Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I'm still treading water but fear I may drown [RESOLVED]


  • This topic is locked This topic is locked

#1
mrhiccups

mrhiccups

    Member

  • Member
  • PipPip
  • 19 posts
Hi there

I am infected. avg and adaware remove what they can but the anti-spyware pop-ups still appear if I do any browsing therefore I don't.
I have been running scans in safe mode with no luck. Here is my hijackthis log:



Scan saved at 14:59:41, on 22/01/2002
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.0.65
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0D984F5D-E0C4-4D61-B321-F3042230A922} - C:\WINDOWS\system32\iifefCrR.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {3CAB59B4-55A3-4737-9FD5-B93C6430BF75} - C:\WINDOWS\system32\aiwnujva.dll (file missing)
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet3_88.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: DVA Storm - {97EBE3CC-10A7-4619-B127-9B5D4FA476A8} - C:\WINDOWS\nslbvxpgtkn.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: (no name) - {EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9} - C:\WINDOWS\system32\tuvVOFYo.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: sgoblxtm - {57ABA3CE-E927-4C81-BE2E-E20CAEC6645F} - C:\WINDOWS\sgoblxtm.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [0c323445] rundll32.exe "C:\WINDOWS\system32\ifuujxhh.dll",b
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\progra~1\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe
O4 - HKLM\..\Policies\Explorer\Run: [1i54jL1c8X] C:\Documents and Settings\All Users\Application Data\anwbqpep\kviponex.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet3_88.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05CDEE1D-D109-4992-B72B-6D4F5E2AB731} (PhotoBox uploader) - http://static.photob...geUploader4.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1099406122515
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: tuvVOFYo - tuvVOFYo.dll (file missing)
O21 - SSODL: dsktbwfe - {6CBA1792-6B6A-4452-8064-61F3B20F80DE} - C:\WINDOWS\dsktbwfe.dll (file missing)
O21 - SSODL: ogxtsepr - {7A45A70E-8DDA-42DC-97D0-DD638982BF9A} - C:\WINDOWS\ogxtsepr.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: asurscsi - Unknown owner - C:\Program Files\Voyetra\AudioSurgeon 5\asurscsi.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 8896 bytes


Any help would be greatly appreciated. Any questions or suggestions welcomed.
Thank you
  • 0

Advertisements


#2
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Hi mrhiccups

welcome to geekstogo :)

i can see several infections in your log but first we will tackle one of them and gather information on another that may be present before we get down to the fix proper.

also, if you are able, could you carry out all the operations in normal mode unless i tell you otherwise.


====STEP 1====
First, Download LSPFix.exe to a convenient location. Do NOT run this program. This is only to be used if you lose Internet Access after removing NewDotNet.

To Get rid of NewDotNet, go to:

Start > Control Panel > Add or Remove Programs and remove the following:

New.Net Applications or New.Net Domains (anything that says New.Net)

If it is not there, go here and follow Procedure 4: NewDotNet Removal Procedure 4.

In the event that you lose Internet access after removing New.Net, please double-click LSPFix.exe that you downloaded earlier. You will see 2 panels. If there is any file listed in the "Remove" panel on the right-side, leave it as is and just click "Finish>>" then reboot your computer and you should now have access to the Internet. If nothing is listed under the "Remove Panel", do NOT do anything - just close the program. You will need to use another computer to come back here for further instructions on what to do.



====STEP 2====
Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.


Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm




In your next reply could i see:
1. confirmation if you are able to run things normal mode
2. the smitfraudfix log
3. a new hijackthis log

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk
  • 0

#3
mrhiccups

mrhiccups

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Many thanks for your help

1. Yes I am able to run in normal mode
I was unable to remove newdotnet, I could not find the uninstall on my system and the uninstall download came up with an error saying it was not a valid win 32 application

2.
SmitFraudFix v2.320

Scan done at 2:59:13.25, 23/01/2002
Run from J:\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\privacy_danger FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Tobyzooka


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Tobyzooka\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\TOBYZO~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\akl\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:\\WINDOWS\\privacy_danger\\index.htm"
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrsstx.dll"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NVIDIA nForce MCP Networking Adapter - Packet Scheduler Miniport
DNS Server Search Order: 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{DFE2BFC7-33B4-4CB9-A3AB-F92E938CEA90}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DFE2BFC7-33B4-4CB9-A3AB-F92E938CEA90}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{DFE2BFC7-33B4-4CB9-A3AB-F92E938CEA90}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

#4
mrhiccups

mrhiccups

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
3.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:09:22, on 23/01/2002
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.0.65
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0D984F5D-E0C4-4D61-B321-F3042230A922} - C:\WINDOWS\system32\iifefCrR.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {3CAB59B4-55A3-4737-9FD5-B93C6430BF75} - C:\WINDOWS\system32\aiwnujva.dll (file missing)
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet3_88.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: DVA Storm - {97EBE3CC-10A7-4619-B127-9B5D4FA476A8} - C:\WINDOWS\nslbvxpgtkn.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: (no name) - {EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9} - C:\WINDOWS\system32\tuvVOFYo.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: sgoblxtm - {57ABA3CE-E927-4C81-BE2E-E20CAEC6645F} - C:\WINDOWS\sgoblxtm.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [0c323445] rundll32.exe "C:\WINDOWS\system32\ifuujxhh.dll",b
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\progra~1\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKLM\..\Policies\Explorer\Run: [1i54jL1c8X] C:\Documents and Settings\All Users\Application Data\anwbqpep\kviponex.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet3_88.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05CDEE1D-D109-4992-B72B-6D4F5E2AB731} (PhotoBox uploader) - http://static.photob...geUploader4.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1099406122515
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: tuvVOFYo - tuvVOFYo.dll (file missing)
O21 - SSODL: dsktbwfe - {6CBA1792-6B6A-4452-8064-61F3B20F80DE} - C:\WINDOWS\dsktbwfe.dll (file missing)
O21 - SSODL: ogxtsepr - {7A45A70E-8DDA-42DC-97D0-DD638982BF9A} - C:\WINDOWS\ogxtsepr.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: asurscsi - Unknown owner - C:\Program Files\Voyetra\AudioSurgeon 5\asurscsi.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 10459 bytes
  • 0

#5
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts

I was unable to remove newdotnet, I could not find the uninstall on my system and the uninstall download came up with an error saying it was not a valid win 32 application

ok, we will deal with that later.

in the meantime, the other scan detected the suspected infection. so, in this post we will clear out a couple of the infections before proceeding onto the rest. we will also do a deeper scan of your machine to see what else is there. the first step will be in safe mode, the rest in normal mode.

firstly some questions:
1. do you recognise this IP address 192.168.0.65? is it your ISP? or your company?
2. you have an ActiveX component from this site: http://static.photob...geUploader4.cab --- do you recognise that site?


====STEP 1====
You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.



====STEP 2====
Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

====STEP 3====
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

In your next reply could i see:
1. the answers to the questions
2. the smitfraudfix log
3. the vundofix log
4. the DSS scans (thouth there may only be one)

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk
  • 0

#6
mrhiccups

mrhiccups

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Thanks for all your help so far.

1. That is NOT my IP address

2. Yes I use photobox

SmitFraudFix v2.320

Scan done at 11:04:52.51, 23/01/2002
Run from J:\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{DFE2BFC7-33B4-4CB9-A3AB-F92E938CEA90}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DFE2BFC7-33B4-4CB9-A3AB-F92E938CEA90}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{DFE2BFC7-33B4-4CB9-A3AB-F92E938CEA90}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

#7
mrhiccups

mrhiccups

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
VundoFix V7.0.3

Scan started at 11:46:31 23/01/2002

Listing files found while scanning....

C:\WINDOWS\system32\amjhbosu.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\amjhbosu.dll
C:\WINDOWS\system32\amjhbosu.dll Has been deleted!

Performing Repairs to the registry.
Done!
  • 0

#8
mrhiccups

mrhiccups

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Deckard's System Scanner v20071014.68
Run by Tobyzooka on 2002-01-23 12:35:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
32: 2002-01-23 12:35:40 UTC - RP733 - Deckard's System Scanner Restore Point
31: 2008-05-14 11:29:52 UTC - RP732 - Avg8 Update
30: 2008-05-14 11:28:30 UTC - RP731 - Avg8 Update
29: 2008-05-14 11:04:57 UTC - RP730 - Configured AVG 8.0
28: 2008-05-14 09:46:02 UTC - RP729 - Last known good configuration


-- First Restore Point --
1: 2008-05-14 09:45:19 UTC - RP702 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Tobyzooka.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:38:11, on 23/01/2002
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Tobyzooka\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Tobyzooka.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.0.65
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0D984F5D-E0C4-4D61-B321-F3042230A922} - C:\WINDOWS\system32\iifefCrR.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {3CAB59B4-55A3-4737-9FD5-B93C6430BF75} - C:\WINDOWS\system32\aiwnujva.dll (file missing)
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet3_88.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: DVA Storm - {97EBE3CC-10A7-4619-B127-9B5D4FA476A8} - C:\WINDOWS\nslbvxpgtkn.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: (no name) - {EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9} - C:\WINDOWS\system32\tuvVOFYo.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: sgoblxtm - {57ABA3CE-E927-4C81-BE2E-E20CAEC6645F} - C:\WINDOWS\sgoblxtm.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [0c323445] rundll32.exe "C:\WINDOWS\system32\ifuujxhh.dll",b
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\progra~1\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKLM\..\Policies\Explorer\Run: [1i54jL1c8X] C:\Documents and Settings\All Users\Application Data\anwbqpep\kviponex.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet3_88.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05CDEE1D-D109-4992-B72B-6D4F5E2AB731} (PhotoBox uploader) - http://static.photob...geUploader4.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1099406122515
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: tuvVOFYo - tuvVOFYo.dll (file missing)
O21 - SSODL: dsktbwfe - {6CBA1792-6B6A-4452-8064-61F3B20F80DE} - C:\WINDOWS\dsktbwfe.dll (file missing)
O21 - SSODL: ogxtsepr - {7A45A70E-8DDA-42DC-97D0-DD638982BF9A} - C:\WINDOWS\ogxtsepr.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: asurscsi - Unknown owner - C:\Program Files\Voyetra\AudioSurgeon 5\asurscsi.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 10252 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 prohlp02 (StarForce Protection Helper Driver v2) - c:\windows\system32\drivers\prohlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 prosync1 (StarForce Protection Synchronization Driver v1) - c:\windows\system32\drivers\prosync1.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp01 (StarForce Protection Helper Driver) - c:\windows\system32\drivers\sfhlp01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 xmasbus - c:\windows\system32\drivers\xmasbus.sys
R0 xmasscsi - c:\windows\system32\drivers\xmasscsi.sys
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R1 prodrv06 (StarForce Protection Environment Driver v6) - c:\windows\system32\drivers\prodrv06.sys <Not Verified; Protection Technology; StarForce Protection System>

S3 ctac32k (Creative AC3 Software Decoder) - c:\windows\system32\drivers\ctac32k.sys (file missing)
S3 ctaud2k (Creative Audio Driver (WDM)) - c:\windows\system32\drivers\ctaud2k.sys (file missing)
S3 ctprxy2k (Creative Proxy Driver) - c:\windows\system32\drivers\ctprxy2k.sys (file missing)
S3 ctsfm2k (Creative SoundFont Management Device Driver) - c:\windows\system32\drivers\ctsfm2k.sys (file missing)
S3 emupia (E-mu Plug-in Architecture Driver) - c:\windows\system32\drivers\emupia2k.sys (file missing)
S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 GMSIPCI - d:\install\gmsipci.sys (file missing)
S3 ha10kx2k (Creative Hardware Abstract Layer Driver) - c:\windows\system32\drivers\ha10kx2k.sys (file missing)
S3 hap16v2k (Creative P16V HAL Driver) - c:\windows\system32\drivers\hap16v2k.sys (file missing)
S3 ldiskl - c:\docume~1\tobyzo~1\locals~1\temp\ldiskl.sys (file missing)
S3 NTACCESS - d:\ntaccess.sys (file missing)
S3 ossrv (Creative OS Services Driver) - c:\windows\system32\drivers\ctoss2k.sys (file missing)
S3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys (file missing)
S3 SetupNTGLM7X - d:\ntglm7x.sys (file missing)
S3 w800bus (Sony Ericsson W800 driver (WDM)) - c:\windows\system32\drivers\w800bus.sys <Not Verified; MCCI; Sony Ericsson W800>
S3 w800mdfl (Sony Ericsson W800 USB WMC Modem Filter) - c:\windows\system32\drivers\w800mdfl.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC Modem Filter Driver>
S3 w800mdm (Sony Ericsson W800 USB WMC Modem Drivers) - c:\windows\system32\drivers\w800mdm.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC Modem>
S3 w800mgmt (Sony Ericsson W800 USB WMC Device Management Drivers) - c:\windows\system32\drivers\w800mgmt.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC Device Management>
S3 w800obex (Sony Ericsson W800 USB WMC OBEX Interface Drivers) - c:\windows\system32\drivers\w800obex.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC OBEX Interface>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

S2 asurscsi - c:\program files\voyetra\audiosurgeon 5\asurscsi.exe (file missing)
S3 WmcCds (Windows Media Connect (WMC)) - c:\program files\windows media connect\mswmccds.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 WmcCdsLs (Windows Media Connect (WMC) Helper) - c:\program files\windows media connect\mswmcls.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: Multimedia Audio Controller
Device ID: PCI\VEN_1102&DEV_0004&SUBSYS_40021102&REV_03\4&3B1D9AB8&0&4040
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_1102&DEV_0004&SUBSYS_40021102&REV_03\4&3B1D9AB8&0&4040
Service:

Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: PnP BIOS Extension
Device ID: ROOT\SYSTEM\0004
Manufacturer: (Standard system devices)
Name: PnP BIOS Extension
PNP Device ID: ROOT\SYSTEM\0004
Service: d347bus


-- Scheduled Tasks -------------------------------------------------------------

2008-05-14 14:35:14 366 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2008-05-06 14:13:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2001-12-23 and 2002-01-23 -----------------------------

2008-05-14 18:47:54 0 d-------- C:\WINDOWS\pss
2008-05-14 11:13:01 0 d--h----- C:\$AVG8.VAULT$
2008-05-14 11:05:32 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-14 11:03:00 0 d-------- C:\Documents and Settings\Tobyzooka\Application Data\TmpRecentIcons
2008-05-14 11:02:03 0 d-------- C:\Program Files\PC-Cleaner
2008-05-14 09:45:07 179691 --ahs---- C:\WINDOWS\system32\RrCfefii.ini2
2008-05-14 09:36:50 4096 --a------ C:\WINDOWS\winsystem.exe
2008-05-14 09:36:50 4096 --a------ C:\WINDOWS\userconfig9x.dll
2008-05-14 09:36:50 4096 --a------ C:\WINDOWS\system32winlogonpc.exe
2008-05-14 09:36:50 4096 --a------ C:\WINDOWS\system32vcatchpi.dll
2008-05-14 09:36:50 4096 --a------ C:\WINDOWS\system32thun32.dll
2008-05-14 09:36:50 4096 --a------ C:\WINDOWS\system32thun.dll
2008-05-14 09:36:50 4096 --a------ C:\WINDOWS\system32temp#01.exe
2008-05-14 09:36:50 4096 --a------ C:\WINDOWS\system32taack.exe
2008-05-14 09:36:50 4096 --a------ C:\WINDOWS\system32taack.dat
2008-05-14 09:36:50 4096 --a------ C:\WINDOWS\system32ssvchost.exe
2008-05-14 09:36:50 4096 --a------ C:\WINDOWS\system32ssvchost.com
2008-05-14 09:36:50 4096 --a------ C:\WINDOWS\system32ssurf022.dll
2008-05-14 09:36:50 4096 --a------ C:\WINDOWS\system32sncntr.exe
2008-05-14 09:36:50 0 d-------- C:\WINDOWS\system32smp
2008-05-14 09:36:50 4096 --a------ C:\WINDOWS\system32Rundl1.exe
2008-05-14 09:36:50 4096 --a------ C:\WINDOWS\system32regm64.dll
2008-05-14 09:36:50 4096 --a------ C:\WINDOWS\system32regc64.dll
2008-05-14 09:36:50 4096 --a------ C:\WINDOWS\system32psoft1.exe
2008-05-14 09:36:50 4096 --a------ C:\WINDOWS\system32psof1.exe
2008-05-14 09:36:50 4096 --a------ C:\WINDOWS\system32ps1.exe
2008-05-14 09:36:50 4096 --a------ C:\WINDOWS\system32newsd32.exe
2008-05-14 09:36:50 4096 --a------ C:\WINDOWS\system32netode.exe
2008-05-14 09:36:50 4096 --a------ C:\WINDOWS\system32mwin32.exe
2008-05-14 09:36:50 4096 --a------ C:\WINDOWS\system32mtr2.exe
2008-05-14 09:36:50 4096 --a------ C:\WINDOWS\system32msvchost.exe
2008-05-14 09:36:50 4096 --a------ C:\WINDOWS\system32msnbho.dll
2008-05-14 09:36:50 4096 --a------ C:\WINDOWS\system32msgp.exe
2008-05-14 09:36:50 4096 --a------ C:\WINDOWS\system32medup020.dll
2008-05-14 09:36:50 4096 --a------ C:\WINDOWS\system32medup012.dll
2008-05-14 09:36:50 4096 --a------ C:\WINDOWS\system32hxiwlgpm.exe
2008-05-14 09:36:50 4096 --a------ C:\WINDOWS\system32hxiwlgpm.dat
2008-05-14 09:36:50 4096 --a------ C:\WINDOWS\system32hoproxy.dll
2008-05-14 09:36:50 4096 --a------ C:\WINDOWS\[email protected]@@k.dll
2008-05-14 09:36:50 4096 --a------ C:\WINDOWS\system32emesx.dll
2008-05-14 09:36:50 4096 --a------ C:\WINDOWS\system32dpcproxy.exe
2008-05-14 09:36:50 4096 --a------ C:\WINDOWS\system32bsva-egihsg52.exe
2008-05-14 09:36:50 4096 --a------ C:\WINDOWS\system32anticipator.dll
2008-05-14 09:36:50 4096 --a------ C:\WINDOWS\system32akttzn.exe
2008-05-14 09:36:50 4096 --a------ C:\WINDOWS\mssecu.exe
2008-05-14 09:36:50 4096 --a------ C:\WINDOWS\iTunesMusic.exe
2008-05-14 09:36:50 4096 --a------ C:\WINDOWS\FVProtect.exe
2008-05-14 09:36:50 4096 --a------ C:\WINDOWS\bdn.com
2008-05-14 09:36:50 4096 --a------ C:\WINDOWS\a.bat
2008-05-14 09:36:50 0 d-------- C:\Documents and Settings\Tobyzooka\Desktopvirii
2008-05-14 09:36:49 4096 --a------ C:\WINDOWS\system32WINWGPX.EXE
2008-05-14 09:36:49 4096 --a------ C:\WINDOWS\system32winsystem.exe
2008-05-14 09:36:49 4096 --a------ C:\WINDOWS\system32vbsys2.dll
2008-05-14 09:36:49 4096 --a------ C:\WINDOWS\system32sysreq.exe
2008-05-14 09:36:49 4096 --a------ C:\WINDOWS\system32mssecu.exe
2008-05-14 09:36:49 4096 --a------ C:\WINDOWS\system32bdn.com
2008-05-14 09:36:49 4096 --a------ C:\WINDOWS\system32awtoolb.dll
2008-05-14 09:36:49 0 d-------- C:\WINDOWS\mslagent
2008-05-14 09:36:43 0 d-------- C:\Documents and Settings\All Users\Application Data\anwbqpep
2008-05-10 11:56:24 233472 --a------ C:\WINDOWS\system32\REX Shared Library.dll <Not Verified; Propellerhead Software AB; REX SDK>
2008-05-10 11:51:53 0 d-------- C:\Program Files\Propellerhead
2008-05-10 11:48:28 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-05-10 11:45:10 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-10 11:45:05 0 d-------- C:\Documents and Settings\Tobyzooka\Application Data\DAEMON Tools
2008-05-04 15:31:48 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-01 12:01:10 49152 --a------ C:\WINDOWS\system32\apache.dll
2008-04-30 18:08:39 0 d-------- C:\Program Files\SystemRequirementsLab
2008-04-09 10:14:39 0 d-------- C:\SDPlugins
2008-04-09 10:14:31 0 d-------- C:\DirectX
2008-04-09 10:11:22 0 d-------- C:\data
2008-04-09 10:11:22 0 d-------- C:\AppData
2008-03-26 21:22:17 91136 -ra------ C:\WINDOWS\system32\msls2.dll <Not Verified; Microsoft Corporation; Microsoft® Line Services>
2008-03-22 01:51:06 0 d-------- C:\Program Files\BestGameEver
2008-03-21 22:47:45 0 d-------- C:\WINDOWS\application data
2008-03-21 19:52:53 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-03-21 19:50:36 0 d-------- C:\Program Files\AVG
2008-03-19 19:32:06 0 d-------- C:\Documents and Settings\Tobyzooka\Application Data\Sony Corporation
2008-03-19 19:08:06 0 d-------- C:\Documents and Settings\Tobyzooka\Application Data\Publish Providers
2008-03-19 19:07:20 0 d-------- C:\Documents and Settings\Tobyzooka\Application Data\Sony
2008-03-19 19:06:31 0 d-------- C:\Program Files\Sony
2008-03-19 19:06:04 0 d-------- C:\Program Files\Sony Setup
2008-03-19 14:46:22 0 d-------- C:\Documents and Settings\Tobyzooka\Application Data\Cakewalk
2008-03-19 14:45:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Identities
2008-03-19 14:35:56 0 d-------- C:\Program Files\Cakewalk
2008-03-19 14:35:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Cakewalk
2008-03-19 14:35:56 0 d-------- C:\Cakewalk Projects
2008-03-19 10:11:48 0 d-------- C:\Program Files\MagicISO
2008-03-03 17:10:26 0 d-------- C:\Documents and Settings\Tobyzooka\Application Data\U3
2008-02-18 14:11:49 0 d-------- C:\Program Files\steam
2008-01-15 19:13:34 0 d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-01-15 19:10:09 0 d-------- C:\Program Files\SlySoft
2008-01-14 12:43:34 0 d--hs---- C:\found.000
2008-01-10 18:26:05 0 d-------- C:\Program Files\Apple Software Update
2008-01-10 18:25:41 0 d-------- C:\Program Files\Common Files\Apple
2008-01-10 18:25:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-06 20:36:59 0 d-------- C:\Documents and Settings\Tobyzooka\Application Data\gslist
2007-11-06 16:26:25 0 d-------- C:\Documents and Settings\Tobyzooka\Application Data\WinRAR
2007-10-05 19:21:12 0 d-------- C:\Program Files\Lavasoft
2007-10-05 19:21:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-01 19:54:51 0 d-------- C:\Program Files\Kontiki
2007-10-01 19:54:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Kontiki
2007-10-01 19:54:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Channel4
2007-09-26 18:26:56 0 d-------- C:\Documents and Settings\Tobyzooka\Contacts
2007-09-25 18:24:40 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-09-25 18:24:32 0 d-------- C:\Program Files\MSN Messenger
2007-09-20 16:07:52 0 d-------- C:\Documents and Settings\Tobyzooka\Application Data\ATI
2007-09-20 15:33:26 0 d--h----- C:\WINDOWS\msdownld.tmp
2007-09-17 14:50:46 0 d-------- C:\Documents and Settings\Tobyzooka\Application Data\AdobeUM
2007-09-17 12:04:55 0 d-------- C:\Documents and Settings\Tobyzooka\Application Data\Hamachi
2007-09-15 17:21:32 0 d-------- C:\Documents and Settings\Tobyzooka\Application Data\vlc
2007-09-15 17:21:03 0 d-------- C:\Program Files\VideoLAN
2007-09-11 16:14:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-09-10 12:22:34 0 d-------- C:\Netgear
2007-08-07 12:58:08 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys <Not Verified; Lavasoft AB; Ad-Watch Registry Protection>
2007-08-07 12:56:58 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections>
2007-07-11 13:37:26 6272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys <Not Verified; Lavasoft AB; Ad-Watch Beta>
2007-02-09 19:23:24 0 d-------- C:\Program Files\Recycle
2007-02-09 19:23:16 331263 --a------ C:\WINDOWS\LOOP.exe
2007-01-30 19:17:04 0 d-------- C:\DVDVolume
2007-01-18 20:55:16 0 d-------- C:\Documents and Settings\Tobyzooka\Application Data\Opera
2006-10-19 23:39:36 0 d-------- C:\Program Files\DVD Shrink
2006-10-19 23:39:36 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2006-10-19 22:11:57 0 d-------- C:\Program Files\DVD Decrypter
2006-10-06 18:38:34 0 d-------- C:\Program Files\AviSynth 2.5
2006-10-06 18:38:29 0 d-------- C:\Program Files\VideoraiPodConverter
2006-06-12 10:47:17 40448 --a------ C:\WINDOWS\system32\regobj.dll
2006-06-12 10:44:29 0 d-------- C:\WINDOWS\Motive
2006-06-12 10:44:21 0 d-------- C:\Program Files\Common Files\Motive
2006-06-12 10:44:00 0 d-------- C:\Program Files\Motive
2006-06-12 10:43:47 171280 --a------ C:\WINDOWS\system32\jit.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2006-06-12 10:43:47 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2006-06-12 10:43:47 313856 --a------ C:\WINDOWS\system32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Java>
2006-06-12 10:43:47 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2006-06-12 10:43:47 6550 --a------ C:\WINDOWS\jautoexp.dat
2006-06-12 10:43:43 113 --a------ C:\WINDOWS\system32\zonedon.reg
2006-06-12 10:43:43 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2006-06-12 10:43:43 171792 --a------ C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2006-06-12 10:43:43 286992 --a------ C:\WINDOWS\system32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2006-06-12 10:43:43 21264 --a------ C:\WINDOWS\system32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2006-06-12 10:43:43 947472 --a------ C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2006-06-12 10:43:43 154384 --a------ C:\WINDOWS\system32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2006-06-12 10:43:42 172304 --a------ C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2006-06-12 10:43:42 15120 --a------ C:\WINDOWS\system32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2006-06-12 10:43:42 404752 --a------ C:\WINDOWS\system32\javart.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2006-06-12 10:43:42 63248 --a------ C:\WINDOWS\system32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2006-06-12 10:43:42 187152 --a------ C:\WINDOWS\system32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2006-06-12 10:43:41 49424 --a------ C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2006-06-12 10:39:53 160963 --a------ C:\WINDOWS\system32\drivers\gtipdsp.bin
2006-04-20 19:27:58 0 d-------- C:\Documents and Settings\Tobyzooka\Application Data\Ahead
2006-02-23 18:31:31 340048 --a------ C:\WINDOWS\system32\drivers\CTDVDA2K.SYS <Not Verified; Creative Technology Ltd; Creative Audio Product>
2006-01-23 22:12:57 6112 -ra------ C:\WINDOWS\system32\drivers\w800cm.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC OBEX Interface>
2006-01-23 22:12:31 5744 -ra------ C:\WINDOWS\system32\drivers\w800wh.sys <Not Verified; MCCI; Sony Ericsson W800>
2006-01-23 22:11:00 0 d-------- C:\Program Files\Common Files\Teleca Shared
2006-01-20 19:15:20 0 d-------- C:\Program Files\QuickTime
2006-01-20 19:14:30 0 d-------- C:\Program Files\iTunes
2006-01-20 19:14:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2006-01-20 19:13:24 38229 -----n--- C:\WINDOWS\system32\drivers\StMp3Rec.sys <Not Verified; Generic; Generic MP3 Player>
2006-01-20 19:12:40 0 d-------- C:\Program Files\iPod
2006-01-02 21:40:32 0 d-------- C:\Documents and Settings\Tobyzooka\Application Data\EmuPatchMixDSP(2)
2005-10-30 01:21:18 0 d-------- C:\My Computer
2005-10-13 15:22:22 9699328 --a------ C:\Documents and Settings\Tobyzooka\ntuser.dat
2005-10-13 12:11:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2005-10-12 23:54:12 0 d-------- C:\Program Files\Skype
2005-10-09 19:21:25 18704 --a------ C:\Documents and Settings\Tobyzooka\Application Data\GDIPFONTCACHEV1.DAT
2005-10-07 18:05:44 0 d-------- C:\Documents and Settings\Tobyzooka\Application Data\Google
2005-10-07 17:14:52 308224 --a------ C:\WINDOWS\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>
2005-09-25 19:27:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
2005-09-22 20:55:30 0 d-------- C:\Program Files\Java
2005-09-22 20:54:17 0 d-------- C:\Program Files\Common Files\Java
2005-08-12 09:37:33 0 d--h----- C:\BJPrinter
2005-08-07 11:19:35 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2005-07-15 17:08:41 0 d-------- C:\Program Files\PowerQuest
2005-07-13 19:54:35 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2005-07-13 19:54:35 38912 --a------ C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
2005-07-13 19:54:34 544768 --a------ C:\WINDOWS\system32\imagx5.dll <Not Verified; Pegasus Software, LLC; ImagXpress>
2005-07-13 19:54:34 569344 --a------ C:\WINDOWS\system32\imagr5.dll <Not Verified; Pegasus Software,LLC; ImagXpress>
2005-07-13 19:54:34 0 d-------- C:\Program Files\Common Files\Ahead
2005-07-13 19:54:33 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2005-07-13 19:54:30 0 d-------- C:\Program Files\Ahead
2005-07-07 22:08:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2005-07-07 22:07:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2005-06-29 07:19:23 0 d-------- C:\WINDOWS\system32\PreInstall
2005-06-24 15:53:28 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2005-06-12 10:52:03 0 d-------- C:\Documents and Settings\Tobyzooka\Application Data\Tracktion
2005-06-06 12:29:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Ableton
2005-06-06 12:29:36 0 d-------- C:\Documents and Settings\Tobyzooka\Application Data\Ableton
2005-05-28 17:53:11 0 d-------- C:\Program Files\Activision
2005-05-24 16:01:16 77040 -ra------ C:\WINDOWS\system32\drivers\w800obex.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC OBEX Interface>
2005-05-24 16:01:14 6112 -ra------ C:\WINDOWS\system32\drivers\w800cmnt.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC OBEX Interface>
2005-05-24 16:01:12 3984 -ra------ C:\WINDOWS\system32\drivers\w800cr.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC OBEX Interface>
2005-05-24 16:01:12 10672 -ra------ C:\WINDOWS\system32\drivers\w800cm95.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC OBEX Interface>
2005-05-24 16:00:56 79216 -ra------ C:\WINDOWS\system32\drivers\w800mgmt.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC Device Management>
2005-05-24 16:00:46 87424 -ra------ C:\WINDOWS\system32\drivers\w800mdm.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC Modem>
2005-05-24 16:00:44 6096 -ra------ C:\WINDOWS\system32\drivers\w800mdfl.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC Modem Filter Driver>
2005-05-24 16:00:38 52384 -ra------ C:\WINDOWS\system32\drivers\w800bus.sys <Not Verified; MCCI; Sony Ericsson W800>
2005-05-24 16:00:36 5744 -ra------ C:\WINDOWS\system32\drivers\w800whnt.sys <Not Verified; MCCI; Sony Ericsson W800>
2005-05-24 16:00:34 6672 -ra------ C:\WINDOWS\system32\drivers\w800wh95.sys <Not Verified; MCCI; Sony Ericsson W800>
2005-05-16 22:18:01 1025 --a------ C:\WINDOWS\system32\sysprs7.dll
2005-05-16 22:18:01 73 --a------ C:\WINDOWS\system32\ssprs.dll
2005-05-16 22:18:01 205 --a------ C:\WINDOWS\system32\lsprst7.dll
2005-05-16 22:18:01 1025 --a------ C:\WINDOWS\system32\clauth2.dll
2005-05-16 22:18:01 1025 --a------ C:\WINDOWS\system32\clauth1.dll
2005-05-16 22:17:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
2005-05-14 20:46:15 0 d-------- C:\WINDOWS\system32\LogFiles
2005-05-11 13:12:24 5744 -ra------ C:\WINDOWS\system32\drivers\k600whnt.sys <Not Verified; MCCI; Sony Ericsson 600i>
2005-05-11 13:12:22 6672 -ra------ C:\WINDOWS\system32\drivers\k600wh95.sys <Not Verified; MCCI; Sony Ericsson 600i>
2005-05-11 13:12:18 77072 -ra------ C:\WINDOWS\system32\drivers\k600obex.sys <Not Verified; MCCI; Sony Ericsson 600i USB WMC OBEX Interface>
2005-05-11 13:12:18 79248 -ra------ C:\WINDOWS\system32\drivers\k600mgmt.sys <Not Verified; MCCI; Sony Ericsson 600i USB WMC Device Management>
2005-05-11 13:12:14 87456 -ra------ C:\WINDOWS\system32\drivers\k600mdm.sys <Not Verified; MCCI; Sony Ericsson 600i USB WMC Modem>
2005-05-11 13:12:14 6096 -ra------ C:\WINDOWS\system32\drivers\k600mdfl.sys <Not Verified; MCCI; Sony Ericsson 600i USB WMC Modem Filter Driver>
2005-05-11 13:12:14 3984 -ra------ C:\WINDOWS\system32\drivers\k600cr.sys <Not Verified; MCCI; Sony Ericsson 600i USB WMC OBEX Interface>
2005-05-11 13:12:12 6112 -ra------ C:\WINDOWS\system32\drivers\k600cmnt.sys <Not Verified; MCCI; Sony Ericsson 600i USB WMC OBEX Interface>
2005-05-11 13:12:12 10672 -ra------ C:\WINDOWS\system32\drivers\k600cm95.sys <Not Verified; MCCI; Sony Ericsson 600i USB WMC OBEX Interface>
2005-05-11 13:12:12 52384 -ra------ C:\WINDOWS\system32\drivers\k600bus.sys <Not Verified; MCCI; Sony Ericsson 600i>
2005-04-24 17:56:48 0 d-------- C:\Documents and Settings\Tobyzooka\Application Data\teamspeak2
2005-04-24 17:56:33 0 d-------- C:\Program Files\teamspeak2_RC2
2005-04-24 12:50:21 0 d-------- C:\WINDOWS\system32\Data
2005-04-18 21:18:16 800247 --a------ C:\WINDOWS\Fireplace Deluxe.scr <Not Verified; nufsoft.com; Water Illusion Screen Saver>
2005-04-17 22:02:33 180224 --a------ C:\WINDOWS\Aglow.scr
2005-04-17 22:02:33 0 d-------- C:\Program Files\Aglow
2005-04-08 10:10:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
2005-04-08 10:10:09 368640 --a------ C:\WINDOWS\system32\ReWire.dll <Not Verified; Propellerhead Software AB; ReWire>
2005-04-03 18:06:33 0 d-------- C:\Temp
2005-03-13 17:28:21 0 d-------- C:\WINDOWS\Installing Adobe Acrobat Reader
2005-03-11 17:17:56 5744 -ra------ C:\WINDOWS\system32\drivers\k750whnt.sys <Not Verified; MCCI; Sony Ericsson 750>
2005-03-11 17:17:54 6640 -ra------ C:\WINDOWS\system32\drivers\k750wh95.sys <Not Verified; MCCI; Sony Ericsson 750>
2005-03-11 17:17:46 79488 -ra------ C:\WINDOWS\system32\drivers\k750obex.sys <Not Verified; MCCI; Sony Ericsson 750 USB WMC OBEX Interface>
2005-03-11 17:17:44 81728 -ra------ C:\WINDOWS\system32\drivers\k750mgmt.sys <Not Verified; MCCI; Sony Ericsson 750 USB WMC Device Management>
2005-03-11 17:17:40 89872 -ra------ C:\WINDOWS\system32\drivers\k750mdm.sys <Not Verified; MCCI; Sony Ericsson 750 USB WMC Modem>
2005-03-11 17:17:38 6576 -ra------ C:\WINDOWS\system32\drivers\k750mdfl.sys <Not Verified; MCCI; Sony Ericsson 750 USB WMC Modem Filter Driver>
2005-03-11 17:17:38 4048 -ra------ C:\WINDOWS\system32\drivers\k750cr.sys <Not Verified; MCCI; Sony Ericsson 750 USB WMC OBEX Interface>
2005-03-11 17:17:36 6144 -ra------ C:\WINDOWS\system32\drivers\k750cmnt.sys <Not Verified; MCCI; Sony Ericsson 750 USB WMC OBEX Interface>
2005-03-11 17:17:36 10736 -ra------ C:\WINDOWS\system32\drivers\k750cm95.sys <Not Verified; MCCI; Sony Ericsson 750 USB WMC OBEX Interface>
2005-03-11 17:17:34 55216 -ra------ C:\WINDOWS\system32\drivers\k750bus.sys <Not Verified; MCCI; Sony Ericsson 750>
2005-03-08 19:04:50 69632 -ra------ C:\WINDOWS\system32\xmltok.dll
2005-03-08 19:04:50 36864 -ra------ C:\WINDOWS\system32\xmlparse.dll
2005-03-08 19:04:50 24576 -ra------ C:\WINDOWS\system32\msxml3a.dll <Not Verified; Microsoft Corporation; Microsoft XML Core Services>
2005-03-08 19:03:34 0 d-------- C:\Program Files\Ubisoft
2005-02-27 20:31:09 0 d-------- C:\Documents and Settings\Tobyzooka\Application Data\Media Player Classic
2005-02-27 20:30:11 0 d-------- C:\Program Files\XP Codec Pack
2005-02-23 15:11:12 5744 -ra------ C:\WINDOWS\system32\drivers\z800whnt.sys <Not Verified; MCCI; Sony Ericsson Z800>
2005-02-23 15:11:12 6640 -ra------ C:\WINDOWS\system32\drivers\z800wh95.sys <Not Verified; MCCI; Sony Ericsson Z800>
2005-02-23 15:11:08 79488 -ra------ C:\WINDOWS\system32\drivers\z800obex.sys <Not Verified; MCCI; Sony Ericsson Z800 USB WMC OBEX Interface>
2005-02-23 15:11:06 81760 -ra------ C:\WINDOWS\system32\drivers\z800mgmt.sys <Not Verified; MCCI; Sony Ericsson Z800 USB WMC Device Management>
2005-02-23 15:11:04 89872 -ra------ C:\WINDOWS\system32\drivers\z800mdm.sys <Not Verified; MCCI; Sony Ericsson Z800 USB WMC Modem>
2005-02-23 15:11:02 6576 -ra------ C:\WINDOWS\system32\drivers\z800mdfl.sys <Not Verified; MCCI; Sony Ericsson Z800 USB WMC Modem Filter Driver>
2005-02-23 15:11:02 4048 -ra------ C:\WINDOWS\system32\drivers\z800cr.sys <Not Verified; MCCI; Sony Ericsson Z800 USB WMC OBEX Interface>
2005-02-23 15:11:02 6144 -ra------ C:\WINDOWS\system32\drivers\z800cmnt.sys <Not Verified; MCCI; Sony Ericsson Z800 USB WMC OBEX Interface>
2005-02-23 15:11:00 10736 -ra------ C:\WINDOWS\system32\drivers\z800cm95.sys <Not Verified; MCCI; Sony Ericsson Z800 USB WMC OBEX Interface>
2005-02-23 15:11:00 55216 -ra------ C:\WINDOWS\system32\drivers\z800bus.sys <Not Verified; MCCI; Sony Ericsson Z800>
2005-02-22 20:45:54 0 d-------- C:\Program Files\microKORG SoundEditor
2005-02-20 20:36:37 0 d-------- C:\Program Files\mods
2005-02-15 23:22:54 8464 --a------ C:\WINDOWS\system32\sporder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2005-02-15 23:22:52 0 d-------- C:\Program Files\NewDotNet
2005-02-15 23:22:36 0 d-------- C:\Program Files\OutLaster
2005-02-11 22:03:53 262144 --a------ C:\Documents and Settings\All Users\ntuser.dat
2005-02-11 21:16:59 4 --a------ C:\loadcounter.dat
2005-02-11 19:53:24 0 d-------- C:\Documents and Settings\Tobyzooka\Application Data\Apple Computer
2005-02-11 19:53:05 0 d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2005-02-11 19:44:56 0 d-------- C:\Documents and Settings\Tobyzooka\Application Data\MSN6
2005-02-11 19:44:56 0 d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2005-01-25 19:36:36 0 d-------- C:\Program Files\Common Files\DirectX
2005-01-17 18:48:19 5248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2005-01-17 18:48:19 155136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2005-01-17 18:48:10 0 d-------- C:\Program Files\D-Tools
2005-01-13 16:27:31 0 d-------- C:\Documents and Settings\Tobyzooka\Application Data\Syntrillium
2005-01-12 10:32:42 0 d-------- C:\Program Files\Common Files\xing shared
2005-01-03 23:29:00 0 d-------- C:\Program Files\Microsoft ActiveSync
2005-01-03 23:27:59 0 d-------- C:\WINDOWS\ShellNew
2005-01-01 21:37:27 18592 --ah----- C:\WINDOWS\system32\mlfcache.dat
2004-12-29 19:44:29 0 d-------- C:\Documents and Settings\Tobyzooka\Application Data\Skype
2004-12-28 20:32:45 0 d-------- C:\Program Files\SequBeat
2004-12-14 14:38:54 0 d-------- C:\Documents and Settings\Tobyzooka\Application Data\Leadertech
2004-12-14 14:37:20 0 d-------- C:\Program Files\NovaLogic
2004-12-13 21:56:42 0 d-------- C:\Program Files\Audio Edit
2004-12-13 21:56:34 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2004-12-08 03:21:10 65536 --a------ C:\WINDOWS\system32\xfire_lsp_10650.dll
2004-12-07 19:57:50 0 d-------- C:\Program Files\GameShadow
2004-12-06 21:37:09 122880 --a------ C:\WINDOWS\UnGins.exe
2004-12-06 21:37:09 0 d-------- C:\Program Files\Soulseek
2004-12-06 20:50:32 0 d-------- C:\Program Files\MatroskaProp
2004-12-06 18:43:27 0 d-------- C:\Program Files\Matroska Pack
2004-12-06 08:11:21 0 d-------- C:\Program Files\DivX
2004-12-05 22:58:52 0 d-------- C:\WINDOWS\system32\appmgmt
2004-12-05 20:59:23 0 d-------- C:\Documents and Settings\Tobyzooka\Application Data\Xfire
2004-12-05 20:59:01 0 d---s---- C:\Program Files\Xfire
2004-12-04 22:37:24 0 d-------- C:\Documents and Settings\Tobyzooka\Application Data\Azureus
2004-12-04 22:35:08 0 d-------- C:\WINDOWS\Sun
2004-12-04 22:34:46 0 d-------- C:\Documents and Settings\Tobyzooka\Application Data\Sun
2004-12-04 08:34:07 0 d-------- C:\Program Files\Google
2004-12-04 08:28:46 0 d-------- C:\Program Files\Real
2004-12-04 08:28:46 0 d-------- C:\Program Files\Common Files\Real
2004-12-04 08:28:31 0 d-------- C:\Documents and Settings\Tobyzooka\Application Data\Real
2004-12-02 20:45:17 0 d-------- C:\Program Files\BitTorrent++
2004-12-01 20:43:35 299520 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2004-12-01 20:43:34 0 d-------- C:\Documents and Settings\Tobyzooka\WINDOWS
2004-11-30 22:45:30 0 d-------- C:\Program Files\Azureus
2004-11-29 15:43:20 81920 --a------ C:\WINDOWS\system32\sherlock2.exe
2004-11-28 22:12:34 0 d-------- C:\Documents and Settings\Tobyzooka\Application Data\Macromedia
2004-11-28 14:43:13 1210 --a------ C:\WINDOWS\eReg.dat
2004-11-28 14:31:17 0 d-------- C:\Program Files\EA Games
2004-11-24 20:35:34 0 d-------- C:\Program Files\AudioEdit Deluxe
2004-11-24 20:35:33 0 d-------- C:\Documents and Settings\All Users\Application Data\MimarSinan
2004-11-24 19:25:52 335872 --a------ C:\WINDOWS\system32\drvc.dll <Not Verified; ; RealVideo 8+9+10+HFE2.1 (32-bit)>
2004-11-23 19:56:13 0 d-------- C:\Program Files\SDENTERNET
2004-11-19 21:56:30 155648 --a------ C:\WINDOWS\system32\ifc21.dll <Not Verified; Immersion Corporation; Immersion Foundation Classes>
2004-11-19 21:56:30 94208 --a------ C:\WINDOWS\system32\FEELIT.DLL <Not Verified; Immersion Corporation; Immersion's FEELit Software>
2004-11-19 21:56:29 99328 --a------ C:\WINDOWS\system32\LGUICOM.DLL <Not Verified; Logitech Inc.; MouseWare>
2004-11-19 21:56:29 105472 --a------ C:\WINDOWS\system32\COMNCTR.DLL <Not Verified; Logitech Inc.; MouseWare>
2004-11-19 21:55:40 0 d-------- C:\Program Files\Common Files\Logitech
2004-11-19 21:55:38 0 d-------- C:\Program Files\Logitech
2004-11-18 21:13:44 0 d-------- C:\Documents and Settings\Tobyzooka\Application Data\CyberLink
2004-11-18 21:12:35 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2004-11-18 21:12:27 0 d-------- C:\Program Files\CyberLink
2004-11-18 19:37:21 0 d-------- C:\ATI
2004-11-17 18:45:44 0 d-------- C:\Program Files\Valve
2004-11-16 11:40:55 0 d-------- C:\Program Files\HammerHead
2004-11-16 11:24:52 0 d-------- C:\Documents and Settings\Tobyzooka\Application Data\Propellerhead Software
2004-11-14 21:01:48 0 d-------- C:\WINDOWS\system32\Futuremark
2004-11-14 21:01:48 3972 -----n--- C:\WINDOWS\system32\drivers\PciBus.sys
2004-11-14 21:01:48 20400 -----n--- C:\WINDOWS\system32\drivers\Entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
2004-11-12 08:07:02 1207 --a------ C:\WINDOWS\system32\gplmpg.reg
2004-11-10 21:11:24 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2004-11-02 20:34:44 0 d--h----- C:\WINDOWS\PIF
2004-11-02 18:30:40 0 d-------- C:\Documents and Settings\Tobyzooka\Application Data\Steinberg
2004-11-02 17:58:00 41984 -----n--- C:\WINDOWS\Ctregrun.exe <Not Verified; Creative Technology Ltd; Creative On-line Registration System>
2004-11-02 17:55:13 0 d-------- C:\Program Files\Steinberg
2004-11-02 17:55:01 0 d-------- C:\Program Files\Creative Professional
2004-11-02 17:54:38 20480 --a------ C:\WINDOWS\system32\ENSDEF.EXE <Not Verified; Creative Technology Ltd; Creative Audio Product>
2004-11-02 17:54:38 94208 --a------ C:\WINDOWS\DEVREG.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2004-11-02 17:54:37 24576 --a------ C:\WINDOWS\system32\CTHELPER.EXE <Not Verified; Creative Technology Ltd; CtHelper Application>
2004-11-02 17:54:36 53248 --a------ C:\WINDOWS\system32\AC3API.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product>
2004-11-02 17:54:11 0 d-------- C:\WINDOWS\Profiles
2004-11-02 17:54:08 0 d-------- C:\WINDOWS\system32\Adobe
2004-11-02 17:54:08 0 d-------- C:\Program Files\Common Files\Adobe
2004-11-02 17:54:08 0 d-------- C:\Documents and Settings\Tobyzooka\Application Data\Adobe
2004-11-02 17:54:07 0 d-------- C:\Documents and Settings\Tobyzooka\Application Data\InterTrust
2004-11-02 17:53:49 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2004-11-02 17:52:16 0 d-------- C:\Documents and Settings\Tobyzooka\Application Data\Creative
2004-11-02 17:50:44 0 d-------- C:\Program Files\Creative
2004-11-02 17:20:14 0 d-------- C:\Program Files\Norton SystemWorks
2004-11-02 17:19:48 0 d-------- C:\Documents and Settings\Tobyzooka\Application Data\Symantec
2004-11-02 17:19:38 0 d-------- C:\Program Files\Symantec
2004-11-02 17:19:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2004-11-02 17:19:33 0 d-------- C:\Program Files\Common Files\Symantec Shared
2004-11-02 17:13:46 0 d-------- C:\Program Files\Windows Media Connect
2004-11-02 17:10:39 5248 --a------ C:\WINDOWS\system32\drivers\xmasscsi.sys
2004-11-02 17:10:39 140800 --a------ C:\WINDOWS\system32\drivers\xmasbus.sys
2004-11-02 17:10:35 0 d-------- C:\Program Files\Alcohol Soft
2004-11-02 17:07:38 0 d-------- C:\Program Files\ShareScan
2004-11-02 17:05:18 0 d-------- C:\Documents and Settings\Tobyzooka\Application Data\Lavasoft
2004-11-02 16:53:14 0 d-------- C:\Program Files\HighMAT CD Writing Wizard
2004-11-02 16:53:12 0 d-------- C:\WINDOWS\Downloaded Installations
2004-11-02 16:52:22 0 d-------- C:\WINDOWS\system32\URTTemp
2004-11-02 16:52:12 0 d-------- C:\Program Files\Windows Journal Viewer
2004-11-02 16:14:40 0 d--h----- C:\WINDOWS\$hf_mig$
2004-11-02 16:00:28 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2004-11-02 15:59:57 0 d-------- C:\WINDOWS\Prefetch
2004-11-02 15:46:51 0 d-------- C:\WINDOWS\provisioning
2004-11-02 15:46:51 0 d-------- C:\WINDOWS\peernet
2004-11-02 14:39:50 0 d-------- C:\WINDOWS\system32\bits
2004-11-02 14:35:53 0 d-------- C:\WINDOWS\SoftwareDistribution
2004-11-02 14:35:08 0 d---s---- C:\Documents and Settings\Tobyzooka\UserData
2004-11-02 14:26:08 77824 --a------ C:\WINDOWS\system32\NVUninst.exe <Not Verified; NVIDIA; NVIDIA>
2004-11-02 14:25:02 77824 -----n--- C:\WINDOWS\system32\nvuide.exe <Not Verified; NVIDIA; NVIDIA>
2004-11-02 14:24:57 77824 -----n--- C:\WINDOWS\system32\nvumctl.exe <Not Verified; NVIDIA; NVIDIA>
2004-11-02 14:24:20 26112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2004-11-02 14:16:03 0 d---s---- C:\WINDOWS\system32\Microsoft
2004-11-02 14:07:33 0 d-------- C:\WINDOWS\ServicePackFiles
2004-11-02 14:07:33 0 d-------- C:\WINDOWS\ehome
2004-11-02 13:54:24 0 d-------- C:\Documents and Settings\Tobyzooka\Application Data\Help
2004-11-02 13:53:10 0 d-------- C:\WINDOWS\RegisteredPackages
2004-11-02 13:52:46 0 --a------ C:\WINDOWS\system32\wstdecod.dll
2004-11-02 13:50:30 520192 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2004-11-02 13:49:14 0 d-------- C:\Program Files\ATI Technologies
2004-11-02 13:49:12 0 d--h----- C:\Program Files\InstallShield Installation Information
2004-11-02 13:45:32 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2004-11-02 13:45:25 0 d-------- C:\Program Files\Common Files\InstallShield
2004-11-02 13:43:47 0 d--hs---- C:\WINDOWS\Installer
2004-11-02 13:43:45 0 d-------- C:\Documents and Settings\Tobyzooka\Application Data\Identities
2004-11-02 13:43:37 0 d--h----- C:\Documents and Settings\Tobyzooka\Templates
2004-11-02 13:43:37 0 dr------- C:\Documents and Settings\Tobyzooka\Start Menu
2004-11-02 13:43:37 0 dr-h----- C:\Documents and Settings\Tobyzooka\SendTo
2004-11-02 13:43:37 0 dr-h----- C:\Documents and Settings\Tobyzooka\Recent
2004-11-02 13:43:37 0 d--h----- C:\Documents and Settings\Tobyzooka\PrintHood
2004-11-02 13:43:37 0 d--h----- C:\Documents and Settings\Tobyzooka\NetHood
2004-11-02 13:43:37 0 dr------- C:\Documents and Settings\Tobyzooka\My Documents
2004-11-02 13:43:37 0 d--h----- C:\Documents and Settings\Tobyzooka\Local Settings
2004-11-02 13:43:37 0 dr------- C:\Documents and Settings\Tobyzooka\Favorites
2004-11-02 13:43:37 0 d-------- C:\Documents and Settings\Tobyzooka\Desktop
2004-11-02 13:43:37 0 d---s---- C:\Documents and Settings\Tobyzooka\Cookies
2004-11-02 13:43:37 0 dr-h----- C:\Documents and Settings\Tobyzooka\Application Data
2004-11-02 13:42:12 0 d--hs---- C:\System Volume Information
2004-11-02 13:42:11 262144 --a------ C:\Documents and Settings\NetworkService\NTUSER.DAT
2004-11-02 13:42:11 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2004-11-02 13:42:11 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2004-11-02 13:42:11 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2004-11-02 13:42:11 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2004-11-02 13:42:11 233472 --a------ C:\Documents and Settings\LocalService\NTUSER.DAT
2004-11-02 13:42:11 0 d--h
  • 0

#9
mrhiccups

mrhiccups

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP
Percentage of Memory in Use: 50%
Physical Memory (total/avail): 1023.48 MiB / 509.58 MiB
Pagefile Memory (total/avail): 1695.22 MiB / 1208.05 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1915.97 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 127.99 GiB total, 21.17 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
G: is CDROM (No Media)
H: is CDROM (No Media)
I: is CDROM (No Media)
J: is Removable (FAT)

\\.\PHYSICALDRIVE0 - ST3160023A - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 127.99 GiB - C:

\\.\PHYSICALDRIVE1 - Kingston DataTraveler 2.0 USB Device - 972.69 MiB - 1 partition
\PARTITION0 - MS-DOS V4 Huge - 979.88 MiB - J:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

AV: AVG Internet Security v8.0 (AVG Technologies)
AV: avast! antivirus 4.8.1169 [VPS 080507-0] v4.8.1169 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\EA Games\\The Battle for Middle-earth ™\\game.dat"="C:\\Program Files\\EA Games\\The Battle for Middle-earth ™\\game.dat:*:Enabled:The Battle for Middle-earth ™"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\tobazooka\\counter-strike source\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\tobazooka\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Valve\\Steam\\Steam.exe"="C:\\Program Files\\Valve\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\game.dat"="C:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\game.dat:*:Enabled:game"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\tobazooka\\half-life 2 deathmatch\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\tobazooka\\half-life 2 deathmatch\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\EA Games\\Need for Speed Underground 2\\speed2.exe"="C:\\Program Files\\EA Games\\Need for Speed Underground 2\\speed2.exe:*:Enabled:speed2"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\EA Games\\Battlefield Vietnam\\BfVietnam.exe"="C:\\Program Files\\EA Games\\Battlefield Vietnam\\BfVietnam.exe:*:Enabled:BfVietnam"
"C:\\Program Files\\Java\\j2re1.4.2_06\\bin\\javaw.exe"="C:\\Program Files\\Java\\j2re1.4.2_06\\bin\\javaw.exe:*:Enabled:javaw"
"C:\\Program Files\\eDonkey2000\\edonkey2000.exe"="C:\\Program Files\\eDonkey2000\\edonkey2000.exe:*:Enabled:edonkey2000"
"C:\\Program Files\\EA Games\\Command and Conquer Generals\\game.dat"="C:\\Program Files\\EA Games\\Command and Conquer Generals\\game.dat:*:Enabled:game"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek Client"
"C:\\Program Files\\Ubisoft\\Demo\\Blue Byte\\Heritage of Kings - The Settlers Demo\\Bin\\SettlersHoKDemo.exe"="C:\\Program Files\\Ubisoft\\Demo\\Blue Byte\\Heritage of Kings - The Settlers Demo\\Bin\\SettlersHoKDemo.exe:*:Enabled:THE SETTLERS - Heritage of Kings Demo"
"C:\\Program Files\\Microsoft Games\\Dungeon Siege\\DSLOA.exe"="C:\\Program Files\\Microsoft Games\\Dungeon Siege\\DSLOA.exe:*:Enabled:Dungeon Siege: Legends of Aranna Game Executable"
"C:\\Program Files\\THQ\\Dawn of War\\W40k.exe"="C:\\Program Files\\THQ\\Dawn of War\\W40k.exe:*:Enabled:W40K"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Java\\jre1.5.0_02\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_02\\bin\\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\Program Files\\Activision\\Rome - Total War\\RomeTW.exe"="C:\\Program Files\\Activision\\Rome - Total War\\RomeTW.exe:*:Enabled:Rome: Total War"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Program Files\\LucasArts\\XWingAlliance\\XWINGALLIANCE.EXE"="C:\\Program Files\\LucasArts\\XWingAlliance\\XWINGALLIANCE.EXE:*:Enabled:X-Wing Alliance"
"C:\\Program Files\\Java\\jre1.5.0_04\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_04\\bin\\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\Program Files\\Eidos\\Pyro Studios\\Commandos 3 - Destination Berlin\\commandos3.exe"="C:\\Program Files\\Eidos\\Pyro Studios\\Commandos 3 - Destination Berlin\\commandos3.exe:*:Enabled:commandos3"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\tobazooka\\day of defeat source\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\tobazooka\\day of defeat source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"="C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe:*:Enabled:ET"
"C:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"="C:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe:*:Enabled:RelicCOH"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\tobazooka\\source sdk base\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\tobazooka\\source sdk base\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*:Enabled:Delivery Manager Service"
"C:\\Documents and Settings\\Tobyzooka\\Desktop\\Caribou - Andorra [2007]\\Sniper Elite\\SniperElite.exe"="C:\\Documents and Settings\\Tobyzooka\\Desktop\\Caribou - Andorra [2007]\\Sniper Elite\\SniperElite.exe:*:Enabled:SniperElite"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\Documents and Settings\\Tobyzooka\\Desktop\\Caribou - Andorra [2007]\\Battlestations Midway\\Battlestationsmidway.exe"="C:\\Documents and Settings\\Tobyzooka\\Desktop\\Caribou - Andorra [2007]\\Battlestations Midway\\Battlestationsmidway.exe:*:Enabled:Battlestationsmidway"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\EA Games\\Battlefield 2\\BF2.exe"="C:\\Program Files\\EA Games\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Tobyzooka\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TOBY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Tobyzooka
LOGONSERVER=\\TOBY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
SESSIONNAME=Console
sourcesdk=c:\program files\valve\steam\steamapps\tobazooka\sourcesdk
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\TOBYZO~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\TOBYZO~1\LOCALS~1\Temp
USERDOMAIN=TOBY
USERNAME=Tobyzooka
USERPROFILE=C:\Documents and Settings\Tobyzooka
VProject=c:\program files\valve\steam\steamapps\tobazooka\counter-strike source\cstrike
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Tobyzooka (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
4oD --> MsiExec.exe /I {8B7443F5-E141-42A0-AB61-ED2331AAD606}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Aglow --> C:\Program Files\Aglow\uninstall.exe
Alcohol 52% --> MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{D84E40A2-380A-46E9-A750-6F55D398D973}
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
Audiosurf --> MsiExec.exe /I{6D316D67-DA52-4659-9C98-F479963534D6}
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AVG 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Azureus --> C:\Program Files\Azureus\Uninstall.exe
Battlefield 2™ --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
DAEMON Tools --> MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DU Meter --> "C:\Program Files\DU Meter\unins000.exe"
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
Forgotten Hope 2 --> C:\Program Files\EA GAMES\Battlefield 2\Mods\FH2\uninst.exe
GameShadow --> MsiExec.exe /I{472076D2-F0D4-480A-A05E-59CC7CA06D78}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
iPod for Windows 2005-10-12 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A} /l1033
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
LiveUpdate 2.5 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech iTouch Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\setup.exe" -l0x9 UNINSTALL
Logitech MouseWare 9.75 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Magic ISO Maker v5.4 (build 0251) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
microKORG SoundEditor --> MsiExec.exe /X{EB091860-8C2B-4E49-A543-666373C39E6F}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Drivers --> C:\WINDOWS\system32\nvuaudio.exe UninstallGUI
NVIDIA nForce Drivers --> C:\WINDOWS\System32\nvuninst.exe Uninstall C:\WINDOWS\System32\NVU001.nvu,NVIDIA nForce Drivers
OutLaster --> C:\Program Files\OutLaster\un-shhost.exe
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerQuest PartitionMagic 8.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Reason 4.0 --> "C:\Program Files\Propellerhead\Reason\Uninstall Reason\unins000.exe"
ReCycle v2.1 --> C:\PROGRA~1\Recycle\UNWISE.EXE C:\PROGRA~1\Recycle\INSTALL.LOG
Skype 1.4 --> "C:\Program Files\Skype\Phone\unins000.exe"
SONAR 7 Producer Edition --> "C:\Program Files\Cakewalk\SONAR 7 Producer Edition\unins000.exe"
Sony Picture Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
Sony Sound Forge 8.0 --> MsiExec.exe /X{767572FD-4D01-4FA3-B0A6-4B09FB2CFC37}
Source SDK Base --> "C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/215
Steam™ --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
TeamSpeak 2 RC2 --> "C:\Program Files\teamspeak2_RC2\unins000.exe"
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
WaveLab Lite --> "C:\Program Files\Steinberg\WaveLab Lite\Uninstall.exe" "C:\Program Files\Steinberg\WaveLab Lite\install.log"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Connect --> msiexec.exe /I {F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Connect --> MsiExec.exe /I{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
XP Codec Pack --> C:\Program Files\XP Codec Pack\Uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type3577 / Success
Event Submitted/Written: 05/14/2008 06:40:35 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type3566 / Error
Event Submitted/Written: 05/14/2008 06:04:01 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16640, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type3556 / Success
Event Submitted/Written: 05/14/2008 04:06:32 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type3544 / Error
Event Submitted/Written: 05/14/2008 00:44:57 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16640, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type3543 / Error
Event Submitted/Written: 05/14/2008 00:44:56 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16640, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type81777 / Error
Event Submitted/Written: 05/14/2008 07:47:18 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
AFD
AmdK7
AvgLdx86
AvgMfx86
d347bus
Fips
IPSec
MRxSmb
NetBIOS
NetBT
prodrv06
RasAcd
Rdbss
Tcpip
WS2IFSL

Event Record #/Type81776 / Error
Event Submitted/Written: 05/14/2008 07:47:18 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31

Event Record #/Type81775 / Error
Event Submitted/Written: 05/14/2008 07:47:18 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31

Event Record #/Type81774 / Error
Event Submitted/Written: 05/14/2008 07:47:18 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error:
%%31

Event Record #/Type81773 / Error
Event Submitted/Written: 05/14/2008 07:47:18 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31



-- End of Deckard's System Scanner: finished at 2002-01-23 12:47:21 ------------
  • 0

#10
mrhiccups

mrhiccups

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59:50, on 23/01/2002
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.0.65
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0D984F5D-E0C4-4D61-B321-F3042230A922} - C:\WINDOWS\system32\iifefCrR.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {3CAB59B4-55A3-4737-9FD5-B93C6430BF75} - C:\WINDOWS\system32\aiwnujva.dll (file missing)
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet3_88.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: DVA Storm - {97EBE3CC-10A7-4619-B127-9B5D4FA476A8} - C:\WINDOWS\nslbvxpgtkn.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: (no name) - {EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9} - C:\WINDOWS\system32\tuvVOFYo.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: sgoblxtm - {57ABA3CE-E927-4C81-BE2E-E20CAEC6645F} - C:\WINDOWS\sgoblxtm.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [0c323445] rundll32.exe "C:\WINDOWS\system32\ifuujxhh.dll",b
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\progra~1\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKLM\..\Policies\Explorer\Run: [1i54jL1c8X] C:\Documents and Settings\All Users\Application Data\anwbqpep\kviponex.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet3_88.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05CDEE1D-D109-4992-B72B-6D4F5E2AB731} (PhotoBox uploader) - http://static.photob...geUploader4.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1099406122515
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: tuvVOFYo - tuvVOFYo.dll (file missing)
O21 - SSODL: dsktbwfe - {6CBA1792-6B6A-4452-8064-61F3B20F80DE} - C:\WINDOWS\dsktbwfe.dll (file missing)
O21 - SSODL: ogxtsepr - {7A45A70E-8DDA-42DC-97D0-DD638982BF9A} - C:\WINDOWS\ogxtsepr.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: asurscsi - Unknown owner - C:\Program Files\Voyetra\AudioSurgeon 5\asurscsi.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 10307 bytes

I think thats everything.
Thanks
  • 0

Advertisements


#11
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
in this post we will some the malware i can see in your logs and do a few scans to see what else is lurking on your machine. i want to let one of the scans deal with the rest of the malware in your logs (there is a lot of it) and then we will clear out the remnants in the following post.

the scans will likely take 3 hours, quite possibly much longer. so just let them run.



====STEP 1====
Please download the OTMoveIt2 by OldTimer and Save it to your desktop.

Do not run it yet



Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {0D984F5D-E0C4-4D61-B321-F3042230A922} - C:\WINDOWS\system32\iifefCrR.dll (file missing)
O2 - BHO: (no name) - {3CAB59B4-55A3-4737-9FD5-B93C6430BF75} - C:\WINDOWS\system32\aiwnujva.dll (file missing)
O2 - BHO: DVA Storm - {97EBE3CC-10A7-4619-B127-9B5D4FA476A8} - C:\WINDOWS\nslbvxpgtkn.dll (file missing)
O2 - BHO: (no name) - {EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9} - C:\WINDOWS\system32\tuvVOFYo.dll (file missing)
O3 - Toolbar: sgoblxtm - {57ABA3CE-E927-4C81-BE2E-E20CAEC6645F} - C:\WINDOWS\sgoblxtm.dll (file missing)
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [0c323445] rundll32.exe "C:\WINDOWS\system32\ifuujxhh.dll",b
O4 - HKLM\..\Policies\Explorer\Run: [1i54jL1c8X] C:\Documents and Settings\All Users\Application Data\anwbqpep\kviponex.exe
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O20 - Winlogon Notify: tuvVOFYo - tuvVOFYo.dll (file missing)
O21 - SSODL: dsktbwfe - {6CBA1792-6B6A-4452-8064-61F3B20F80DE} - C:\WINDOWS\dsktbwfe.dll (file missing)
O21 - SSODL: ogxtsepr - {7A45A70E-8DDA-42DC-97D0-DD638982BF9A} - C:\WINDOWS\ogxtsepr.dll (file missing)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.



Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\WINDOWS\system32\iifefCrR.dll
    C:\WINDOWS\system32\aiwnujva.dll
    C:\WINDOWS\nslbvxpgtkn.dll
    C:\WINDOWS\system32\tuvVOFYo.dll
    C:\WINDOWS\sgoblxtm.dll
    C:\Program Files\webHancer
    C:\WINDOWS\system32\ifuujxhh.dll
    C:\Documents and Settings\All Users\Application Data\anwbqpep\kviponex.exe
    C:\WINDOWS\dsktbwfe.dll
    C:\WINDOWS\ogxtsepr.dll
    purity 
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



====STEP 2====
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.



====STEP 3====
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



====STEP 4====
could you delete the current version of combofix you have and then follow these instructions:

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet. For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**



====STEP 5====
Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


In your next reply could i see:
1. the OTMoveIT log
2. the malwarebytes log
3. the combofix log
4. a new hijackthis log
5. the kaspersky log

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk
  • 0

#12
mrhiccups

mrhiccups

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
ok everything has gone well up until step 4
I can't find a download file anywhere on the microsoft site for 'windows recovery console'
Should I carry on with the next steps?
  • 0

#13
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
the instructions on installing the Recovery Console are in on the page http://www.bleepingc...to-use-combofix about a third of the way down.

the paragraph starts

You should now install the Windows Recovery Console. The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.


If you use Windows XP and have a Windows CD then the page directs you http://www.bleepingc...utorial117.html

if you do not have the Windows CD then the page goes on to explain how to install the Recovery Console from there.

andrewuk
  • 0

#14
mrhiccups

mrhiccups

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Sorry
I meant that the link provided does not lead to a download for the recovery console
in fact I have searched the entire microsoft site for one and cannot find it
Should I just carry on?
Can you provide a link?

Sorry to be difficult
Thanks
  • 0

#15
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
no problem, lets take this a step at a time.

do you have the Windows CD?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP