Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

help! my computer apprears to be the equivelant of a digital typho


  • This topic is locked This topic is locked

#1
sonicreducer

sonicreducer

    Member

  • Member
  • PipPip
  • 24 posts
hope you can help guys, as the title sugests my pc is craling despite my use of avast and spyware doctor. winpatrol is bringing up:

C:\Windows\system32\nnnoPJAS.dll,#1 is trying to start
C:\Windows\system32\yijxasat.dll,s is trying to start
C:\Windows\System32\nnnoPJAS.dll is trying to start
C:\Windows\System32\rqRKEWQg.dll is trying to start

all are unidentified by winpatrol

i also hve my browser popping up and showing pages i dont want.

i've taken the liberty of doing a hijack this log to help things along


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:01:39, on 27/04/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Apoint2K\Apntex.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\steve\Desktop\HiJackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\nnnoPJAS.dll,#1
O4 - HKLM\..\Run: [BM4bd515ce] Rundll32.exe "C:\Windows\system32\yijxasat.dll",s
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfr..._instmodule.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\PROGRA~1\ALIENG~1\VistaSrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9908 bytes
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Rename HijackThis.exe to sonic.exe

Then do this

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

for more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058. once you install the Recovery Console, when you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. that is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
  • 0

#3
sonicreducer

sonicreducer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
right done that, and heres my new log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:47:10, on 27/04/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\steve\Desktop\sonic.exe.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfr..._instmodule.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\PROGRA~1\ALIENG~1\VistaSrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7974 bytes



hopefully not too bad :)
  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Can you run ComboFix there
  • 0

#5
sonicreducer

sonicreducer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
sorry about the delay i got called out! any way heres the log.

Attached Files


  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Can you post the ComboFix log here instead of attaching it
  • 0

#7
sonicreducer

sonicreducer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
sorry fella i'm lame!

ComboFix 08-04-26.3 - steve 2008-04-27 16:09:14.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1047 [GMT 1:00]
Running from: C:\Users\steve\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-03-27 to 2008-04-27 )))))))))))))))))))))))))))))))
.

2008-04-27 13:29 . 2008-04-27 13:29 1,776,621 --a------ C:\Users\steve\ComboFix.exe
2008-04-27 12:39 . 2008-04-27 12:39 53,312 --a------ C:\Windows\System32\rvmsiimg.dll
2008-04-27 12:20 . 2008-04-27 12:20 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2008-04-27 12:20 . 2008-04-27 12:20 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-04-27 12:20 . 2008-04-27 12:20 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-04-27 04:09 . 2008-04-27 04:14 205,609,518 --a------ C:\Windows\MEMORY.DMP
2008-04-27 01:48 . 2008-04-27 01:48 74,240 --a------ C:\mxuxc.exe
2008-04-27 01:48 . 2008-04-27 01:48 70,578 --a------ C:\Windows\System32\hqiopa.sys
2008-04-27 01:48 . 2008-04-27 01:48 4,096 --a------ C:\jgkpt.exe
2008-04-27 01:48 . 2008-04-27 01:48 0 --a------ C:\1223042813
2008-04-27 00:34 . 2008-04-27 00:34 <DIR> d-------- C:\Users\steve\AppData\Roaming\KompoZer
2008-04-27 00:29 . 2008-04-27 00:29 <DIR> d-------- C:\Program Files\MagicISO
2008-04-27 00:16 . 2008-04-27 00:16 118,784 --a------ C:\Windows\GREUninstall.exe
2008-04-27 00:16 . 2008-04-27 00:16 8,618 --a------ C:\Windows\mozver.dat
2008-04-27 00:16 . 2008-04-27 00:16 335 --a------ C:\Windows\nsreg.dat
2008-04-26 23:27 . 2008-04-27 00:19 <DIR> d-------- C:\Program Files\EwisoftWeb
2008-04-26 20:30 . 2008-04-27 01:49 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{7ed8d1c0-13bd-11dd-aa06-001e37679f0d}.TMContainer00000000000000000002.regtrans-ms
2008-04-26 20:30 . 2008-04-27 13:34 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{7ed8d1c0-13bd-11dd-aa06-001e37679f0d}.TMContainer00000000000000000001.regtrans-ms
2008-04-26 20:30 . 2008-04-27 01:49 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\ntuser.dat{7ed8d1c2-13bd-11dd-aa06-001e37679f0d}.TMContainer00000000000000000002.regtrans-ms
2008-04-26 20:30 . 2008-04-27 13:34 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\ntuser.dat{7ed8d1c2-13bd-11dd-aa06-001e37679f0d}.TMContainer00000000000000000001.regtrans-ms
2008-04-26 20:30 . 2008-04-27 13:34 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{7ed8d1c0-13bd-11dd-aa06-001e37679f0d}.TM.blf
2008-04-26 20:30 . 2008-04-27 13:34 65,536 --ahs---- C:\Windows\ServiceProfiles\LocalService\ntuser.dat{7ed8d1c2-13bd-11dd-aa06-001e37679f0d}.TM.blf
2008-04-26 20:29 . 2008-04-26 20:29 0 --ah----- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.rctemp.LOG2
2008-04-26 20:29 . 2008-04-26 20:29 0 --ah----- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.rctemp.LOG1
2008-04-26 20:29 . 2008-04-26 20:29 0 --ah----- C:\Windows\ServiceProfiles\LocalService\ntuser.dat.rctemp.LOG2
2008-04-26 20:29 . 2008-04-26 20:29 0 --ah----- C:\Windows\ServiceProfiles\LocalService\ntuser.dat.rctemp.LOG1
2008-04-26 20:25 . 2008-04-26 20:25 216,127,484 --a------ C:\BackupRegistry(20080426)cleaner.reg
2008-04-26 19:55 . 2008-04-26 19:55 216,278,948 --a------ C:\BackupRegistry(20080426).reg
2008-04-26 19:45 . 2008-04-26 19:45 <DIR> d-------- C:\Program Files\Yamicsoft
2008-04-26 19:42 . 2008-04-26 19:42 <DIR> d-------- C:\Windows\TweakVI
2008-04-26 19:42 . 2008-04-26 19:42 0 --a------ C:\Windows\System32\tviresource.val
2008-04-26 19:08 . 2008-04-26 19:08 410,976 --a------ C:\Windows\System32\deploytk.dll
2008-04-26 17:21 . 2008-04-26 17:36 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{b63d8326-13a9-11dd-b243-001e37679f0d}.TMContainer00000000000000000002.regtrans-ms
2008-04-26 17:21 . 2008-04-26 18:12 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{b63d8326-13a9-11dd-b243-001e37679f0d}.TMContainer00000000000000000001.regtrans-ms
2008-04-26 17:21 . 2008-04-26 17:36 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\ntuser.dat{b63d8328-13a9-11dd-b243-001e37679f0d}.TMContainer00000000000000000002.regtrans-ms
2008-04-26 17:21 . 2008-04-26 18:12 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\ntuser.dat{b63d8328-13a9-11dd-b243-001e37679f0d}.TMContainer00000000000000000001.regtrans-ms
2008-04-26 17:21 . 2008-04-26 17:36 524,288 --ahs---- C:\Users\steve\ntuser.dat{b63d832a-13a9-11dd-b243-001e37679f0d}.TMContainer00000000000000000002.regtrans-ms
2008-04-26 17:21 . 2008-04-26 18:12 524,288 --ahs---- C:\Users\steve\ntuser.dat{b63d832a-13a9-11dd-b243-001e37679f0d}.TMContainer00000000000000000001.regtrans-ms
2008-04-26 17:21 . 2008-04-26 18:12 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{b63d8326-13a9-11dd-b243-001e37679f0d}.TM.blf
2008-04-26 17:21 . 2008-04-26 18:12 65,536 --ahs---- C:\Windows\ServiceProfiles\LocalService\ntuser.dat{b63d8328-13a9-11dd-b243-001e37679f0d}.TM.blf
2008-04-26 17:21 . 2008-04-26 18:12 65,536 --ahs---- C:\Users\steve\ntuser.dat{b63d832a-13a9-11dd-b243-001e37679f0d}.TM.blf
2008-04-26 17:20 . 2008-04-26 17:20 262,144 --ah----- C:\Users\steve\ntuser.dat_TU_58328.LOG1
2008-04-26 17:20 . 2008-04-26 17:20 0 --ah----- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat_TU_87191.LOG2
2008-04-26 17:20 . 2008-04-26 17:20 0 --ah----- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat_TU_87191.LOG1
2008-04-26 17:20 . 2008-04-26 17:20 0 --ah----- C:\Windows\ServiceProfiles\LocalService\ntuser.dat_TU_23579.LOG2
2008-04-26 17:20 . 2008-04-26 17:20 0 --ah----- C:\Windows\ServiceProfiles\LocalService\ntuser.dat_TU_23579.LOG1
2008-04-26 17:20 . 2008-04-26 17:20 0 --ah----- C:\Users\steve\ntuser.dat_TU_58328.LOG2
2008-04-26 16:10 . 2008-04-26 16:10 <DIR> d-------- C:\Users\steve\New Folder(547)
2008-04-26 16:10 . 2008-04-26 16:10 <DIR> d-------- C:\Users\steve\my letters
2008-04-26 14:48 . 2008-04-26 14:48 <DIR> d-------- C:\Users\steve\AppData\Roaming\TuneUp Software
2008-04-26 14:48 . 2008-04-26 14:48 <DIR> d-------- C:\Users\All Users\TuneUp Software
2008-04-26 14:48 . 2008-04-26 14:48 <DIR> d-------- C:\ProgramData\TuneUp Software
2008-04-26 14:47 . 2008-04-26 14:48 <DIR> d-------- C:\Program Files\TuneUp Utilities 2007
2008-04-26 13:51 . 2008-04-26 15:42 <DIR> d-------- C:\Users\maximum bob
2008-04-26 13:06 . 2008-04-26 13:06 <DIR> d-------- C:\Program Files\NeoSmart Technologies
2008-04-26 03:46 . 2008-04-26 15:07 <DIR> d-------- C:\Program Files\Wise Registry Cleaner 3
2008-04-26 02:09 . 2008-03-01 14:51 524,288 --ahs---- C:\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
2008-04-26 02:09 . 2008-04-26 00:39 524,288 --ahs---- C:\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
2008-04-26 02:09 . 2008-04-26 00:39 65,536 --ahs---- C:\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
2008-04-25 22:41 . 2008-04-25 22:41 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe
2008-04-25 21:32 . 1999-12-21 07:58 21,312 --a------ C:\Windows\choice.exe
2008-04-25 21:17 . 2007-09-12 18:58 58,792 --a------ C:\Windows\System32\wbload.dll
2008-04-25 21:16 . 2008-04-25 21:16 3,932,214 --a------ C:\Windows\InvaderDark1280.bmp
2008-04-25 20:55 . 2008-04-25 20:55 3,932,214 --a------ C:\Windows\AW_XenoMorph1280.bmp
2008-04-25 20:54 . 2005-02-01 15:20 5,760,056 --a------ C:\Windows\Darkstar.bmp
2008-04-25 20:30 . 2008-04-27 03:59 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-04-25 20:30 . 2008-04-26 19:57 <DIR> d-------- C:\Program Files\AlienGUIse
2008-04-25 20:30 . 2007-07-11 15:06 42,672 --a------ C:\Windows\System32\wbsys.dll
2008-04-25 20:30 . 2008-04-25 20:30 56 --a------ C:\Windows\wb.ini
2008-04-25 16:35 . 2008-04-27 03:59 <DIR> d-------- C:\Users\steve\.SunDownloadManager
2008-04-25 00:30 . 2008-04-25 00:30 <DIR> d-------- C:\Program Files\Effective Studios
2008-04-24 18:42 . 2008-04-24 18:42 <DIR> d-------- C:\PerfLogs
2008-04-24 16:58 . 2008-01-19 08:33 2,623,488 --a------ C:\Windows\System32\SLsvc.exe
2008-04-24 16:58 . 2008-01-19 08:36 1,541,120 --a------ C:\Windows\System32\onex.dll
2008-04-24 16:55 . 2008-01-19 08:35 4,875,776 --a------ C:\Windows\System32\NlsData0009.dll
2008-04-24 16:54 . 2008-01-19 08:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-04-24 16:53 . 2008-01-19 08:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll
2008-04-24 16:52 . 2008-01-19 08:32 5,714,432 --a------ C:\Windows\System32\logon.scr
2008-04-24 16:51 . 2008-01-19 07:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-04-24 16:50 . 2008-01-19 08:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-04-24 16:50 . 2008-01-05 12:31 145,455 --a------ C:\Windows\System32\perfmon.msc
2008-04-24 16:50 . 2008-01-05 12:22 144,909 --a------ C:\Windows\System32\fsmgmt.msc
2008-04-24 16:50 . 2008-01-05 12:34 15,181 --a------ C:\Windows\System32\gatherWirelessInfo.vbs
2008-04-24 16:50 . 2008-01-05 12:21 12,198 --a------ C:\Windows\System32\gatherWiredInfo.vbs
2008-04-24 16:50 . 2008-01-19 08:31 7,680 --a------ C:\Windows\System32\spwizres.dll
2008-04-24 16:50 . 2008-01-19 08:28 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
2008-04-24 16:50 . 2008-01-19 06:37 2,048 --a------ C:\Windows\System32\wertargets.wtl
2008-04-24 16:50 . 2008-01-05 12:39 150 --a------ C:\Windows\System32\RacUREx.xml
2008-04-24 16:50 . 2008-01-05 12:31 3 --a------ C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
2008-04-24 16:49 . 2008-01-19 08:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-04-24 16:49 . 2008-01-19 08:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-04-24 16:49 . 2008-01-19 08:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-04-24 16:49 . 2008-01-19 08:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-04-24 16:49 . 2008-01-19 08:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-04-24 16:48 . 2008-01-19 08:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-04-24 16:48 . 2008-01-19 08:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-04-24 16:48 . 2008-01-19 08:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-04-24 16:48 . 2006-11-02 10:45 181,760 --a------ C:\Windows\System32\fsquirt.exe
2008-04-24 16:48 . 2008-01-19 08:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-04-24 16:48 . 2006-11-02 10:39 6,656 --a------ C:\Windows\System32\kbd106.dll
2008-04-23 19:07 . 2008-04-23 19:07 <DIR> d--h----- C:\Windows\Content.IE5
2008-04-23 18:54 . 2008-04-23 18:54 691 --a------ C:\Users\steve\AppData\Roaming\GetValue.vbs
2008-04-23 18:54 . 2008-04-23 18:54 35 --a------ C:\Users\steve\AppData\Roaming\SetValue.bat
2008-04-23 18:26 . 2003-06-05 21:13 53,248 --a------ C:\Windows\System32\Process.exe
2008-04-23 18:26 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-04-23 03:18 . 2008-04-27 03:59 <DIR> d-------- C:\Users\steve\AppData\Roaming\WinPatrol
2008-04-23 03:18 . 2008-04-23 03:18 <DIR> d-------- C:\Program Files\BillP Studios
2008-04-23 02:03 . 2008-03-29 18:32 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-04-23 02:00 . 2008-04-23 02:00 130 --a------ C:\Windows\ODBC.INI
2008-04-23 01:50 . 2008-04-23 01:50 <DIR> d-------- C:\Program Files\Alwil Software
2008-04-23 01:00 . 2007-12-10 14:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-04-23 01:00 . 2007-12-10 14:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-04-23 01:00 . 2007-12-10 14:53 41,864 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-04-23 01:00 . 2007-12-10 14:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-04-23 00:59 . 2008-04-23 00:59 <DIR> d-------- C:\Users\steve\AppData\Roaming\PC Tools
2008-04-23 00:59 . 2008-04-27 12:41 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-04-23 00:31 . 2008-04-23 00:31 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-04-23 00:24 . 2008-04-23 00:24 <DIR> dr------- C:\Windows\System32\config\systemprofile\Documents
2008-04-22 23:35 . 2008-04-22 23:35 <DIR> d--h----- C:\Windows\PIF
2008-04-22 23:24 . 2008-04-23 02:58 <DIR> d-------- C:\Users\All Users\Avira
2008-04-22 23:24 . 2008-04-23 02:58 <DIR> d-------- C:\ProgramData\Avira
2008-04-22 23:00 . 2008-04-23 02:18 <DIR> d-------- C:\Users\steve\AppData\Roaming\SUPERAntiSpyware.com
2008-04-22 23:00 . 2008-04-22 23:00 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-04-22 23:00 . 2008-04-22 23:00 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-04-22 21:52 . 2008-04-22 21:52 <DIR> d-------- C:\Users\steve\AppData\Roaming\WildPackets

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-27 15:04 77,371 ----a-w C:\Users\steve\AppData\Roaming\nvModes.dat
2008-04-27 12:30 --------- d---a-w C:\ProgramData\TEMP
2008-04-27 02:59 --------- d-----w C:\Users\steve\AppData\Roaming\dvdcss
2008-04-26 23:09 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-26 19:18 --------- d-----w C:\Users\steve\AppData\Roaming\uTorrent
2008-04-26 02:05 --------- d-----w C:\Program Files\Java
2008-04-24 23:49 88 --sh--r C:\Users\All Users\D172C11D73.sys
2008-04-24 23:49 88 --sh--r C:\ProgramData\D172C11D73.sys
2008-04-24 23:49 2,828 --sha-w C:\Users\All Users\KGyGaAvL.sys
2008-04-24 23:49 2,828 --sha-w C:\ProgramData\KGyGaAvL.sys
2008-04-24 17:54 174 --sha-w C:\Program Files\desktop.ini
2008-04-24 17:43 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-24 17:43 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-24 17:43 --------- d-----w C:\Program Files\Windows Mail
2008-04-24 17:43 --------- d-----w C:\Program Files\Windows Journal
2008-04-24 17:43 --------- d-----w C:\Program Files\Windows Defender
2008-04-24 17:43 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-24 17:43 --------- d-----w C:\Program Files\Windows Calendar
2008-04-24 16:13 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-04-24 16:13 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-23 20:36 --------- d-----w C:\Program Files\ImTOO
2008-04-23 02:51 --------- d-----w C:\Program Files\CONEXANT
2008-04-22 20:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-20 16:29 --------- d-----w C:\ProgramData\Roxio
2008-03-24 19:01 --------- d-----w C:\ProgramData\DVD Shrink
2008-03-23 01:48 --------- d-----w C:\Program Files\Common Files\snpstd3
2008-03-23 01:45 --------- d-----w C:\Program Files\Mingjong
2008-03-23 01:44 --------- d-----w C:\Program Files\camtool
2008-03-22 04:08 --------- d-----w C:\Users\steve\AppData\Roaming\muvee Technologies
2008-03-22 04:08 --------- d-----w C:\ProgramData\muvee Technologies
2008-03-22 03:57 --------- d-----w C:\Users\steve\AppData\Roaming\ESTsoft
2008-03-22 03:57 --------- d-----w C:\Program Files\ESTsoft
2008-03-22 03:55 --------- d-----w C:\Users\steve\AppData\Roaming\PeerNetworking
2008-03-22 03:38 --------- d-----w C:\Users\steve\AppData\Roaming\gtk-2.0
2008-03-22 03:31 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-03-22 01:59 --------- d-----w C:\Program Files\WinAVIVideoConverter
2008-03-21 23:19 --------- d-----w C:\Program Files\SlySoft
2008-03-21 23:16 --------- d-----w C:\Users\steve\AppData\Roaming\SlySoft
2008-03-21 23:15 --------- d-----w C:\ProgramData\SlySoft
2008-03-21 22:54 --------- d-----w C:\ProgramData\Sonic
2008-03-21 22:23 --------- d-----w C:\Program Files\DVD Decrypter
2008-03-21 22:22 --------- d-----w C:\Program Files\DVD Shrink
2008-03-21 22:14 --------- d-----w C:\Program Files\uTorrent
2008-03-20 23:59 --------- d-----w C:\Users\steve\AppData\Roaming\Roxio
2008-03-14 23:06 --------- d-----w C:\ProgramData\Symantec
2008-03-14 20:28 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-14 20:22 --------- d-----w C:\ProgramData\Napster
2008-03-09 20:29 --------- d-----w C:\Program Files\Lionhead Studios
2008-03-09 16:56 43,520 ----a-w C:\Windows\System32\CmdLineExt03.dll
2008-03-09 16:56 --------- d-----w C:\Users\steve\AppData\Roaming\Atari
2008-03-09 16:55 --------- d-----w C:\Users\steve\AppData\Roaming\Leadertech
2008-03-09 16:48 --------- d-----w C:\Program Files\Atari
2008-03-09 01:48 --------- d-----w C:\Program Files\AviSynth 2.5
2008-03-09 01:47 --------- d-----w C:\Program Files\eRightSoft
2008-03-08 17:09 0 ----a-w C:\Users\steve\AppData\Roaming\wklnhst.dat
2008-03-08 10:22 --------- d-----w C:\Users\steve\AppData\Roaming\vlc
2008-03-08 10:21 --------- d-----w C:\Program Files\VideoLAN
2008-03-05 23:07 --------- d-----w C:\Program Files\Infogrames
2008-03-05 14:56 --------- d-----w C:\ProgramData\InstallShield
2008-03-05 14:47 --------- d-----w C:\Program Files\The Creative Assembly
2008-03-05 14:47 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-04 01:34 2,125,312 ----a-w C:\Windows\System32\CnxtAp32.dll
2008-03-04 01:32 188,416 ----a-w C:\Windows\system32\drivers\CHDRT32.sys
2008-03-03 01:49 --------- d-----w C:\Users\steve\AppData\Roaming\Corel
2008-03-03 01:35 --------- d-----w C:\ProgramData\Corel
2008-03-03 01:35 --------- d-----w C:\Program Files\Common Files\Protexis
2008-03-03 01:33 --------- d-----w C:\Program Files\Common Files\Corel
2008-03-03 01:32 --------- d-----w C:\Program Files\Corel
2008-03-01 08:03 --------- d-----w C:\ProgramData\CyberLink
2008-03-01 07:47 --------- d-----w C:\Users\steve\AppData\Roaming\HP
2008-03-01 07:47 --------- d-----w C:\Users\steve\AppData\Roaming\CyberLink
2008-03-01 07:47 --------- d-----w C:\ProgramData\HP
2008-03-01 07:16 --------- d-----w C:\Program Files\WIDCOMM
2008-03-01 07:14 0 --sha-r C:\Windows\system32\drivers\103C_HP_cNB_Pavilion dv2500 Notebook PC_Y5335KV_0U_Q2CE7473H0K_E454482-031_4A_I30CE_SWistron_V80.39_F.13_T070810_WV3-0_L409_M2046_J160_7Intel_86FD_91.50_#080301_N11AB4353;80864222_(GT887EA#ABU)_XMO
BILE_CN10_Z.MRK
2008-03-01 07:10 --------- d-----w C:\Users\steve\AppData\Roaming\Hewlett-Packard
2008-03-01 07:01 --------- d-sh--w C:\ProgramData\Templates
2008-03-01 07:01 --------- d-sh--w C:\ProgramData\Start Menu
2008-03-01 07:01 --------- d-sh--w C:\ProgramData\Favorites
2008-03-01 07:01 --------- d-sh--w C:\ProgramData\Documents
2008-03-01 07:01 --------- d-sh--w C:\ProgramData\Desktop
2008-03-01 07:01 --------- d-sh--w C:\ProgramData\Application Data
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll
2005-05-13 17:12 217,073 --sha-r C:\Windows\meta4.exe
2005-10-24 11:13 66,560 --sha-r C:\Windows\MOTA113.exe
2005-10-13 21:27 422,400 --sha-r C:\Windows\x2.64.exe
2005-10-07 19:14 308,224 --sha-r C:\Windows\System32\avisynth.dll
2005-07-14 12:31 27,648 --sha-r C:\Windows\System32\AVSredirect.dll
2005-06-26 15:32 616,448 --sha-r C:\Windows\System32\cygwin1.dll
2005-06-21 22:37 45,568 --sha-r C:\Windows\System32\cygz.dll
2004-01-25 00:00 70,656 --sha-r C:\Windows\System32\i420vfw.dll
2006-04-27 10:24 2,945,024 --sha-r C:\Windows\System32\Smab.dll
2005-02-28 13:16 240,128 --sha-r C:\Windows\System32\x.264.exe
2004-01-25 00:00 70,656 --sha-r C:\Windows\System32\yv12vfw.dll
.

((((((((((((((((((((((((((((( [email protected]_13.39.31.94 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-27 12:35:03 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-04-27 12:35:03 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-04-27 11:30:01 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-04-27 14:50:15 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-04-27 12:35:16 212,992 ----a-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-04-27 12:36:12 212,992 ----a-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
- 2008-04-27 11:34:24 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-04-27 15:08:16 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-04-27 12:35:16 241,664 ----a-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-04-27 12:36:07 241,664 ----a-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
- 2008-04-27 12:26:55 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-27 12:44:07 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-27 12:26:55 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-27 12:44:07 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-27 12:26:55 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-27 12:44:07 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-27 12:33:36 112,240 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-04-27 15:07:27 113,434 ----a-w C:\Windows\System32\perfc009.dat
- 2008-04-27 12:33:36 611,194 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-04-27 15:07:27 612,790 ----a-w C:\Windows\System32\perfh009.dat
- 2008-04-27 03:16:28 9,288 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2004156354-2581284973-3441749290-1000_UserData.bin
+ 2008-04-27 12:37:06 9,344 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2004156354-2581284973-3441749290-1000_UserData.bin
- 2008-04-27 03:16:28 76,580 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-27 12:37:05 76,612 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
2008-04-26 19:08 34816 --a------ C:\Program Files\Java\jre6\bin\jp2ssv.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 08:33 125952]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30 249856]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 08:33 1233920]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 08:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-03-11 12:21 159744]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 15:37 174872]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-24 02:11 176128]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 19:54 50696]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 07:11 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-04-26 19:10 148888]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 18:37 79224]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-01-27 06:38 316728]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-04-29 11:05 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-04-29 11:05 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-04-29 11:05 81920]

C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/27/2006 4:24:54 AM 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\AlienGUIse\wbsrv.dll 2007-09-24 15:57 197912 C:\Program Files\AlienGUIse\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
"MSServer"=rundll32.exe C:\Windows\system32\nnnoPJAS.dll,#1

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2004156354-2581284973-3441749290-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{EC1B7C31-3CE6-47F7-A9B5-C0D88EB6F23B}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{EAEFFE36-501B-4052-A1CE-96AC429CC8F9}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0BBF0860-3612-4832-A4D2-37805D440466}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{B1DB76DF-1C2A-47BF-85F4-1062F23B5B8E}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{8E864A6C-D82B-498D-87B5-E0388E36825B}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{BE2C8919-321F-4BCA-91C5-66E4F13DE616}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{81043D8E-BF59-40E5-95AA-7D4C19CEFB95}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{F666193A-7CA1-4BB4-A720-081732B56D39}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{4291D339-3FD8-441A-84B6-D43DCB82466C}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{5960AC78-1ED4-4428-9063-0BFEDB8FBBE7}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.321\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.321\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"UDP Query User{659007F2-F48D-427C-B269-C0765EEBF251}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.321\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.321\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"TCP Query User{A0AAE278-ECEA-445F-B0F6-7C1BA58B082E}C:\\program files\\cain\\cain.exe"= UDP:C:\program files\cain\cain.exe:Cain - Password Recovery Utility
"UDP Query User{74F09369-3D4D-4EBF-9991-01E96993FCE3}C:\\program files\\cain\\cain.exe"= TCP:C:\program files\cain\cain.exe:Cain - Password Recovery Utility
"TCP Query User{1DE7BEDD-9E12-49BF-8951-EF6B54168ADB}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{357A7919-64AF-48B3-A806-CC9CC574F1DF}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 18:31]
R1 hqiopa;hqiopa;C:\Windows\system32\hqiopa.sys [2008-04-27 01:48]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 18:35]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 18:32]
R2 JavaQuickStarterService;Java Quick Starter;"C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" []
R2 PSI_SVC_2;Protexis Licensing V2;"c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" [2007-07-24 12:15]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 06:27]
R3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-01-02 11:45]
R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-01-02 11:45]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-01-02 11:45]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 02:32]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 09:51]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 08:30]
S3 mod7700;DiBcom DIB7700 based TV tuner device;C:\Windows\system32\Drivers\dvb7700all.sys [2007-04-17 11:09]
S3 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [2007-06-21 21:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-27 16:10:35
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-27 16:11:39
ComboFix-quarantined-files.txt 2008-04-27 15:11:34
ComboFix2.txt 2008-04-27 12:41:06
ComboFix3.txt 2008-04-25 23:46:04

Pre-Run: 86,442,565,632 bytes free
Post-Run: 86,405,709,824 bytes free

366 --- E O F --- 2008-04-24 16:16:14
  • 0

#8
sonicreducer

sonicreducer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
sorry fella.

ComboFix 08-04-26.3 - steve 2008-04-27 16:09:14.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1047 [GMT 1:00]
Running from: C:\Users\steve\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-03-27 to 2008-04-27 )))))))))))))))))))))))))))))))
.

2008-04-27 13:29 . 2008-04-27 13:29 1,776,621 --a------ C:\Users\steve\ComboFix.exe
2008-04-27 12:39 . 2008-04-27 12:39 53,312 --a------ C:\Windows\System32\rvmsiimg.dll
2008-04-27 12:20 . 2008-04-27 12:20 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2008-04-27 12:20 . 2008-04-27 12:20 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-04-27 12:20 . 2008-04-27 12:20 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-04-27 04:09 . 2008-04-27 04:14 205,609,518 --a------ C:\Windows\MEMORY.DMP
2008-04-27 01:48 . 2008-04-27 01:48 74,240 --a------ C:\mxuxc.exe
2008-04-27 01:48 . 2008-04-27 01:48 70,578 --a------ C:\Windows\System32\hqiopa.sys
2008-04-27 01:48 . 2008-04-27 01:48 4,096 --a------ C:\jgkpt.exe
2008-04-27 01:48 . 2008-04-27 01:48 0 --a------ C:\1223042813
2008-04-27 00:34 . 2008-04-27 00:34 <DIR> d-------- C:\Users\steve\AppData\Roaming\KompoZer
2008-04-27 00:29 . 2008-04-27 00:29 <DIR> d-------- C:\Program Files\MagicISO
2008-04-27 00:16 . 2008-04-27 00:16 118,784 --a------ C:\Windows\GREUninstall.exe
2008-04-27 00:16 . 2008-04-27 00:16 8,618 --a------ C:\Windows\mozver.dat
2008-04-27 00:16 . 2008-04-27 00:16 335 --a------ C:\Windows\nsreg.dat
2008-04-26 23:27 . 2008-04-27 00:19 <DIR> d-------- C:\Program Files\EwisoftWeb
2008-04-26 20:30 . 2008-04-27 01:49 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{7ed8d1c0-13bd-11dd-aa06-001e37679f0d}.TMContainer00000000000000000002.regtrans-ms
2008-04-26 20:30 . 2008-04-27 13:34 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{7ed8d1c0-13bd-11dd-aa06-001e37679f0d}.TMContainer00000000000000000001.regtrans-ms
2008-04-26 20:30 . 2008-04-27 01:49 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\ntuser.dat{7ed8d1c2-13bd-11dd-aa06-001e37679f0d}.TMContainer00000000000000000002.regtrans-ms
2008-04-26 20:30 . 2008-04-27 13:34 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\ntuser.dat{7ed8d1c2-13bd-11dd-aa06-001e37679f0d}.TMContainer00000000000000000001.regtrans-ms
2008-04-26 20:30 . 2008-04-27 13:34 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{7ed8d1c0-13bd-11dd-aa06-001e37679f0d}.TM.blf
2008-04-26 20:30 . 2008-04-27 13:34 65,536 --ahs---- C:\Windows\ServiceProfiles\LocalService\ntuser.dat{7ed8d1c2-13bd-11dd-aa06-001e37679f0d}.TM.blf
2008-04-26 20:29 . 2008-04-26 20:29 0 --ah----- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.rctemp.LOG2
2008-04-26 20:29 . 2008-04-26 20:29 0 --ah----- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.rctemp.LOG1
2008-04-26 20:29 . 2008-04-26 20:29 0 --ah----- C:\Windows\ServiceProfiles\LocalService\ntuser.dat.rctemp.LOG2
2008-04-26 20:29 . 2008-04-26 20:29 0 --ah----- C:\Windows\ServiceProfiles\LocalService\ntuser.dat.rctemp.LOG1
2008-04-26 20:25 . 2008-04-26 20:25 216,127,484 --a------ C:\BackupRegistry(20080426)cleaner.reg
2008-04-26 19:55 . 2008-04-26 19:55 216,278,948 --a------ C:\BackupRegistry(20080426).reg
2008-04-26 19:45 . 2008-04-26 19:45 <DIR> d-------- C:\Program Files\Yamicsoft
2008-04-26 19:42 . 2008-04-26 19:42 <DIR> d-------- C:\Windows\TweakVI
2008-04-26 19:42 . 2008-04-26 19:42 0 --a------ C:\Windows\System32\tviresource.val
2008-04-26 19:08 . 2008-04-26 19:08 410,976 --a------ C:\Windows\System32\deploytk.dll
2008-04-26 17:21 . 2008-04-26 17:36 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{b63d8326-13a9-11dd-b243-001e37679f0d}.TMContainer00000000000000000002.regtrans-ms
2008-04-26 17:21 . 2008-04-26 18:12 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{b63d8326-13a9-11dd-b243-001e37679f0d}.TMContainer00000000000000000001.regtrans-ms
2008-04-26 17:21 . 2008-04-26 17:36 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\ntuser.dat{b63d8328-13a9-11dd-b243-001e37679f0d}.TMContainer00000000000000000002.regtrans-ms
2008-04-26 17:21 . 2008-04-26 18:12 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\ntuser.dat{b63d8328-13a9-11dd-b243-001e37679f0d}.TMContainer00000000000000000001.regtrans-ms
2008-04-26 17:21 . 2008-04-26 17:36 524,288 --ahs---- C:\Users\steve\ntuser.dat{b63d832a-13a9-11dd-b243-001e37679f0d}.TMContainer00000000000000000002.regtrans-ms
2008-04-26 17:21 . 2008-04-26 18:12 524,288 --ahs---- C:\Users\steve\ntuser.dat{b63d832a-13a9-11dd-b243-001e37679f0d}.TMContainer00000000000000000001.regtrans-ms
2008-04-26 17:21 . 2008-04-26 18:12 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{b63d8326-13a9-11dd-b243-001e37679f0d}.TM.blf
2008-04-26 17:21 . 2008-04-26 18:12 65,536 --ahs---- C:\Windows\ServiceProfiles\LocalService\ntuser.dat{b63d8328-13a9-11dd-b243-001e37679f0d}.TM.blf
2008-04-26 17:21 . 2008-04-26 18:12 65,536 --ahs---- C:\Users\steve\ntuser.dat{b63d832a-13a9-11dd-b243-001e37679f0d}.TM.blf
2008-04-26 17:20 . 2008-04-26 17:20 262,144 --ah----- C:\Users\steve\ntuser.dat_TU_58328.LOG1
2008-04-26 17:20 . 2008-04-26 17:20 0 --ah----- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat_TU_87191.LOG2
2008-04-26 17:20 . 2008-04-26 17:20 0 --ah----- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat_TU_87191.LOG1
2008-04-26 17:20 . 2008-04-26 17:20 0 --ah----- C:\Windows\ServiceProfiles\LocalService\ntuser.dat_TU_23579.LOG2
2008-04-26 17:20 . 2008-04-26 17:20 0 --ah----- C:\Windows\ServiceProfiles\LocalService\ntuser.dat_TU_23579.LOG1
2008-04-26 17:20 . 2008-04-26 17:20 0 --ah----- C:\Users\steve\ntuser.dat_TU_58328.LOG2
2008-04-26 16:10 . 2008-04-26 16:10 <DIR> d-------- C:\Users\steve\New Folder(547)
2008-04-26 16:10 . 2008-04-26 16:10 <DIR> d-------- C:\Users\steve\my letters
2008-04-26 14:48 . 2008-04-26 14:48 <DIR> d-------- C:\Users\steve\AppData\Roaming\TuneUp Software
2008-04-26 14:48 . 2008-04-26 14:48 <DIR> d-------- C:\Users\All Users\TuneUp Software
2008-04-26 14:48 . 2008-04-26 14:48 <DIR> d-------- C:\ProgramData\TuneUp Software
2008-04-26 14:47 . 2008-04-26 14:48 <DIR> d-------- C:\Program Files\TuneUp Utilities 2007
2008-04-26 13:51 . 2008-04-26 15:42 <DIR> d-------- C:\Users\maximum bob
2008-04-26 13:06 . 2008-04-26 13:06 <DIR> d-------- C:\Program Files\NeoSmart Technologies
2008-04-26 03:46 . 2008-04-26 15:07 <DIR> d-------- C:\Program Files\Wise Registry Cleaner 3
2008-04-26 02:09 . 2008-03-01 14:51 524,288 --ahs---- C:\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
2008-04-26 02:09 . 2008-04-26 00:39 524,288 --ahs---- C:\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
2008-04-26 02:09 . 2008-04-26 00:39 65,536 --ahs---- C:\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
2008-04-25 22:41 . 2008-04-25 22:41 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe
2008-04-25 21:32 . 1999-12-21 07:58 21,312 --a------ C:\Windows\choice.exe
2008-04-25 21:17 . 2007-09-12 18:58 58,792 --a------ C:\Windows\System32\wbload.dll
2008-04-25 21:16 . 2008-04-25 21:16 3,932,214 --a------ C:\Windows\InvaderDark1280.bmp
2008-04-25 20:55 . 2008-04-25 20:55 3,932,214 --a------ C:\Windows\AW_XenoMorph1280.bmp
2008-04-25 20:54 . 2005-02-01 15:20 5,760,056 --a------ C:\Windows\Darkstar.bmp
2008-04-25 20:30 . 2008-04-27 03:59 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-04-25 20:30 . 2008-04-26 19:57 <DIR> d-------- C:\Program Files\AlienGUIse
2008-04-25 20:30 . 2007-07-11 15:06 42,672 --a------ C:\Windows\System32\wbsys.dll
2008-04-25 20:30 . 2008-04-25 20:30 56 --a------ C:\Windows\wb.ini
2008-04-25 16:35 . 2008-04-27 03:59 <DIR> d-------- C:\Users\steve\.SunDownloadManager
2008-04-25 00:30 . 2008-04-25 00:30 <DIR> d-------- C:\Program Files\Effective Studios
2008-04-24 18:42 . 2008-04-24 18:42 <DIR> d-------- C:\PerfLogs
2008-04-24 16:58 . 2008-01-19 08:33 2,623,488 --a------ C:\Windows\System32\SLsvc.exe
2008-04-24 16:58 . 2008-01-19 08:36 1,541,120 --a------ C:\Windows\System32\onex.dll
2008-04-24 16:55 . 2008-01-19 08:35 4,875,776 --a------ C:\Windows\System32\NlsData0009.dll
2008-04-24 16:54 . 2008-01-19 08:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-04-24 16:53 . 2008-01-19 08:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll
2008-04-24 16:52 . 2008-01-19 08:32 5,714,432 --a------ C:\Windows\System32\logon.scr
2008-04-24 16:51 . 2008-01-19 07:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-04-24 16:50 . 2008-01-19 08:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-04-24 16:50 . 2008-01-05 12:31 145,455 --a------ C:\Windows\System32\perfmon.msc
2008-04-24 16:50 . 2008-01-05 12:22 144,909 --a------ C:\Windows\System32\fsmgmt.msc
2008-04-24 16:50 . 2008-01-05 12:34 15,181 --a------ C:\Windows\System32\gatherWirelessInfo.vbs
2008-04-24 16:50 . 2008-01-05 12:21 12,198 --a------ C:\Windows\System32\gatherWiredInfo.vbs
2008-04-24 16:50 . 2008-01-19 08:31 7,680 --a------ C:\Windows\System32\spwizres.dll
2008-04-24 16:50 . 2008-01-19 08:28 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
2008-04-24 16:50 . 2008-01-19 06:37 2,048 --a------ C:\Windows\System32\wertargets.wtl
2008-04-24 16:50 . 2008-01-05 12:39 150 --a------ C:\Windows\System32\RacUREx.xml
2008-04-24 16:50 . 2008-01-05 12:31 3 --a------ C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
2008-04-24 16:49 . 2008-01-19 08:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-04-24 16:49 . 2008-01-19 08:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-04-24 16:49 . 2008-01-19 08:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-04-24 16:49 . 2008-01-19 08:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-04-24 16:49 . 2008-01-19 08:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-04-24 16:48 . 2008-01-19 08:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-04-24 16:48 . 2008-01-19 08:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-04-24 16:48 . 2008-01-19 08:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-04-24 16:48 . 2006-11-02 10:45 181,760 --a------ C:\Windows\System32\fsquirt.exe
2008-04-24 16:48 . 2008-01-19 08:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-04-24 16:48 . 2006-11-02 10:39 6,656 --a------ C:\Windows\System32\kbd106.dll
2008-04-23 19:07 . 2008-04-23 19:07 <DIR> d--h----- C:\Windows\Content.IE5
2008-04-23 18:54 . 2008-04-23 18:54 691 --a------ C:\Users\steve\AppData\Roaming\GetValue.vbs
2008-04-23 18:54 . 2008-04-23 18:54 35 --a------ C:\Users\steve\AppData\Roaming\SetValue.bat
2008-04-23 18:26 . 2003-06-05 21:13 53,248 --a------ C:\Windows\System32\Process.exe
2008-04-23 18:26 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-04-23 03:18 . 2008-04-27 03:59 <DIR> d-------- C:\Users\steve\AppData\Roaming\WinPatrol
2008-04-23 03:18 . 2008-04-23 03:18 <DIR> d-------- C:\Program Files\BillP Studios
2008-04-23 02:03 . 2008-03-29 18:32 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-04-23 02:00 . 2008-04-23 02:00 130 --a------ C:\Windows\ODBC.INI
2008-04-23 01:50 . 2008-04-23 01:50 <DIR> d-------- C:\Program Files\Alwil Software
2008-04-23 01:00 . 2007-12-10 14:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-04-23 01:00 . 2007-12-10 14:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-04-23 01:00 . 2007-12-10 14:53 41,864 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-04-23 01:00 . 2007-12-10 14:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-04-23 00:59 . 2008-04-23 00:59 <DIR> d-------- C:\Users\steve\AppData\Roaming\PC Tools
2008-04-23 00:59 . 2008-04-27 12:41 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-04-23 00:31 . 2008-04-23 00:31 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-04-23 00:24 . 2008-04-23 00:24 <DIR> dr------- C:\Windows\System32\config\systemprofile\Documents
2008-04-22 23:35 . 2008-04-22 23:35 <DIR> d--h----- C:\Windows\PIF
2008-04-22 23:24 . 2008-04-23 02:58 <DIR> d-------- C:\Users\All Users\Avira
2008-04-22 23:24 . 2008-04-23 02:58 <DIR> d-------- C:\ProgramData\Avira
2008-04-22 23:00 . 2008-04-23 02:18 <DIR> d-------- C:\Users\steve\AppData\Roaming\SUPERAntiSpyware.com
2008-04-22 23:00 . 2008-04-22 23:00 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-04-22 23:00 . 2008-04-22 23:00 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-04-22 21:52 . 2008-04-22 21:52 <DIR> d-------- C:\Users\steve\AppData\Roaming\WildPackets

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-27 15:04 77,371 ----a-w C:\Users\steve\AppData\Roaming\nvModes.dat
2008-04-27 12:30 --------- d---a-w C:\ProgramData\TEMP
2008-04-27 02:59 --------- d-----w C:\Users\steve\AppData\Roaming\dvdcss
2008-04-26 23:09 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-26 19:18 --------- d-----w C:\Users\steve\AppData\Roaming\uTorrent
2008-04-26 02:05 --------- d-----w C:\Program Files\Java
2008-04-24 23:49 88 --sh--r C:\Users\All Users\D172C11D73.sys
2008-04-24 23:49 88 --sh--r C:\ProgramData\D172C11D73.sys
2008-04-24 23:49 2,828 --sha-w C:\Users\All Users\KGyGaAvL.sys
2008-04-24 23:49 2,828 --sha-w C:\ProgramData\KGyGaAvL.sys
2008-04-24 17:54 174 --sha-w C:\Program Files\desktop.ini
2008-04-24 17:43 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-24 17:43 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-24 17:43 --------- d-----w C:\Program Files\Windows Mail
2008-04-24 17:43 --------- d-----w C:\Program Files\Windows Journal
2008-04-24 17:43 --------- d-----w C:\Program Files\Windows Defender
2008-04-24 17:43 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-24 17:43 --------- d-----w C:\Program Files\Windows Calendar
2008-04-24 16:13 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-04-24 16:13 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-23 20:36 --------- d-----w C:\Program Files\ImTOO
2008-04-23 02:51 --------- d-----w C:\Program Files\CONEXANT
2008-04-22 20:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-20 16:29 --------- d-----w C:\ProgramData\Roxio
2008-03-24 19:01 --------- d-----w C:\ProgramData\DVD Shrink
2008-03-23 01:48 --------- d-----w C:\Program Files\Common Files\snpstd3
2008-03-23 01:45 --------- d-----w C:\Program Files\Mingjong
2008-03-23 01:44 --------- d-----w C:\Program Files\camtool
2008-03-22 04:08 --------- d-----w C:\Users\steve\AppData\Roaming\muvee Technologies
2008-03-22 04:08 --------- d-----w C:\ProgramData\muvee Technologies
2008-03-22 03:57 --------- d-----w C:\Users\steve\AppData\Roaming\ESTsoft
2008-03-22 03:57 --------- d-----w C:\Program Files\ESTsoft
2008-03-22 03:55 --------- d-----w C:\Users\steve\AppData\Roaming\PeerNetworking
2008-03-22 03:38 --------- d-----w C:\Users\steve\AppData\Roaming\gtk-2.0
2008-03-22 03:31 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-03-22 01:59 --------- d-----w C:\Program Files\WinAVIVideoConverter
2008-03-21 23:19 --------- d-----w C:\Program Files\SlySoft
2008-03-21 23:16 --------- d-----w C:\Users\steve\AppData\Roaming\SlySoft
2008-03-21 23:15 --------- d-----w C:\ProgramData\SlySoft
2008-03-21 22:54 --------- d-----w C:\ProgramData\Sonic
2008-03-21 22:23 --------- d-----w C:\Program Files\DVD Decrypter
2008-03-21 22:22 --------- d-----w C:\Program Files\DVD Shrink
2008-03-21 22:14 --------- d-----w C:\Program Files\uTorrent
2008-03-20 23:59 --------- d-----w C:\Users\steve\AppData\Roaming\Roxio
2008-03-14 23:06 --------- d-----w C:\ProgramData\Symantec
2008-03-14 20:28 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-14 20:22 --------- d-----w C:\ProgramData\Napster
2008-03-09 20:29 --------- d-----w C:\Program Files\Lionhead Studios
2008-03-09 16:56 43,520 ----a-w C:\Windows\System32\CmdLineExt03.dll
2008-03-09 16:56 --------- d-----w C:\Users\steve\AppData\Roaming\Atari
2008-03-09 16:55 --------- d-----w C:\Users\steve\AppData\Roaming\Leadertech
2008-03-09 16:48 --------- d-----w C:\Program Files\Atari
2008-03-09 01:48 --------- d-----w C:\Program Files\AviSynth 2.5
2008-03-09 01:47 --------- d-----w C:\Program Files\eRightSoft
2008-03-08 17:09 0 ----a-w C:\Users\steve\AppData\Roaming\wklnhst.dat
2008-03-08 10:22 --------- d-----w C:\Users\steve\AppData\Roaming\vlc
2008-03-08 10:21 --------- d-----w C:\Program Files\VideoLAN
2008-03-05 23:07 --------- d-----w C:\Program Files\Infogrames
2008-03-05 14:56 --------- d-----w C:\ProgramData\InstallShield
2008-03-05 14:47 --------- d-----w C:\Program Files\The Creative Assembly
2008-03-05 14:47 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-04 01:34 2,125,312 ----a-w C:\Windows\System32\CnxtAp32.dll
2008-03-04 01:32 188,416 ----a-w C:\Windows\system32\drivers\CHDRT32.sys
2008-03-03 01:49 --------- d-----w C:\Users\steve\AppData\Roaming\Corel
2008-03-03 01:35 --------- d-----w C:\ProgramData\Corel
2008-03-03 01:35 --------- d-----w C:\Program Files\Common Files\Protexis
2008-03-03 01:33 --------- d-----w C:\Program Files\Common Files\Corel
2008-03-03 01:32 --------- d-----w C:\Program Files\Corel
2008-03-01 08:03 --------- d-----w C:\ProgramData\CyberLink
2008-03-01 07:47 --------- d-----w C:\Users\steve\AppData\Roaming\HP
2008-03-01 07:47 --------- d-----w C:\Users\steve\AppData\Roaming\CyberLink
2008-03-01 07:47 --------- d-----w C:\ProgramData\HP
2008-03-01 07:16 --------- d-----w C:\Program Files\WIDCOMM
2008-03-01 07:14 0 --sha-r C:\Windows\system32\drivers\103C_HP_cNB_Pavilion dv2500 Notebook PC_Y5335KV_0U_Q2CE7473H0K_E454482-031_4A_I30CE_SWistron_V80.39_F.13_T070810_WV3-0_L409_M2046_J160_7Intel_86FD_91.50_#080301_N11AB4353;80864222_(GT887EA#ABU)_XMO
BILE_CN10_Z.MRK
2008-03-01 07:10 --------- d-----w C:\Users\steve\AppData\Roaming\Hewlett-Packard
2008-03-01 07:01 --------- d-sh--w C:\ProgramData\Templates
2008-03-01 07:01 --------- d-sh--w C:\ProgramData\Start Menu
2008-03-01 07:01 --------- d-sh--w C:\ProgramData\Favorites
2008-03-01 07:01 --------- d-sh--w C:\ProgramData\Documents
2008-03-01 07:01 --------- d-sh--w C:\ProgramData\Desktop
2008-03-01 07:01 --------- d-sh--w C:\ProgramData\Application Data
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll
2005-05-13 17:12 217,073 --sha-r C:\Windows\meta4.exe
2005-10-24 11:13 66,560 --sha-r C:\Windows\MOTA113.exe
2005-10-13 21:27 422,400 --sha-r C:\Windows\x2.64.exe
2005-10-07 19:14 308,224 --sha-r C:\Windows\System32\avisynth.dll
2005-07-14 12:31 27,648 --sha-r C:\Windows\System32\AVSredirect.dll
2005-06-26 15:32 616,448 --sha-r C:\Windows\System32\cygwin1.dll
2005-06-21 22:37 45,568 --sha-r C:\Windows\System32\cygz.dll
2004-01-25 00:00 70,656 --sha-r C:\Windows\System32\i420vfw.dll
2006-04-27 10:24 2,945,024 --sha-r C:\Windows\System32\Smab.dll
2005-02-28 13:16 240,128 --sha-r C:\Windows\System32\x.264.exe
2004-01-25 00:00 70,656 --sha-r C:\Windows\System32\yv12vfw.dll
.

((((((((((((((((((((((((((((( [email protected]_13.39.31.94 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-27 12:35:03 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-04-27 12:35:03 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-04-27 11:30:01 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-04-27 14:50:15 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-04-27 12:35:16 212,992 ----a-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-04-27 12:36:12 212,992 ----a-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
- 2008-04-27 11:34:24 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-04-27 15:08:16 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-04-27 12:35:16 241,664 ----a-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-04-27 12:36:07 241,664 ----a-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
- 2008-04-27 12:26:55 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-27 12:44:07 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-27 12:26:55 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-27 12:44:07 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-27 12:26:55 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-27 12:44:07 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-27 12:33:36 112,240 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-04-27 15:07:27 113,434 ----a-w C:\Windows\System32\perfc009.dat
- 2008-04-27 12:33:36 611,194 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-04-27 15:07:27 612,790 ----a-w C:\Windows\System32\perfh009.dat
- 2008-04-27 03:16:28 9,288 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2004156354-2581284973-3441749290-1000_UserData.bin
+ 2008-04-27 12:37:06 9,344 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2004156354-2581284973-3441749290-1000_UserData.bin
- 2008-04-27 03:16:28 76,580 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-27 12:37:05 76,612 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
2008-04-26 19:08 34816 --a------ C:\Program Files\Java\jre6\bin\jp2ssv.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 08:33 125952]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30 249856]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 08:33 1233920]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 08:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-03-11 12:21 159744]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 15:37 174872]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-24 02:11 176128]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 19:54 50696]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 07:11 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-04-26 19:10 148888]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 18:37 79224]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-01-27 06:38 316728]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-04-29 11:05 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-04-29 11:05 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-04-29 11:05 81920]

C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/27/2006 4:24:54 AM 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\AlienGUIse\wbsrv.dll 2007-09-24 15:57 197912 C:\Program Files\AlienGUIse\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
"MSServer"=rundll32.exe C:\Windows\system32\nnnoPJAS.dll,#1

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2004156354-2581284973-3441749290-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{EC1B7C31-3CE6-47F7-A9B5-C0D88EB6F23B}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{EAEFFE36-501B-4052-A1CE-96AC429CC8F9}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0BBF0860-3612-4832-A4D2-37805D440466}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{B1DB76DF-1C2A-47BF-85F4-1062F23B5B8E}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{8E864A6C-D82B-498D-87B5-E0388E36825B}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{BE2C8919-321F-4BCA-91C5-66E4F13DE616}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{81043D8E-BF59-40E5-95AA-7D4C19CEFB95}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{F666193A-7CA1-4BB4-A720-081732B56D39}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{4291D339-3FD8-441A-84B6-D43DCB82466C}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{5960AC78-1ED4-4428-9063-0BFEDB8FBBE7}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.321\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.321\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"UDP Query User{659007F2-F48D-427C-B269-C0765EEBF251}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.321\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.321\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"TCP Query User{A0AAE278-ECEA-445F-B0F6-7C1BA58B082E}C:\\program files\\cain\\cain.exe"= UDP:C:\program files\cain\cain.exe:Cain - Password Recovery Utility
"UDP Query User{74F09369-3D4D-4EBF-9991-01E96993FCE3}C:\\program files\\cain\\cain.exe"= TCP:C:\program files\cain\cain.exe:Cain - Password Recovery Utility
"TCP Query User{1DE7BEDD-9E12-49BF-8951-EF6B54168ADB}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{357A7919-64AF-48B3-A806-CC9CC574F1DF}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 18:31]
R1 hqiopa;hqiopa;C:\Windows\system32\hqiopa.sys [2008-04-27 01:48]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 18:35]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 18:32]
R2 JavaQuickStarterService;Java Quick Starter;"C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" []
R2 PSI_SVC_2;Protexis Licensing V2;"c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" [2007-07-24 12:15]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 06:27]
R3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-01-02 11:45]
R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-01-02 11:45]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-01-02 11:45]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 02:32]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 09:51]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 08:30]
S3 mod7700;DiBcom DIB7700 based TV tuner device;C:\Windows\system32\Drivers\dvb7700all.sys [2007-04-17 11:09]
S3 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [2007-06-21 21:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-27 16:10:35
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-27 16:11:39
ComboFix-quarantined-files.txt 2008-04-27 15:11:34
ComboFix2.txt 2008-04-27 12:41:06
ComboFix3.txt 2008-04-25 23:46:04

Pre-Run: 86,442,565,632 bytes free
Post-Run: 86,405,709,824 bytes free

366 --- E O F --- 2008-04-24 16:16:14

Edited by sonicreducer, 28 April 2008 - 05:00 PM.

  • 0

#9
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

File::
C:\Windows\System32\rvmsiimg.dll
C:\mxuxc.exe
C:\Windows\System32\hqiopa.sys
C:\jgkpt.exe
C:\1223042813
C:\Windows\system32\hqiopa.sys
C:\Windows\system32\nnnoPJAS.dll

Folder::


Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MSServer"=-

Driver::
hqiopa


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall




Reboot and post a new HijackThis log
  • 0

#10
sonicreducer

sonicreducer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
sorry about the delay again, ruddy work commitments! when i first run combofix i got a blue screen! so i ran it again and this time success! :)




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:56:55, on 29/04/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Users\steve\Downloads\virus+spyware\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfr..._instmodule.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\PROGRA~1\ALIENG~1\VistaSrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7932 bytes
  • 0

Advertisements


#11
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Can you post the ComboFix log and do this

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan. Check all the boxes and click Start Scan
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Also tell me how your PC is running
  • 0

#12
sonicreducer

sonicreducer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
heres the comofix log:

ComboFix 08-04-26.3 - steve 2008-04-29 17:42:38.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1309 [GMT 1:00]
Running from: C:\Users\steve\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

G:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-29 )))))))))))))))))))))))))))))))
.

2008-04-29 17:38 . 2008-04-29 17:39 238,877,230 --a------ C:\Windows\MEMORY.DMP
2008-04-29 00:41 . 2008-04-29 00:42 <DIR> d-------- C:\Users\steve\aircon faults
2008-04-27 13:29 . 2008-04-27 13:29 1,776,621 --a------ C:\Users\steve\ComboFix.exe
2008-04-27 12:39 . 2008-04-27 12:39 53,312 --a------ C:\Windows\System32\rvmsiimg.dll
2008-04-27 12:20 . 2008-04-27 12:20 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2008-04-27 12:20 . 2008-04-27 12:20 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-04-27 12:20 . 2008-04-27 12:20 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-04-27 01:48 . 2008-04-27 01:48 70,578 --a------ C:\Windows\System32\hqiopa.sys
2008-04-27 01:48 . 2008-04-27 01:48 0 --a------ C:\1223042813
2008-04-27 00:34 . 2008-04-27 00:34 <DIR> d-------- C:\Users\steve\AppData\Roaming\KompoZer
2008-04-27 00:29 . 2008-04-27 00:29 <DIR> d-------- C:\Program Files\MagicISO
2008-04-27 00:16 . 2008-04-27 00:16 118,784 --a------ C:\Windows\GREUninstall.exe
2008-04-27 00:16 . 2008-04-27 00:16 8,618 --a------ C:\Windows\mozver.dat
2008-04-27 00:16 . 2008-04-27 00:16 335 --a------ C:\Windows\nsreg.dat
2008-04-26 23:27 . 2008-04-27 00:19 <DIR> d-------- C:\Program Files\EwisoftWeb
2008-04-26 20:30 . 2008-04-27 01:49 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{7ed8d1c0-13bd-11dd-aa06-001e37679f0d}.TMContainer00000000000000000002.regtrans-ms
2008-04-26 20:30 . 2008-04-29 14:10 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{7ed8d1c0-13bd-11dd-aa06-001e37679f0d}.TMContainer00000000000000000001.regtrans-ms
2008-04-26 20:30 . 2008-04-27 01:49 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\ntuser.dat{7ed8d1c2-13bd-11dd-aa06-001e37679f0d}.TMContainer00000000000000000002.regtrans-ms
2008-04-26 20:30 . 2008-04-29 14:10 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\ntuser.dat{7ed8d1c2-13bd-11dd-aa06-001e37679f0d}.TMContainer00000000000000000001.regtrans-ms
2008-04-26 20:30 . 2008-04-29 14:10 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{7ed8d1c0-13bd-11dd-aa06-001e37679f0d}.TM.blf
2008-04-26 20:30 . 2008-04-29 14:10 65,536 --ahs---- C:\Windows\ServiceProfiles\LocalService\ntuser.dat{7ed8d1c2-13bd-11dd-aa06-001e37679f0d}.TM.blf
2008-04-26 20:29 . 2008-04-26 20:29 0 --ah----- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.rctemp.LOG2
2008-04-26 20:29 . 2008-04-26 20:29 0 --ah----- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.rctemp.LOG1
2008-04-26 20:29 . 2008-04-26 20:29 0 --ah----- C:\Windows\ServiceProfiles\LocalService\ntuser.dat.rctemp.LOG2
2008-04-26 20:29 . 2008-04-26 20:29 0 --ah----- C:\Windows\ServiceProfiles\LocalService\ntuser.dat.rctemp.LOG1
2008-04-26 20:25 . 2008-04-26 20:25 216,127,484 --a------ C:\BackupRegistry(20080426)cleaner.reg
2008-04-26 19:55 . 2008-04-26 19:55 216,278,948 --a------ C:\BackupRegistry(20080426).reg
2008-04-26 19:45 . 2008-04-26 19:45 <DIR> d-------- C:\Program Files\Yamicsoft
2008-04-26 19:42 . 2008-04-26 19:42 <DIR> d-------- C:\Windows\TweakVI
2008-04-26 19:42 . 2008-04-26 19:42 0 --a------ C:\Windows\System32\tviresource.val
2008-04-26 19:08 . 2008-04-26 19:08 410,976 --a------ C:\Windows\System32\deploytk.dll
2008-04-26 17:21 . 2008-04-26 17:36 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{b63d8326-13a9-11dd-b243-001e37679f0d}.TMContainer00000000000000000002.regtrans-ms
2008-04-26 17:21 . 2008-04-26 18:12 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{b63d8326-13a9-11dd-b243-001e37679f0d}.TMContainer00000000000000000001.regtrans-ms
2008-04-26 17:21 . 2008-04-26 17:36 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\ntuser.dat{b63d8328-13a9-11dd-b243-001e37679f0d}.TMContainer00000000000000000002.regtrans-ms
2008-04-26 17:21 . 2008-04-26 18:12 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\ntuser.dat{b63d8328-13a9-11dd-b243-001e37679f0d}.TMContainer00000000000000000001.regtrans-ms
2008-04-26 17:21 . 2008-04-26 17:36 524,288 --ahs---- C:\Users\steve\ntuser.dat{b63d832a-13a9-11dd-b243-001e37679f0d}.TMContainer00000000000000000002.regtrans-ms
2008-04-26 17:21 . 2008-04-26 18:12 524,288 --ahs---- C:\Users\steve\ntuser.dat{b63d832a-13a9-11dd-b243-001e37679f0d}.TMContainer00000000000000000001.regtrans-ms
2008-04-26 17:21 . 2008-04-26 18:12 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{b63d8326-13a9-11dd-b243-001e37679f0d}.TM.blf
2008-04-26 17:21 . 2008-04-26 18:12 65,536 --ahs---- C:\Windows\ServiceProfiles\LocalService\ntuser.dat{b63d8328-13a9-11dd-b243-001e37679f0d}.TM.blf
2008-04-26 17:21 . 2008-04-26 18:12 65,536 --ahs---- C:\Users\steve\ntuser.dat{b63d832a-13a9-11dd-b243-001e37679f0d}.TM.blf
2008-04-26 17:20 . 2008-04-26 17:20 262,144 --ah----- C:\Users\steve\ntuser.dat_TU_58328.LOG1
2008-04-26 17:20 . 2008-04-26 17:20 0 --ah----- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat_TU_87191.LOG2
2008-04-26 17:20 . 2008-04-26 17:20 0 --ah----- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat_TU_87191.LOG1
2008-04-26 17:20 . 2008-04-26 17:20 0 --ah----- C:\Windows\ServiceProfiles\LocalService\ntuser.dat_TU_23579.LOG2
2008-04-26 17:20 . 2008-04-26 17:20 0 --ah----- C:\Windows\ServiceProfiles\LocalService\ntuser.dat_TU_23579.LOG1
2008-04-26 17:20 . 2008-04-26 17:20 0 --ah----- C:\Users\steve\ntuser.dat_TU_58328.LOG2
2008-04-26 16:10 . 2008-04-26 16:10 <DIR> d-------- C:\Users\steve\New Folder(547)
2008-04-26 16:10 . 2008-04-26 16:10 <DIR> d-------- C:\Users\steve\my letters
2008-04-26 14:48 . 2008-04-26 14:48 <DIR> d-------- C:\Users\steve\AppData\Roaming\TuneUp Software
2008-04-26 14:48 . 2008-04-26 14:48 <DIR> d-------- C:\Users\All Users\TuneUp Software
2008-04-26 14:48 . 2008-04-26 14:48 <DIR> d-------- C:\ProgramData\TuneUp Software
2008-04-26 14:47 . 2008-04-26 14:48 <DIR> d-------- C:\Program Files\TuneUp Utilities 2007
2008-04-26 13:51 . 2008-04-26 15:42 <DIR> d-------- C:\Users\maximum bob
2008-04-26 13:06 . 2008-04-26 13:06 <DIR> d-------- C:\Program Files\NeoSmart Technologies
2008-04-26 03:46 . 2008-04-26 15:07 <DIR> d-------- C:\Program Files\Wise Registry Cleaner 3
2008-04-26 02:09 . 2008-03-01 14:51 524,288 --ahs---- C:\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
2008-04-26 02:09 . 2008-04-26 00:39 524,288 --ahs---- C:\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
2008-04-26 02:09 . 2008-04-26 00:39 65,536 --ahs---- C:\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
2008-04-25 22:41 . 2008-04-25 22:41 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe
2008-04-25 21:32 . 1999-12-21 07:58 21,312 --a------ C:\Windows\choice.exe
2008-04-25 21:17 . 2007-09-12 18:58 58,792 --a------ C:\Windows\System32\wbload.dll
2008-04-25 21:16 . 2008-04-25 21:16 3,932,214 --a------ C:\Windows\InvaderDark1280.bmp
2008-04-25 20:55 . 2008-04-25 20:55 3,932,214 --a------ C:\Windows\AW_XenoMorph1280.bmp
2008-04-25 20:54 . 2005-02-01 15:20 5,760,056 --a------ C:\Windows\Darkstar.bmp
2008-04-25 20:30 . 2008-04-27 03:59 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-04-25 20:30 . 2008-04-26 19:57 <DIR> d-------- C:\Program Files\AlienGUIse
2008-04-25 20:30 . 2007-07-11 15:06 42,672 --a------ C:\Windows\System32\wbsys.dll
2008-04-25 20:30 . 2008-04-25 20:30 56 --a------ C:\Windows\wb.ini
2008-04-25 16:35 . 2008-04-27 03:59 <DIR> d-------- C:\Users\steve\.SunDownloadManager
2008-04-25 00:30 . 2008-04-25 00:30 <DIR> d-------- C:\Program Files\Effective Studios
2008-04-24 18:42 . 2008-04-24 18:42 <DIR> d-------- C:\PerfLogs
2008-04-24 16:58 . 2008-01-19 08:33 2,623,488 --a------ C:\Windows\System32\SLsvc.exe
2008-04-24 16:58 . 2008-01-19 08:36 1,541,120 --a------ C:\Windows\System32\onex.dll
2008-04-24 16:55 . 2008-01-19 08:35 4,875,776 --a------ C:\Windows\System32\NlsData0009.dll
2008-04-24 16:54 . 2008-01-19 08:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-04-24 16:53 . 2008-01-19 08:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll
2008-04-24 16:52 . 2008-01-19 08:32 5,714,432 --a------ C:\Windows\System32\logon.scr
2008-04-24 16:51 . 2008-01-19 07:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-04-24 16:50 . 2008-01-19 08:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-04-24 16:50 . 2008-01-05 12:31 145,455 --a------ C:\Windows\System32\perfmon.msc
2008-04-24 16:50 . 2008-01-05 12:22 144,909 --a------ C:\Windows\System32\fsmgmt.msc
2008-04-24 16:50 . 2008-01-05 12:34 15,181 --a------ C:\Windows\System32\gatherWirelessInfo.vbs
2008-04-24 16:50 . 2008-01-05 12:21 12,198 --a------ C:\Windows\System32\gatherWiredInfo.vbs
2008-04-24 16:50 . 2008-01-19 08:31 7,680 --a------ C:\Windows\System32\spwizres.dll
2008-04-24 16:50 . 2008-01-19 08:28 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
2008-04-24 16:50 . 2008-01-19 06:37 2,048 --a------ C:\Windows\System32\wertargets.wtl
2008-04-24 16:50 . 2008-01-05 12:39 150 --a------ C:\Windows\System32\RacUREx.xml
2008-04-24 16:50 . 2008-01-05 12:31 3 --a------ C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
2008-04-24 16:49 . 2008-01-19 08:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-04-24 16:49 . 2008-01-19 08:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-04-24 16:49 . 2008-01-19 08:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-04-24 16:49 . 2008-01-19 08:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-04-24 16:49 . 2008-01-19 08:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-04-24 16:48 . 2008-01-19 08:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-04-24 16:48 . 2008-01-19 08:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-04-24 16:48 . 2008-01-19 08:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-04-24 16:48 . 2006-11-02 10:45 181,760 --a------ C:\Windows\System32\fsquirt.exe
2008-04-24 16:48 . 2008-01-19 08:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-04-24 16:48 . 2006-11-02 10:39 6,656 --a------ C:\Windows\System32\kbd106.dll
2008-04-23 19:07 . 2008-04-23 19:07 <DIR> d--h----- C:\Windows\Content.IE5
2008-04-23 18:54 . 2008-04-23 18:54 691 --a------ C:\Users\steve\AppData\Roaming\GetValue.vbs
2008-04-23 18:54 . 2008-04-23 18:54 35 --a------ C:\Users\steve\AppData\Roaming\SetValue.bat
2008-04-23 18:26 . 2003-06-05 21:13 53,248 --a------ C:\Windows\System32\Process.exe
2008-04-23 18:26 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-04-23 03:18 . 2008-04-27 03:59 <DIR> d-------- C:\Users\steve\AppData\Roaming\WinPatrol
2008-04-23 03:18 . 2008-04-23 03:18 <DIR> d-------- C:\Program Files\BillP Studios
2008-04-23 02:03 . 2008-03-29 18:32 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-04-23 02:00 . 2008-04-23 02:00 130 --a------ C:\Windows\ODBC.INI
2008-04-23 01:50 . 2008-04-23 01:50 <DIR> d-------- C:\Program Files\Alwil Software
2008-04-23 01:00 . 2007-12-10 14:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-04-23 01:00 . 2007-12-10 14:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-04-23 01:00 . 2007-12-10 14:53 41,864 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-04-23 01:00 . 2007-12-10 14:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-04-23 00:59 . 2008-04-23 00:59 <DIR> d-------- C:\Users\steve\AppData\Roaming\PC Tools
2008-04-23 00:59 . 2008-04-27 12:41 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-04-23 00:31 . 2008-04-23 00:31 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-04-23 00:24 . 2008-04-23 00:24 <DIR> dr------- C:\Windows\System32\config\systemprofile\Documents
2008-04-22 23:35 . 2008-04-22 23:35 <DIR> d--h----- C:\Windows\PIF
2008-04-22 23:24 . 2008-04-23 02:58 <DIR> d-------- C:\Users\All Users\Avira
2008-04-22 23:24 . 2008-04-23 02:58 <DIR> d-------- C:\ProgramData\Avira
2008-04-22 23:00 . 2008-04-23 02:18 <DIR> d-------- C:\Users\steve\AppData\Roaming\SUPERAntiSpyware.com
2008-04-22 23:00 . 2008-04-22 23:00 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-04-22 23:00 . 2008-04-22 23:00 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-04-22 21:52 . 2008-04-22 21:52 <DIR> d-------- C:\Users\steve\AppData\Roaming\WildPackets
2008-04-22 21:52 . 2005-12-05 14:08 607,432 -ra------ C:\Windows\System32\cfx4032.ocx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-28 02:09 --------- d-----w C:\Users\steve\AppData\Roaming\uTorrent
2008-04-28 00:05 88 --sh--r C:\Users\All Users\D172C11D73.sys
2008-04-28 00:05 88 --sh--r C:\ProgramData\D172C11D73.sys
2008-04-28 00:05 2,828 --sha-w C:\Users\All Users\KGyGaAvL.sys
2008-04-28 00:05 2,828 --sha-w C:\ProgramData\KGyGaAvL.sys
2008-04-27 22:51 77,371 ----a-w C:\Users\steve\AppData\Roaming\nvModes.dat
2008-04-27 12:30 --------- d---a-w C:\ProgramData\TEMP
2008-04-27 02:59 --------- d-----w C:\Users\steve\AppData\Roaming\dvdcss
2008-04-26 23:09 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-26 02:05 --------- d-----w C:\Program Files\Java
2008-04-24 17:54 174 --sha-w C:\Program Files\desktop.ini
2008-04-24 17:43 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-24 17:43 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-24 17:43 --------- d-----w C:\Program Files\Windows Mail
2008-04-24 17:43 --------- d-----w C:\Program Files\Windows Journal
2008-04-24 17:43 --------- d-----w C:\Program Files\Windows Defender
2008-04-24 17:43 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-24 17:43 --------- d-----w C:\Program Files\Windows Calendar
2008-04-24 16:13 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-04-24 16:13 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-23 20:36 --------- d-----w C:\Program Files\ImTOO
2008-04-23 02:51 --------- d-----w C:\Program Files\CONEXANT
2008-04-22 20:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-20 16:29 --------- d-----w C:\ProgramData\Roxio
2008-03-24 19:01 --------- d-----w C:\ProgramData\DVD Shrink
2008-03-23 01:48 --------- d-----w C:\Program Files\Common Files\snpstd3
2008-03-23 01:45 --------- d-----w C:\Program Files\Mingjong
2008-03-23 01:44 --------- d-----w C:\Program Files\camtool
2008-03-22 04:08 --------- d-----w C:\Users\steve\AppData\Roaming\muvee Technologies
2008-03-22 04:08 --------- d-----w C:\ProgramData\muvee Technologies
2008-03-22 03:57 --------- d-----w C:\Users\steve\AppData\Roaming\ESTsoft
2008-03-22 03:57 --------- d-----w C:\Program Files\ESTsoft
2008-03-22 03:55 --------- d-----w C:\Users\steve\AppData\Roaming\PeerNetworking
2008-03-22 03:38 --------- d-----w C:\Users\steve\AppData\Roaming\gtk-2.0
2008-03-22 03:31 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-03-22 01:59 --------- d-----w C:\Program Files\WinAVIVideoConverter
2008-03-21 23:19 --------- d-----w C:\Program Files\SlySoft
2008-03-21 23:16 --------- d-----w C:\Users\steve\AppData\Roaming\SlySoft
2008-03-21 23:15 --------- d-----w C:\ProgramData\SlySoft
2008-03-21 22:54 --------- d-----w C:\ProgramData\Sonic
2008-03-21 22:23 --------- d-----w C:\Program Files\DVD Decrypter
2008-03-21 22:22 --------- d-----w C:\Program Files\DVD Shrink
2008-03-21 22:14 --------- d-----w C:\Program Files\uTorrent
2008-03-20 23:59 --------- d-----w C:\Users\steve\AppData\Roaming\Roxio
2008-03-14 23:06 --------- d-----w C:\ProgramData\Symantec
2008-03-14 20:28 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-14 20:22 --------- d-----w C:\ProgramData\Napster
2008-03-09 20:29 --------- d-----w C:\Program Files\Lionhead Studios
2008-03-09 16:56 43,520 ----a-w C:\Windows\System32\CmdLineExt03.dll
2008-03-09 16:56 --------- d-----w C:\Users\steve\AppData\Roaming\Atari
2008-03-09 16:55 --------- d-----w C:\Users\steve\AppData\Roaming\Leadertech
2008-03-09 16:48 --------- d-----w C:\Program Files\Atari
2008-03-09 01:48 --------- d-----w C:\Program Files\AviSynth 2.5
2008-03-09 01:47 --------- d-----w C:\Program Files\eRightSoft
2008-03-08 17:09 0 ----a-w C:\Users\steve\AppData\Roaming\wklnhst.dat
2008-03-08 10:22 --------- d-----w C:\Users\steve\AppData\Roaming\vlc
2008-03-08 10:21 --------- d-----w C:\Program Files\VideoLAN
2008-03-05 23:07 --------- d-----w C:\Program Files\Infogrames
2008-03-05 14:56 --------- d-----w C:\ProgramData\InstallShield
2008-03-05 14:47 --------- d-----w C:\Program Files\The Creative Assembly
2008-03-05 14:47 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-04 01:34 2,125,312 ----a-w C:\Windows\System32\CnxtAp32.dll
2008-03-04 01:32 188,416 ----a-w C:\Windows\system32\drivers\CHDRT32.sys
2008-03-03 01:49 --------- d-----w C:\Users\steve\AppData\Roaming\Corel
2008-03-03 01:35 --------- d-----w C:\ProgramData\Corel
2008-03-03 01:35 --------- d-----w C:\Program Files\Common Files\Protexis
2008-03-03 01:33 --------- d-----w C:\Program Files\Common Files\Corel
2008-03-03 01:32 --------- d-----w C:\Program Files\Corel
2008-03-01 08:03 --------- d-----w C:\ProgramData\CyberLink
2008-03-01 07:47 --------- d-----w C:\Users\steve\AppData\Roaming\HP
2008-03-01 07:47 --------- d-----w C:\Users\steve\AppData\Roaming\CyberLink
2008-03-01 07:47 --------- d-----w C:\ProgramData\HP
2008-03-01 07:16 --------- d-----w C:\Program Files\WIDCOMM
2008-03-01 07:14 0 --sha-r C:\Windows\system32\drivers\103C_HP_cNB_Pavilion dv2500 Notebook PC_Y5335KV_0U_Q2CE7473H0K_E454482-031_4A_I30CE_SWistron_V80.39_F.13_T070810_WV3-0_L409_M2046_J160_7Intel_86FD_91.50_#080301_N11AB4353;80864222_(GT887EA#ABU)_XMO
BILE_CN10_Z.MRK
2008-03-01 07:10 --------- d-----w C:\Users\steve\AppData\Roaming\Hewlett-Packard
2008-03-01 07:01 --------- d-sh--w C:\ProgramData\Templates
2008-03-01 07:01 --------- d-sh--w C:\ProgramData\Start Menu
2008-03-01 07:01 --------- d-sh--w C:\ProgramData\Favorites
2008-03-01 07:01 --------- d-sh--w C:\ProgramData\Documents
2008-03-01 07:01 --------- d-sh--w C:\ProgramData\Desktop
2008-03-01 07:01 --------- d-sh--w C:\ProgramData\Application Data
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll
2005-05-13 17:12 217,073 --sha-r C:\Windows\meta4.exe
2005-10-24 11:13 66,560 --sha-r C:\Windows\MOTA113.exe
2005-10-13 21:27 422,400 --sha-r C:\Windows\x2.64.exe
2005-10-07 19:14 308,224 --sha-r C:\Windows\System32\avisynth.dll
2005-07-14 12:31 27,648 --sha-r C:\Windows\System32\AVSredirect.dll
2005-06-26 15:32 616,448 --sha-r C:\Windows\System32\cygwin1.dll
2005-06-21 22:37 45,568 --sha-r C:\Windows\System32\cygz.dll
2004-01-25 00:00 70,656 --sha-r C:\Windows\System32\i420vfw.dll
2006-04-27 10:24 2,945,024 --sha-r C:\Windows\System32\Smab.dll
2005-02-28 13:16 240,128 --sha-r C:\Windows\System32\x.264.exe
2004-01-25 00:00 70,656 --sha-r C:\Windows\System32\yv12vfw.dll
.

((((((((((((((((((((((((((((( [email protected]_13.39.31.94 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-27 12:35:02 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-29 16:38:57 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-04-26 19:29:44 1,660 ----a-w C:\Windows\bthservsdp.dat
+ 2008-04-29 13:10:35 1,660 ----a-w C:\Windows\bthservsdp.dat
+ 2008-04-29 16:38:58 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-04-29 16:38:58 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-04-27 11:30:01 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-04-29 16:40:41 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-04-27 12:35:16 212,992 ----a-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-04-29 16:43:02 212,992 ----a-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
- 2008-04-27 11:34:24 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-04-29 16:41:37 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-04-27 12:35:16 241,664 ----a-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-04-29 16:42:46 241,664 ----a-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
- 2008-04-27 12:26:55 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-29 16:40:27 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-27 12:26:55 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-29 16:40:27 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-27 12:26:55 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-29 16:40:27 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-27 12:33:36 112,240 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-04-29 15:56:20 113,434 ----a-w C:\Windows\System32\perfc009.dat
- 2008-04-27 12:33:36 611,194 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-04-29 15:56:20 612,790 ----a-w C:\Windows\System32\perfh009.dat
- 2008-04-27 03:16:28 9,288 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2004156354-2581284973-3441749290-1000_UserData.bin
+ 2008-04-29 16:43:19 9,360 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2004156354-2581284973-3441749290-1000_UserData.bin
- 2008-04-27 03:16:28 76,580 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-29 16:43:19 77,112 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-04-26 18:23:47 47,302 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-04-29 15:54:48 48,324 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-04-26 17:16:13 128,086 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-04-27 21:15:10 153,140 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
2008-04-26 19:08 34816 --a------ C:\Program Files\Java\jre6\bin\jp2ssv.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 08:33 125952]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30 249856]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 08:33 1233920]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 08:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-03-11 12:21 159744]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 15:37 174872]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-24 02:11 176128]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 19:54 50696]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 07:11 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-04-26 19:10 148888]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 18:37 79224]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-01-27 06:38 316728]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-04-29 11:05 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-04-29 11:05 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-04-29 11:05 81920]

C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/27/2006 4:24:54 AM 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\AlienGUIse\wbsrv.dll 2007-09-24 15:57 197912 C:\Program Files\AlienGUIse\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2004156354-2581284973-3441749290-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{EC1B7C31-3CE6-47F7-A9B5-C0D88EB6F23B}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{EAEFFE36-501B-4052-A1CE-96AC429CC8F9}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0BBF0860-3612-4832-A4D2-37805D440466}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{B1DB76DF-1C2A-47BF-85F4-1062F23B5B8E}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{8E864A6C-D82B-498D-87B5-E0388E36825B}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{BE2C8919-321F-4BCA-91C5-66E4F13DE616}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{81043D8E-BF59-40E5-95AA-7D4C19CEFB95}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{F666193A-7CA1-4BB4-A720-081732B56D39}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{4291D339-3FD8-441A-84B6-D43DCB82466C}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{5960AC78-1ED4-4428-9063-0BFEDB8FBBE7}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.321\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.321\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"UDP Query User{659007F2-F48D-427C-B269-C0765EEBF251}C:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.321\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.321\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"TCP Query User{A0AAE278-ECEA-445F-B0F6-7C1BA58B082E}C:\\program files\\cain\\cain.exe"= UDP:C:\program files\cain\cain.exe:Cain - Password Recovery Utility
"UDP Query User{74F09369-3D4D-4EBF-9991-01E96993FCE3}C:\\program files\\cain\\cain.exe"= TCP:C:\program files\cain\cain.exe:Cain - Password Recovery Utility
"TCP Query User{1DE7BEDD-9E12-49BF-8951-EF6B54168ADB}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{357A7919-64AF-48B3-A806-CC9CC574F1DF}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 18:31]
R1 hqiopa;hqiopa;C:\Windows\system32\hqiopa.sys [2008-04-27 01:48]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 18:35]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 18:32]
R2 JavaQuickStarterService;Java Quick Starter;"C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" []
R2 PSI_SVC_2;Protexis Licensing V2;"c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" [2007-07-24 12:15]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 06:27]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 02:32]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 09:51]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 08:30]
S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-01-02 11:45]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-01-02 11:45]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-01-02 11:45]
S3 mod7700;DiBcom DIB7700 based TV tuner device;C:\Windows\system32\Drivers\dvb7700all.sys [2007-04-17 11:09]
S3 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [2007-06-21 21:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-29 17:45:27
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-29 17:46:43
ComboFix-quarantined-files.txt 2008-04-29 16:46:38
ComboFix2.txt 2008-04-27 15:11:40
ComboFix3.txt 2008-04-27 12:41:06
ComboFix4.txt 2008-04-25 23:46:04

Pre-Run: 80,787,415,040 bytes free
Post-Run: 80,746,160,128 bytes free

380 --- E O F --- 2008-04-24 16:16:14

be back in a min just gonna run mbam
  • 0

#13
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Can you do this as well


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\Windows\System32\rvmsiimg.dll
    C:\mxuxc.exe
    C:\Windows\System32\hqiopa.sys
    C:\jgkpt.exe
    C:\1223042813
    C:\Windows\system32\hqiopa.sys
    C:\Windows\system32\nnnoPJAS.dll
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-\\MSServer
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hqiopa
    purity 
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
  • 0

#14
sonicreducer

sonicreducer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
oooh dear! typhoid mary springs to mind!



Malwarebytes' Anti-Malware 1.11
Database version: 697

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 214396
Time elapsed: 1 hour(s), 38 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hqiopa (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\hqiopa (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hqiopa (Rootkit.Agent) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_CLASSES_ROOT\dpevflbg.bvtl (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\dpevflbg.toolbar.1 (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\QooBox\Quarantine\C\Windows\17PHolmes1535.exe.vir (Trojan.Downloader) -> No action taken.
C:\QooBox\Quarantine\C\Windows\System32\nnnoPJAS.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\Windows\System32\rqRKEWQg.dll.vir (Trojan.Vundo) -> No action taken.
C:\QooBox\Quarantine\C\Windows\System32\urqQjgGY.dll.vir (Trojan.Vundo) -> No action taken.
C:\Windows\System32\VBIEWER.OCX (Trojan.Agent) -> No action taken.
C:\Windows\System32\hqiopa.sys (Rootkit.Agent) -> No action taken.
  • 0

#15
sonicreducer

sonicreducer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
move it log file:

Explorer killed successfully
File/Folder C:\Windows\System32\rvmsiimg.dll not found.
File/Folder C:\mxuxc.exe not found.
File/Folder C:\Windows\System32\hqiopa.sys not found.
File/Folder C:\jgkpt.exe not found.
File/Folder C:\1223042813 not found.
File/Folder C:\Windows\system32\hqiopa.sys not found.
File/Folder C:\Windows\system32\nnnoPJAS.dll not found.
< HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-\\MSServer >
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-\\MSServer not found.
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hqiopa >
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hqiopa\\ not found.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 042

my pc is a bit shaky over all, its taking a while for windows to settle down on boot up and something is now blasting winpatrol as a change of registry.

Edited by sonicreducer, 29 April 2008 - 02:23 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP