Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus blocking EVERYTHING! [RESOLVED]


  • This topic is locked This topic is locked

#1
dorkus5

dorkus5

    Member

  • Member
  • PipPip
  • 20 posts
Hi guys,

Picked up a virus on my laptop this evening.
My background has changed to blue with a warning of spyware detection, I cannot access internet explorer (i am currently on the home desktop), I also cannot access task manager or any programme files for that matter stating that I do not have the required permission or that the administrator has disabled access. It is a 1 account comp. Mcafee seems to be picking up a trojan in my drivers32 - a programme file called "spools". However, when I attempt to either delete or quarantine the file it fails.

Sorry I cannot be of anymore help.


Thanks in advance :)
  • 0

Advertisements


#2
dorkus5

dorkus5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi guys,

Picked up a virus on my laptop this evening.
My background has changed to blue with a warning of spyware detection, I cannot access internet explorer (I am currently on the home desktop), I also cannot access task manager or any programme files for that matter stating that I do not have the required permission or that the administrator has disabled access. It is a 1 account comp. Mcafee seems to be picking up a trojan in my drivers32 - a programme file called "spools". However, when I attempt to either delete or quarantine the file it fails.

Sorry I cannot be of anymore help.


Thanks in advance :)
  • 0

#3
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,962 posts
Hi, dorkus5 :)

Welcome. I have merge your threads.

You will need a pen drive or a similar device to transfer information back and forth from the laptop.

Posted ImageDownload Deckard's System Scanner (DSS) from here or here to your Desktop. Note: You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of both, the main.txt and the extra.txt in your next reply.
If the files are too long, attach them to a reply:
  • Scroll down and click the [Manage Attachments] button
  • Browse to the following folder:
    • C:\Deckard\System Scanner
  • Click Upload to upload these files one by one
  • Submit your reply

  • 0

#4
dorkus5

dorkus5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi JSntgRvr,

Thanks for your help so far. I hope my log helps you!

Deckard's System Scanner v20071014.68
Run by Chris on 2008-05-11 23:36:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-05-11 22:36:13 UTC - RP149 - Deckard's System Scanner Restore Point
2: 2008-05-11 11:49:12 UTC - RP148 - Installed AVG 8.0
1: 2008-05-11 11:01:05 UTC - RP147 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 83% (more than 75%).
Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-11 23:42:15
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\Program Files\McAfee.com\VSO\McShield.exe
C:\Program Files\McAfee.com\Agent\McTskshd.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
C:\Program Files\AVG\AVG8\avgam.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgnsx.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
F:\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=3061211
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qol.qub.ac.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co...amp;ibd=3061211
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.del.......;l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.del.......;l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=3061211
O2 - BHO: (no name) - {88ebbe0b-5ff8-4b84-b043-71a216374a5b} - C:\WINDOWS\system32\efcDTMgf.dll
O2 - BHO: C:\WINDOWS\system32\jfiehayd.dll - {c5af49a2-94f3-42bd-f434-2604812c897d} - C:\WINDOWS\system32\jfiehayd.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\Program Files\McAfee.com\VSO\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: pvnsmfor - {C17C95A8-9A32-4250-8F46-D7DFBB4B4947} - C:\WINDOWS\pvnsmfor.dll
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,RunDLLEntry
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Chris\cftmon.exe
O4 - HKLM\..\Run: [jdgf894jrghoiiskd] C:\DOCUME~1\Chris\LOCALS~1\Temp\winlogan.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [InetChk] C:\DOCUME~1\Chris\LOCALS~1\Temp\ms1210503532.exe work
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Chris\cftmon.exe
O4 - HKCU\..\Run: [jdgf894jrghoiiskd] C:\DOCUME~1\Chris\LOCALS~1\Temp\winlogan.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\Chris\LOCALS~1\Temp\csrssc.exe
O4 - HKLM\..\Policies\Explorer\Run: [zsmscc] rundll32.exe C:\WINDOWS\system32\zsmscc071001.dll mymain
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [autoload] C:\Documents and Settings\LocalService\cftmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [autoload] C:\Documents and Settings\LocalService\cftmon.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Casino-on-Net - {3015DB92-158E-4b77-9020-85C8E311FBB5} - C:\Program Files\CasinoOnNet\Casino.exe
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\Program Files\McAfee\SpamKiller\McApfBHO.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\Program Files\McAfee\SpamKiller\McApfBHO.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: efcDTMgf - C:\WINDOWS\system32\efcDTMgf.dll
O21 - SSODL: mpfanvqg - {3203440F-BBCB-4E16-87BB-E1556B57910B} - C:\WINDOWS\mpfanvqg.dll
O21 - SSODL: vbksrofa - {E3473047-F313-4B6A-9D4A-862270874EAA} - C:\WINDOWS\vbksrofa.dll
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll
O23 - Service: 4890AABA - Unknown owner - C:\WINDOWS\system32\7C750A7C.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: dlcf_device - Unknown owner - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:exe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\Mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - C:\Program Files\McAfee.com\VSO\McShield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\McTskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\system32\WLTRYSVC.EXE


--
End of file - 11842 bytes

-- File Associations -----------------------------------------------------------

.exe - exefile - shell\open\command - C:\Documents and Settings\Chris\cftmon.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 MPFIREWL - c:\windows\system32\drivers\mpfirewall.sys <Not Verified; McAfee; McAfee Personal Firewall>
R2 Packet (Auto Internet Protocol) - c:\windows\system32\drivers\packet.sys <Not Verified; SingleClick Systems; Auto IP Protocol Driver>

S3 DSproct - c:\program files\dell support\gtaction\triggers\dsproct.sys <Not Verified; GTek Technologies Ltd.; processt>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 NICCONFIGSVC - c:\program files\dell\quickset\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>

S2 4890AABA - c:\windows\system32\7c750a7c.exe -k
S2 ICF - c:\windows\system32\svchost.exe:exe.exe
S2 MskService (McAfee SpamKiller Server) - c:\progra~1\mcafee\spamki~1\msksrvr.exe <Not Verified; McAfee Inc.; McAfee SpamKiller>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Dell Wireless 1390 WLAN Mini-Card
Device ID: PCI\VEN_14E4&DEV_4311&SUBSYS_00071028&REV_01\4&2EA2911C&0&0030
Manufacturer: Broadcom
Name: Dell Wireless 1390 WLAN Mini-Card
PNP Device ID: PCI\VEN_14E4&DEV_4311&SUBSYS_00071028&REV_01\4&2EA2911C&0&0030
Service: BCM43XX


-- Scheduled Tasks -------------------------------------------------------------

2008-04-18 19:27:35 350 --a------ C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (DHKW2N2J-Chris).job
2008-03-16 06:42:09 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-11 and 2008-05-11 -----------------------------

2008-05-11 12:49:38 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-11 12:49:17 0 d-------- C:\Program Files\AVG
2008-05-11 12:49:14 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-11 12:09:33 2855 --a------ C:\WINDOWS\system32\drivers\spools.PIF
2008-05-11 12:08:12 0 d--h----- C:\WINDOWS\PIF
2008-05-11 12:00:35 66576 --a------ C:\WINDOWS\system32\k12105036331.exe
2008-05-11 11:58:27 13824 --a------ C:\Documents and Settings\LocalService\cftmon.exe
2008-05-11 11:56:10 0 d-------- C:\Program Files\Helper
2008-05-11 11:54:46 346112 --a------ C:\WINDOWS\system32\ljjjhif.dll
2008-05-11 11:54:28 36352 --a------ C:\WINDOWS\system32\byXNdcCV.dll
2008-05-11 11:54:21 705 --a------ C:\d.exe
2008-05-11 11:54:14 2 --a------ C:\1209778742
2008-05-11 11:54:09 10000 --a------ C:\WINDOWS\system32\jfiehayd.dll
2008-05-11 11:54:07 13824 --a------ C:\WINDOWS\system32\drivers\spools.exe
2008-05-11 11:54:07 13824 --a------ C:\Documents and Settings\Chris\cftmon.exe
2008-05-11 11:54:05 1 --a------ C:\WINDOWS\system32\kr_done1de
2008-05-11 11:54:02 13824 --a------ C:\ddrjjhqh.exe
2008-05-11 11:54:00 76288 --a------ C:\ftklhae.exe
2008-05-11 11:53:51 66576 --a------ C:\WINDOWS\system32\k12105032291.exe
2008-05-11 11:53:51 29824 --a------ C:\WINDOWS\system32\efcDTMgf.dll
2008-05-11 11:53:39 327680 --a------ C:\WINDOWS\vbksrofa.dll
2008-05-11 11:53:39 184320 --a------ C:\WINDOWS\pvnsmfor.dll
2008-05-11 11:53:39 94208 --a------ C:\WINDOWS\oadkxrts.exe
2008-05-11 11:53:39 212992 --a------ C:\WINDOWS\mpfanvqg.dll
2008-05-11 11:53:39 253952 --a------ C:\WINDOWS\fvowketqsoq.dll
2008-05-11 11:53:36 160256 --a------ C:\WINDOWS\system32\blackster.scr <Not Verified; Peter's Productions; Bugs!>
2008-05-11 11:53:31 96256 --a------ C:\WINDOWS\system32\ctfmona.exe
2008-05-10 18:54:57 66576 --a------ C:\WINDOWS\system32\k12104420961.exe
2008-05-10 17:54:54 66576 --a------ C:\WINDOWS\system32\k12104384931.exe
2008-05-10 12:39:36 66576 --a------ C:\WINDOWS\system32\k12104195741.exe
2008-05-09 12:34:08 66576 --a------ C:\WINDOWS\system32\k12103328461.exe
2008-05-09 10:41:27 66576 --a------ C:\WINDOWS\system32\k12103260851.exe
2008-05-09 00:05:04 66576 --a------ C:\WINDOWS\system32\k12102879021.exe
2008-05-08 23:06:39 66576 --a------ C:\WINDOWS\system32\k12102843981.exe
2008-05-08 21:06:04 66576 --a------ C:\WINDOWS\system32\k12102771621.exe
2008-05-08 20:05:47 66576 --a------ C:\WINDOWS\system32\k12102735461.exe
2008-05-08 19:05:44 66576 --a------ C:\WINDOWS\system32\k12102699421.exe
2008-05-08 18:05:40 66576 --a------ C:\WINDOWS\system32\k12102663381.exe
2008-05-08 17:05:37 66576 --a------ C:\WINDOWS\system32\k12102627351.exe
2008-05-08 16:05:33 66576 --a------ C:\WINDOWS\system32\k12102591321.exe
2008-05-08 15:05:30 66576 --a------ C:\WINDOWS\system32\k12102555281.exe
2008-05-08 14:04:53 66576 --a------ C:\WINDOWS\system32\k12102518921.exe
2008-05-08 13:04:47 66576 --a------ C:\WINDOWS\system32\k12102482851.exe
2008-05-08 12:04:42 66576 --a------ C:\WINDOWS\system32\k12102446811.exe
2008-05-08 11:04:39 66576 --a------ C:\WINDOWS\system32\k12102410771.exe
2008-05-08 01:01:34 66576 --a------ C:\WINDOWS\system32\k12102048921.exe
2008-05-08 00:01:31 66576 --a------ C:\WINDOWS\system32\k12102012891.exe
2008-05-07 23:01:28 66576 --a------ C:\WINDOWS\system32\k12101976861.exe
2008-05-07 22:01:24 66576 --a------ C:\WINDOWS\system32\k12101940831.exe
2008-05-07 21:01:22 66576 --a------ C:\WINDOWS\system32\k12101904801.exe
2008-05-07 20:01:18 66576 --a------ C:\WINDOWS\system32\k12101868771.exe
2008-05-07 16:08:55 66576 --a------ C:\WINDOWS\system32\k12101729341.exe
2008-05-07 15:08:52 66576 --a------ C:\WINDOWS\system32\k12101693301.exe
2008-05-07 14:08:49 66576 --a------ C:\WINDOWS\system32\k12101657271.exe
2008-05-07 13:08:45 66576 --a------ C:\WINDOWS\system32\k12101621241.exe
2008-05-07 12:08:42 66576 --a------ C:\WINDOWS\system32\k12101585211.exe
2008-05-07 11:08:40 66576 --a------ C:\WINDOWS\system32\k12101549191.exe
2008-05-07 07:12:46 66576 --a------ C:\WINDOWS\system32\k12101407641.exe
2008-05-06 22:30:15 66576 --a------ C:\WINDOWS\system32\k12101094131.exe
2008-05-06 21:30:11 66576 --a------ C:\WINDOWS\system32\k12101058091.exe
2008-05-06 17:49:18 66576 --a------ C:\WINDOWS\system32\k12100925561.exe
2008-05-06 16:49:16 66576 --a------ C:\WINDOWS\system32\k12100889531.exe
2008-05-06 15:03:44 66576 --a------ C:\WINDOWS\system32\k12100826211.exe
2008-05-06 09:40:12 66576 --a------ C:\WINDOWS\system32\k12100632101.exe
2008-05-06 05:23:50 66576 --a------ C:\WINDOWS\system32\k12100478281.exe
2008-05-05 22:56:33 66576 --a------ C:\WINDOWS\system32\k12100245921.exe
2008-05-05 21:56:40 66576 --a------ C:\WINDOWS\system32\k12100209881.exe
2008-05-05 20:56:27 66576 --a------ C:\WINDOWS\system32\k12100173851.exe
2008-05-05 19:56:23 66576 --a------ C:\WINDOWS\system32\k12100137821.exe
2008-05-05 18:56:21 66576 --a------ C:\WINDOWS\system32\k12100101791.exe
2008-05-05 17:56:17 66576 --a------ C:\WINDOWS\system32\k12100065761.exe
2008-05-04 18:23:41 66576 --a------ C:\WINDOWS\system32\k12099218201.exe
2008-05-04 11:04:50 66576 --a------ C:\WINDOWS\system32\k12098954881.exe
2008-05-03 07:33:56 66576 --a------ C:\WINDOWS\system32\k12097964341.exe
2008-05-03 06:33:52 66576 --a------ C:\WINDOWS\system32\k12097928301.exe
2008-05-03 05:33:49 66576 --a------ C:\WINDOWS\system32\k12097892271.exe
2008-05-03 04:33:46 66576 --a------ C:\WINDOWS\system32\k12097856241.exe
2008-05-03 03:33:43 66576 --a------ C:\WINDOWS\system32\k12097820211.exe
2008-05-03 00:59:42 66576 --a------ C:\WINDOWS\system32\k12097727801.exe
2008-05-02 22:43:24 66576 --a------ C:\WINDOWS\system32\k12097646021.exe
2008-05-02 20:44:47 66576 --a------ C:\WINDOWS\system32\k12097574851.exe
2008-05-02 19:44:44 66576 --a------ C:\WINDOWS\system32\k12097538821.exe
2008-05-01 23:35:48 66576 --a------ C:\WINDOWS\system32\k12096813461.exe
2008-05-01 22:35:44 66576 --a------ C:\WINDOWS\system32\k12096777421.exe
2008-05-01 05:20:41 66576 --a------ C:\WINDOWS\system32\k12096156401.exe
2008-05-01 04:20:38 66576 --a------ C:\WINDOWS\system32\k12096120371.exe
2008-05-01 03:20:35 66576 --a------ C:\WINDOWS\system32\k12096084331.exe
2008-05-01 02:20:31 66576 --a------ C:\WINDOWS\system32\k12096048301.exe
2008-05-01 01:20:28 66576 --a------ C:\WINDOWS\system32\k12096012261.exe
2008-05-01 00:20:25 66576 --a------ C:\WINDOWS\system32\k12095976231.exe
2008-04-30 23:20:21 66576 --a------ C:\WINDOWS\system32\k12095940201.exe
2008-04-30 22:20:18 66576 --a------ C:\WINDOWS\system32\k12095904151.exe
2008-04-30 21:20:06 66576 --a------ C:\WINDOWS\system32\k12095868021.exe
2008-04-30 18:19:16 66576 --a------ C:\WINDOWS\system32\k12095759541.exe
2008-04-30 16:18:52 66576 --a------ C:\WINDOWS\system32\k12095687281.exe
2008-04-30 15:18:49 66576 --a------ C:\WINDOWS\system32\k12095651241.exe
2008-04-30 14:18:41 66576 --a------ C:\WINDOWS\system32\k12095615191.exe
2008-04-30 12:18:23 66576 --a------ C:\WINDOWS\system32\k12095543011.exe
2008-04-30 01:22:38 66576 --a------ C:\WINDOWS\system32\k12095149471.exe
2008-04-29 23:22:13 66576 --a------ C:\WINDOWS\system32\k12095077321.exe
2008-04-29 22:22:04 66576 --a------ C:\WINDOWS\system32\k12095041191.exe
2008-04-29 21:21:53 66576 --a------ C:\WINDOWS\system32\k12095005111.exe
2008-04-29 19:13:58 66576 --a------ C:\WINDOWS\system32\k12094928331.exe
2008-04-29 18:13:50 66576 --a------ C:\WINDOWS\system32\k12094892281.exe
2008-04-28 09:18:45 66576 --a------ C:\WINDOWS\system32\k12093707231.exe
2008-04-28 07:05:26 66576 --a------ C:\WINDOWS\system32\k12093627221.exe
2008-04-27 20:07:39 66576 --a------ C:\WINDOWS\system32\k12093232571.exe
2008-04-27 18:48:10 66576 --a------ C:\WINDOWS\system32\k12093184881.exe
2008-04-27 14:33:02 0 d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
2008-04-27 14:31:34 0 d--hs---- C:\WINDOWS\ftpcache
2008-04-22 08:55:07 0 d-------- C:\Program Files\Lavasoft
2008-04-22 08:55:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft


-- Find3M Report ---------------------------------------------------------------

2008-05-11 11:59:01 40960 --a------ C:\WINDOWS\system32\6343B22A.DLL
2008-05-11 11:58:52 107008 -r-hs---- C:\WINDOWS\system32\zsmscc32.dll
2008-05-08 17:05:43 25600 -----n--- C:\WINDOWS\system32\zsmscc071001.dll
2008-05-02 19:07:33 256 --a------ C:\WINDOWS\system32\pool.bin
2008-04-27 14:32:55 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-04-27 14:31:33 0 d-------- C:\Documents and Settings\Chris\Application Data\uTorrent
2008-04-27 14:28:50 0 d-------- C:\Program Files\LimeWire
2008-04-23 04:37:43 40960 --a------ C:\WINDOWS\system32\6343B22A(2)(3).DLL
2008-04-22 08:54:25 0 d-------- C:\Program Files\Common Files
2008-04-20 07:52:52 0 d-------- C:\Program Files\Common Files\Research In Motion
2008-04-18 17:16:58 0 d-------- C:\Program Files\Dl_cats
2008-04-01 23:26:44 66576 --a------ C:\WINDOWS\system32\k12070887841.exe
2008-04-01 13:43:31 66576 --a------ C:\WINDOWS\system32\k12070538061.exe
2008-04-01 12:43:25 66576 --a------ C:\WINDOWS\system32\k12070502011.exe
2008-03-31 15:23:15 0 d-------- C:\Documents and Settings\Chris\Application Data\Roxio
2008-03-31 15:12:55 0 d-------- C:\Documents and Settings\Chris\Application Data\Research In Motion
2008-03-31 15:12:20 66576 --a------ C:\WINDOWS\system32\k12069727361.exe
2008-03-31 14:53:40 66576 --a------ C:\WINDOWS\system32\k12069716141.exe
2008-03-31 14:18:26 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-03-31 14:18:03 0 d-------- C:\Program Files\Roxio
2008-03-31 14:11:46 0 d-------- C:\Documents and Settings\Chris\Application Data\Blackberry Desktop
2008-03-31 14:10:39 0 d-------- C:\Program Files\Research In Motion
2008-03-31 13:05:47 66576 --a------ C:\WINDOWS\system32\k12069651401.exe
2008-03-31 11:56:50 66576 --a------ C:\WINDOWS\system32\k12069609911.exe
2008-03-31 10:56:35 66576 --a------ C:\WINDOWS\system32\k12069573841.exe
2008-03-31 09:56:24 66576 --a------ C:\WINDOWS\system32\k12069537771.exe
2008-03-31 01:36:15 66576 --a------ C:\WINDOWS\system32\k12069237671.exe
2008-03-31 00:36:12 66576 --a------ C:\WINDOWS\system32\k12069201601.exe
2008-03-30 23:36:01 66576 --a------ C:\WINDOWS\system32\k12069165521.exe
2008-03-30 22:35:54 66576 --a------ C:\WINDOWS\system32\k12069129481.exe
2008-03-30 21:36:10 66576 --a------ C:\WINDOWS\system32\k12069093401.exe
2008-03-30 20:35:43 66576 --a------ C:\WINDOWS\system32\k12069057361.exe
2008-03-30 19:35:43 66576 --a------ C:\WINDOWS\system32\k12069021311.exe
2008-03-30 18:44:12 66576 --a------ C:\WINDOWS\system32\k12068990431.exe
2008-03-30 17:44:14 66576 --a------ C:\WINDOWS\system32\k12068954401.exe
2008-03-30 16:44:03 66576 --a------ C:\WINDOWS\system32\k12068918351.exe
2008-03-30 15:47:45 66576 --a------ C:\WINDOWS\system32\k12068884551.exe
2008-03-29 18:05:50 66576 --a------ C:\WINDOWS\system32\k12068103451.exe
2008-03-29 17:05:50 66576 --a------ C:\WINDOWS\system32\k12068067421.exe
2008-03-28 20:16:37 66576 --a------ C:\WINDOWS\system32\k12067317921.exe
2008-03-28 17:14:12 66576 --a------ C:\WINDOWS\system32\k12067208461.exe
2008-03-28 17:07:32 66576 --a------ C:\WINDOWS\system32\k12067204331.exe
2008-03-24 02:26:47 66576 --a------ C:\WINDOWS\system32\k12063220021.exe
2008-03-24 01:26:42 66576 --a------ C:\WINDOWS\system32\k12063183971.exe
2008-03-23 17:12:22 5642 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-03-23 17:12:11 168 -r-hs---- C:\WINDOWS\system32\935B7F7769.sys
2008-03-23 15:16:07 66576 --a------ C:\WINDOWS\system32\k12062817571.exe
2008-03-23 14:16:00 66576 --a------ C:\WINDOWS\system32\k12062781511.exe
2008-03-22 08:38:25 66576 --a------ C:\WINDOWS\system32\k12061714841.exe
2008-03-22 07:38:03 66576 --a------ C:\WINDOWS\system32\k12061678761.exe
2008-03-22 06:37:59 66576 --a------ C:\WINDOWS\system32\k12061642721.exe
2008-03-22 04:38:03 66576 --a------ C:\WINDOWS\system32\k12061570641.exe
2008-03-22 03:37:49 66576 --a------ C:\WINDOWS\system32\k12061534461.exe
2008-03-22 02:37:35 66576 --a------ C:\WINDOWS\system32\k12061498381.exe
2008-03-22 01:37:27 66576 --a------ C:\WINDOWS\system32\k12061462311.exe
2008-03-22 00:37:40 66576 --a------ C:\WINDOWS\system32\k12061426271.exe
2008-03-21 23:37:19 66576 --a------ C:\WINDOWS\system32\k12061390231.exe
2008-03-21 21:40:00 66576 --a------ C:\WINDOWS\system32\k12061319801.exe
2008-03-21 20:39:46 66576 --a------ C:\WINDOWS\system32\k12061283751.exe
2008-03-21 20:07:40 0 d-------- C:\Documents and Settings\Chris\Application Data\Viewpoint
2008-03-21 19:39:37 66576 --a------ C:\WINDOWS\system32\k12061247691.exe
2008-03-19 18:12:07 66576 --a------ C:\WINDOWS\system32\k12059467221.exe
2008-03-16 16:41:06 66576 --a------ C:\WINDOWS\system32\k12056820621.exe
2008-03-16 11:43:19 66576 --a------ C:\WINDOWS\system32\k12056641941.exe
2008-03-16 10:43:15 66576 --a------ C:\WINDOWS\system32\k12056605901.exe
2008-03-16 09:43:14 66576 --a------ C:\WINDOWS\system32\k12056569871.exe
2008-03-16 08:43:09 66576 --a------ C:\WINDOWS\system32\k12056533831.exe
2008-03-16 07:42:00 66576 --a------ C:\WINDOWS\system32\k12056497151.exe
2008-03-12 23:07:07 66576 --a------ C:\WINDOWS\system32\k12053595961.exe
2008-03-12 21:09:35 66576 --a------ C:\WINDOWS\system32\k12053525601.exe
2008-03-12 20:09:22 66576 --a------ C:\WINDOWS\system32\k12053489561.exe
2008-03-12 02:09:44 66576 --a------ C:\WINDOWS\system32\k12052841791.exe
2008-03-11 23:07:32 66576 --a------ C:\WINDOWS\system32\k12052732191.exe
2008-03-11 01:14:17 66576 --a------ C:\WINDOWS\system32\k12051944501.exe
2008-03-11 00:14:25 66576 --a------ C:\WINDOWS\system32\k12051908461.exe
2008-03-10 23:14:17 66576 --a------ C:\WINDOWS\system32\k12051872421.exe
2008-03-10 18:30:52 66576 --a------ C:\WINDOWS\system32\k12051702331.exe
2008-03-10 18:06:39 66576 --a------ C:\WINDOWS\system32\k12051687881.exe
2008-03-10 17:06:25 66576 --a------ C:\WINDOWS\system32\k12051651751.exe
2008-03-10 16:01:52 66576 --a------ C:\WINDOWS\system32\k12051612781.exe
2008-03-10 15:01:22 66576 --a------ C:\WINDOWS\system32\k12051576651.exe
2008-03-10 14:01:27 66576 --a------ C:\WINDOWS\system32\k12051540621.exe
2008-03-10 01:11:18 66576 --a------ C:\WINDOWS\system32\k12051059011.exe
2008-03-09 15:00:24 66576 --a------ C:\WINDOWS\system32\k12050711901.exe
2008-03-09 04:27:31 66576 --a------ C:\WINDOWS\system32\k12050332181.exe
2008-03-07 18:01:41 66576 --a------ C:\WINDOWS\system32\k12049092651.exe
2008-03-07 17:01:12 66576 --a------ C:\WINDOWS\system32\k12049056611.exe
2008-03-07 16:01:13 66576 --a------ C:\WINDOWS\system32\k12049020551.exe
2008-03-07 08:55:04 66576 --a------ C:\WINDOWS\system32\k12048764961.exe
2008-03-07 07:55:02 66576 --a------ C:\WINDOWS\system32\k12048728921.exe
2008-03-07 06:54:56 66576 --a------ C:\WINDOWS\system32\k12048692851.exe
2008-03-06 17:35:48 66576 --a------ C:\WINDOWS\system32\k12048213421.exe
2008-03-06 00:54:27 66576 --a------ C:\WINDOWS\system32\k12047612591.exe
2008-03-05 23:10:56 66576 --a------ C:\WINDOWS\system32\k12047550451.exe
2008-03-05 02:08:23 66576 --a------ C:\WINDOWS\system32\k12046792971.exe
2008-03-05 01:08:25 66576 --a------ C:\WINDOWS\system32\k12046756941.exe
2008-03-05 00:08:24 66576 --a------ C:\WINDOWS\system32\k12046720901.exe
2008-03-04 23:08:12 66576 --a------ C:\WINDOWS\system32\k12046684781.exe
2008-03-04 22:08:07 66576 --a------ C:\WINDOWS\system32\k12046648741.exe
2008-03-04 21:08:31 66576 --a------ C:\WINDOWS\system32\k12046612701.exe
2008-03-04 20:09:22 66576 --a------ C:\WINDOWS\system32\k12046576671.exe
2008-03-04 19:07:54 66576 --a------ C:\WINDOWS\system32\k12046540631.exe
2008-03-04 18:07:54 66576 --a------ C:\WINDOWS\system32\k12046504591.exe
2008-03-04 02:08:06 66576 --a------ C:\WINDOWS\system32\k12045928681.exe
2008-03-04 01:07:51 66576 --a------ C:\WINDOWS\system32\k12045892551.exe
2008-03-03 17:33:01 66576 --a------ C:\WINDOWS\system32\k12045618971.exe
2008-03-03 16:31:45 66576 --a------ C:\WINDOWS\system32\k12045582901.exe
2008-03-03 06:23:31 66576 --a------ C:\WINDOWS\system32\k12045217971.exe
2008-03-03 05:23:30 66576 --a------ C:\WINDOWS\system32\k12045181861.exe
2008-03-03 04:00:08 66576 --a------ C:\WINDOWS\system32\k12045131901.exe
2008-03-03 02:59:58 66576 --a------ C:\WINDOWS\system32\k12045095771.exe
2008-03-03 01:59:57 66576 --a------ C:\WINDOWS\system32\k12045059731.exe
2008-03-03 01:00:02 66576 --a------ C:\WINDOWS\system32\k12045023681.exe
2008-03-02 23:59:48 66576 --a------ C:\WINDOWS\system32\k12044987641.exe
2008-03-02 22:59:37 66576 --a------ C:\WINDOWS\system32\k12044951611.exe
2008-03-02 21:59:47 66576 --a------ C:\WINDOWS\system32\k12044915571.exe
2008-03-02 21:59:15 5398 --a------ C:\WINDOWS\system32\k12044879501.exe
2008-03-02 18:00:21 66576 --a------ C:\WINDOWS\system32\k12044771351.exe
2008-03-02 17:00:10 66576 --a------ C:\WINDOWS\system32\k12044735291.exe
2008-03-02 15:59:21 66576 --a------ C:\WINDOWS\system32\k12044699221.exe
2008-03-02 14:59:52 66576 --a------ C:\WINDOWS\system32\k12044663181.exe
2008-03-02 13:58:51 66576 --a------ C:\WINDOWS\system32\k12044627081.exe
2008-03-01 01:04:16 66576 --a------ C:\WINDOWS\system32\k12043298331.exe
2008-02-29 23:03:37 66576 --a------ C:\WINDOWS\system32\k12043225831.exe
2008-02-29 22:03:38 66576 --a------ C:\WINDOWS\system32\k12043189801.exe
2008-02-29 21:03:43 66576 --a------ C:\WINDOWS\system32\k12043153631.exe
2008-02-28 19:12:58 66576 --a------ C:\WINDOWS\system32\k12042223241.exe
2008-02-28 18:12:08 66576 --a------ C:\WINDOWS\system32\k12042187171.exe
2008-02-28 16:12:05 66576 --a------ C:\WINDOWS\system32\k12042114981.exe
2008-02-28 15:12:17 66576 --a------ C:\WINDOWS\system32\k12042078921.exe
2008-02-28 14:12:12 66576 -r-hs---- C:\WINDOWS\system32\zsmscc071001.exe
2008-02-28 14:12:12 66576 --a------ C:\WINDOWS\system32\k12042042841.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88ebbe0b-5ff8-4b84-b043-71a216374a5b}]
11/05/2008 11:53 29824 --a------ C:\WINDOWS\system32\efcDTMgf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af49a2-94f3-42bd-f434-2604812c897d}]
11/05/2008 11:54 10000 --a------ C:\WINDOWS\system32\jfiehayd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [08/09/2005 07:55]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [22/09/2006 12:47]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [27/09/2005 01:34]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [11/01/2006 13:05]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [29/06/2007 06:24]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\McAgent.exe" [22/09/2005 19:29]
"@"="" []
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [23/04/2007 11:43]
"ctfmona"="C:\WINDOWS\system32\ctfmona.exe" [11/05/2008 11:53]
"ntuser"="C:\WINDOWS\system32\drivers\spools.exe" [11/05/2008 11:54]
"autoload"="C:\Documents and Settings\Chris\cftmon.exe" [11/05/2008 11:54]
"jdgf894jrghoiiskd"="C:\DOCUME~1\Chris\LOCALS~1\Temp\winlogan.exe" []
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [11/05/2008 12:49]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/08/2007 13:35]
"InetChk"="C:\DOCUME~1\Chris\LOCALS~1\Temp\ms1210503532.exe" []
"ntuser"="C:\WINDOWS\system32\drivers\spools.exe" [11/05/2008 11:54]
"autoload"="C:\Documents and Settings\Chris\cftmon.exe" [11/05/2008 11:54]
"jdgf894jrghoiiskd"="C:\DOCUME~1\Chris\LOCALS~1\Temp\winlogan.exe" []
"Jnskdfmf9eldfd"="C:\DOCUME~1\Chris\LOCALS~1\Temp\csrssc.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ntuser"=C:\WINDOWS\system32\drivers\spools.exe
"autoload"=C:\Documents and Settings\LocalService\cftmon.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [11/12/2006 13:25:30]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"DisableRegistryTools"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"zsmscc"=rundll32.exe C:\WINDOWS\system32\zsmscc071001.dll mymain

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{C5AF49A2-94F3-42BD-F434-2604812C897D}"= C:\WINDOWS\system32\jfiehayd.dll [11/05/2008 11:54 10000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{88EBBE0B-5FF8-4B84-B043-71A216374A5B}"= C:\WINDOWS\system32\efcDTMgf.dll [11/05/2008 11:53 29824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"mpfanvqg"= {3203440F-BBCB-4E16-87BB-E1556B57910B} - C:\WINDOWS\mpfanvqg.dll [10/05/2008 01:12 212992]
"vbksrofa"= {E3473047-F313-4B6A-9D4A-862270874EAA} - C:\WINDOWS\vbksrofa.dll [10/05/2008 01:13 327680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcDTMgf]
efcDTMgf.dll 11/05/2008 11:53 29824 C:\WINDOWS\system32\efcDTMgf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\AOL 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
C:\Program Files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
C:\WINDOWS\system32\WLTRAY.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
C:\Program Files\NetWaiting\netWaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
C:\Program Files\McAfee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c4d117c-8a9d-11db-87d3-806d6172696f}]
auto\command- C:\auto.exe
autorun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10f818c0-ba35-11dc-88a4-00197d00b753}]
Auto\command- auto.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{187e70b4-92e7-11dc-886f-00038a000015}]
auto\command- auto.exe
autorun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42661d38-afbf-11dc-889d-00038a000015}]
Auto\command- E:\auto.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{511c27e7-8baa-11db-87d7-00038a000015}]
Auto\command- E:\auto.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{576f288c-9b01-11dc-887e-00038a000015}]
Auto\command- E:\auto.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd41601a-ff2c-11dc-891e-00038a000015}]
Auto\command- E:\auto.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe




-- End of Deckard's System Scanner: finished at 2008-05-12 00:57:49 ------------
  • 0

#5
dorkus5

dorkus5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Turion™ 64 X2 Mobile Technology TL-50
CPU 1: AMD Turion™ 64 X2 Mobile Technology TL-50
Percentage of Memory in Use: 87%
Physical Memory (total/avail): 446.04 MiB / 56.27 MiB
Pagefile Memory (total/avail): 1053.19 MiB / 745.21 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1929 MiB

C: is Fixed (NTFS) - 69.78 GiB total, 56.97 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HTS541680J9SA00 - 74.53 GiB - 3 partitions
\PARTITION0 - Unknown - 109.79 MiB
\PARTITION1 (bootable) - Installable File System - 69.78 GiB - C:
\PARTITION2 - Unknown - 4.64 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: McAfee Personal Firewall Plus v (McAfee)
AV: AVG Anti-Virus v8.0 (AVG Technologies)
AV: McAfee VirusScan v (McAfee) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\utorrent\\utorrent.exe"="C:\\Program Files\\utorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:svchost"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Chris\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DHKW2N2J
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Chris
LOGONSERVER=\\DHKW2N2J
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 72 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4802
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Chris\LOCALS~1\Temp
TMP=C:\DOCUME~1\Chris\LOCALS~1\Temp
USERDOMAIN=DHKW2N2J
USERNAME=Chris
USERPROFILE=C:\Documents and Settings\Chris
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Chris (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /appid=MSK /uninstall=1 /interact=1 /script_proactive=0 /start="c:\PROGRA~1\mcafee.com\agent\uninst\mskremui.dll::uninstall.htm"
--> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=mpf /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\mpfrem.ui::uninstall.htm
--> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
--> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=vso /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\vsoremui.dll::uninstall.htm
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{07159635-9DFE-4105-BFC0-2817DB540C68}
--> MsiExec.exe /I{0D397393-9B50-4C52-84D5-77E344289F87}
--> MsiExec.exe /I{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}
--> MsiExec.exe /I{83FFCFC7-88C6-41C6-8752-958A45325C82}
--> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
--> MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
725plc32 --> MsiExec.exe /I{162D2FB8-60A3-4871-B6A1-5C744CD34FF5}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AMD Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
AOL Coach Version 1.0(Build:20040229.1 uk) --> "C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe" -lang="en-uk"
AOL Connectivity Services --> "C:\Program Files\Common Files\AOL\ACS\AcsUninstall.exe" /c
AOL UK (Choose which version to remove) --> C:\Program Files\Common Files\aolshare\Aolunins_uk.exe
AOL You've Got Pictures Screensaver --> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
Apple Mobile Device Support --> MsiExec.exe /I{763E8D6C-0098-4FF4-801A-3F311D2D9D80}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ARTEuro --> MsiExec.exe /I{1D3C662A-F6C6-4767-A788-7AA43A9A1317}
ATI Catalyst Control Center --> MsiExec.exe /I{AC6AE077-1566-4655-BE73-38A869C150DC}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BlackBerry Desktop Software 4.2.2 --> MsiExec.exe /i{98605CAA-5F52-44EC-8AF7-2EC1A4C35F2D}
BlackBerry Desktop Software 4.2.2 --> MsiExec.exe /I{98605CAA-5F52-44EC-8AF7-2EC1A4C35F2D}
Broadcom Management Programs --> MsiExec.exe /I{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}
BroadJump Client Foundation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
Casino-on-Net --> C:\PROGRA~1\CASINO~1\UNWISE.EXE C:\PROGRA~1\CASINO~1\INSTALL.LOG
Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
Corel Paint Shop Pro Photo XI --> MsiExec.exe /I{93A1B09E-BAFA-4628-A5B6-921CB026955A}
Corel Snapfire Plus --> MsiExec.exe /I{7ADE3A47-B425-45E9-8FF6-11BE2B775645}
Dell Color Printer 725 --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dlcfUNST.EXE -NOLICENSE
Dell Network Assistant --> MsiExec.exe /I{0240BDFB-2995-4A3F-8C96-18D41282B716}
Dell Support 3.2.1 --> MsiExec.exe /X{CEE2252C-4035-4B27-8EC6-0B085DD3A413}
Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
ESPNMotion --> C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
FLV Player --> "C:\WINDOWS\FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
iTunes --> MsiExec.exe /I{974C05A0-C76C-4724-A9A2-11D5D1355729}
IZArc 3.81 --> "C:\Program Files\IZArc\unins000.exe"
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Jasc Paint Shop Photo Album 5 --> MsiExec.exe /I{4192EAC0-6B36-4723-B216-D0E86E7757AC}
Jasc Paint Shop Pro Studio, Dell Editon --> MsiExec.exe /I{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
McAfee Uninstaller --> C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\comrem.dll::uninstall.htm
MCU --> MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Orange Preload --> MsiExec.exe /I{38496EC2-78B7-412A-9398-FC6B7DB8E182}
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
PowerDVD 5.7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Roxio DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio Media Manager --> MsiExec.exe /X{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}
Roxio MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Roxio RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
SearchAssist --> C:\DELL\SearchAssist\UninstSA.bat
Sonic Activation Module --> MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Tiscali Internet --> MsiExec.exe /I{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
URL Assistant --> regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WebVideo Support --> C:\WINDOWS\oadkxrts.exe
William Hill Poker --> C:\WINDOWS\system32\UnPoker.exe WilliamHillPokerXP
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Writer --> MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908246 --> "C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type195 / Success
Event Submitted/Written: 05/11/2008 11:30:58 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type153 / Warning
Event Submitted/Written: 05/08/2008 09:32:08 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{91120409-6000-11D3-8CFE-0150048383C9}', feature 'TCWP6Files' failed during request for component '{CC29EC81-7BC2-11D1-A921-00A0C91E2AA2}'

Event Record #/Type151 / Warning
Event Submitted/Written: 05/08/2008 09:31:47 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{91120409-6000-11D3-8CFE-0150048383C9}', feature 'TCWP5Files' failed during request for component '{D362F5FA-9939-40E1-BC1F-EF575164DAB9}'

Event Record #/Type135 / Success
Event Submitted/Written: 05/08/2008 01:17:32 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type124 / Success
Event Submitted/Written: 05/08/2008 00:23:42 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type26941 / Error
Event Submitted/Written: 05/11/2008 11:26:18 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The McAfee SpamKiller Server service failed to start due to the following error:
%%1053

Event Record #/Type26940 / Error
Event Submitted/Written: 05/11/2008 11:26:18 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the McAfee SpamKiller Server service to connect.

Event Record #/Type26939 / Error
Event Submitted/Written: 05/11/2008 11:26:18 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The 4890AABA service failed to start due to the following error:
%%5

Event Record #/Type26938 / Error
Event Submitted/Written: 05/11/2008 11:26:18 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Task Scheduler service failed to start due to the following error:
%%5

Event Record #/Type26937 / Error
Event Submitted/Written: 05/11/2008 11:26:17 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The ICF service failed to start due to the following error:
%%5



-- End of Deckard's System Scanner: finished at 2008-05-12 00:57:49 ------------
  • 0

#6
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,962 posts
Hi, dorkus5 :)

You must remove McAfee from the computer.

Please, download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
Running SDFix:
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt in your next reply.
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#7
dorkus5

dorkus5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hello again JSntgRvr!!

I've finished running the 2 programmes and the laptop is going really well. U guys never fail to amaze!! :) Here's the requested logs, I suspect everything is cleared and if that is the case I'd like to take this opportunity to thank you for your time and effort. We are truly lucky to have the G 2 G amongst us!!

ComboFix 08-05-11.1 - Chris 2008-05-12 13:41:46.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.128 [GMT 1:00]
Running from: C:\Documents and Settings\Chris\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\byXNdcCV.dll
C:\WINDOWS\system32\k12042042841.exe
C:\WINDOWS\system32\k12042078921.exe
C:\WINDOWS\system32\k12042114981.exe
C:\WINDOWS\system32\k12042187171.exe
C:\WINDOWS\system32\k12042223241.exe
C:\WINDOWS\system32\k12043153631.exe
C:\WINDOWS\system32\k12043189801.exe
C:\WINDOWS\system32\k12043225831.exe
C:\WINDOWS\system32\k12043298331.exe
C:\WINDOWS\system32\k12044627081.exe
C:\WINDOWS\system32\k12044663181.exe
C:\WINDOWS\system32\k12044699221.exe
C:\WINDOWS\system32\k12044735291.exe
C:\WINDOWS\system32\k12044771351.exe
C:\WINDOWS\system32\k12044879501.exe
C:\WINDOWS\system32\k12044915571.exe
C:\WINDOWS\system32\k12044951611.exe
C:\WINDOWS\system32\k12044987641.exe
C:\WINDOWS\system32\k12045023681.exe
C:\WINDOWS\system32\k12045059731.exe
C:\WINDOWS\system32\k12045095771.exe
C:\WINDOWS\system32\k12045131901.exe
C:\WINDOWS\system32\k12045181861.exe
C:\WINDOWS\system32\k12045217971.exe
C:\WINDOWS\system32\k12045582901.exe
C:\WINDOWS\system32\k12045618971.exe
C:\WINDOWS\system32\k12045892551.exe
C:\WINDOWS\system32\k12045928681.exe
C:\WINDOWS\system32\k12046504591.exe
C:\WINDOWS\system32\k12046540631.exe
C:\WINDOWS\system32\k12046576671.exe
C:\WINDOWS\system32\k12046612701.exe
C:\WINDOWS\system32\k12046648741.exe
C:\WINDOWS\system32\k12046684781.exe
C:\WINDOWS\system32\k12046720901.exe
C:\WINDOWS\system32\k12046756941.exe
C:\WINDOWS\system32\k12046792971.exe
C:\WINDOWS\system32\k12047550451.exe
C:\WINDOWS\system32\k12047612591.exe
C:\WINDOWS\system32\k12048213421.exe
C:\WINDOWS\system32\k12048692851.exe
C:\WINDOWS\system32\k12048728921.exe
C:\WINDOWS\system32\k12048764961.exe
C:\WINDOWS\system32\k12049020551.exe
C:\WINDOWS\system32\k12049056611.exe
C:\WINDOWS\system32\k12049092651.exe
C:\WINDOWS\system32\k12050332181.exe
C:\WINDOWS\system32\k12050711901.exe
C:\WINDOWS\system32\k12051059011.exe
C:\WINDOWS\system32\k12051540621.exe
C:\WINDOWS\system32\k12051576651.exe
C:\WINDOWS\system32\k12051612781.exe
C:\WINDOWS\system32\k12051651751.exe
C:\WINDOWS\system32\k12051687881.exe
C:\WINDOWS\system32\k12051702331.exe
C:\WINDOWS\system32\k12051872421.exe
C:\WINDOWS\system32\k12051908461.exe
C:\WINDOWS\system32\k12051944501.exe
C:\WINDOWS\system32\k12052732191.exe
C:\WINDOWS\system32\k12052841791.exe
C:\WINDOWS\system32\k12053489561.exe
C:\WINDOWS\system32\k12053525601.exe
C:\WINDOWS\system32\k12053595961.exe
C:\WINDOWS\system32\k12056497151.exe
C:\WINDOWS\system32\k12056533831.exe
C:\WINDOWS\system32\k12056569871.exe
C:\WINDOWS\system32\k12056605901.exe
C:\WINDOWS\system32\k12056641941.exe
C:\WINDOWS\system32\k12056820621.exe
C:\WINDOWS\system32\k12059467221.exe
C:\WINDOWS\system32\k12061247691.exe
C:\WINDOWS\system32\k12061283751.exe
C:\WINDOWS\system32\k12061319801.exe
C:\WINDOWS\system32\k12061390231.exe
C:\WINDOWS\system32\k12061426271.exe
C:\WINDOWS\system32\k12061462311.exe
C:\WINDOWS\system32\k12061498381.exe
C:\WINDOWS\system32\k12061534461.exe
C:\WINDOWS\system32\k12061570641.exe
C:\WINDOWS\system32\k12061642721.exe
C:\WINDOWS\system32\k12061678761.exe
C:\WINDOWS\system32\k12061714841.exe
C:\WINDOWS\system32\k12062781511.exe
C:\WINDOWS\system32\k12062817571.exe
C:\WINDOWS\system32\k12063183971.exe
C:\WINDOWS\system32\k12063220021.exe
C:\WINDOWS\system32\k12067204331.exe
C:\WINDOWS\system32\k12067208461.exe
C:\WINDOWS\system32\k12067317921.exe
C:\WINDOWS\system32\k12068067421.exe
C:\WINDOWS\system32\k12068103451.exe
C:\WINDOWS\system32\k12068884551.exe
C:\WINDOWS\system32\k12068918351.exe
C:\WINDOWS\system32\k12068954401.exe
C:\WINDOWS\system32\k12068990431.exe
C:\WINDOWS\system32\k12069021311.exe
C:\WINDOWS\system32\k12069057361.exe
C:\WINDOWS\system32\k12069093401.exe
C:\WINDOWS\system32\k12069129481.exe
C:\WINDOWS\system32\k12069165521.exe
C:\WINDOWS\system32\k12069201601.exe
C:\WINDOWS\system32\k12069237671.exe
C:\WINDOWS\system32\k12069537771.exe
C:\WINDOWS\system32\k12069573841.exe
C:\WINDOWS\system32\k12069609911.exe
C:\WINDOWS\system32\k12069651401.exe
C:\WINDOWS\system32\k12069716141.exe
C:\WINDOWS\system32\k12069727361.exe
C:\WINDOWS\system32\k12070502011.exe
C:\WINDOWS\system32\k12070538061.exe
C:\WINDOWS\system32\k12070887841.exe
C:\WINDOWS\system32\k12093184881.exe
C:\WINDOWS\system32\k12093232571.exe
C:\WINDOWS\system32\k12093627221.exe
C:\WINDOWS\system32\k12093707231.exe
C:\WINDOWS\system32\k12094892281.exe
C:\WINDOWS\system32\k12094928331.exe
C:\WINDOWS\system32\k12095005111.exe
C:\WINDOWS\system32\k12095041191.exe
C:\WINDOWS\system32\k12095077321.exe
C:\WINDOWS\system32\k12095149471.exe
C:\WINDOWS\system32\k12095543011.exe
C:\WINDOWS\system32\k12095615191.exe
C:\WINDOWS\system32\k12095651241.exe
C:\WINDOWS\system32\k12095687281.exe
C:\WINDOWS\system32\k12095759541.exe
C:\WINDOWS\system32\k12095868021.exe
C:\WINDOWS\system32\k12095904151.exe
C:\WINDOWS\system32\k12095940201.exe
C:\WINDOWS\system32\k12095976231.exe
C:\WINDOWS\system32\k12096012261.exe
C:\WINDOWS\system32\k12096048301.exe
C:\WINDOWS\system32\k12096084331.exe
C:\WINDOWS\system32\k12096120371.exe
C:\WINDOWS\system32\k12096156401.exe
C:\WINDOWS\system32\k12096777421.exe
C:\WINDOWS\system32\k12096813461.exe
C:\WINDOWS\system32\k12097538821.exe
C:\WINDOWS\system32\k12097574851.exe
C:\WINDOWS\system32\k12097646021.exe
C:\WINDOWS\system32\k12097727801.exe
C:\WINDOWS\system32\k12097820211.exe
C:\WINDOWS\system32\k12097856241.exe
C:\WINDOWS\system32\k12097892271.exe
C:\WINDOWS\system32\k12097928301.exe
C:\WINDOWS\system32\k12097964341.exe
C:\WINDOWS\system32\k12098954881.exe
C:\WINDOWS\system32\k12099218201.exe
C:\WINDOWS\system32\k12100065761.exe
C:\WINDOWS\system32\k12100101791.exe
C:\WINDOWS\system32\k12100137821.exe
C:\WINDOWS\system32\k12100173851.exe
C:\WINDOWS\system32\k12100209881.exe
C:\WINDOWS\system32\k12100245921.exe
C:\WINDOWS\system32\k12100478281.exe
C:\WINDOWS\system32\k12100632101.exe
C:\WINDOWS\system32\k12100826211.exe
C:\WINDOWS\system32\k12100889531.exe
C:\WINDOWS\system32\k12100925561.exe
C:\WINDOWS\system32\k12101058091.exe
C:\WINDOWS\system32\k12101094131.exe
C:\WINDOWS\system32\k12101407641.exe
C:\WINDOWS\system32\k12101549191.exe
C:\WINDOWS\system32\k12101585211.exe
C:\WINDOWS\system32\k12101621241.exe
C:\WINDOWS\system32\k12101657271.exe
C:\WINDOWS\system32\k12101693301.exe
C:\WINDOWS\system32\k12101729341.exe
C:\WINDOWS\system32\k12101868771.exe
C:\WINDOWS\system32\k12101904801.exe
C:\WINDOWS\system32\k12101940831.exe
C:\WINDOWS\system32\k12101976861.exe
C:\WINDOWS\system32\k12102012891.exe
C:\WINDOWS\system32\k12102048921.exe
C:\WINDOWS\system32\k12102410771.exe
C:\WINDOWS\system32\k12102446811.exe
C:\WINDOWS\system32\k12102482851.exe
C:\WINDOWS\system32\k12102518921.exe
C:\WINDOWS\system32\k12102555281.exe
C:\WINDOWS\system32\k12102591321.exe
C:\WINDOWS\system32\k12102627351.exe
C:\WINDOWS\system32\k12102663381.exe
C:\WINDOWS\system32\k12102699421.exe
C:\WINDOWS\system32\k12102735461.exe
C:\WINDOWS\system32\k12102771621.exe
C:\WINDOWS\system32\k12102843981.exe
C:\WINDOWS\system32\k12102879021.exe
C:\WINDOWS\system32\k12103260851.exe
C:\WINDOWS\system32\k12103328461.exe
C:\WINDOWS\system32\k12104195741.exe
C:\WINDOWS\system32\k12104384931.exe
C:\WINDOWS\system32\k12104420961.exe
C:\WINDOWS\system32\k12105032291.exe
C:\WINDOWS\system32\k12105036331.exe
C:\WINDOWS\system32\ljjjhif.dll
C:\WINDOWS\system32\zsmscc071001.dll
C:\WINDOWS\system32\zsmscc071001.exe
C:\WINDOWS\system32\zsmscc32.dll
C:\WINDOWS\zsmscc16.ini

.
((((((((((((((((((((((((( Files Created from 2008-04-12 to 2008-05-12 )))))))))))))))))))))))))))))))
.

2008-05-12 13:05 . 2008-05-12 13:05 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-11 23:35 . 2008-05-11 23:35 <DIR> d-------- C:\Deckard
2008-05-11 12:49 . 2008-05-11 12:49 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-11 12:49 . 2008-05-11 12:49 <DIR> d-------- C:\Program Files\AVG
2008-05-11 12:49 . 2008-05-11 12:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-11 12:49 . 2008-05-11 12:49 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-11 12:49 . 2008-05-11 12:49 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-11 12:49 . 2008-05-11 12:49 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-05-11 12:49 . 2008-05-11 12:49 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-11 12:09 . 2008-05-11 12:09 2,855 --a------ C:\WINDOWS\system32\drivers\spools.PIF
2008-05-11 12:08 . 2008-05-11 12:08 <DIR> d--h----- C:\WINDOWS\PIF
2008-05-11 11:54 . 2008-05-11 11:54 76,288 --a------ C:\ftklhae.exe
2008-05-11 11:54 . 2008-05-11 11:54 13,824 --a------ C:\ddrjjhqh.exe
2008-05-11 11:54 . 2008-05-11 11:54 1 --a------ C:\WINDOWS\system32\kr_done1de
2008-05-11 11:53 . 2008-05-11 11:58 160,256 --a------ C:\WINDOWS\system32\blackster.scr
2008-05-11 11:53 . 2008-05-11 11:53 29,824 --a------ C:\WINDOWS\system32\efcDTMgf.dll
2008-05-01 22:41 . 2008-05-03 05:59 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-01 22:41 . 2008-05-01 22:41 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-27 14:33 . 2008-04-27 14:33 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
2008-04-27 14:31 . 2008-04-27 14:31 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-04-22 08:55 . 2008-04-22 08:55 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-22 08:55 . 2008-04-22 08:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-20 07:47 . 2008-04-20 07:47 92 --a------ C:\WINDOWS\system32\klb1208674050.wk
2008-04-20 07:07 . 2008-04-20 07:07 92 --a------ C:\WINDOWS\system32\klb1208671658.wk
2008-04-18 18:19 . 2008-04-18 18:19 93 --a------ C:\WINDOWS\system32\klb1208539155.wk
2008-04-14 21:37 . 2008-04-14 21:37 610 --a------ C:\WINDOWS\system32\llk1208205283.jhh

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-11 10:59 40,960 ----a-w C:\WINDOWS\system32\6343B22A.DLL
2008-04-27 13:32 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-04-27 13:31 --------- d-----w C:\Documents and Settings\Chris\Application Data\uTorrent
2008-04-27 13:28 --------- d-----w C:\Program Files\LimeWire
2008-04-23 03:37 40,960 ----a-w C:\WINDOWS\system32\6343B22A(2)(3).DLL
2008-04-20 06:52 --------- d-----w C:\Program Files\Common Files\Research In Motion
2008-04-20 06:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Roxio
2008-04-18 16:16 --------- d-----w C:\Program Files\Dl_cats
2008-03-31 14:23 --------- d-----w C:\Documents and Settings\Chris\Application Data\Roxio
2008-03-31 14:12 --------- d-----w C:\Documents and Settings\Chris\Application Data\Research In Motion
2008-03-31 13:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-03-31 13:18 --------- d-----w C:\Program Files\Roxio
2008-03-31 13:18 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-03-31 13:11 --------- d-----w C:\Documents and Settings\Chris\Application Data\Blackberry Desktop
2008-03-31 13:10 --------- d-----w C:\Program Files\Research In Motion
2008-03-23 16:12 5,642 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-03-21 19:07 --------- d-----w C:\Documents and Settings\Chris\Application Data\Viewpoint
2008-03-21 19:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 09:07 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2007-11-14 19:26 8 ----a-w C:\Documents and Settings\Chris\Application Data\usb.dat.bin
2006-12-15 00:12 146 -c--a-w C:\Documents and Settings\Chris\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88EBBE0B-5FF8-4B84-B043-71A216374A5B}]
2008-05-11 11:53 29824 --a------ C:\WINDOWS\system32\efcDTMgf.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-07 13:35 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2005-09-08 07:55 73728]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 12:47 761947]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 13:05 212992]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\McAgent.exe" [2005-09-22 19:29 303104]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 11:43 228088]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-11 12:49 1177368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 06:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-12-11 13:25:30 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{88EBBE0B-5FF8-4B84-B043-71A216374A5B}"= C:\WINDOWS\system32\efcDTMgf.dll [2008-05-11 11:53 29824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcDTMgf]
efcDTMgf.dll 2008-05-11 11:53 29824 C:\WINDOWS\system32\efcDTMgf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\AOL 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
--a------ 2004-11-10 00:22 497240 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-05-10 12:12 90112 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
--a------ 2003-01-27 18:16 376912 C:\Program Files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
--a------ 2006-11-01 05:48 1392640 C:\WINDOWS\system32\WLTRAY.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
--a------ 2006-08-14 15:20 462336 C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2006-08-23 17:14 1032192 C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2006-08-28 22:57 395776 C:\Program Files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a------ 2005-09-08 06:20 122940 C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-12-09 21:29 49152 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-09-29 15:01 67584 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2006-09-11 04:40 218032 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2006-09-11 04:40 86960 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-08-15 20:15 271672 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
--a------ 2005-09-22 19:29 303104 c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
--a------ 2006-01-11 13:05 212992 C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
--------- 2003-09-10 03:24 20480 C:\Program Files\NetWaiting\netWaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
--a------ 2005-11-11 18:00 1005096 C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
--------- 2005-08-11 23:02 53248 C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2006-09-22 12:06 282624 C:\WINDOWS\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 14:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-08-07 13:35 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
--------- 2005-08-10 13:49 163840 C:\Program Files\McAfee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
--a------ 2005-07-08 19:18 151552 C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\mcafeeantivirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\mcafeefirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\utorrent\\utorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\svchost.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 avgrkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-05-11 12:49]
R1 avgldx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-11 12:49]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-11 12:49]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-11 12:49]
R2 avgtdix;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-11 12:49]
S2 4890AABA;4890AABA;C:\WINDOWS\system32\7C750A7C.EXE [2008-01-01 19:23]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10f818c0-ba35-11dc-88a4-00197d00b753}]
\Shell\Auto\command - auto.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{187e70b4-92e7-11dc-886f-00038a000015}]
\shell\auto\command - auto.exe
\shell\autorun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42661d38-afbf-11dc-889d-00038a000015}]
\Shell\Auto\command - E:\auto.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{511c27e7-8baa-11db-87d7-00038a000015}]
\Shell\Auto\command - E:\auto.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{576f288c-9b01-11dc-887e-00038a000015}]
\Shell\Auto\command - E:\auto.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd41601a-ff2c-11dc-891e-00038a000015}]
\Shell\Auto\command - E:\auto.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-16 05:42:09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-12 13:51:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCFCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,RunDLLEntry

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\efcDTMgf.dll
.
Completion time: 2008-05-12 13:56:17
ComboFix-quarantined-files.txt 2008-05-12 12:56:08

Pre-Run: 61,006,024,704 bytes free
Post-Run: 61,089,697,792 bytes free

432 --- E O F --- 2008-04-27 23:05:54
  • 0

#8
dorkus5

dorkus5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
SDFix: Version 1.182
Run by Chris on 12/05/2008 at 13:13

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\Chris\Desktop\SDFix

Checking Services :

Name :
ICF
yzbgqap

Path :
C:\WINDOWS\system32\svchost.exe:exe.exe
\??\C:\WINDOWS\system32\yzbgqap.sys

ICF - Deleted
yzbgqap - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value
Restoring Default Desktop Wallpaper
Restoring Default Schedule Service Path

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\SYSTEM32\CTFMONB.BMP - Deleted
C:\WINDOWS\system32\jfiehayd.dll - Deleted
C:\120977~1 - Deleted
C:\Documents and Settings\Chris\cftmon.exe - Deleted
C:\Documents and Settings\LocalService\cftmon.exe - Deleted
C:\autorun.inf - Deleted
C:\Program Files\Helper\1210503370.dll - Deleted
C:\d.exe - Deleted
C:\WINDOWS\fvowketqsoq.dll - Deleted
C:\auto.exe - Deleted
C:\autorun.PNF - Deleted
C:\WINDOWS\mpfanvqg.dll - Deleted
C:\WINDOWS\oadkxrts.exe - Deleted
C:\WINDOWS\pvnsmfor.dll - Deleted
C:\WINDOWS\rs.txt - Deleted
C:\WINDOWS\system32\ctfmona.exe - Deleted
C:\WINDOWS\vbksrofa.dll - Deleted
C:\WINDOWS\system32\drivers\spools.exe - Deleted
C:\WINDOWS\system32\yzbgqap.sys - Deleted



Folder C:\Program Files\Helper - Removed


Removing Temp Files

ADS Check :


C:\WINDOWS\system32\svchost.exe
: ADS Found!
svchost.exe: deleted 24064 bytes in 1 streams.

Checking for remaining Streams

C:\WINDOWS\system32\svchost.exe
No streams found.



Final Check :

catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-12 13:27:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\utorrent\\utorrent.exe"="C:\\Program Files\\utorrent\\utorrent.exe:*:Enabled:ćTorrent"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:svchost"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\DOCUME~1\Chris\Desktop\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 9 Aug 2006 54,384 A..H. --- "C:\Program Files\AOL 9.0\aolphx.exe"
Wed 9 Aug 2006 156,784 A..H. --- "C:\Program Files\AOL 9.0\aoltray.exe"
Wed 9 Aug 2006 31,344 A..H. --- "C:\Program Files\AOL 9.0\RBM.exe"
Tue 1 Jan 2008 20,028 A..H. --- "C:\WINDOWS\system32\7C750A7C.EXE"
Sun 23 Mar 2008 168 ..SHR --- "C:\WINDOWS\system32\935B7F7769.sys"
Sun 23 Mar 2008 5,642 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sun 11 May 2008 107,008 ..SHR --- "C:\WINDOWS\system32\zsmscc32.dll"
Thu 28 Feb 2008 66,576 ..SHR --- "C:\WINDOWS\system32\zsmscc071001.exe"
Thu 11 Jan 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 18 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 12 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ab59ac72525ea90a47679441587835c9\BIT2.tmp"
Tue 6 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\BIT6.tmp"
Sun 11 May 2008 15,505 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\Chris\LOCALS~1\Temp\csrssc.exe"
Mon 11 Dec 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Mon 11 Dec 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp"
Mon 11 Dec 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp"
Mon 11 Dec 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp"
Mon 11 Dec 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch5\lock.tmp"
Mon 11 Dec 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch6\lock.tmp"

Finished!
  • 0

#9
dorkus5

dorkus5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Deckard's System Scanner v20071014.68
Run by Chris on 2008-05-12 13:58:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 79% (more than 75%).
Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-12 13:59:03
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\Program Files\McAfee.com\VSO\McShield.exe
C:\Program Files\McAfee.com\Agent\McTskshd.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\Program Files\AVG\AVG8\avgam.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\McVSEscn.exe
C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
F:\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co...amp;ibd=3061211
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.del.......;l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=3061211
O2 - BHO: (no name) - {88EBBE0B-5FF8-4B84-B043-71A216374A5B} - C:\WINDOWS\system32\efcDTMgf.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\Program Files\McAfee.com\VSO\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,RunDLLEntry
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Casino-on-Net - {3015DB92-158E-4b77-9020-85C8E311FBB5} - C:\Program Files\CasinoOnNet\Casino.exe
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll (file missing)
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: efcDTMgf - C:\WINDOWS\system32\efcDTMgf.dll
O23 - Service: 4890AABA - Unknown owner - C:\WINDOWS\system32\7C750A7C.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: dlcf_device - Unknown owner - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\Mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - C:\Program Files\McAfee.com\VSO\McShield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\McTskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Unknown owner - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\system32\WLTRYSVC.EXE


--
End of file - 9809 bytes

-- Files created between 2008-04-12 and 2008-05-12 -----------------------------

2008-05-12 13:39:06 68096 --a------ C:\WINDOWS\zip.exe
2008-05-12 13:39:06 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-12 13:39:06 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-12 13:39:06 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-12 13:39:06 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-12 13:39:06 98816 --a------ C:\WINDOWS\sed.exe
2008-05-12 13:39:06 80412 --a------ C:\WINDOWS\grep.exe
2008-05-12 13:39:06 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-12 13:05:10 0 d-------- C:\WINDOWS\ERUNT
2008-05-11 12:49:38 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-11 12:49:17 0 d-------- C:\Program Files\AVG
2008-05-11 12:49:14 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-11 12:09:33 2855 --a------ C:\WINDOWS\system32\drivers\spools.PIF
2008-05-11 12:08:12 0 d--h----- C:\WINDOWS\PIF
2008-05-11 11:54:05 1 --a------ C:\WINDOWS\system32\kr_done1de
2008-05-11 11:54:02 13824 --a------ C:\ddrjjhqh.exe
2008-05-11 11:54:00 76288 --a------ C:\ftklhae.exe
2008-05-11 11:53:51 29824 --a------ C:\WINDOWS\system32\efcDTMgf.dll
2008-05-11 11:53:36 160256 --a------ C:\WINDOWS\system32\blackster.scr <Not Verified; Peter's Productions; Bugs!>
2008-04-27 14:33:02 0 d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
2008-04-27 14:31:34 0 d--hs---- C:\WINDOWS\ftpcache
2008-04-22 08:55:07 0 d-------- C:\Program Files\Lavasoft
2008-04-22 08:55:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft


-- Find3M Report ---------------------------------------------------------------

2008-05-11 11:59:01 40960 --a------ C:\WINDOWS\system32\6343B22A.DLL
2008-05-02 19:07:33 256 --a------ C:\WINDOWS\system32\pool.bin
2008-04-27 14:32:55 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-04-27 14:31:33 0 d-------- C:\Documents and Settings\Chris\Application Data\uTorrent
2008-04-27 14:28:50 0 d-------- C:\Program Files\LimeWire
2008-04-23 04:37:43 40960 --a------ C:\WINDOWS\system32\6343B22A(2)(3).DLL
2008-04-22 08:54:25 0 d-------- C:\Program Files\Common Files
2008-04-20 07:52:52 0 d-------- C:\Program Files\Common Files\Research In Motion
2008-04-18 17:16:58 0 d-------- C:\Program Files\Dl_cats
2008-03-31 15:23:15 0 d-------- C:\Documents and Settings\Chris\Application Data\Roxio
2008-03-31 15:12:55 0 d-------- C:\Documents and Settings\Chris\Application Data\Research In Motion
2008-03-31 14:18:26 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-03-31 14:18:03 0 d-------- C:\Program Files\Roxio
2008-03-31 14:11:46 0 d-------- C:\Documents and Settings\Chris\Application Data\Blackberry Desktop
2008-03-31 14:10:39 0 d-------- C:\Program Files\Research In Motion
2008-03-23 17:12:22 5642 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-03-23 17:12:11 168 -r-hs---- C:\WINDOWS\system32\935B7F7769.sys
2008-03-21 20:07:40 0 d-------- C:\Documents and Settings\Chris\Application Data\Viewpoint


-- Registry Dump ---------------------------------------------------------------

Unable to run batchfile; The system cannot find the file specified.
ComSpec: C:\WINDOWS\system32\CF1553.exe


-- End of Deckard's System Scanner: finished at 2008-05-12 13:59:27 ------------
  • 0

#10
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,962 posts
Hi, dorkus5 :)
  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as CFScript.txt
  • Change the Save as Type to All Files
  • and Save it on the desktop

File::
C:\WINDOWS\system32\klb1208674050.wk
C:\WINDOWS\system32\klb1208671658.wk
C:\WINDOWS\system32\klb1208539155.wk
C:\WINDOWS\system32\llk1208205283.jhh
C:\WINDOWS\system32\drivers\spools.PIF
C:\ftklhae.exe
C:\ddrjjhqh.exe
C:\WINDOWS\system32\kr_done1de
C:\WINDOWS\system32\efcDTMgf.dll
C:\WINDOWS\system32\blackster.scr
C:\WINDOWS\system32\6343B22A.DLL
C:\WINDOWS\system32\6343B22A(2)(3).DLL
C:\WINDOWS\system32\7C750A7C.EXE

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88EBBE0B-5FF8-4B84-B043-71A216374A5B}]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{88EBBE0B-5FF8-4B84-B043-71A216374A5B}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcDTMgf]

Driver::
4890AABA


Posted Image

Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report along with a Hijackthis log..
  • 0

Advertisements


#11
dorkus5

dorkus5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
There was no resulting report when the notepad file was dragged into combo fix :)

Here's the Hijack this...

Deckard's System Scanner v20071014.68
Run by Chris on 2008-05-12 15:26:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-12 15:26:35
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\Program Files\McAfee.com\VSO\McShield.exe
C:\Program Files\McAfee.com\Agent\McTskshd.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\Program Files\AVG\AVG8\avgam.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\McVSEscn.exe
C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\McAfee.com\VSO\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co...amp;ibd=3061211
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.del.......;l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=3061211
O2 - BHO: (no name) - {88EBBE0B-5FF8-4B84-B043-71A216374A5B} - C:\WINDOWS\system32\efcDTMgf.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\Program Files\McAfee.com\VSO\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,RunDLLEntry
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Casino-on-Net - {3015DB92-158E-4b77-9020-85C8E311FBB5} - C:\Program Files\CasinoOnNet\Casino.exe
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll (file missing)
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: efcDTMgf - C:\WINDOWS\system32\efcDTMgf.dll
O23 - Service: 4890AABA - Unknown owner - C:\WINDOWS\system32\7C750A7C.EXE -k
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: dlcf_device - Unknown owner - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\Mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - C:\Program Files\McAfee.com\VSO\McShield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\McTskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Unknown owner - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\system32\WLTRYSVC.EXE


--
End of file - 10051 bytes

-- Files created between 2008-04-12 and 2008-05-12 -----------------------------

2008-05-12 15:21:30 0 d-------- C:\327882R2FWJFW
2008-05-12 14:13:33 0 d--h----- C:\$AVG8.VAULT$
2008-05-12 13:39:06 68096 --a------ C:\WINDOWS\zip.exe
2008-05-12 13:39:06 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-12 13:39:06 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-12 13:39:06 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-12 13:39:06 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-12 13:39:06 98816 --a------ C:\WINDOWS\sed.exe
2008-05-12 13:39:06 80412 --a------ C:\WINDOWS\grep.exe
2008-05-12 13:39:06 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-12 13:05:10 0 d-------- C:\WINDOWS\ERUNT
2008-05-11 12:49:38 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-11 12:49:17 0 d-------- C:\Program Files\AVG
2008-05-11 12:49:14 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-11 12:09:33 2855 --a------ C:\WINDOWS\system32\drivers\spools.PIF
2008-05-11 12:08:12 0 d--h----- C:\WINDOWS\PIF
2008-05-11 11:54:05 1 --a------ C:\WINDOWS\system32\kr_done1de
2008-05-11 11:54:00 76288 --a------ C:\ftklhae.exe
2008-05-11 11:53:51 29824 --a------ C:\WINDOWS\system32\efcDTMgf.dll
2008-05-11 11:53:36 160256 --a------ C:\WINDOWS\system32\blackster.scr <Not Verified; Peter's Productions; Bugs!>
2008-04-27 14:33:02 0 d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
2008-04-27 14:31:34 0 d--hs---- C:\WINDOWS\ftpcache
2008-04-22 08:55:07 0 d-------- C:\Program Files\Lavasoft
2008-04-22 08:55:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft


-- Find3M Report ---------------------------------------------------------------

2008-05-12 14:42:44 0 d-------- C:\Program Files\DIGStream
2008-05-02 19:07:33 256 --a------ C:\WINDOWS\system32\pool.bin
2008-04-27 14:32:55 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-04-27 14:31:33 0 d-------- C:\Documents and Settings\Chris\Application Data\uTorrent
2008-04-27 14:28:50 0 d-------- C:\Program Files\LimeWire
2008-04-22 08:54:25 0 d-------- C:\Program Files\Common Files
2008-04-20 07:52:52 0 d-------- C:\Program Files\Common Files\Research In Motion
2008-04-18 17:16:58 0 d-------- C:\Program Files\Dl_cats
2008-03-31 15:23:15 0 d-------- C:\Documents and Settings\Chris\Application Data\Roxio
2008-03-31 15:12:55 0 d-------- C:\Documents and Settings\Chris\Application Data\Research In Motion
2008-03-31 14:18:26 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-03-31 14:18:03 0 d-------- C:\Program Files\Roxio
2008-03-31 14:11:46 0 d-------- C:\Documents and Settings\Chris\Application Data\Blackberry Desktop
2008-03-31 14:10:39 0 d-------- C:\Program Files\Research In Motion
2008-03-23 17:12:22 5642 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-03-23 17:12:11 168 -r-hs---- C:\WINDOWS\system32\935B7F7769.sys
2008-03-21 20:07:40 0 d-------- C:\Documents and Settings\Chris\Application Data\Viewpoint


-- Registry Dump ---------------------------------------------------------------

Unable to run batchfile; The system cannot find the file specified.
ComSpec: C:\WINDOWS\system32\CF1553.exe


-- End of Deckard's System Scanner: finished at 2008-05-12 15:28:02 ------------
  • 0

#12
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,962 posts
Try the fix from scratch. I edited the topic earlier.
  • 0

#13
dorkus5

dorkus5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi JSntgRvr,

Thanks for your ongoing help :)
The fix seemed to work this time. Here are my logs



ComboFix 08-05-11.1 - Chris 2008-05-12 23:47:17.2 - NTFSx86
Running from: C:\Documents and Settings\Chris\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Chris\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\ddrjjhqh.exe
C:\ftklhae.exe
C:\WINDOWS\system32\6343B22A(2)(3).DLL
C:\WINDOWS\system32\6343B22A.DLL
C:\WINDOWS\system32\7C750A7C.EXE
C:\WINDOWS\system32\blackster.scr
C:\WINDOWS\system32\drivers\spools.PIF
C:\WINDOWS\system32\efcDTMgf.dll
C:\WINDOWS\system32\klb1208539155.wk
C:\WINDOWS\system32\klb1208671658.wk
C:\WINDOWS\system32\klb1208674050.wk
C:\WINDOWS\system32\kr_done1de
C:\WINDOWS\system32\llk1208205283.jhh
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ftklhae.exe
C:\WINDOWS\system32\blackster.scr
C:\WINDOWS\system32\drivers\spools.PIF
C:\WINDOWS\system32\efcDTMgf.dll
C:\WINDOWS\system32\klb1208539155.wk
C:\WINDOWS\system32\klb1208671658.wk
C:\WINDOWS\system32\klb1208674050.wk
C:\WINDOWS\system32\kr_done1de
C:\WINDOWS\system32\llk1208205283.jhh

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_4890AABA
-------\Service_4890AABA


((((((((((((((((((((((((( Files Created from 2008-04-12 to 2008-05-12 )))))))))))))))))))))))))))))))
.

2008-05-12 14:13 . 2008-05-12 14:57 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-12 13:05 . 2008-05-12 13:05 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-11 23:35 . 2008-05-11 23:35 <DIR> d-------- C:\Deckard
2008-05-11 12:49 . 2008-05-11 12:49 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-11 12:49 . 2008-05-11 12:49 <DIR> d-------- C:\Program Files\AVG
2008-05-11 12:49 . 2008-05-11 12:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-11 12:49 . 2008-05-11 12:49 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-11 12:49 . 2008-05-11 12:49 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-11 12:49 . 2008-05-11 12:49 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-05-11 12:49 . 2008-05-11 12:49 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-11 12:08 . 2008-05-11 12:08 <DIR> d--h----- C:\WINDOWS\PIF
2008-04-27 14:33 . 2008-04-27 14:33 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
2008-04-27 14:31 . 2008-04-27 14:31 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-04-22 08:55 . 2008-04-22 08:55 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-22 08:55 . 2008-04-22 08:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-12 13:42 --------- d-----w C:\Program Files\DIGStream
2008-04-27 13:32 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-04-27 13:31 --------- d-----w C:\Documents and Settings\Chris\Application Data\uTorrent
2008-04-27 13:28 --------- d-----w C:\Program Files\LimeWire
2008-04-20 06:52 --------- d-----w C:\Program Files\Common Files\Research In Motion
2008-04-20 06:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Roxio
2008-04-18 16:16 --------- d-----w C:\Program Files\Dl_cats
2008-03-31 14:23 --------- d-----w C:\Documents and Settings\Chris\Application Data\Roxio
2008-03-31 14:12 --------- d-----w C:\Documents and Settings\Chris\Application Data\Research In Motion
2008-03-31 13:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-03-31 13:18 --------- d-----w C:\Program Files\Roxio
2008-03-31 13:18 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-03-31 13:11 --------- d-----w C:\Documents and Settings\Chris\Application Data\Blackberry Desktop
2008-03-31 13:10 --------- d-----w C:\Program Files\Research In Motion
2008-03-21 19:07 --------- d-----w C:\Documents and Settings\Chris\Application Data\Viewpoint
2008-03-21 19:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-14 19:26 8 ----a-w C:\Documents and Settings\Chris\Application Data\usb.dat.bin
2006-12-15 00:12 146 -c--a-w C:\Documents and Settings\Chris\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( [email protected]_13.55.08.46 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-12 12:21:03 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-12 22:59:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-10-20 19:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-07 13:35 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2005-09-08 07:55 73728]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 12:47 761947]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 13:05 212992]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\McAgent.exe" [2005-09-22 19:29 303104]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 11:43 228088]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-11 12:49 1177368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 06:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-12-11 13:25:30 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\AOL 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
--a------ 2004-11-10 00:22 497240 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-05-10 12:12 90112 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
--a------ 2003-01-27 18:16 376912 C:\Program Files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
--a------ 2006-11-01 05:48 1392640 C:\WINDOWS\system32\WLTRAY.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
--a------ 2006-08-14 15:20 462336 C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2006-08-23 17:14 1032192 C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2006-08-28 22:57 395776 C:\Program Files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a------ 2005-09-08 06:20 122940 C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-12-09 21:29 49152 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-09-29 15:01 67584 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2006-09-11 04:40 218032 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2006-09-11 04:40 86960 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-08-15 20:15 271672 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
--a------ 2005-09-22 19:29 303104 c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
--a------ 2006-01-11 13:05 212992 C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
--------- 2003-09-10 03:24 20480 C:\Program Files\NetWaiting\netWaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
--a------ 2005-11-11 18:00 1005096 C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
--------- 2005-08-11 23:02 53248 C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2006-09-22 12:06 282624 C:\WINDOWS\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 14:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-08-07 13:35 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
--------- 2005-08-10 13:49 163840 C:\Program Files\McAfee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
--a------ 2005-07-08 19:18 151552 C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\utorrent\\utorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\svchost.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 avgrkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-05-11 12:49]
R1 avgldx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-11 12:49]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-11 12:49]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-11 12:49]
R2 avgtdix;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-11 12:49]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10f818c0-ba35-11dc-88a4-00197d00b753}]
\Shell\Auto\command - auto.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{187e70b4-92e7-11dc-886f-00038a000015}]
\Shell\Auto\command - auto.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42661d38-afbf-11dc-889d-00038a000015}]
\Shell\Auto\command - E:\auto.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{511c27e7-8baa-11db-87d7-00038a000015}]
\Shell\Auto\command - E:\auto.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{576f288c-9b01-11dc-887e-00038a000015}]
\Shell\Auto\command - E:\auto.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd41601a-ff2c-11dc-891e-00038a000015}]
\Shell\Auto\command - E:\auto.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-16 05:42:09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-13 00:00:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\PROGRA~1\McAfee.com\VSO\McShield.exe
C:\PROGRA~1\McAfee.com\Agent\McTskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-05-13 0:07:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-12 23:07:06
ComboFix2.txt 2008-05-12 12:56:20

Pre-Run: 61,058,904,064 bytes free
Post-Run: 60,977,913,856 bytes free

256 --- E O F --- 2008-04-27 23:05:54
  • 0

#14
dorkus5

dorkus5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Deckard's System Scanner v20071014.68
Run by Chris on 2008-05-13 00:11:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 86% (more than 75%).
Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-13 00:11:40
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\Program Files\McAfee.com\VSO\McShield.exe
C:\Program Files\McAfee.com\Agent\McTskshd.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\Program Files\AVG\AVG8\avgam.exe
C:\Program Files\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Chris\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co...amp;ibd=3061211
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.del.......;l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=3061211
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\Program Files\McAfee.com\VSO\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,RunDLLEntry
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Casino-on-Net - {3015DB92-158E-4b77-9020-85C8E311FBB5} - C:\Program Files\CasinoOnNet\Casino.exe
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll (file missing)
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: dlcf_device - Unknown owner - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\Mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - C:\Program Files\McAfee.com\VSO\McShield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\McTskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Unknown owner - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\system32\WLTRYSVC.EXE


--
End of file - 9578 bytes

-- Files created between 2008-04-13 and 2008-05-13 -----------------------------

2008-05-12 14:13:33 0 d--h----- C:\$AVG8.VAULT$
2008-05-12 13:39:06 68096 --a------ C:\WINDOWS\zip.exe
2008-05-12 13:39:06 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-12 13:39:06 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-12 13:39:06 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-12 13:39:06 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-12 13:39:06 98816 --a------ C:\WINDOWS\sed.exe
2008-05-12 13:39:06 80412 --a------ C:\WINDOWS\grep.exe
2008-05-12 13:39:06 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-12 13:05:10 0 d-------- C:\WINDOWS\ERUNT
2008-05-11 12:49:38 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-11 12:49:17 0 d-------- C:\Program Files\AVG
2008-05-11 12:49:14 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-11 12:08:12 0 d--h----- C:\WINDOWS\PIF
2008-04-27 14:33:02 0 d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
2008-04-27 14:31:34 0 d--hs---- C:\WINDOWS\ftpcache
2008-04-22 08:55:07 0 d-------- C:\Program Files\Lavasoft
2008-04-22 08:55:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft


-- Find3M Report ---------------------------------------------------------------

2008-05-12 14:42:44 0 d-------- C:\Program Files\DIGStream
2008-05-02 19:07:33 256 --a------ C:\WINDOWS\system32\pool.bin
2008-04-27 14:32:55 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-04-27 14:31:33 0 d-------- C:\Documents and Settings\Chris\Application Data\uTorrent
2008-04-27 14:28:50 0 d-------- C:\Program Files\LimeWire
2008-04-22 08:54:25 0 d-------- C:\Program Files\Common Files
2008-04-20 07:52:52 0 d-------- C:\Program Files\Common Files\Research In Motion
2008-04-18 17:16:58 0 d-------- C:\Program Files\Dl_cats
2008-03-31 15:23:15 0 d-------- C:\Documents and Settings\Chris\Application Data\Roxio
2008-03-31 15:12:55 0 d-------- C:\Documents and Settings\Chris\Application Data\Research In Motion
2008-03-31 14:18:26 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-03-31 14:18:03 0 d-------- C:\Program Files\Roxio
2008-03-31 14:11:46 0 d-------- C:\Documents and Settings\Chris\Application Data\Blackberry Desktop
2008-03-31 14:10:39 0 d-------- C:\Program Files\Research In Motion
2008-03-23 17:12:22 5642 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-03-23 17:12:11 168 -r-hs---- C:\WINDOWS\system32\935B7F7769.sys
2008-03-21 20:07:40 0 d-------- C:\Documents and Settings\Chris\Application Data\Viewpoint


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [08/09/2005 07:55]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [22/09/2006 12:47]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [11/01/2006 13:05]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [29/06/2007 06:24]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\McAgent.exe" [22/09/2005 19:29]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [23/04/2007 11:43]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [11/05/2008 12:49]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/08/2007 13:35]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [11/12/2006 13:25:30]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\AOL 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
C:\Program Files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
C:\WINDOWS\system32\WLTRAY.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
C:\Program Files\NetWaiting\netWaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
C:\Program Files\McAfee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10f818c0-ba35-11dc-88a4-00197d00b753}]
Auto\command- auto.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{187e70b4-92e7-11dc-886f-00038a000015}]
Auto\command- auto.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42661d38-afbf-11dc-889d-00038a000015}]
Auto\command- E:\auto.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{511c27e7-8baa-11db-87d7-00038a000015}]
Auto\command- E:\auto.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{576f288c-9b01-11dc-887e-00038a000015}]
Auto\command- E:\auto.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd41601a-ff2c-11dc-891e-00038a000015}]
Auto\command- E:\auto.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe




-- End of Deckard's System Scanner: finished at 2008-05-13 00:12:43 ------------
  • 0

#15
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,962 posts
Hi, dorkus5 :)

The log looks clear. How is the computer doing?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP