Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trat BHO really need help please read [RESOLVED]


  • This topic is locked This topic is locked

#1
painter1982

painter1982

    Member

  • Member
  • PipPip
  • 54 posts
I have had avast popping up saying tratbho was found on my sytem. I have deleted it, moved it, boot scanned it, and msconfiged it. Nothing works. would really hate to format for the 3rd time this year. Got it now to wehre i had to shut down my avast becasue it would just pop up a warning saying m11???.dll was detected and it would not allow me to do anything else with windows except bring up task manager. I got avast shut off so I can type this. Below is my hijack this log as of March 30 2008 12:00 pm central time usa. I have also posted all the programs under hijack this logs add remove feature.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:45:21 AM, on 3/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:27 AM, on 3/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
G:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
G:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
I:\hjt.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
I:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.net-studio.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2B0B59B4-55A3-4737-9FD5-B93C6430BF75} - C:\WINDOWS\system32\cpcdtboo.dll
O2 - BHO: (no name) - {3615EE58-6F38-47BA-9DD9-C99BD611C6A6} - C:\WINDOWS\system32\gebcywu.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {ECB08C5D-EE00-4ED4-AFB0-3DDDAB8502A7} - C:\WINDOWS\system32\mllji.dll
O4 - HKLM\..\Run: [avast!] G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com...OnlineGames.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1201487982218
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.co...nstallAsst2.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer....l/installer.exe
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.co.../MathPlayer.cab
O20 - Winlogon Notify: gebcywu - C:\WINDOWS\SYSTEM32\gebcywu.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 5105 bytes



list of installed files under hijack this add remove software list.
3D Groove Playback Engine
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player
Advanced Business Card Maker 3.0
Always Current Business Card
America's Army
avast! Antivirus
Azureus Vuze
Belltech Business Card Designer Pro 4.7
Conflict Denied Ops
Dell Resource CD
Disney Pirates of the Caribbean Online
DivX Content Uploader
DivX Web Player
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab HD Decrypter 4.0.6.2
Elf Bowling 7 (remove only)
ESPNMotion
GameShadow
GameSpy Arcade
GemMaster Mystic
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Intel® PRO Network Connections 12.3.31.0
Intel® PRO Network Connections Drivers
Java™ 6 Update 3
Lexmark Z600 Series
LimeWire 4.16.6
Magic ISO Maker v5.4 (build 0256)
Medal of Honor Pacific Assault™
Medal of Honor Pacific Assault™ Patch2
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE Redistributable
Microsoft Halo
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2007 Home & Business
Microsoft Money Shared Libraries
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.13)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
My Drivers 3.11
Need for Speed™ ProStreet
Nero 8
neroxml
Norton Security Scan
NVIDIA Drivers
OpenAL
Otto
QuickTime
Resident Evil 3
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
SigmaTel Audio
Soldier of Fortune Payback
Sonic Encoders
The Club
The Club
The Rosetta Stone
True Crime - Streets of LA
True Crime® New York City
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update Rollup 2 for Windows XP Media Center Edition 2005
VCRedistSetup
Virtools 3D Life Player
Visual Business Cards 4
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Media Center Edition 2005 KB925766
WinRAR archiver
World In Conflict
Zuma Deluxe 1.0


Thank all of u for the help.
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
  • Under Additional Scans check the boxes beside Reg - App Paths, Reg - Bot Check, Reg - Desktop Components, Reg - Disabled MS Config Items, Reg - File Additional Folder Scans, File - Lop Check, and File - Purity Scan.
  • Under Drivers change it to Non-Microsoft.
  • Check the box beside Scan All User Accounts at the top
  • Under Files Created Within and Files Modified Within change it to 90 days.
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.


Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way
  • 0

#3
painter1982

painter1982

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
here is the results of the otscanit text.

Attached Files


  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Start OTScanIt. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YY -> {3615EE58-6F38-47BA-9DD9-C99BD611C6A6} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\gebcywu.dll []
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YY -> gebcywu -> %SystemRoot%\system32\gebcywu.dll
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {3615EE58-6F38-47BA-9DD9-C99BD611C6A6} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\gebcywu.dll [Reg Error: Value does not exist or could not be read.]
YN -> {ECB08C5D-EE00-4ED4-AFB0-3DDDAB8502A7} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mllji.dll [Reg Error: Value does not exist or could not be read.]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
YN -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
YN -> msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
YY -> C:\WINDOWS\system32\mllji ->
< BotCheck > ->
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
YN -> BMc376d3ca hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemRoot%\system32\yalxhfst.DLL
[Files/Folders - Created Within 90 days]
NY -> VundoFix Backups -> %SystemDrive%\VundoFix Backups
NY -> 5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> bbeeg.ini -> %SystemRoot%\System32\bbeeg.ini
NY -> bbeeg.ini2 -> %SystemRoot%\System32\bbeeg.ini2
NY -> gebcywu.dll -> %SystemRoot%\System32\gebcywu.dll
NY -> mivthihe.ini -> %SystemRoot%\System32\mivthihe.ini
NY -> msdtcprf.ini -> %SystemRoot%\System32\msdtcprf.ini
NY -> 5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> 1 C:\Documents and Settings\don\My Documents\*.tmp files -> C:\Documents and Settings\don\My Documents\*.tmp
NY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\3119048.pdf:Zone.Identifier
NY -> @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\MoveMediaPlayer_07076007.exe:Zone.Identifier
[Files/Folders - Modified Within 30 days]
NY -> 5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> gebcywu.dll -> %SystemRoot%\System32\gebcywu.dll
NY -> 5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> 2 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp
NY -> 2 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp
[Extra Files]
Purity
[Empty Temp Folders]
[Start Explorer]
[Reboot]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.



Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#5
painter1982

painter1982

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
ok first time i ran otscanit to fix the items it finished and nothing happened. So I repasted the fix again and ran it and it said it had to reboot my pc to finish the procedure. But still no notepad opened up. I looked in the otscanit folder and found these two. they are here as attachments.







here is the dss things long log.


here is main.txt

Deckard's System Scanner v20071014.68
Run by don on 2008-03-31 14:13:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-03-31 19:13:30 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as don.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:14:35 PM, on 3/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
G:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
G:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\don\Desktop\dss.exe
I:\HIJACK~1\don.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.net-studio.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3615EE58-6F38-47BA-9DD9-C99BD611C6A6} - C:\WINDOWS\system32\gebcywu.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com...OnlineGames.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1201487982218
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.co...nstallAsst2.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer....l/installer.exe
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.co.../MathPlayer.cab
O20 - Winlogon Notify: gebcywu - C:\WINDOWS\SYSTEM32\gebcywu.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 4996 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>

S0 cercsr6 - c:\windows\system32\drivers\cercsr6.sys <Not Verified; Adaptec, Inc.; Dell RAID Controller>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 MHN - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: SigmaTel High Definition Audio CODEC
Device ID: HDAUDIO\FUNC_01&VEN_8384&DEV_7680&SUBSYS_102801A7&REV_1032\4&2E42BC5E&0&0001
Manufacturer: SigmaTel
Name: SigmaTel High Definition Audio CODEC
PNP Device ID: HDAUDIO\FUNC_01&VEN_8384&DEV_7680&SUBSYS_102801A7&REV_1032\4&2E42BC5E&0&0001
Service: STHDA

Class GUID:
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200B14F1&REV_00\4&5855BE9&0&28F0
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200B14F1&REV_00\4&5855BE9&0&28F0
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-03-30 20:34:15 404 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job


-- Files created between 2008-02-29 and 2008-03-31 -----------------------------

2008-03-28 17:36:08 0 d-------- C:\WINDOWS\pss
2008-03-27 23:19:59 0 d-------- C:\Program Files\Microsoft Money 2007
2008-03-27 05:50:18 2644 --a------ C:\WINDOWS\system32\kill.vbs
2008-03-27 05:48:48 37888 --a------ C:\WINDOWS\system32\gebcywu.dll
2008-03-26 22:12:18 0 d-------- C:\Program Files\Selfkey Systems
2008-03-23 00:28:57 0 d-------- C:\drivers
2008-03-22 23:54:32 0 d-------- C:\Program Files\Disney
2008-03-20 21:44:21 0 d-------- C:\Program Files\Common Files\DirectX
2008-03-20 19:48:39 0 d-------- C:\Documents and Settings\don\Application Data\InstallShield
2008-03-20 12:05:16 0 d-------- C:\wic
2008-03-20 11:30:01 0 d-------- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-03-20 11:29:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-03-19 22:43:16 0 d-------- C:\Program Files\Virtools
2008-03-15 16:11:26 0 d-------- C:\Program Files\Kuma Games
2008-03-14 22:45:15 0 d-------- C:\WINDOWS\system32\xlive
2008-03-13 22:30:55 20480 --a------ C:\WINDOWS\system32\[email protected]@@k.DLL
2008-03-09 18:01:37 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-04 17:24:57 0 d-------- C:\Program Files\Norton Security Scan
2008-03-03 21:24:26 0 d-------- C:\Documents and Settings\don\Application Data\Help
2008-02-29 08:00:52 90112 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2008-02-29 08:00:48 86016 --a------ C:\WINDOWS\unvise32qt.exe <Not Verified; MindVision; Installer VISE 2.8.3>
2008-02-29 08:00:17 0 d-------- C:\Program Files\QuickTime
2008-02-29 08:00:11 0 d-------- C:\WINDOWS\system32\QuickTime
2008-02-29 07:59:57 0 d-------- C:\Documents and Settings\All Users\Application Data\QuickTime


-- Find3M Report ---------------------------------------------------------------

2008-03-28 21:03:07 0 d-------- C:\Documents and Settings\don\Application Data\Azureus
2008-03-28 05:45:27 0 d-------- C:\Documents and Settings\don\Application Data\LimeWire
2008-03-27 23:20:52 0 d-------- C:\Program Files\Common Files
2008-03-27 05:48:48 14336 --a------ C:\WINDOWS\system32\svchost.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-24 00:22:25 0 d-------- C:\Documents and Settings\don\Application Data\U3
2008-03-22 20:32:47 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-21 06:03:03 0 d-------- C:\Documents and Settings\don\Application Data\Move Networks
2008-03-11 20:47:14 0 d-------- C:\Documents and Settings\don\Application Data\Macromedia
2008-03-02 16:54:12 0 d-------- C:\Documents and Settings\don\Application Data\RipIt4Me
2008-02-27 06:57:44 0 d-------- C:\Program Files\MSBuild
2008-02-27 06:54:27 0 d-------- C:\Program Files\Reference Assemblies
2008-02-27 06:53:46 0 d-------- C:\Program Files\MSXML 6.0
2008-02-27 06:53:14 0 d-------- C:\Program Files\Windows Media Connect 2
2008-02-26 18:03:28 0 d-------- C:\Documents and Settings\don\Application Data\Leadertech
2008-02-25 23:37:36 0 d-------- C:\Program Files\GameShadow
2008-02-25 23:30:32 0 d-------- C:\Program Files\OpenAL
2008-02-25 16:51:37 0 d-------- C:\Documents and Settings\don\Application Data\Adobe
2008-02-25 16:50:31 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-25 15:18:20 0 d-------- C:\Program Files\Microsoft Works
2008-02-25 15:17:22 0 d-------- C:\Program Files\Microsoft.NET
2008-02-25 11:47:33 0 d-------- C:\Program Files\Microsoft Silverlight
2008-02-23 13:20:48 0 d-------- C:\Documents and Settings\don\Application Data\Nero
2008-02-23 13:19:48 0 d-------- C:\Program Files\Common Files\Nero
2008-02-23 13:18:39 0 d-------- C:\Program Files\Nero
2008-02-16 17:10:30 0 d-------- C:\Program Files\Activision Value
2008-02-14 22:19:57 679 --a------ C:\WINDOWS\mozver.dat
2008-02-12 13:59:29 0 d-------- C:\Program Files\LimeWire
2008-02-04 12:39:15 0 d-------- C:\Program Files\3DGroove
2008-02-01 14:31:42 0 d-------- C:\Program Files\GameSpy Arcade
2008-02-01 14:31:34 0 d-------- C:\Program Files\MSXML 4.0
2008-01-31 12:00:44 0 d-------- C:\Program Files\PopCap Games
2008-01-27 22:03:18 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-27 21:57:45 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-27 21:03:10 0 -rahs---- C:\MSDOS.SYS
2008-01-27 21:03:10 0 -rahs---- C:\IO.SYS
2008-01-27 21:03:10 0 --a------ C:\CONFIG.SYS
2008-01-27 21:03:10 0 --a------ C:\AUTOEXEC.BAT
2008-01-27 20:59:40 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-01-27 14:53:24 62 --ahs---- C:\Documents and Settings\don\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3615EE58-6F38-47BA-9DD9-C99BD611C6A6}]
03/27/2008 05:48 AM 37888 --a------ C:\WINDOWS\system32\gebcywu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 08:00 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [09/17/2007 09:07 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 06:00 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRun"=0 (0x0)
"NoFind"=0 (0x0)
"NoLogOff"=0 (0x0)
"NoSetFolders"=0 (0x0)
"DisallowRun"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{3615EE58-6F38-47BA-9DD9-C99BD611C6A6}"= C:\WINDOWS\system32\gebcywu.dll [03/27/2008 05:48 AM 37888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebcywu]
gebcywu.dll 03/27/2008 05:48 AM 37888 C:\WINDOWS\system32\gebcywu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^don^Start Menu^Programs^Startup^Kuma_Tray.lnk]
path=C:\Documents and Settings\don\Start Menu\Programs\Startup\Kuma_Tray.lnk
backup=C:\WINDOWS\pss\Kuma_Tray.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^don^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\don\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMc376d3ca]
Rundll32.exe "C:\WINDOWS\system32\yalxhfst.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
"G:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"




-- End of Deckard's System Scanner: finished at 2008-03-31 14:15:00 ------------





here is extra.txt


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® D CPU 2.80GHz
CPU 1: Intel® Pentium® D CPU 2.80GHz
Percentage of Memory in Use: 32%
Physical Memory (total/avail): 1022.09 MiB / 692.25 MiB
Pagefile Memory (total/avail): 2458.2 MiB / 2213.27 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.33 MiB

C: is Fixed (NTFS) - 19.53 GiB total, 6.12 GiB free.
D: is CDROM (Unformatted)
E: is CDROM (No Media)
F: is Fixed (NTFS) - 4.88 GiB total, 1.2 GiB free.
G: is Fixed (NTFS) - 34.18 GiB total, 7.23 GiB free.
H: is Fixed (NTFS) - 34.18 GiB total, 7.21 GiB free.
I: is Fixed (NTFS) - 56.23 GiB total, 1.49 GiB free.
J: is CDROM (No Media)
K: is CDROM (No Media)
L: is CDROM (No Media)
M: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3160812AS - 149.01 GiB - 5 partitions
\PARTITION0 (bootable) - Installable File System - 19.53 GiB - C:
\PARTITION1 - Installable File System - 4.88 GiB - F:
\PARTITION2 - Installable File System - 34.18 GiB - G:
\PARTITION3 - Extended w/Extended Int 13 - 90.42 GiB - H: - I:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: avast! antivirus 4.7.1098 [VPS 080331-0] v4.7.1098 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\dxdiag.exe"="C:\\WINDOWS\\system32\\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"F:\\Program Files\\America's Army\\System\\ArmyOps.exe"="F:\\Program Files\\America's Army\\System\\ArmyOps.exe:*:Enabled:ArmyOps"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"G:\\Program Files\\Azureus\\Azureus.exe"="G:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"G:\\Program Files\\Microsoft Games\\Halo\\halo.exe"="G:\\Program Files\\Microsoft Games\\Halo\\halo.exe:*:Enabled:Halo"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"H:\\toorent\\halo\\Halo\\halo.exe"="H:\\toorent\\halo\\Halo\\halo.exe:*:Disabled:Halo"
"G:\\Program Files\\Activision Value\\Soldier of Fortune Payback\\sof3.exe"="G:\\Program Files\\Activision Value\\Soldier of Fortune Payback\\sof3.exe:*:Enabled:sof3"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"I:\\Program Files\\Eidos\\Conflict Denied Ops\\ConflictDeniedOps.exe"="I:\\Program Files\\Eidos\\Conflict Denied Ops\\ConflictDeniedOps.exe:*:Enabled:Conflict: Denied Ops"
"I:\\Program Files\\Sega\\The Club\\Launcher.exe"="I:\\Program Files\\Sega\\The Club\\Launcher.exe:*:Enabled:The Club Launcher"
"I:\\Program Files\\Sega\\The Club\\TheClub.exe"="I:\\Program Files\\Sega\\The Club\\TheClub.exe:*:Enabled:The Club"
"G:\\Program Files\\Sierra Entertainment\\World In Conflict\\wic.exe"="G:\\Program Files\\Sierra Entertainment\\World In Conflict\\wic.exe:*:Enabled:World in Conflict"
"G:\\Program Files\\Sierra Entertainment\\World In Conflict\\wic_online.exe"="G:\\Program Files\\Sierra Entertainment\\World In Conflict\\wic_online.exe:*:Enabled:World in Conflict - Online Only"
"G:\\Program Files\\Sierra Entertainment\\World In Conflict\\wic_ds.exe"="G:\\Program Files\\Sierra Entertainment\\World In Conflict\\wic_ds.exe:*:Enabled:World in Conflict - Dedicated Server"
"I:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault™\\mohpa.exe"="I:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault™\\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault™"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\don\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MYSYSTEM
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\don
LOGONSERVER=\\MYSYSTEM
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Intel\DMIX
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0407
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\don\LOCALS~1\Temp
TMP=C:\DOCUME~1\don\LOCALS~1\Temp
USERDOMAIN=MYSYSTEM
USERNAME=don
USERPROFILE=C:\Documents and Settings\don
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

don (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3D Groove Playback Engine --> RunDll32 C:\WINDOWS\DOWNLO~1\GrooveAX.dll,[email protected]
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Advanced Business Card Maker 3.0 --> "I:\Program Files\Indentsoft Advanced Business Card Maker\unins000.exe"
Always Current Business Card --> C:\Program Files\Selfkey Systems\Always Current Business Card\ACCARD.exe -uninstall
America's Army --> MsiExec.exe /I{656D5B05-0409-41EE-BBEE-D9C4D6388972}
avast! Antivirus --> rundll32 G:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
Azureus Vuze --> G:\Program Files\Azureus\uninstall.exe
Belltech Business Card Designer Pro 4.7 --> "I:\Program Files\Belltech Business Card Designer Pro\unins000.exe"
Conflict Denied Ops --> MsiExec.exe /X{EE4BA4C3-6DE4-404C-9B69-A84709BED752}
Dell Resource CD --> MsiExec.exe /X{FCD9CD52-7222-4672-94A0-A722BA702FD0}
Disney Pirates of the Caribbean Online --> C:\Program Files\Disney\Disney Online\PiratesOnline\uninst.exe
DivX Content Uploader --> g:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> g:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only) --> "G:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "G:\Program Files\DVD Shrink\unins000.exe"
DVDFab HD Decrypter 4.0.6.2 --> "G:\Program Files\DVDFab HD Decrypter 4\unins000.exe"
Elf Bowling 7 (remove only) --> "I:\Program Files\Elf Bowling 7\Uninstall.exe"
ESPNMotion --> C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
GameShadow --> MsiExec.exe /I{16393B5A-43A8-434B-B22A-0724581F7873}
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "I:\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel® PRO Network Connections 12.3.31.0 --> MsiExec.exe /i{DDD0A758-F44C-47D3-8E88-692FFF775127} ARPREMOVE=1
Intel® PRO Network Connections Drivers --> Prounstl.exe
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Lexmark Z600 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBCUN5C.EXE -dLexmark Z600 Series
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
Magic ISO Maker v5.4 (build 0256) --> I:\PROGRA~1\MagicISO\UNWISE.EXE I:\PROGRA~1\MagicISO\INSTALL.LOG
Medal of Honor Pacific Assault™ --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}\Setup.exe" -l0x9 -removeonly
Medal of Honor Pacific Assault™ Patch2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{824539D7-D27E-4CC3-B36F-6404B5EB726B}\setup.exe" -l0x9 -removeonly
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE Redistributable --> MsiExec.exe /X{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}
Microsoft Halo --> "g:\Program Files\Microsoft Games\Halo\UNINSTAL.EXE" /runtemp /addremove
Microsoft Money 2007 Home & Business --> "C:\Program Files\Microsoft Money 2007\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Money Shared Libraries --> MsiExec.exe /X{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
Microsoft Office Professional 2007 --> MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\don\Application Data\Move Networks\ie_bin\Uninst.exe
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
My Drivers 3.11 --> G:\PROGRA~1\MYDRIV~1\UNWISE.EXE G:\PROGRA~1\MYDRIV~1\INSTALL.LOG
Need for Speed™ ProStreet --> MsiExec.exe /X{CC419DDC-E0F0-4013-B25A-6FA036516F0D}
Nero 8 --> MsiExec.exe /X{5FCCD531-1B38-4A94-924C-127F722F1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton Security Scan --> MsiExec.exe /I{48B82226-75E3-4E90-92CC-D30F79EA6380}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenAL --> "C:\Program Files\OpenAL\oalinst.exe" /U
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
Resident Evil 3 --> G:\PROGRA~1\Capcom\RESIDE~1\UNWISE.EXE G:\PROGRA~1\Capcom\RESIDE~1\INSTALL.LOG
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Soldier of Fortune Payback --> MsiExec.exe /X{11BFB898-71E5-488A-A8FF-0E462667FB72}
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
The Club --> "C:\Program Files\InstallShield Installation Information\{5695B707-C5A9-4EF4-9534-31A798683362}\setup.exe" -runfromtemp -l0x0409 -removeonly
The Club --> MsiExec.exe /I{5695B707-C5A9-4EF4-9534-31A798683362}
The Rosetta Stone --> C:\WINDOWS\unvise32.exe I:\Program Files\The Rosetta Stone\TRS Support\uninstal.log
True Crime - Streets of LA --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1A1FE271-EA21-40E5-90FC-51A8EFBC0A30}
True Crime® New York City --> MsiExec.exe /I{C920EFB6-59DB-472D-B445-21821477AD17}
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Virtools 3D Life Player --> C:\Program Files\Virtools\3D Life Player\WebplayerConfig.exe -u
Visual Business Cards 4 --> "I:\Program Files\Visual Business Cards\unins000.exe"
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
WinRAR archiver --> g:\Program Files\WinRAR\uninstall.exe
World In Conflict --> "C:\Program Files\InstallShield Installation Information\{AA89DBA6-2CC9-46C5-9102-4B2833304AE2}\setup.exe" -runfromtemp -l0x0009 -removeonly
XML Paper Specification Shared Components Pack 1.0 -->
Zuma Deluxe 1.0 --> C:\Program Files\PopCap Games\Zuma Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Zuma Deluxe\Install.log"


-- Application Event Log -------------------------------------------------------

Event Record #/Type485 / Error
Event Submitted/Written: 03/31/2008 00:19:39 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application truecrime.exe, version 0.0.0.0, faulting module truecrime.exe, version 0.0.0.0, fault address 0x0021dc2d.
Processing media-specific event for [truecrime.exe!ws!]

Event Record #/Type482 / Warning
Event Submitted/Written: 03/31/2008 11:22:19 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type478 / Warning
Event Submitted/Written: 03/31/2008 11:21:49 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type474 / Warning
Event Submitted/Written: 03/31/2008 11:21:18 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type470 / Warning
Event Submitted/Written: 03/31/2008 11:18:43 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type4033 / Warning
Event Submitted/Written: 03/30/2008 09:23:47 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00137214381D. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type4030 / Warning
Event Submitted/Written: 03/30/2008 09:23:45 PM
Event ID/Source: 27 / e1express
Event Description:
Intel® PRO/1000 PL Network Connection
Link has been disconnected.

Event Record #/Type4025 / Warning
Event Submitted/Written: 03/30/2008 09:22:57 PM
Event ID/Source: 27 / e1express
Event Description:
Intel® PRO/1000 PL Network Connection
Link has been disconnected.

Event Record #/Type4024 / Warning
Event Submitted/Written: 03/30/2008 09:32:32 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type4016 / Warning
Event Submitted/Written: 03/29/2008 10:41:56 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-03-31 14:15:00 ------------

Attached Files


  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#7
painter1982

painter1982

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
okay here is the combofix report with the newest (just ran) hijack this log.





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:35:13 PM, on 3/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
G:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\dllhost.exe
G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
G:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
I:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.net-studio.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com...OnlineGames.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1201487982218
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.co...nstallAsst2.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer....l/installer.exe
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.co.../MathPlayer.cab
O20 - Winlogon Notify: gebcywu - gebcywu.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 4850 bytes

Attached Files


  • 0

#8
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

No need to attach the ComboFix report


1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O20 - Winlogon Notify: gebcywu - gebcywu.dll (file missing)

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\kill.vbs
C:\WINDOWS\system32\yalxhfst.dll

DirLook::
C:\drivers

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMc376d3ca]


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall





Reboot and post a new HijackThis log
  • 0

#9
painter1982

painter1982

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
newest hijack this log after reboot



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:08:06 PM, on 3/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
G:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
G:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
I:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.net-studio.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com...OnlineGames.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1201487982218
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.co...nstallAsst2.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer....l/installer.exe
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.co.../MathPlayer.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 4756 bytes
  • 0

#10
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Can you post the ComboFix log as well please
  • 0

Advertisements


#11
painter1982

painter1982

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
ComboFix 08-03-30.4 - don 2008-03-31 15:03:59.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.662 [GMT -5:00]
Running from: C:\Documents and Settings\don\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\don\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\kill.vbs
C:\WINDOWS\system32\yalxhfst.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\kill.vbs

.
((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-31 )))))))))))))))))))))))))))))))
.

2008-03-27 23:34 . 2008-03-27 23:34 372,687 -ra------ C:\My Money Backup_2008-03-27_233415.mbf
2008-03-27 23:19 . 2008-03-27 23:26 <DIR> d-------- C:\Program Files\Microsoft Money 2007
2008-03-27 23:18 . 2008-03-27 23:18 0 --a------ C:\WINDOWS\Irremote.ini
2008-03-26 22:12 . 2008-03-26 22:12 <DIR> d-------- C:\Program Files\Selfkey Systems
2008-03-23 00:28 . 2008-03-23 00:28 <DIR> d-------- C:\drivers
2008-03-22 23:54 . 2008-03-22 23:54 <DIR> d-------- C:\Program Files\Disney
2008-03-20 21:44 . 2008-03-20 21:44 <DIR> d-------- C:\Program Files\Common Files\DirectX
2008-03-20 19:48 . 2008-03-20 19:48 <DIR> d-------- C:\Documents and Settings\don\Application Data\InstallShield
2008-03-20 12:05 . 2008-03-20 12:21 <DIR> d-------- C:\wic
2008-03-20 11:30 . 2008-03-20 11:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-03-20 11:29 . 2008-03-20 11:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-03-19 22:43 . 2008-03-19 22:43 <DIR> d-------- C:\Program Files\Virtools
2008-03-15 16:11 . 2008-03-15 16:29 <DIR> d-------- C:\Program Files\Kuma Games
2008-03-14 22:45 . 2008-03-14 22:45 <DIR> d-------- C:\WINDOWS\system32\xlive
2008-03-14 22:44 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-03-14 22:44 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-03-14 22:44 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-03-14 22:44 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-03-13 22:30 . 2008-03-13 22:30 20,480 --a------ C:\WINDOWS\system32\[email protected]@@k.DLL
2008-03-09 18:01 . 2008-03-26 15:14 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-04 17:24 . 2008-03-30 18:00 <DIR> d-------- C:\Program Files\Norton Security Scan
2008-02-29 08:00 . 2008-02-29 08:00 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-02-29 08:00 . 2008-02-29 08:00 <DIR> d-------- C:\Program Files\QuickTime
2008-02-29 08:00 . 2004-03-29 17:23 90,112 --a------ C:\WINDOWS\unvise32.exe
2008-02-29 08:00 . 1999-11-10 12:05 86,016 --a------ C:\WINDOWS\unvise32qt.exe
2008-02-29 07:59 . 2008-02-29 07:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-02-29 00:47 . 2008-03-22 00:53 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-02-27 06:57 . 2008-02-27 06:57 <DIR> d-------- C:\Program Files\MSBuild
2008-02-27 06:54 . 2008-02-27 06:54 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-02-27 06:54 . 2008-02-27 06:54 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-02-27 06:53 . 2008-02-27 06:53 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-02-27 06:53 . 2008-02-27 06:53 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-02-27 06:53 . 2006-06-29 14:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-02-27 06:45 . 2006-11-13 01:02 288,768 --a------ C:\WINDOWS\system32\rhttpaa.dll
2008-02-27 06:45 . 2006-11-13 01:02 116,736 --a------ C:\WINDOWS\system32\aaclient.dll
2008-02-27 06:45 . 2006-11-13 01:02 36,352 --a------ C:\WINDOWS\system32\tsgqec.dll
2008-02-26 18:03 . 2008-02-26 18:03 <DIR> d-------- C:\Documents and Settings\don\Application Data\Leadertech
2008-02-25 23:38 . 2008-02-25 23:38 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-02-25 23:37 . 2008-02-25 23:37 <DIR> d-------- C:\Program Files\GameShadow
2008-02-25 23:30 . 2008-02-25 23:30 <DIR> d-------- C:\Program Files\OpenAL
2008-02-25 16:50 . 2008-02-25 16:50 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-02-25 15:18 . 2008-02-25 15:18 <DIR> d-------- C:\Program Files\Microsoft Works
2008-02-25 15:17 . 2008-02-25 15:17 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-02-25 15:15 . 2008-02-25 15:17 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-02-25 15:15 . 2008-02-25 15:15 <DIR> dr-h----- C:\MSOCache
2008-02-25 15:15 . 2008-03-26 22:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-25 02:02 . 2008-02-25 11:47 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-02-24 22:12 . 2008-02-24 22:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Cabela's Trophy Bucks Saves
2008-02-23 13:20 . 2008-02-23 13:20 <DIR> d-------- C:\Documents and Settings\don\Application Data\Nero
2008-02-23 13:18 . 2008-02-23 13:18 <DIR> d-------- C:\Program Files\Nero
2008-02-23 13:18 . 2008-02-23 13:19 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-02-23 13:18 . 2008-02-23 13:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-02-16 17:10 . 2008-02-16 17:10 <DIR> d-------- C:\Program Files\Activision Value
2008-02-14 23:58 . 2008-03-26 12:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-02-14 23:56 . 2008-03-02 16:54 <DIR> d-------- C:\Documents and Settings\don\Application Data\RipIt4Me
2008-02-14 22:19 . 2008-02-14 22:19 679 --a------ C:\WINDOWS\mozver.dat
2008-02-12 13:45 . 2008-03-28 05:45 <DIR> d-------- C:\Documents and Settings\don\Application Data\LimeWire
2008-02-12 13:44 . 2008-02-12 13:59 <DIR> d-------- C:\Program Files\LimeWire
2008-02-04 17:02 . 2008-02-04 17:02 754 --a------ C:\WINDOWS\WORDPAD.INI
2008-02-04 16:55 . 2008-03-24 00:22 <DIR> d-------- C:\Documents and Settings\don\Application Data\U3
2008-02-04 14:44 . 2008-02-04 14:44 <DIR> d-------- C:\Documents and Settings\don\WINDOWS
2008-02-04 14:44 . 1997-04-08 21:08 299,520 --a------ C:\WINDOWS\uninst.exe
2008-02-04 14:44 . 2008-03-26 22:35 327 --a------ C:\WINDOWS\LEXSTAT.INI
2008-02-04 14:32 . 2004-08-04 00:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-02-04 12:39 . 2008-02-04 12:39 <DIR> d-------- C:\Program Files\3DGroove
2008-02-01 14:31 . 2008-02-01 14:31 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-02-01 14:31 . 2008-02-01 14:31 <DIR> d-------- C:\Program Files\GameSpy Arcade
2008-02-01 12:07 . 2008-02-25 23:40 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-31 19:31 3,951 ----a-w C:\WINDOWS\system32\drivers\sthdae.log
2008-03-30 05:24 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-30 05:24 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-03-29 02:03 --------- d-----w C:\Documents and Settings\don\Application Data\Azureus
2008-03-27 10:48 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-03-23 01:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-21 11:03 --------- d-----w C:\Documents and Settings\don\Application Data\Move Networks
2008-03-14 02:25 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-02-26 04:30 418,480 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-02-26 04:30 115,432 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-01-31 17:00 --------- d-----w C:\Program Files\PopCap Games
2008-01-30 01:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-01-30 01:02 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-29 04:30 --------- d-----w C:\Documents and Settings\don\Application Data\DAEMON Tools
2008-01-29 04:28 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-29 04:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2008-01-29 04:02 --------- d-----w C:\Program Files\Java
2008-01-29 04:02 --------- d-----w C:\Program Files\Common Files\Java
2008-01-28 03:13 --------- d-----w C:\Program Files\SigmaTel
2008-01-28 03:11 --------- d-----w C:\Program Files\Dell
2008-01-28 02:36 --------- d-----w C:\Program Files\Intel
2008-01-28 02:13 --------- d-----w C:\Program Files\RGB
2008-01-28 02:12 --------- d-----w C:\Program Files\GemMaster
2008-01-28 02:12 --------- d-----w C:\Program Files\ESPNMotion
2008-01-28 02:12 --------- d-----w C:\Program Files\EnglishOtto
2008-01-28 02:12 --------- d-----w C:\Program Files\DIGStream
2008-01-28 02:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\DIGStream
2008-01-28 02:04 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-28 01:59 --------- d-----w C:\Program Files\Windows Plus
2007-12-14 01:09 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 15:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-12-04 00:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2004-08-10 11:00 258,048 --sha-w C:\WINDOWS\system32\ProxyM.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\drivers ----

2007-03-21 11:21 173 --a------ C:\drivers\printer\Z500-Z600\Setup.ini
2007-03-21 11:21 1725 --a------ C:\drivers\printer\Z500-Z600\install\config\product.ini
2007-03-20 21:32 147866 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\lxbccdrv.cat
2007-03-20 21:32 143314 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\lxbcdr64.cat
2007-03-16 01:24 99939 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\i386\lxbcppls.ex_
2007-03-16 01:24 74780 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\i386\lxbcpswx.ex_
2007-03-16 01:24 45751 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\i386\lxbcjswx.ex_
2007-03-16 01:24 304048 --a------ C:\drivers\printer\Z500-Z600\install\x86\Setup.exe
2007-03-16 01:24 304048 --a------ C:\drivers\printer\Z500-Z600\applications\Setup.exe
2007-03-16 01:24 2880432 --a------ C:\drivers\printer\Z500-Z600\install\x86\Instgui.exe
2007-03-16 01:24 280496 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\i386\lxbccoms.ex_
2007-03-16 01:24 2786224 --a------ C:\drivers\printer\Z500-Z600\install\x86\uninst.exe
2007-03-16 01:24 220907 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\i386\lxbcih.ex_
2007-03-16 01:24 220636 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\i386\lxbccfg.ex_
2007-03-16 01:24 15187 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\common\lexgo.ex_
2007-03-16 01:23 304048 --a------ C:\drivers\printer\Z500-Z600\Setup.exe
2007-03-16 01:18 403 --a------ C:\drivers\printer\Z500-Z600\install\apwunst.isf
2007-03-16 01:18 1858 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\common\LXBC.loc
2007-03-16 01:18 155 --a------ C:\drivers\printer\Z500-Z600\install\config\install.clm
2007-03-16 01:18 118 --a------ C:\drivers\printer\Z500-Z600\install\appinst.isf
2007-03-16 01:18 102 --a------ C:\drivers\printer\Z500-Z600\install\BEUnst.isf
2007-03-16 01:17 633 --a------ C:\drivers\printer\Z500-Z600\install\config\nls\oem.nls
2007-03-16 01:17 4793 --a------ C:\drivers\printer\Z500-Z600\install\config\nls\common.nls
2007-03-16 01:17 270 --a------ C:\drivers\printer\Z500-Z600\applications\Setup.ini
2007-03-16 01:15 26 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\LXBCprod.ver
2007-03-15 07:43 8720 --a------ C:\drivers\printer\Z500-Z600\install\config\warsaw.cif
2007-03-15 07:43 12954 --a------ C:\drivers\printer\Z500-Z600\install\config\Uninst.cif
2007-03-12 05:57 59480 --a------ C:\drivers\printer\Z500-Z600\install\config\main.xml
2007-03-12 05:57 59480 --a------ C:\drivers\printer\Z500-Z600\install\config\appinst.xml
2007-03-12 05:57 29381 --a------ C:\drivers\printer\Z500-Z600\install\config\nls\nl.nls
2007-03-12 03:49 65650 --a------ C:\drivers\printer\Z500-Z600\install\config\main.cgf
2007-03-12 03:49 13573 --a------ C:\drivers\printer\Z500-Z600\install\config\uninst.cgf
2007-03-08 01:43 86016 --a------ C:\drivers\printer\Z500-Z600\install\ENGLISH\LXBCinsr.dll
2007-03-08 01:43 588235 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\i386\english\LXBCprpr.dl_
2007-03-08 01:43 55366 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\i386\english\LXBCupdr.dl_
2007-03-08 01:43 330614 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\i386\LXBClpa.dl_
2007-03-08 01:43 30940 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\i386\LXBCupd.dl_
2007-03-08 01:43 27194 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\i386\english\LXBCcur.dl_
2007-03-08 01:43 20365 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\i386\english\lxbcinsr.dl_
2007-03-08 01:43 154465 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\i386\english\LXBCpswr.dl_
2007-03-08 01:43 1366198 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\i386\english\LXBClpar.dl_
2007-03-08 01:43 136130 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\i386\english\LXBCjswr.dl_
2007-03-08 01:36 224620 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\i386\LXBCprp.dl_
2007-03-08 01:34 125116 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\i386\LXBCpsw.dl_
2007-03-08 01:33 60297 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\i386\lxbcins.dl_
2007-03-08 01:33 50388 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\i386\LXBCjsw.dl_
2007-03-08 01:33 42931 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\i386\lxbcinsb.dl_
2007-03-08 01:33 31728 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\i386\LXBCcu.dl_
2007-03-08 01:33 197079 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\i386\LXBCutil.dl_
2007-03-08 01:33 155648 --a------ C:\drivers\printer\Z500-Z600\install\LXBCinsb.dll
2007-03-08 01:33 131072 --a------ C:\drivers\printer\Z500-Z600\install\LXBCins.dll
2007-03-06 16:43 14000 --a------ C:\drivers\printer\Z500-Z600\install\config\image\menulogo.bmp
2007-03-06 16:35 988429 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\common\thankyoupage.bm_
2007-03-06 16:35 95858 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\common\LXBCsk2.dl_
2007-03-06 16:35 87 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\common\LXBCphcl.ou_
2007-03-06 16:35 87 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\common\LXBCclnk.ou_
2007-03-06 16:35 71458 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\common\LXBCphal.ou_
2007-03-06 16:35 71458 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\common\LXBCalgk.ou_
2007-03-06 16:35 70611 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\common\LXBCkaln.ou_
2007-03-06 16:35 57330 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\common\LXBCsk1.dl_
2007-03-06 16:35 559001 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\i386\LXBCgf.dl_
2007-03-06 16:35 46015 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\common\LXBCsk0.dl_
2007-03-06 16:35 35 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\common\LXBCmcal.ou_
2007-03-06 16:35 209642 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\common\LXBCalgn.ou_
2007-03-06 16:35 19537 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\common\LXBCphau.ou_
2007-03-06 16:35 150179 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\common\LXBCcaln.ou_
2007-03-06 16:35 136255 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\common\LXBCcln.ou_
2007-03-06 16:35 109201 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\common\LXBCaual.ou_
2007-03-06 16:34 305870 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\common\english\wavs.ex_
2007-03-05 04:57 26324 --a------ C:\drivers\printer\Z500-Z600\install\config\nls\ar.nls
2007-03-01 17:12 4986 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\common\english\contact.ht_
2007-02-28 04:16 255405 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\i386\english\lxbcstrn.dl_
2007-02-28 04:12 47291 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\i386\lxbcpp5c.dl_
2007-02-28 04:11 45776 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\i386\lxbcui5c.dl_
2007-02-28 04:10 54013 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\i386\lxbcdr5c.dl_
2007-02-26 10:18 1286144 --a------ C:\drivers\printer\Z500-Z600\install\x86\engine.dll
2007-02-23 18:03 3496 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\common\english\lxbcsply.ht_
2007-02-22 18:32 466944 --a------ C:\drivers\printer\Z500-Z600\install\x86\softcoin.dll
2007-02-22 18:32 344064 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\i386\LXBCcoin.dll
2007-02-22 18:31 643072 --a------ C:\drivers\printer\Z500-Z600\install\x86\NetSupp.dll
2007-02-21 05:27 30938 --a------ C:\drivers\printer\Z500-Z600\install\config\nls\de.nls
2007-02-20 07:59 14663 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\LXBCprc.inf
2007-02-20 04:23 5189 --a------ C:\drivers\printer\Z500-Z600\install\config\uninst.xml
2007-02-09 02:35 32063 --a------ C:\drivers\printer\Z500-Z600\install\config\nls\el.nls
2007-02-09 02:35 29999 --a------ C:\drivers\printer\Z500-Z600\install\config\nls\es.nls
2007-02-09 02:35 27550 --a------ C:\drivers\printer\Z500-Z600\install\config\nls\no.nls
2007-02-09 02:35 27407 --a------ C:\drivers\printer\Z500-Z600\install\config\nls\fi.nls
2007-02-08 05:45 30038 --a------ C:\drivers\printer\Z500-Z600\install\config\nls\it.nls
2007-02-08 05:45 22173 --a------ C:\drivers\printer\Z500-Z600\install\config\nls\zh.nls
2007-02-05 04:23 7248 --a------ C:\drivers\printer\Z500-Z600\install\config\ezprint.cif
2007-01-30 10:47 351846 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\i386\lxbcpmui.dl_
2007-01-30 10:46 608896 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\i386\lxbcserv.dl_
2007-01-30 10:38 233771 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\i386\lxbccomm.dl_
2007-01-30 10:36 319460 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\i386\lxbclmpm.dl_
2007-01-30 10:35 274432 --a------ C:\drivers\printer\Z500-Z600\common\x86\LXBCinst.dll
2007-01-30 10:35 221538 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\i386\lxbciesc.dl_
2007-01-30 10:32 56244 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\i386\lxbcpplc.dl_
2007-01-30 10:31 362678 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\i386\lxbccomc.dl_
2007-01-30 10:30 57321 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\i386\lxbcprox.dl_
2007-01-30 10:22 229980 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\i386\lxbcinpa.dl_
2007-01-30 10:21 500363 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\i386\lxbcusb1.dl_
2007-01-30 10:18 323584 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\i386\LXBChcp.dll
2007-01-30 10:18 323584 --a------ C:\drivers\printer\Z500-Z600\common\x86\LXBChcp.dll
2007-01-30 10:17 366271 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\i386\lxbchbn3.dl_
2007-01-29 03:34 29404 --a------ C:\drivers\printer\Z500-Z600\install\config\nls\hu.nls
2007-01-26 13:25 446 --a------ C:\drivers\printer\Z500-Z600\install\config\image\zh.bmp
2007-01-26 13:25 318 --a------ C:\drivers\printer\Z500-Z600\install\config\image\ru.bmp
2007-01-26 13:25 318 --a------ C:\drivers\printer\Z500-Z600\install\config\image\pt_br.bmp
2007-01-26 13:25 318 --a------ C:\drivers\printer\Z500-Z600\install\config\image\pt.bmp
2007-01-26 13:25 318 --a------ C:\drivers\printer\Z500-Z600\install\config\image\ja.bmp
2007-01-26 13:25 254 --a------ C:\drivers\printer\Z500-Z600\install\config\image\nl.bmp
2007-01-26 13:25 190 --a------ C:\drivers\printer\Z500-Z600\install\config\image\pl.bmp
2007-01-26 13:25 190 --a------ C:\drivers\printer\Z500-Z600\install\config\image\no.bmp
2007-01-26 13:25 190 --a------ C:\drivers\printer\Z500-Z600\install\config\image\it.bmp
2007-01-26 13:25 190 --a------ C:\drivers\printer\Z500-Z600\install\config\image\id_id.bmp
2007-01-26 13:25 190 --a------ C:\drivers\printer\Z500-Z600\install\config\image\hu.bmp
2007-01-26 13:25 190 --a------ C:\drivers\printer\Z500-Z600\install\config\image\he.bmp
2007-01-26 13:25 190 --a------ C:\drivers\printer\Z500-Z600\install\config\image\fr.bmp
2007-01-26 13:25 190 --a------ C:\drivers\printer\Z500-Z600\install\config\image\fi.bmp
2007-01-26 13:25 190 --a------ C:\drivers\printer\Z500-Z600\install\config\image\es.bmp
2007-01-26 13:25 190 --a------ C:\drivers\printer\Z500-Z600\install\config\image\en.bmp
2007-01-26 13:25 190 --a------ C:\drivers\printer\Z500-Z600\install\config\image\el.bmp
2007-01-26 13:25 190 --a------ C:\drivers\printer\Z500-Z600\install\config\image\de.bmp
2007-01-26 13:25 190 --a------ C:\drivers\printer\Z500-Z600\install\config\image\da.bmp
2007-01-26 13:25 190 --a------ C:\drivers\printer\Z500-Z600\install\config\image\cs.bmp
2007-01-26 13:25 190 --a------ C:\drivers\printer\Z500-Z600\install\config\image\ar.bmp
2007-01-25 02:37 26718 --a------ C:\drivers\printer\Z500-Z600\install\config\nls\ja.nls
2007-01-25 02:37 22484 --a------ C:\drivers\printer\Z500-Z600\install\config\nls\zh_tw.nls
2007-01-24 04:41 6165 --a------ C:\drivers\printer\Z500-Z600\install\config\uninster.cif
2007-01-22 23:27 73728 --a------ C:\drivers\printer\Z500-Z600\install\LXBCcfg.dll
2007-01-22 23:27 73728 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\i386\LXBCcfg.dll
2007-01-22 23:27 73728 --a------ C:\drivers\printer\Z500-Z600\applications\AIOC\LXBCcfg.dll
2007-01-08 07:13 31402 --a------ C:\drivers\printer\Z500-Z600\install\config\nls\fr.nls
2007-01-06 03:51 29349 --a------ C:\drivers\printer\Z500-Z600\install\config\nls\pt_br.nls
2007-01-06 03:51 24086 --a------ C:\drivers\printer\Z500-Z600\install\config\nls\he.nls
2007-01-03 08:13 8478 --a------ C:\drivers\printer\Z500-Z600\install\config\image\lpa.ico
2006-12-22 06:33 30311 --a------ C:\drivers\printer\Z500-Z600\install\config\nls\pl.nls
2006-12-22 06:33 28771 --a------ C:\drivers\printer\Z500-Z600\install\config\nls\ru.nls
2006-12-22 06:33 28636 --a------ C:\drivers\printer\Z500-Z600\install\config\nls\id_id.nls
2006-12-22 06:33 27855 --a------ C:\drivers\printer\Z500-Z600\install\config\nls\cs.nls
2006-12-22 06:33 27534 --a------ C:\drivers\printer\Z500-Z600\install\config\nls\da.nls
2006-12-22 06:33 27010 --a------ C:\drivers\printer\Z500-Z600\install\config\nls\en.nls
2006-12-19 14:50 950380 --a------ C:\drivers\printer\Z500-Z600\pubs\ENGLISH\LXBCuser.pdf
2006-12-19 14:50 763719 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\common\english\lxbcuser.pd_
2006-12-05 11:17 3132 --a------ C:\drivers\printer\Z500-Z600\install\config\usersgd.cif
2006-11-28 07:41 7532 --a------ C:\drivers\printer\Z500-Z600\install\config\nls\pt.nls
2006-11-09 16:39 192839 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\i386\lxbcicur.dl_
2006-11-09 16:39 1449984 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\i386\LXBCclr3.dll
2006-11-09 16:39 1449984 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\i386\LXBCclr2.dll
2006-11-09 16:39 1449984 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\i386\LXBCclr1.dll
2006-11-09 16:38 132220 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\i386\lxbcfc5c.dl_
2006-11-06 08:25 1271 --a------ C:\drivers\printer\Z500-Z600\install\config\appinst.cgf
2006-10-24 16:55 585 --a------ C:\drivers\printer\Z500-Z600\install\config\install.map
2006-08-21 09:17 982 --a------ C:\drivers\printer\Z500-Z600\install\config\AppToFEL.cif
2006-05-06 15:21 97 --a------ C:\drivers\printer\Z500-Z600\install\x86\uninst.ini
2006-02-17 16:16 0 --a------ C:\drivers\printer\Z500-Z600\LXBCcd1.id
2006-02-15 09:41 6460 --a------ C:\drivers\printer\Z500-Z600\install\config\Ports.cif
2006-02-15 09:41 2014 --a------ C:\drivers\printer\Z500-Z600\install\config\misc.cif
2006-02-07 15:28 724 --a------ C:\drivers\printer\Z500-Z600\install\config\NetScan.cif
2006-02-07 15:28 4158 --a------ C:\drivers\printer\Z500-Z600\install\config\leadtool.cif
2006-02-07 15:28 407 --a------ C:\drivers\printer\Z500-Z600\install\config\appinst.cif
2006-02-07 15:28 379 --a------ C:\drivers\printer\Z500-Z600\install\config\nls\langconv.ini
2005-12-13 04:21 9106 --a------ C:\drivers\printer\Z500-Z600\install\config\image\nav_bfc.bmp
2005-12-13 04:21 9106 --a------ C:\drivers\printer\Z500-Z600\install\config\image\back_bfc.bmp
2005-12-13 04:21 8854 --a------ C:\drivers\printer\Z500-Z600\install\config\image\conf_bfc.bmp
2005-12-13 04:21 8286 --a------ C:\drivers\printer\Z500-Z600\install\config\image\conf_bdn.bmp
2005-12-13 04:21 6774 --a------ C:\drivers\printer\Z500-Z600\install\config\image\nav_bdn.bmp
2005-12-13 04:21 6774 --a------ C:\drivers\printer\Z500-Z600\install\config\image\back_bdn.bmp
2005-12-13 04:21 2646 --a------ C:\drivers\printer\Z500-Z600\install\config\image\question.bmp
2005-12-13 04:21 2646 --a------ C:\drivers\printer\Z500-Z600\install\config\image\ques_bfc.bmp
2005-12-13 04:21 22902 --a------ C:\drivers\printer\Z500-Z600\install\config\image\offr_bfc.bmp
2005-12-13 04:21 22710 --a------ C:\drivers\printer\Z500-Z600\install\config\image\test_bfc.bmp
2005-12-13 04:21 22614 --a------ C:\drivers\printer\Z500-Z600\install\config\image\cont_bfc.bmp
2005-12-13 04:21 22426 --a------ C:\drivers\printer\Z500-Z600\install\config\image\test_bdn.bmp
2005-12-13 04:21 22238 --a------ C:\drivers\printer\Z500-Z600\install\config\image\offr_bdn.bmp
2005-12-13 04:21 21182 --a------ C:\drivers\printer\Z500-Z600\install\config\image\inst_bfc.bmp
2005-12-13 04:21 19514 --a------ C:\drivers\printer\Z500-Z600\install\config\image\inst_bdn.bmp
2005-12-13 04:21 18822 --a------ C:\drivers\printer\Z500-Z600\install\config\image\cont_bdn.bmp
2005-12-13 04:21 11094 --a------ C:\drivers\printer\Z500-Z600\install\config\image\agreebdn.bmp
2005-12-07 15:44 3409797 --a------ C:\drivers\printer\Z500-Z600\install\licenses\instgui.zip
2005-12-07 15:44 25788 --a------ C:\drivers\printer\Z500-Z600\install\licenses\instgui.txt
2005-12-07 15:44 2547 --a------ C:\drivers\printer\Z500-Z600\install\licenses\inst_lib.txt
2005-12-07 15:44 1114 --a------ C:\drivers\printer\Z500-Z600\install\licenses\expat.txt
2005-12-07 11:31 9286 --a------ C:\drivers\printer\Z500-Z600\install\config\image\Toolbar.bmp
2005-12-07 11:31 88454 --a------ C:\drivers\printer\Z500-Z600\install\config\image\congrtl.bmp
2005-12-07 11:31 88454 --a------ C:\drivers\printer\Z500-Z600\install\config\image\congrats.bmp
2005-12-07 11:31 37686 --a------ C:\drivers\printer\Z500-Z600\install\config\image\cdpcrtl.bmp
2005-12-07 11:31 37686 --a------ C:\drivers\printer\Z500-Z600\install\config\image\cdpc.bmp
2005-12-07 11:31 30718 --a------ C:\drivers\printer\Z500-Z600\install\config\image\congoRTL.bmp
2005-12-07 11:31 30716 --a------ C:\drivers\printer\Z500-Z600\install\config\image\cong_off.bmp
2005-12-07 11:31 27648 --a------ C:\drivers\printer\Z500-Z600\install\config\image\trdrprtl.avi
2005-12-07 11:31 27648 --a------ C:\drivers\printer\Z500-Z600\install\config\image\trdrp.avi
2005-12-07 11:31 24606 --a------ C:\drivers\printer\Z500-Z600\install\config\image\registr.bmp
2005-12-07 11:31 199734 --a------ C:\drivers\printer\Z500-Z600\install\config\image\sideimg.bmp
2005-12-07 11:31 193150 --a------ C:\drivers\printer\Z500-Z600\install\config\image\mbackrtl.bmp
2005-12-07 11:31 193150 --a------ C:\drivers\printer\Z500-Z600\install\config\image\mback.bmp
2005-12-07 11:31 143202 --a------ C:\drivers\printer\Z500-Z600\install\config\image\top.bmp
2005-12-07 11:31 106962 --a------ C:\drivers\printer\Z500-Z600\install\config\image\mbtmrtl.bmp
2005-12-07 11:31 106962 --a------ C:\drivers\printer\Z500-Z600\install\config\image\mbtm.bmp
2005-12-07 11:31 106962 --a------ C:\drivers\printer\Z500-Z600\install\config\image\BtmRTL.bmp
2005-12-07 11:31 106962 --a------ C:\drivers\printer\Z500-Z600\install\config\image\bottom.bmp
2005-12-06 18:24 40662 --a------ C:\drivers\printer\Z500-Z600\pubs\LXBCtest.jpg
2005-12-06 18:24 39597 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\common\lxbcdtst.jp_
2005-12-06 05:05 6038 --a------ C:\drivers\printer\Z500-Z600\install\config\image\agreebup.bmp
2005-12-06 05:05 4822 --a------ C:\drivers\printer\Z500-Z600\install\config\image\agreebd.bmp
2005-12-06 05:05 1478 --a------ C:\drivers\printer\Z500-Z600\install\config\image\warning2.bmp
2005-12-01 07:43 8758 --a------ C:\drivers\printer\Z500-Z600\install\config\image\test_bup.bmp
2005-12-01 07:43 8758 --a------ C:\drivers\printer\Z500-Z600\install\config\image\offr_bup.bmp
2005-11-03 14:27 8856 --a------ C:\drivers\printer\Z500-Z600\install\config\image\conf_bup.bmp
2005-11-03 14:27 8856 --a------ C:\drivers\printer\Z500-Z600\install\config\image\conf_bd.bmp
2005-11-03 14:27 8508 --a------ C:\drivers\printer\Z500-Z600\install\config\image\cont_bup.bmp
2005-11-03 14:27 8164 --a------ C:\drivers\printer\Z500-Z600\install\config\image\cont_bd.bmp
2005-11-03 14:27 8144 --a------ C:\drivers\printer\Z500-Z600\install\config\image\install.bmp
2005-11-03 14:27 4100 --a------ C:\drivers\printer\Z500-Z600\install\config\image\nav_bup.bmp
2005-11-03 14:27 4100 --a------ C:\drivers\printer\Z500-Z600\install\config\image\back_bup.bmp
2005-11-03 14:27 3304 --a------ C:\drivers\printer\Z500-Z600\install\config\image\nav_bd.bmp
2005-11-03 14:27 3304 --a------ C:\drivers\printer\Z500-Z600\install\config\image\back_bd.bmp
2005-11-03 14:27 1944 --a------ C:\drivers\printer\Z500-Z600\install\config\image\ques_bup.bmp
2005-10-26 18:13 5326 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\common\english\lxbclegl.ht_
2005-10-26 18:13 4502 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\common\english\lxbcrme.do_
2005-10-25 14:51 35496 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\i386\lxbcpwr.dl_
2005-10-25 14:51 19157 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\i386\lxbcvs.dl_
2005-10-05 13:19 43879 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\common\hlp256.dl_
2005-10-05 13:19 171 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\common\lexwww.ht_
2005-08-19 10:17 512 --a------ C:\drivers\printer\Z500-Z600\install\config\image\zh_tw.bmp
2005-08-19 10:17 222 --a------ C:\drivers\printer\Z500-Z600\install\config\image\arrow.bmp
2005-08-19 10:17 1478 --a------ C:\drivers\printer\Z500-Z600\install\config\image\warning.bmp
2005-08-19 10:17 1478 --a------ C:\drivers\printer\Z500-Z600\install\config\image\critical.bmp
2005-08-19 10:17 1478 --a------ C:\drivers\printer\Z500-Z600\install\config\image\check.bmp
2005-06-17 10:17 5598 --a------ C:\drivers\printer\Z500-Z600\install\ENGLISH\LXBCeula.txt
2005-06-17 10:17 5598 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\common\english\LXBCeula.txt
2005-06-17 10:17 3081 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\common\english\license.tx_
2005-04-27 10:06 430080 --a------ C:\drivers\printer\Z500-Z600\drivers\Win_XP2K\i386\lexedf.dl_
2002-10-30 12:21 246424 --a------ C:\drivers\printer\Z500-Z600\install\x86\unicows.dll


------- Sigcheck -------

2008-03-27 05:48 14336 814d4d8993e03f5211a10870bae9d31b C:\WINDOWS\system32\svchost.exe
.
((((((((((((((((((((((((((((( [email protected]_14.32.59.78 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-31 19:08:52 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-03-31 19:31:34 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-03-31 19:08:52 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-03-31 19:31:34 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-03-31 19:08:52 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-31 19:31:34 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 08:00 79224]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 09:07 8491008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 0 (0x0)

[HKLM\~\startupfolder\C:^Documents and Settings^don^Start Menu^Programs^Startup^Kuma_Tray.lnk]
path=C:\Documents and Settings\don\Start Menu\Programs\Startup\Kuma_Tray.lnk
backup=C:\WINDOWS\pss\Kuma_Tray.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^don^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\don\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-10 06:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-01-17 11:51 486856 G:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-05 14:56 64512 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-12-13 20:10 1688872 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-12-03 15:21 2213160 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-09-17 09:07 8491008 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-29 08:00 77824 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"F:\\Program Files\\America's Army\\System\\ArmyOps.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"G:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"G:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"G:\\Program Files\\Activision Value\\Soldier of Fortune Payback\\sof3.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"I:\\Program Files\\Eidos\\Conflict Denied Ops\\ConflictDeniedOps.exe"=
"I:\\Program Files\\Sega\\The Club\\Launcher.exe"=
"I:\\Program Files\\Sega\\The Club\\TheClub.exe"=
"G:\\Program Files\\Sierra Entertainment\\World In Conflict\\wic.exe"=
"G:\\Program Files\\Sierra Entertainment\\World In Conflict\\wic_online.exe"=
"G:\\Program Files\\Sierra Entertainment\\World In Conflict\\wic_ds.exe"=
"I:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault™\\mohpa.exe"=


.
Contents of the 'Scheduled Tasks' folder
"2008-03-31 01:34:15 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-31 15:05:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-31 15:05:26
ComboFix-quarantined-files.txt 2008-03-31 20:05:24
ComboFix2.txt 2008-03-31 19:33:11
Pre-Run: 5,846,851,584 bytes free
Post-Run: 5,836,099,584 bytes free
.
2008-03-12 08:01:26 --- E O F ---
  • 0

#12
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan. Check all the boxes and click Start Scan
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Also tell me how your PC is running
  • 0

#13
painter1982

painter1982

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Malwarebytes' Anti-Malware 1.09
Database version: 574

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|M:\|)
Objects scanned: 101533
Time elapsed: 14 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\Proxy.Dll (Trojan.Agent) -> Unloaded module successfully.
C:\WINDOWS\system32\ProxyM.dll (Trojan.Agent) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{50ccd00a-66b6-4d95-aaef-8ee959498f92} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\stfngdvw.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\[email protected]@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Proxy.Dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\ProxyM.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\svchost.exf (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.




and the pc itself is actually running very good. would do everything normal except pop up warning every hour. no slag on programs or internet connection. would like to thank you for all the help before the topic is closed or resolved. but really thank you. your a lifesaver.
  • 0

#14
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean ! We need to do a few things

  • Make sure you have an Internet Connection.
  • Double-click OTScanIt.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.



Now lets uninstall Combofix:
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
The above procedure will do the following:
  • Delete ComboFix and its associated files and folders.
  • Delete VundoFix backups, if present
  • Delete the C:\Deckard folder, if present
  • Delete the C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.



You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here




Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

#15
painter1982

painter1982

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Once again thank you. System seems to be running fine now and have those two programs running as well as avast. Once again thank you and mark this one as resolved.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP