
C:\Program Files\Soulseek\wishlist.cfg
C:\WINDOWS\system32\sysprs7.dll

.
((((((((((((((((((((((((( Files Created from 2008-02-24 to 2008-03-24 )))))))))))))))))))))))))))))))
.

2008-03-24 21:00 . 2004-08-03 23:56 24,576 --a------ C:\WINDOWS\system32\CF_init.exe
2008-03-24 19:45 . 2008-03-24 19:45 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-24 19:42 . 2008-03-24 19:42 <DIR> d-------- C:\Deckard
2008-03-24 12:39 . 2008-03-24 12:43 <DIR> d-------- C:\Combo-Fix
2008-03-21 16:05 . 2008-03-22 11:34 <DIR> d-------- C:\Program Files\WH GBP Casino
2008-03-21 16:05 . 2007-06-22 17:02 107,520 --a------ C:\WINDOWS\system32\UnCasino5.exe
2008-03-21 16:04 . 2008-03-22 18:26 <DIR> d-------- C:\Program Files\William Hill Poker
2008-03-19 19:10 . 2004-08-04 00:56 16,384 --a------ C:\WINDOWS\system32\ipsink.ax
2008-03-19 19:10 . 2004-08-04 00:56 16,384 --a--c--- C:\WINDOWS\system32\dllcache\ipsink.ax
2008-03-19 19:10 . 2004-08-03 23:10 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2008-03-19 19:10 . 2004-08-03 23:10 15,360 --a--c--- C:\WINDOWS\system32\dllcache\streamip.sys
2008-03-19 19:10 . 2004-08-03 23:10 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2008-03-19 19:10 . 2004-08-03 23:10 11,136 --a--c--- C:\WINDOWS\system32\dllcache\slip.sys
2008-03-19 19:10 . 2004-08-03 23:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2008-03-19 19:10 . 2004-08-03 23:10 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys
2008-03-19 19:10 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-03-19 19:10 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2008-03-19 19:07 . 2004-08-03 23:10 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys
2008-03-19 19:07 . 2004-08-03 23:10 48,128 --a--c--- C:\WINDOWS\system32\dllcache\61883.sys
2008-03-19 18:56 . 2008-03-19 18:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Vara Software
2008-03-19 18:50 . 2008-03-19 18:50 <DIR> d-------- C:\Documents and Settings\dave\Application Data\Vara Software
2008-03-19 18:29 . 2005-08-13 02:11 61,312 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys
2008-03-19 18:29 . 2005-08-13 02:11 61,312 --a--c--- C:\WINDOWS\system32\dllcache\ohci1394.sys
2008-03-19 18:29 . 2004-08-03 23:10 53,248 --a------ C:\WINDOWS\system32\drivers\1394bus.sys
2008-03-19 18:29 . 2004-08-03 23:10 53,248 --a--c--- C:\WINDOWS\system32\dllcache\1394bus.sys
2008-03-19 18:29 . 2001-08-17 13:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2008-03-19 18:29 . 2001-08-17 13:46 6,400 --a--c--- C:\WINDOWS\system32\dllcache\enum1394.sys
2008-03-16 14:31 . 2001-11-05 09:23 299,923 --a------ C:\WINDOWS\system32\drivers\sonyhcs.sys
2008-03-16 14:31 . 2002-10-15 22:41 102,220 --a------ C:\WINDOWS\system32\drivers\sonypvs1.sys
2008-03-16 14:31 . 2001-07-03 20:33 53,248 --a------ C:\WINDOWS\system32\SONYHCY.DLL
2008-03-16 14:31 . 2001-11-05 09:23 38,739 --a------ C:\WINDOWS\system32\drivers\sonyhcc.sys
2008-03-16 14:31 . 2001-11-05 09:23 6,097 --a------ C:\WINDOWS\system32\drivers\sonyhcb.sys
2008-03-16 14:31 . 2001-07-03 20:39 3,654 --a------ C:\WINDOWS\system32\drivers\Sonyhcp.dll
2008-03-05 18:38 . 2008-03-19 18:50 54,156 --a------ C:\WINDOWS\QTFont.qfn
2008-03-05 18:38 . 2008-03-05 18:38 1,409 --a------ C:\WINDOWS\system32\tmp10298.FOT
2008-03-05 18:38 . 2008-03-05 18:38 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-03 20:05 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-03-03 19:45 . 2008-03-03 23:15 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-03 19:45 . 2008-03-03 23:15 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-03-03 17:58 . 2008-03-03 17:58 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-03 17:58 . 2008-03-03 17:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-03 15:31 . 2007-08-01 10:03 93,184 --a------ C:\WINDOWS\system32\UnPoker.exe
2008-03-02 17:07 . 2007-11-28 14:03 1,048,576 --a------ C:\WINDOWS\P5B-ASUS-1803.ROM
2008-03-02 17:05 . 2008-03-02 17:07 606,107 --a------ C:\WINDOWS\P5B-ASUS-1803.zip
2008-03-02 16:51 . 2007-11-02 09:29 1,048,576 --a------ C:\WINDOWS\P5B-ASUS-1705.ROM
2008-03-02 16:48 . 2008-03-02 16:51 603,850 --a------ C:\WINDOWS\P5B1705.zip
2008-03-02 16:31 . 2007-01-30 15:40 1,048,576 --a------ C:\WINDOWS\P5B-ASUS-1102.ROM
2008-03-02 16:31 . 2008-03-02 16:31 583,607 --a------ C:\WINDOWS\P5B-1102.zip
2008-03-02 16:16 . 2006-10-26 20:35 1,048,576 --a------ C:\WINDOWS\P5B-0806.ROM
2008-03-02 16:15 . 2008-03-02 16:16 579,246 --a------ C:\WINDOWS\P5B-0806.zip
2008-03-02 16:01 . 2006-10-02 17:42 1,048,576 --a------ C:\WINDOWS\P5B-0701.ROM
2008-03-02 16:00 . 2008-03-02 16:01 577,571 --a------ C:\WINDOWS\P5B-0701.zip
2008-03-02 15:46 . 2006-09-06 20:32 1,048,576 --a------ C:\WINDOWS\P5B-ASUS-0509.ROM
2008-03-02 15:41 . 2008-03-02 15:46 575,646 --a------ C:\WINDOWS\P5B-0509.zip
2008-03-02 14:11 . 2008-03-02 14:36 <DIR> d-------- C:\Program Files\ASUS
2008-03-02 14:11 . 2006-01-10 08:50 24,576 --a------ C:\WINDOWS\system32\AsIO.dll
2008-03-02 14:11 . 2005-12-22 02:22 5,685 --a------ C:\WINDOWS\system32\drivers\AsIO.sys
2008-03-02 14:11 . 2005-07-05 10:43 5,120 --a------ C:\WINDOWS\system32\drivers\AsInsHelp64.sys
2008-03-02 14:11 . 2005-07-05 10:43 3,328 --a------ C:\WINDOWS\system32\drivers\AsInsHelp32.sys
2008-03-02 14:09 . 2008-03-02 14:09 <DIR> dr------- C:\WINDOWS\AsDmiHtm
2008-02-29 21:34 . 2008-02-29 21:34 <DIR> d-------- C:\Program Files\Classic Menu for Office
2008-02-29 21:34 . 2008-03-23 01:32 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-29 16:48 . 2008-02-29 16:48 <DIR> d-------- C:\Documents and Settings\dave\Application Data\GridIron
2008-02-29 16:47 . 2008-02-29 16:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GridIron Software
2008-02-29 15:51 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-02-29 15:49 . 2008-02-29 15:49 <DIR> d-------- C:\Program Files\MSBuild
2008-02-29 15:49 . 2008-02-29 15:49 <DIR> d-------- C:\Program Files\Microsoft Works
2008-02-29 15:48 . 2008-02-29 15:48 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-02-29 15:40 . 2008-03-12 03:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-29 15:39 . 2008-02-29 15:39 <DIR> dr-h----- C:\MSOCache
2008-02-29 15:18 . 2008-03-04 00:10 <DIR> d-------- C:\Program Files\PowerISO

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-23 15:44 --------- d-----w C:\Program Files\XoftSpySE
2008-03-20 16:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-13 09:54 --------- d-----w C:\Documents and Settings\dave\Application Data\BSplayer Pro
2008-03-12 00:03 --------- d-----w C:\Documents and Settings\dave\Application Data\Ahead
2008-03-04 00:14 --------- d-----w C:\Program Files\Vtune
2008-03-04 00:08 --------- d-----w C:\Program Files\MagicISO
2008-03-04 00:06 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-03-04 00:05 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-03-03 23:58 --------- d-----w C:\Program Files\Bonjour
2008-03-03 23:58 --------- d-----w C:\Program Files\Avant Browser
2008-02-22 14:24 --------- d-----w C:\Program Files\GenArts
2008-02-14 15:42 --------- d-----w C:\Program Files\Disc2Phone
2008-02-14 15:30 --------- d-----w C:\Documents and Settings\dave\Application Data\Teleca
2008-02-14 15:29 --------- d-----w C:\Documents and Settings\dave\Application Data\Sony Ericsson
2008-02-14 15:27 --------- d-----w C:\Program Files\Sony Ericsson
2008-02-14 15:27 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared
2008-02-14 15:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
2008-02-14 15:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-02-12 23:56 --------- d-----w C:\Program Files\Vertus Fluid Mask 3
2008-02-12 23:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\VertusTech
2008-01-31 19:25 --------- d-----w C:\Program Files\DivX
2008-01-31 13:57 --------- d-----w C:\Program Files\THQ
2008-01-31 13:37 --------- d-----w C:\Program Files\Ulead Systems
2008-01-24 00:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-01-17 00:49 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-15 15:40 3,727,360 ----a-w C:\WINDOWS\system32\sapphire_ae.dll
2008-01-09 11:18 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-09 11:18 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-09 11:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-01-09 11:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-01-09 11:16 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-09 11:16 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-09 11:16 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-09 11:16 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-09 11:16 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-09 11:16 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2006-06-23 06:48 32,768 ----a-w C:\WINDOWS\inf\UpdateUSB.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 08:19 729088]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-06-02 08:45 385024]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 10:07 843776]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 09:51 57344]
"P17Helper"="P17.dll" [2005-05-03 11:38 64512 C:\WINDOWS\system32\P17.dll]
"CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [2006-01-09 02:43 53340]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 15:40 1884160]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-04 19:25 180269]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-23 23:44 79224]
"CaISSDT"="C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe" [2006-04-21 14:42 165416]
"atwtusb"="atwtusb.exe" [2005-09-21 18:08 290816 C:\WINDOWS\system32\ATWTUSB.EXE]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-06-02 13:22 28160 C:\WINDOWS\KHALMNPR.Exe]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00 90112]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"AsusServiceProvider"="C:\Program Files\ASUS\AASP\1.00.01\aaCenter.exe" [2006-06-30 14:57 582144]
"Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [2006-07-10 15:49 1093632]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 21:34 155648]
"eTrustPPAP"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [2008-01-02 21:14 258048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="regsvr32 /s /n /i:u shell32" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-01-11 16:55:20 450560]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\Avant Browser\\avant.exe"=
"C:\\Program Files\\Sorenson Media\\Sorenson Squeeze\\Squeeze.exe"=
"C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"C:\\Program Files\\Adobe\\Adobe After Effects CS3\\Support Files\\AfterFX.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\William Hill Poker\\UA.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

S1 aiptektp;HyperPen;C:\WINDOWS\system32\DRIVERS\aiptektp.sys [2004-07-07 16:02]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-24 21:01:58 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-01-07 16:23:56 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-24 21:38:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-24 21:39:27
ComboFix-quarantined-files.txt 2008-03-24 21:39:11
ComboFix2.txt 2008-03-24 21:06:16
.
2008-03-12 03:03:09 --- E O F ---
  • 0

#27
verve

verve

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Deckard's System Scanner v20071014.68
Run by dave on 2008-03-24 21:40:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as dave.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:40:20, on 24/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ASUS\AASP\1.00.01\aaCenter.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\dave\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\dave.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.01\aaCenter.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - C:\Documents and Settings\dave\Desktop\WH GBP Casino.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - C:\Documents and Settings\dave\Desktop\WH GBP Casino.lnk (file missing) (HKCU)
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.c...s/ebraryRdr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/c.../cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 10479 bytes

-- Files created between 2008-02-24 and 2008-03-24 -----------------------------

2008-03-24 20:52:04 0 drahs---- C:\autorun.inf
2008-03-24 19:45:38 0 d-------- C:\Program Files\Trend Micro
2008-03-24 12:39:22 0 d-------- C:\Combo-Fix
2008-03-23 23:40:46 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-23 23:40:46 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-23 23:40:46 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-23 23:40:46 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-21 16:05:40 107520 --a------ C:\WINDOWS\system32\UnCasino5.exe <Not Verified; ; UnCasino Application>
2008-03-21 16:05:08 0 d-------- C:\Program Files\WH GBP Casino
2008-03-21 16:04:00 0 d-------- C:\Program Files\William Hill Poker
2008-03-19 18:56:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Vara Software
2008-03-19 18:50:16 0 d-------- C:\Documents and Settings\dave\Application Data\Vara Software
2008-03-16 14:31:49 3654 --a------ C:\WINDOWS\system32\drivers\Sonyhcp.dll
2008-03-09 12:20:58 0 d-------- C:\958f7957514ceef8862ed3ec8f6dd584
2008-03-03 20:05:59 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-03-03 17:58:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-03 17:58:40 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-03 15:31:00 93184 --a------ C:\WINDOWS\system32\UnPoker.exe <Not Verified; ; UnCasino Application>
2008-03-02 14:11:30 5685 --a------ C:\WINDOWS\system32\drivers\AsIO.sys
2008-03-02 14:11:30 24576 --a------ C:\WINDOWS\system32\AsIO.dll <Not Verified; ; AsIO Dynamic Link Library>
2008-03-02 14:11:27 5120 --a------ C:\WINDOWS\system32\drivers\AsInsHelp64.sys
2008-03-02 14:11:27 3328 --a------ C:\WINDOWS\system32\drivers\AsInsHelp32.sys
2008-03-02 14:11:27 0 d-------- C:\Program Files\ASUS
2008-03-02 14:09:15 0 dr------- C:\WINDOWS\AsDmiHtm
2008-02-29 21:34:44 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-29 21:34:39 0 d-------- C:\Program Files\Classic Menu for Office
2008-02-29 16:48:05 0 d-------- C:\Documents and Settings\dave\Application Data\GridIron
2008-02-29 16:47:06 0 d-------- C:\Documents and Settings\All Users\Application Data\GridIron Software
2008-02-29 15:49:43 0 d-------- C:\Program Files\Microsoft Works
2008-02-29 15:49:33 0 d-------- C:\Program Files\MSBuild
2008-02-29 15:48:04 0 d-------- C:\Program Files\Microsoft.NET
2008-02-29 15:40:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-29 15:39:20 0 dr-h----- C:\MSOCache
2008-02-29 15:18:51 0 d-------- C:\Program Files\PowerISO


-- Find3M Report ---------------------------------------------------------------

2008-03-23 22:22:02 0 d-------- C:\Program Files\Messenger
2008-03-23 15:44:14 0 d-------- C:\Program Files\XoftSpySE
2008-03-20 19:02:42 0 d-------- C:\Documents and Settings\dave\Application Data\Adobe
2008-03-20 16:03:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-13 09:54:01 0 d-------- C:\Documents and Settings\dave\Application Data\BSplayer Pro
2008-03-12 00:03:06 0 d-------- C:\Documents and Settings\dave\Application Data\Ahead
2008-03-04 00:14:46 0 d-------- C:\Program Files\Vtune
2008-03-04 00:08:11 0 d-------- C:\Program Files\MagicISO
2008-03-04 00:06:11 0 d-------- C:\Program Files\Common Files\Teleca Shared
2008-03-04 00:05:16 0 d-------- C:\Program Files\Common Files\LightScribe
2008-03-03 23:58:38 0 d-------- C:\Program Files\Bonjour
2008-03-03 23:58:37 0 d-------- C:\Program Files\Avant Browser
2008-02-29 15:49:03 0 d-------- C:\Program Files\Common Files
2008-02-22 14:24:53 0 d-------- C:\Program Files\GenArts
2008-02-14 15:42:11 0 d-------- C:\Program Files\Disc2Phone
2008-02-14 15:30:29 0 d-------- C:\Documents and Settings\dave\Application Data\Teleca
2008-02-14 15:29:53 0 d-------- C:\Documents and Settings\dave\Application Data\Sony Ericsson
2008-02-14 15:27:39 0 d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-02-14 15:27:05 0 d-------- C:\Program Files\Sony Ericsson
2008-02-12 23:56:49 0 d-------- C:\Program Files\Vertus Fluid Mask 3
2008-02-12 23:56:23 1024 --a------ C:\WINDOWS\system32\u1xi0qt.dll
2008-02-12 23:56:22 1024 --a------ C:\WINDOWS\system32\grcauth2.dll
2008-02-12 23:56:22 1024 --a------ C:\WINDOWS\system32\grcauth1.dll
2008-01-31 19:25:52 0 d-------- C:\Program Files\DivX
2008-01-31 13:57:24 0 d-------- C:\Program Files\THQ
2008-01-31 13:37:08 0 d-------- C:\Program Files\Ulead Systems
2008-01-18 18:07:49 1025 --a------ C:\WINDOWS\system32\clauth2.dll
2008-01-18 18:07:49 1025 --a------ C:\WINDOWS\system32\clauth1.dll
2008-01-15 15:40:52 3727360 --a------ C:\WINDOWS\system32\sapphire_ae.dll <Not Verified; GenArts, Inc.; GenArts, Inc. Sapphire Plug-ins>
2008-01-09 11:18:12 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-01-09 11:16:10 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-01-09 11:16:10 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-01-09 11:16:02 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-01-09 11:16:02 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-09 11:16:02 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-09 11:16:02 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>


-- Registry Dump ---------------------------------------------------------------

Unable to run batchfile; The system cannot find the file specified.
ComSpec: C:\WINDOWS\system32\CF11840.exe


-- End of Deckard's System Scanner: finished at 2008-03-24 21:40:34 ------------
  • 0

#28
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Getting there!

Now the first thing I would like you to do is to download HijackThis and install it:
  • Click here to download HijackThis.exe
  • Save HijackThis.exe to your desktop.
  • Doubleclick on the HijackThis.exe icon on your desktop.
  • By default it will install to C:\Program Files\HijackThis.
  • Continue to follow the rest of the prompts from there
Check the boxes next to all the entries listed below.

O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O9 - Extra button: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - C:\Documents and Settings\dave\Desktop\WH GBP Casino.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - C:\Documents and Settings\dave\Desktop\WH GBP Casino.lnk (file missing) (HKCU)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please run ATF cleaner again:Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please run an online scan with Kaspersky WebScanner. Note: You must use Internet Explorer to run this scan.

Click the Accept button.

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display the results if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop as Kaspersky.txt.
  • Copy and paste that information in your next post.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


So in your next reply, please include the MBAM report, The contents of Kaspersky.txt, and a fresh HijackThis log taken after completing all of the above.

Regards,
RatHat
  • 0

#29
verve

verve

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Malwarebytes' Anti-Malware 1.09
Database version: 534

Scan type: Quick Scan
Objects scanned: 31218
Time elapsed: 2 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#30
verve

verve

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
does it make a difference that my backup drive is not connected at the moment??? i had to disconnect it before when i was getting black screen and it wasnt recognized... is there a good chance this backup drive is infected as well?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP