Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Whatever it is it's on [RESOLVED]


  • This topic is locked This topic is locked

#1
Captain K

Captain K

    New Member

  • Member
  • Pip
  • 9 posts
Hey mates, I thought I was installing a keygen for Reflexive Games but when I ran the file it looked like a DOS Box had briefly appeared in my task bar. The name of the file is called "c-setup" and is 88 KB. When I check the properties of this file it has 3 reference numbers in the File Hashes section. I'm not sure if that's relevant but if it is I will post them when prompted. It also appears to have affected my wife's laptop and probably my son's desktop. Must have infected via our wireless home network. Every time we go to open folders or files a box pops up looking something like this
SYSTEM ERRORYour system is infected with dangerous virus! Note:Strongly recommend to install antispyware program to clean your system and avoid total crash of your computer Click OK to download the antispyware

Then it has the OK and Cancel buttons at the bottom . I haven't pressed either button so I'm not sure where it leads. Here is a log file from HijackThis and an uninstall file from same program. I am running a modigied version of XP called Gold Edition. My C:Drive is only 4 gigs and used for storage. My main drive is D: with 40 gigs and I have a 300 gig external. Here are the log and uninstall files


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:17 PM, on 18/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20772)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\ESET\ESET Smart Security\egui.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
D:\Program Files\ESET\ESET Smart Security\ekrn.exe
D:\Program Files\iolo\common\lib\ioloServiceManager.exe
D:\Program Files\uTorrent\uTorrent.exe
D:\Program Files\RocketDock\RocketDock.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IE LiveTV - {5F841E5A-AA28-4037-BE7A-96E943E91F4D} - D:\WINDOWS\ikunbegy.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SMSystemAnalyzer] "D:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [True Transparency] "D:\Program Files\Utilities\True Transparency\TrueTransparency.exe"
O4 - HKCU\..\Run: [Sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [VistaStartMenu] "D:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\Run: [RocketDock] "D:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "D:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [True Transparency] "D:\Program Files\Utilities\True Transparency\TrueTransparency.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [LClock] D:\Program Files\LClock\LClock.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - D:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - D:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - D:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - D:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe

--
End of file - 4983 bytes

and here is the uninstall file

Adobe Flash Player Plugin
Adobe Reader 8.1.2
Alky for Applications (Windows XP)
Can You See What I See
CCleaner (remove only)
Collectorz.com Movie Collector
ESET Smart Security
Gadget Installer
HashTab 2.0.8
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
IconPackager
iolo technologies' System Mechanic Professional 7
IZArc 3.81
Java™ 6 Update 6
K-Lite Codec Pack 3.9.0 Standard
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Office 2007 Recent Documents Gadget
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.14)
Pinnacle Game Profiler
RocketDock 1.3.5
Security Update for Windows XP (KB941569)
True Transparency 0.8.5
Unlocker 1.8.6
VIA Rhine-Family Fast Ethernet Adapter
Vista Start Menu
Windows Sidebar
WinRAR archiver

Thanx to all in advance who may have a look or some suggestions with this. much appreciated

Edited by Captain K, 18 May 2008 - 09:05 PM.

  • 0

Advertisements


#2
sarahw

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Hi,
Welcome to the site

I will be handling your log to help you get cleaned up. As it has been a few days, can you please post a another Hijack This log. This is because your computers condition may have changed.

I want you to show hidden files. There are instructions HERE to help you do this.
You should have Administrator rights to perform the fixes. Some of the instructions I give may need to be printed or saved for reference during the fix. Some of the fix will be done in Safe Mode so you will be unable to access this thread at that time.
Please dont use any of the tools without specific instructions. Some of them are dangerous (and could leave your computer in worse condition that it is when infected) if used incorrectly.
These instructions should be read first, then followed. If you do not understand something, don't be afraid to ask, or see if I'm on chat. :)
  • 0

#3
Captain K

Captain K

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hey sarahw, thanx for responding. My Nod32 seems to have quarantined the threat which is listed in it's log file as "Win32/Adware.IEDefender.NEI Application."..Although it's now quarantined, it seems to want to emerge almost daily from my System Volume Information/Restore folder.It is not popping any windows up on the other two computers either . Here is a new Hijack this logfile with my hidden files now shown.thanx again

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:32:52 PM, on 24/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20772)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Unlocker\UnlockerAssistant.exe
D:\Program Files\ESET\ESET Smart Security\egui.exe
D:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Utilities\True Transparency\TrueTransparency.exe
D:\Program Files\Windows Sidebar\sidebar.exe
D:\Program Files\Vista Start Menu\VistaStartMenu.exe
D:\Program Files\RocketDock\RocketDock.exe
D:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
D:\Program Files\MagicDisc\MagicDisc.exe
D:\Program Files\ESET\ESET Smart Security\ekrn.exe
D:\Program Files\iolo\common\lib\ioloServiceManager.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\Windows Sidebar\sidebar.exe
D:\Program Files\uTorrent\uTorrent.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Captain Kool\Desktop\HiJackThis.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IE LiveTV - {5F841E5A-AA28-4037-BE7A-96E943E91F4D} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SMSystemAnalyzer] "D:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [True Transparency] "D:\Program Files\Utilities\True Transparency\TrueTransparency.exe"
O4 - HKCU\..\Run: [Sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [VistaStartMenu] "D:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\Run: [RocketDock] "D:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "D:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [True Transparency] "D:\Program Files\Utilities\True Transparency\TrueTransparency.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [LClock] D:\Program Files\LClock\LClock.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: MagicDisc.lnk = D:\Program Files\MagicDisc\MagicDisc.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{B53923D9-9D1E-44F7-8BB4-97F035D5AFC5}: NameServer = 24.222.0.94,24.222.0.95
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - D:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - D:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - D:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - D:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe

--
End of file - 6006 bytes
  • 0

#4
sarahw

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
I wouldn't worry about any files in System Volume Information/Restore unless you are going to use System Restore.

I need to see what other Malware is on your computer. I want you to run a Anti Virus Scan and a AntiSpyware scan.

1.
Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan (Full scan is optional. According to the program's creator Quick Scan will do just fine.).
Click Scan.
When the scan is complete, click OK, then Show Results to view the results.

If Malware is found...
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad.
Please save it to your desktop.

NOTE: Logs can be retrieved at a later date from the Malwarebytes' Anti-Malware main screen:

Launch Malwarebytes' Anti-Malware.
Click the Logs tab.
Double-click log-mm.dd.yyyy [xxxxxx].txt.

In your next reply post the Malwarebytes' Anti-Malware log.


2.
Click HERE and run an online scan with Kaspersky WebScanner
  • Click on Kaspersky Online Scanner
  • You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
  • Scan Options:
    Scan Archives
    Scan Mail Bases
[*]Click OK
[*]Now under select a target to scan:Select My Computer
[*]This will program will start and scan your system.
[*]The scan will take a while so be patient and let it run.
[*]Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
[*]Save the file to your desktop.
[*]Copy and paste that information into your next post.
[/list]
  • 0

#5
Captain K

Captain K

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi again sarahw. These are the results of the two scans you requested.
  • 0

#6
Captain K

Captain K

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
whoops! I mean here they are

Malwarebytes' Anti-Malware 1.12
Database version: 785

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 81300
Time elapsed: 29 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\bho.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5f841e5a-aa28-4037-be7a-96e943e91f4d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{5f841e5a-aa28-4037-be7a-96e943e91f4d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5f841e5a-aa28-4037-be7a-96e943e91f4d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
D:\Documents and Settings\Captain Kool\Application Data\Desktopicon\eBayShortcuts.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Documents and Settings\Default User\Application Data\Desktopicon\eBayShortcuts.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{EF18B4E8-0ABC-494F-BCA4-FFA563459BF4}\RP8\A0002232.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{EF18B4E8-0ABC-494F-BCA4-FFA563459BF4}\RP8\A0002287.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\config\systemprofile\Application Data\Desktopicon\eBayShortcuts.exe (Trojan.Agent) -> Quarantined and deleted successfully.



-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, May 25, 2008 4:47:01 PM
Operating System: Microsoft Windows XP Professional, Service Pack 3 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 25/05/2008
Kaspersky Anti-Virus database records: 800216
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
F:\

Scan Statistics:
Total number of scanned objects: 39521
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 01:10:52

Infected Object Name / Virus Name / Last Action
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Charon\CACHE.NDB Object is locked skipped
D:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Logs\epfwlog.dat Object is locked skipped
D:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Logs\virlog.dat Object is locked skipped
D:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Logs\warnlog.dat Object is locked skipped
D:\Documents and Settings\All Users\Application Data\iolo\FileInfoList\IOLOFIL.FDB Object is locked skipped
D:\Documents and Settings\Captain Kool\Application Data\Mozilla\Firefox\Profiles\tt0y2d5z.default\cert8.db Object is locked skipped
D:\Documents and Settings\Captain Kool\Application Data\Mozilla\Firefox\Profiles\tt0y2d5z.default\formhistory.dat Object is locked skipped
D:\Documents and Settings\Captain Kool\Application Data\Mozilla\Firefox\Profiles\tt0y2d5z.default\history.dat Object is locked skipped
D:\Documents and Settings\Captain Kool\Application Data\Mozilla\Firefox\Profiles\tt0y2d5z.default\key3.db Object is locked skipped
D:\Documents and Settings\Captain Kool\Application Data\Mozilla\Firefox\Profiles\tt0y2d5z.default\parent.lock Object is locked skipped
D:\Documents and Settings\Captain Kool\Application Data\Mozilla\Firefox\Profiles\tt0y2d5z.default\search.sqlite Object is locked skipped
D:\Documents and Settings\Captain Kool\Application Data\Mozilla\Firefox\Profiles\tt0y2d5z.default\urlclassifier2.sqlite Object is locked skipped
D:\Documents and Settings\Captain Kool\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\Captain Kool\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
D:\Documents and Settings\Captain Kool\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\Captain Kool\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\Captain Kool\Local Settings\Application Data\Mozilla\Firefox\Profiles\tt0y2d5z.default\Cache\_CACHE_001_ Object is locked skipped
D:\Documents and Settings\Captain Kool\Local Settings\Application Data\Mozilla\Firefox\Profiles\tt0y2d5z.default\Cache\_CACHE_002_ Object is locked skipped
D:\Documents and Settings\Captain Kool\Local Settings\Application Data\Mozilla\Firefox\Profiles\tt0y2d5z.default\Cache\_CACHE_003_ Object is locked skipped
D:\Documents and Settings\Captain Kool\Local Settings\Application Data\Mozilla\Firefox\Profiles\tt0y2d5z.default\Cache\_CACHE_MAP_ Object is locked skipped
D:\Documents and Settings\Captain Kool\Local Settings\History\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\Captain Kool\Local Settings\History\History.IE5\MSHist012008052520080526\index.dat Object is locked skipped
D:\Documents and Settings\Captain Kool\Local Settings\Temp\Perflib_Perfdata_190.dat Object is locked skipped
D:\Documents and Settings\Captain Kool\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
D:\Documents and Settings\Captain Kool\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\Captain Kool\ntuser.dat Object is locked skipped
D:\Documents and Settings\Captain Kool\NTUSER.DAT.LOG Object is locked skipped
D:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
D:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{EF18B4E8-0ABC-494F-BCA4-FFA563459BF4}\RP14\change.log Object is locked skipped
D:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
D:\WINDOWS\SchedLgU.Txt Object is locked skipped
D:\WINDOWS\SoftwareDistribution\EventCache\{8B21BA32-8873-4E8B-A938-88BAEA5E2541}.bin Object is locked skipped
D:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
D:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\default Object is locked skipped
D:\WINDOWS\system32\config\default.LOG Object is locked skipped
D:\WINDOWS\system32\config\Internet.evt Object is locked skipped
D:\WINDOWS\system32\config\SAM Object is locked skipped
D:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
D:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\SECURITY Object is locked skipped
D:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
D:\WINDOWS\system32\config\software Object is locked skipped
D:\WINDOWS\system32\config\software.LOG Object is locked skipped
D:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\system Object is locked skipped
D:\WINDOWS\system32\config\system.LOG Object is locked skipped
D:\WINDOWS\system32\h323log.txt Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
D:\WINDOWS\Temp\fb_664.lck Object is locked skipped
D:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
  • 0

#7
sarahw

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#8
Captain K

Captain K

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Here you go. I think I got it right.

Deckard's System Scanner v20071014.68
Run by Captain Kool on 2008-05-25 18:01:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
16: 2008-05-25 21:00:50 UTC - RP16 - Deckard's System Scanner Restore Point
15: 2008-05-25 18:08:09 UTC - RP15 - System Checkpoint
14: 2008-05-24 15:55:28 UTC - RP14 - Removed Project64 1.6
13: 2008-05-24 00:45:37 UTC - RP13 - Installed Project64 1.6
12: 2008-05-23 01:53:27 UTC - RP12 - System Checkpoint


-- First Restore Point --
1: 2008-05-14 20:13:17 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Captain Kool.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:02:06 PM, on 25/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20772)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\ESET\ESET Smart Security\egui.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
D:\Program Files\ESET\ESET Smart Security\ekrn.exe
D:\Program Files\iolo\common\lib\ioloServiceManager.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\uTorrent\uTorrent.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Documents and Settings\Captain Kool\Desktop\dss.exe
D:\DOCUME~1\CAPTAI~1\Desktop\Captain Kool.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SMSystemAnalyzer] "D:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [True Transparency] "D:\Program Files\Utilities\True Transparency\TrueTransparency.exe"
O4 - HKCU\..\Run: [Sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [VistaStartMenu] "D:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\Run: [RocketDock] "D:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "D:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [True Transparency] "D:\Program Files\Utilities\True Transparency\TrueTransparency.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [LClock] D:\Program Files\LClock\LClock.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: MagicDisc.lnk = D:\Program Files\MagicDisc\MagicDisc.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B53923D9-9D1E-44F7-8BB4-97F035D5AFC5}: NameServer = 24.222.0.94,24.222.0.95
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - D:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - D:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - D:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - D:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe

--
End of file - 5729 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - D:\Program Files\Stardock\Object Desktop\IconPackager\Themes\Vious\Vious Icon 56.ico,0
.chm - chm.file - DefaultIcon - D:\Program Files\Stardock\Object Desktop\IconPackager\Themes\Vious\Vious Icon 60.ico,0
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.hlp - hlpfile - DefaultIcon - D:\Program Files\Stardock\Object Desktop\IconPackager\Themes\Vious\Vious Icon 15.ico,0
.inf - inffile - DefaultIcon - D:\Program Files\Stardock\Object Desktop\IconPackager\Themes\Vious\Vious Icon 46.ico,0
.ini - inifile - DefaultIcon - D:\Program Files\Stardock\Object Desktop\IconPackager\Themes\Vious\Vious Icon 46.ico,0
.js - JSFile - shell\open\command - NOTEPAD.EXE %1
.reg - regfile - DefaultIcon - D:\WINDOWS\regedit.exe,1
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*
.txt - txtfile - DefaultIcon - D:\Program Files\Stardock\Object Desktop\IconPackager\Themes\Vious\Vious Icon 58.ico,0
.vbs - VBSFile - DefaultIcon - D:\WINDOWS\system32\WScript.exe,2
.vbs - VBSFile - shell\open\command - NOTEPAD.EXE %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 FileDisk - d:\windows\system32\drivers\filedisk.sys <Not Verified; iolo technologies, LLC (based on original work by Bo Brantén); filedisk (based on original work by Bo Brantén)>
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - d:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ekrn (Eset Service) - "d:\program files\eset\eset smart security\ekrn.exe" <Not Verified; ESET; ESET Smart Security>

S2 PinnacleUpdateSvc (PinnacleUpdate Service) - d:\program files\kalinkosoft\pinnacle game profiler\pinnacle_updater.exe <Not Verified; KALiNKOsoft; pinnacle_updater.exe>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-04-25 and 2008-05-25 -----------------------------

2008-05-25 00:41:25 0 d-------- D:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-25 00:41:21 0 d-------- D:\WINDOWS\system32\Kaspersky Lab
2008-05-25 00:03:22 0 d-------- D:\Documents and Settings\Captain Kool\Application Data\Malwarebytes
2008-05-25 00:03:10 0 d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-25 00:03:07 0 d-------- D:\Program Files\Malwarebytes' Anti-Malware
2008-05-24 22:33:46 0 d-------- D:\Documents and Settings\Captain Kool\Interstate.2007.NTSC.DVDR-DPiMP
2008-05-24 00:02:55 0 d-------- D:\Documents and Settings\Captain Kool\Application Data\vlc
2008-05-23 22:23:45 0 d-------- D:\Documents and Settings\Captain Kool\Application Data\dvdcss
2008-05-23 22:22:59 0 d-------- D:\Program Files\VideoLAN
2008-05-23 21:45:38 0 d-------- D:\Program Files\Project64 1.6
2008-05-23 19:08:30 96256 --a------ D:\WINDOWS\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
2008-05-23 19:08:25 0 d-------- D:\Program Files\MagicDisc
2008-05-23 19:03:41 0 d-------- D:\Program Files\MagicISO
2008-05-22 20:20:15 0 d-------- D:\Documents and Settings\Captain Kool\Indiana.Jones.And.The.Kingdom.Of.The.Crystal.Skull.TS.XviD-KAMERA
2008-05-20 18:02:58 619 --a------ D:\WINDOWS\eReg.dat
2008-05-20 17:05:14 0 d-------- D:\Documents and Settings\Captain Kool\Application Data\Ashampoo
2008-05-20 17:03:25 0 d-------- D:\Documents and Settings\All Users\Application Data\ashampoo
2008-05-20 17:03:10 0 d-------- D:\Program Files\Ashampoo
2008-05-20 07:04:35 0 d-------- D:\WINDOWS\system32\Adobe
2008-05-19 23:05:24 0 d-------- D:\Documents and Settings\Captain Kool\Metal_Gear_Solid_3_Snake_Eater_USA_PS2DVD-STRiKE
2008-05-19 21:32:57 516096 -----n--- D:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-05-19 21:32:05 0 d-------- D:\Program Files\ATI Technologies
2008-05-19 21:12:14 0 d-------- D:\WINDOWS\system32\DirectX
2008-05-19 21:02:06 0 d-------- D:\Program Files\EA GAMES
2008-05-19 13:15:58 0 d-------- D:\Program Files\illiminable
2008-05-18 22:32:39 0 d-------- D:\Program Files\Trend Micro
2008-05-18 18:50:40 0 d-------- D:\Program Files\Can You See What I See
2008-05-18 18:33:09 0 d-------- D:\WINDOWS\Sun
2008-05-18 18:33:09 0 d-------- D:\Documents and Settings\Captain Kool\Application Data\Sun
2008-05-18 17:26:40 0 d-------- D:\Documents and Settings\Captain Kool\Application Data\KALiNKOsoft
2008-05-18 16:48:36 53248 -----n--- D:\WINDOWS\system32\zlib.dll <Not Verified; ; ZLib.DLL>
2008-05-18 16:48:36 40960 --a------ D:\WINDOWS\system32\SSubTmr6.dll <Not Verified; vbAccelerator; SSubTmr6>
2008-05-18 16:48:36 94208 -r--s---- D:\WINDOWS\system32\msstkprp.dll <Not Verified; Microsoft Corporation; msprop32>
2008-05-18 16:48:36 57344 -----n--- D:\WINDOWS\system32\ADsSecurity.dll <Not Verified; ; ADsSecurity Module>
2008-05-18 16:48:35 36864 --a------ D:\WINDOWS\system32\dxinputdll.dll
2008-05-18 16:48:34 0 d-------- D:\Program Files\KALiNKOsoft
2008-05-18 16:48:34 0 d--h----- D:\Program Files\InstallShield Installation Information
2008-05-18 16:47:52 0 d-------- D:\Program Files\Common Files\InstallShield
2008-05-18 13:31:17 0 d-------- D:\Documents and Settings\All Users\Application Data\Trymedia
2008-05-17 21:44:14 0 d-------- D:\Documents and Settings\Captain Kool\Application Data\Friday's games
2008-05-17 19:34:07 0 d-------- D:\Documents and Settings\All Users\Application Data\Gogii
2008-05-17 19:29:29 0 d-------- D:\Program Files\ReflexiveArcade
2008-05-17 16:24:21 0 d-------- D:\Documents and Settings\Captain Kool\Application Data\UseNeXT
2008-05-17 01:01:55 0 d-------- D:\Documents and Settings\LocalService\Application Data\iolo
2008-05-17 01:01:22 9341 --a------ D:\WINDOWS\system32\drivers\filedisk.sys <Not Verified; iolo technologies, LLC (based on original work by Bo Brantén); filedisk (based on original work by Bo Brantén)>
2008-05-17 01:00:12 22528 --a------ D:\WINDOWS\system32\smrgdf.exe
2008-05-17 01:00:12 34304 --a------ D:\WINDOWS\system32\iolobtdfg.exe
2008-05-17 00:59:37 0 d-------- D:\Program Files\iolo
2008-05-17 00:53:29 74703 --a------ D:\WINDOWS\system32\mfc45.dll
2008-05-17 00:52:04 0 d-------- D:\Documents and Settings\Captain Kool\Application Data\iolo
2008-05-17 00:52:04 0 d-------- D:\Documents and Settings\All Users\Application Data\iolo
2008-05-16 22:29:34 0 d-------- D:\Program Files\Collectorz.com
2008-05-15 22:31:39 0 d-------- D:\Program Files\YourWare Solutions
2008-05-15 22:27:11 0 d-------- D:\Documents and Settings\Captain Kool\Application Data\GetRightToGo
2008-05-15 18:39:58 0 d-------- D:\Documents and Settings\All Users\Application Data\Adobe
2008-05-15 18:39:43 0 d-------- D:\Program Files\Common Files\Adobe
2008-05-15 18:38:37 1244 --a------ D:\WINDOWS\mozver.dat
2008-05-14 19:57:36 0 d-------- D:\Documents and Settings\Captain Kool\Application Data\Help
2008-05-14 19:46:39 0 d-------- D:\WAR2
2008-05-14 17:13:14 2359296 --a------ D:\Documents and Settings\Captain Kool\ntuser.dat
2008-05-14 16:48:38 0 d--h----- D:\WINDOWS\$hf_mig$
2008-05-13 18:21:51 0 d-------- D:\WINDOWS\system32\appmgmt
2008-05-12 19:13:49 0 d-------- D:\Documents and Settings\Captain Kool\Application Data\Vista Start Menu
2008-05-12 18:48:28 0 d-------- D:\Program Files\Vista Start Menu
2008-05-12 18:39:32 0 d-------- D:\Documents and Settings\Captain Kool\Application Data\Media Player Classic
2008-05-11 23:28:43 0 d-------- D:\WINDOWS\system32\ReinstallBackups
2008-05-11 21:21:11 0 d-------- D:\Documents and Settings\Captain Kool\Application Data\ESET
2008-05-11 21:16:50 0 d-------- D:\Documents and Settings\All Users\Application Data\ESET
2008-05-11 20:16:21 0 d-------- D:\Documents and Settings\Captain Kool\Application Data\Macromedia
2008-05-11 20:16:21 0 d-------- D:\Documents and Settings\Captain Kool\Application Data\Adobe
2008-05-11 20:15:43 0 d-------- D:\Documents and Settings\Captain Kool\Application Data\Talkback
2008-05-11 20:15:36 0 --a------ D:\WINDOWS\nsreg.dat
2008-05-11 20:15:31 0 d-------- D:\Documents and Settings\Captain Kool\Application Data\Mozilla
2008-05-11 20:14:20 0 d-------- D:\Documents and Settings\Captain Kool\Application Data\Styler
2008-05-11 20:13:53 0 d-------- D:\Documents and Settings\Captain Kool\Application Data\Identities
2008-05-11 20:12:59 0 d--h----- D:\Documents and Settings\Captain Kool\Templates
2008-05-11 20:12:59 0 dr------- D:\Documents and Settings\Captain Kool\Start Menu
2008-05-11 20:12:59 0 dr-h----- D:\Documents and Settings\Captain Kool\SendTo
2008-05-11 20:12:59 0 d---s---- D:\Documents and Settings\Captain Kool\Recent
2008-05-11 20:12:59 0 d--h----- D:\Documents and Settings\Captain Kool\PrintHood
2008-05-11 20:12:59 0 d--h----- D:\Documents and Settings\Captain Kool\NetHood
2008-05-11 20:12:59 0 dr------- D:\Documents and Settings\Captain Kool\My Documents
2008-05-11 20:12:59 0 d--h----- D:\Documents and Settings\Captain Kool\Local Settings
2008-05-11 20:12:59 0 d---s---- D:\Documents and Settings\Captain Kool\Favorites
2008-05-11 20:12:59 0 d-------- D:\Documents and Settings\Captain Kool\Desktop
2008-05-11 20:12:59 0 d--hs---- D:\Documents and Settings\Captain Kool\Cookies
2008-05-11 20:12:59 0 dr-h----- D:\Documents and Settings\Captain Kool\Application Data
2008-05-11 20:12:59 0 d-------- D:\Documents and Settings\Captain Kool\Application Data\WinRAR
2008-05-11 20:12:59 0 d-------- D:\Documents and Settings\Captain Kool\Application Data\uTorrent
2008-05-11 20:12:59 0 d-------- D:\Documents and Settings\Captain Kool\Application Data\Desktopicon
2008-05-11 20:10:51 0 d---s---- D:\WINDOWS\system32\Microsoft
2008-05-11 20:10:51 0 d-------- D:\WINDOWS\Prefetch
2008-05-11 20:10:38 0 d--h----- D:\Documents and Settings\NetworkService\Local Settings
2008-05-11 20:10:38 0 d--hs---- D:\Documents and Settings\NetworkService\Cookies
2008-05-11 20:10:38 0 d-------- D:\Documents and Settings\NetworkService\Application Data
2008-05-11 20:10:38 0 d---s---- D:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-05-11 20:10:37 643072 --a------ D:\Documents and Settings\NetworkService\NTUSER.DAT
2008-05-11 20:08:27 503808 ---h----- D:\Documents and Settings\Default User\NTUSER.DAT
2008-05-11 20:08:04 20120 --a------ D:\WINDOWS\sKzVistaUltimateSound(Loud).reg
2008-05-11 20:08:00 0 d-------- D:\Documents and Settings\Default User\Application Data\Desktopicon
2008-05-11 20:07:53 0 d-------- D:\Program Files\RocketDock
2008-05-11 20:07:45 0 d-------- D:\Program Files\LClock
2008-05-11 20:07:40 164352 --a------ D:\WINDOWS\system32\unrar.dll
2008-05-11 20:07:37 0 d-------- D:\Program Files\K-Lite Codec Pack
2008-05-11 20:07:16 0 d-------- D:\Program Files\Common Files\Stardock
2008-05-11 20:07:15 0 d-------- D:\Program Files\Stardock
2008-05-11 20:06:57 0 d-------- D:\Program Files\HashTab Shell Extension
2008-05-11 20:06:53 0 d-------- D:\Program Files\Alky for Applications
2008-05-11 20:06:42 0 d-------- D:\Program Files\Sysinternals
2008-05-11 20:06:37 0 d-------- D:\Program Files\IZArc
2008-05-11 20:05:47 0 d-------- D:\Program Files\Java
2008-05-11 20:05:45 0 d-------- D:\Program Files\Common Files\Java
2008-05-11 20:00:18 0 d-------- D:\Documents and Settings\LocalService\Start Menu
2008-05-11 20:00:17 53248 --a------ D:\Documents and Settings\LocalService\ntuser.dat
2008-05-11 20:00:17 0 d-------- D:\Documents and Settings\LocalService\Local Settings
2008-05-11 20:00:17 0 d--hs---- D:\Documents and Settings\LocalService\Cookies
2008-05-11 20:00:17 0 d-------- D:\Documents and Settings\LocalService\Application Data
2008-05-11 20:00:17 0 d---s---- D:\Documents and Settings\LocalService\Application Data\Microsoft
2008-05-11 19:59:49 0 d-------- D:\WINDOWS\system32\XPSViewer
2008-05-11 19:59:49 0 d-------- D:\Program Files\MSBuild
2008-05-11 19:59:38 0 d-------- D:\Program Files\Reference Assemblies
2008-05-11 19:55:30 0 d-------- D:\WINDOWS\system32\URTTemp
2008-05-11 19:55:04 124928 -----n--- D:\WINDOWS\system32\prntvpt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-11 19:53:36 0 d-------- D:\WINDOWS\system32\dllcache
2008-05-11 19:52:23 0 d--hs---- D:\Documents and Settings\All Users\DRM
2008-05-11 19:51:47 0 d--h----- D:\Program Files\WindowsUpdate
2008-05-11 19:51:39 0 d-------- D:\Program Files\Online Services
2008-05-11 19:51:08 0 d---s---- D:\WINDOWS\Tasks
2008-05-11 19:51:07 0 d-------- D:\Program Files\Common Files\MSSoap
2008-05-11 19:51:03 0 d-------- D:\WINDOWS\srchasst
2008-05-11 19:50:54 0 d-------- D:\Program Files\Movie Maker
2008-05-11 19:50:25 0 d-------- D:\WINDOWS\system32\Restore
2008-05-11 19:49:16 21640 --a------ D:\WINDOWS\system32\emptyregdb.dat
2008-05-11 19:48:53 0 d-------- D:\WINDOWS\Registration
2008-05-11 19:48:25 0 dr------- D:\WINDOWS\Offline Web Pages
2008-05-11 19:48:25 0 d---s---- D:\WINDOWS\Downloaded Program Files
2008-05-11 19:47:23 0 d-------- D:\Documents and Settings\Default User\Application Data\WinRAR
2008-05-11 19:47:06 0 d-------- D:\Program Files\uTorrent
2008-05-11 19:47:00 0 d-------- D:\Documents and Settings\Default User\Application Data\uTorrent
2008-05-11 19:44:30 0 d-------- D:\Program Files\VistaExperience.org
2008-05-11 19:41:47 498176 --a------ D:\WINDOWS\system32\vLogon.scr <Not Verified; Microsoft Corporation; Microsoft? Windows? Operating System>
2008-05-11 19:41:47 382976 --a------ D:\WINDOWS\system32\Vista.scr <Not Verified; Microsoft Corporation; Microsoft? Windows? Operating System>
2008-05-11 19:41:47 117248 --a------ D:\WINDOWS\system32\Ribbons.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-11 19:41:47 117248 --a------ D:\WINDOWS\system32\Mystify.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-11 19:41:47 720412 --a------ D:\WINDOWS\system32\MGB_ScreenSaver.scr <Not Verified; Tenmiles Corporation; ScreenSwift Screen Saver>
2008-05-11 19:41:47 773120 --a------ D:\WINDOWS\system32\Bubbles.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-11 19:41:47 0 d-------- D:\Program Files\Windows Sidebar
2008-05-11 19:41:46 1263616 --a------ D:\WINDOWS\system32\Aurora.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-11 19:41:36 0 d-------- D:\Program Files\Styler
2008-05-11 19:41:34 0 d-------- D:\Program Files\CCleaner
2008-05-11 19:41:09 20992 --a------ D:\WINDOWS\system32\CabTool.exe <Not Verified; ; CAB Tool>
2008-05-11 19:41:09 0 d-------- D:\Program Files\Desktop
2008-05-11 19:40:58 0 d-------- D:\Program Files\Utilities
2008-05-11 19:40:48 0 d-------- D:\Program Files\Windows Media Connect 2
2008-05-11 19:40:32 0 d-------- D:\Program Files\Windows NT
2008-05-11 19:40:28 0 d-------- D:\WINDOWS\system32\MsDtc
2008-05-11 19:40:26 0 d-------- D:\WINDOWS\system32\Com
2008-05-11 16:28:48 0 d--hs---- D:\WINDOWS\Installer
2008-05-11 16:28:47 0 d-------- D:\Program Files\Common Files\ODBC
2008-05-11 16:28:43 0 d-------- D:\Program Files\Common Files\SpeechEngines
2008-05-11 16:28:42 0 d-------- D:\Program Files
2008-05-11 16:28:42 0 d-------- D:\Program Files\Common Files
2008-05-11 16:28:07 0 d--h----- D:\Documents and Settings\Default User\Templates
2008-05-11 16:28:07 0 dr------- D:\Documents and Settings\Default User\Start Menu
2008-05-11 16:28:07 0 dr-h----- D:\Documents and Settings\Default User\SendTo
2008-05-11 16:28:07 0 d--h----- D:\Documents and Settings\Default User\Recent
2008-05-11 16:28:07 0 d--h----- D:\Documents and Settings\Default User\PrintHood
2008-05-11 16:28:07 0 d--h----- D:\Documents and Settings\Default User\NetHood
2008-05-11 16:28:07 0 d-------- D:\Documents and Settings\Default User\My Documents
2008-05-11 16:28:07 0 dr-h----- D:\Documents and Settings\Default User\Local Settings
2008-05-11 16:28:07 0 d-------- D:\Documents and Settings\Default User\Favorites
2008-05-11 16:28:07 0 d-------- D:\Documents and Settings\Default User\Desktop
2008-05-11 16:28:07 0 d--hs---- D:\Documents and Settings\Default User\Cookies
2008-05-11 16:28:07 0 d--h----- D:\Documents and Settings\All Users\Templates
2008-05-11 16:28:07 0 dr------- D:\Documents and Settings\All Users\Start Menu
2008-05-11 16:28:07 0 d-------- D:\Documents and Settings\All Users\Favorites
2008-05-11 16:28:07 0 dr------- D:\Documents and Settings\All Users\Documents
2008-05-11 16:28:07 0 d-------- D:\Documents and Settings\All Users\Desktop
2008-05-11 16:27:49 0 d-------- D:\WINDOWS\system32\CatRoot2
2008-05-11 16:27:49 0 d-------- D:\WINDOWS\system32\CatRoot
2008-05-11 16:27:43 0 dr-h----- D:\Documents and Settings\Default User\Application Data
2008-05-11 16:27:43 0 d---s---- D:\Documents and Settings\Default User\Application Data\Microsoft
2008-05-11 16:27:43 0 dr-h----- D:\Documents and Settings\All Users\Application Data
2008-05-11 16:27:43 0 d---s---- D:\Documents and Settings\All Users\Application Data\Microsoft
2008-05-11 16:25:36 0 d--hs---- D:\System Volume Information
2008-05-11 16:25:36 0 d-------- D:\Documents and Settings
2008-05-11 16:21:04 0 d-------- D:\WINDOWS
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\WinSxS
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\Web
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\twain_32
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\wins
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\wbem
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\usmt
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\spool
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\ShellExt
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\Setup
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\scripting
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\ras
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\oobe
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\npp
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\mui
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\Macromed
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\inetsrv
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\IME
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\icsxml
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\ias
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\export
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\en
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\drivers
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\drivers\UMDF
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\drivers\etc
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\drivers\disdn
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\dhcp
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\config
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\3com_dmi
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\3076
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\2052
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\1054
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\1042
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\1041
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\1037
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\1033
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\1031
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\1028
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\1025
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\SoftwareDistribution
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\security
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\Resources
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\repair
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\Provisioning
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\PeerNet
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\pchealth
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\Network Diagnostic
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\mui
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\msapps
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\msagent
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\Media
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\L2Schemas
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\java
2008-05-11 16:21:04 0 d--h----- D:\WINDOWS\inf
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\ime
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\Help
2008-05-11 16:21:04 0 dr--s---- D:\WINDOWS\Fonts
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\ehome
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\Driver Cache
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\Debug
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\Cursors
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\Connection Wizard
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\Config
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\AppPatch
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\addins
2008-04-27 05:20:49 28672 --a------ D:\WINDOWS\system32\setupold.exe <Not Verified; iLE d.o.p.; >
2008-04-27 05:20:49 3038 --a------ D:\WINDOWS\system32\presetup.cmd
2008-04-27 05:06:26 361344 --a------ D:\WINDOWS\system32\drivers\tcpip.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 05:06:25 140288 --a------ D:\WINDOWS\system32\sfc_os.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 05:05:28 36864 --a------ D:\WINDOWS\system32\qfecheck.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 05:05:28 524288 --a------ D:\WINDOWS\opuc.dll <Not Verified; Microsoft Corporation; 2007 Microsoft Office system>
2008-04-27 05:04:04 16384 --a------ D:\WINDOWS\system32\lcid.exe <Not Verified; Microsoft; lcid>
2008-04-27 05:03:18 98304 --a------ D:\WINDOWS\system32\makecab.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 05:00:24 200 --a------ D:\WINDOWS\system32\nlite.cmd
2008-04-27 04:21:03 4096 --a------ D:\WINDOWS\system32\wmvdmoe2.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:21:03 4096 --a------ D:\WINDOWS\system32\wmvdmod.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:21:00 1329152 --a------ D:\WINDOWS\system32\wmspdmoe.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:59 603648 --a------ D:\WINDOWS\system32\wmspdmod.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:58 4096 --a------ D:\WINDOWS\system32\wmsdmoe2.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:58 4096 --a------ D:\WINDOWS\system32\wmsdmod.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:58 99840 --a------ D:\WINDOWS\system32\wmpshell.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:58 8678912 --a------ D:\WINDOWS\system32\wmploc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:46 314880 --a------ D:\WINDOWS\system32\wmpdxm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:46 242688 --a------ D:\WINDOWS\system32\wmpasf.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:26 937984 --a------ D:\WINDOWS\system32\wmnetmgr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:25 157184 --a------ D:\WINDOWS\system32\wmidx.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:25 227328 --a------ D:\WINDOWS\system32\wmerror.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:24 37376 --a------ D:\WINDOWS\system32\wmdmps.dll <Not Verified; Microsoft Corporation; Windows Media Device Manager>
2008-04-27 04:20:24 33792 --a------ D:\WINDOWS\system32\wmdmlog.dll <Not Verified; Microsoft Corporation; Windows Media Device Manager>
2008-04-27 04:20:23 1117696 --a------ D:\WINDOWS\system32\wmadmoe.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:22 757248 --a------ D:\WINDOWS\system32\wmadmod.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:20 211456 --a------ D:\WINDOWS\system32\qasf.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:19 321536 --a------ D:\WINDOWS\system32\mswmdm.dll <Not Verified; Microsoft Corporation; Windows Media Device Manager>
2008-04-27 04:20:19 414208 --a------ D:\WINDOWS\system32\msscp.dll <Not Verified; Microsoft Corporation; Microsoft® DRM>
2008-04-27 04:20:18 175616 --a------ D:\WINDOWS\system32\mspmsp.dll <Not Verified; Microsoft Corporation; Windows Media Device Manager>
2008-04-27 04:20:18 27136 --a------ D:\WINDOWS\system32\mspmsnsv.dll <Not Verified; Microsoft Corporation; Windows Media Device Manager>
2008-04-27 04:20:18 179712 --a------ D:\WINDOWS\system32\msnetobj.dll <Not Verified; Microsoft Corporation; Microsoft® DRM>
2008-04-27 04:20:17 4096 --a------ D:\WINDOWS\system32\mpg4dmod.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:17 4096 --a------ D:\WINDOWS\system32\mp4sdmod.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:17 4096 --a------ D:\WINDOWS\system32\mp43dmod.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:17 100864 --a------ D:\WINDOWS\system32\logagent.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:17 11264 --a------ D:\WINDOWS\system32\laprxy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:17 991744 --a------ D:\WINDOWS\system32\drmv2clt.dll <Not Verified; Microsoft Corporation; Microsoft® DRM>
2008-04-27 04:20:16 229376 --a------ D:\WINDOWS\system32\cewmdm.dll <Not Verified; Microsoft Corporation; Windows Media Device Manager>
2008-04-27 04:20:16 542720 --a------ D:\WINDOWS\system32\blackbox.dll <Not Verified; Microsoft Corporation; Microsoft® DRM>
2008-04-27 04:20:15 316416 --a------ D:\WINDOWS\system32\wudfx.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:15 55808 --a------ D:\WINDOWS\system32\wudfsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:15 82944 --a------ D:\WINDOWS\system32\drivers\wudfrd.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:15 7168 --a------ D:\WINDOWS\system32\asferror.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:14 146432 --a------ D:\WINDOWS\system32\wudfhost.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:14 77568 --a------ D:\WINDOWS\system32\drivers\wudfpf.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:14 38528 --a------ D:\WINDOWS\system32\drivers\wpdusb.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:13 356352 --a------ D:\WINDOWS\system32\WPDSp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:13 2603008 --a------ D:\WINDOWS\system32\wpdshext.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:10 63488 --a------ D:\WINDOWS\system32\wpdmtpus.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:08 154624 --a------ D:\WINDOWS\system32\wpdmtp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:08 35840 --a------ D:\WINDOWS\system32\wpdconns.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:08 629760 --a------ D:\WINDOWS\system32\wpd_ci.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:08 656896 --a------ D:\WINDOWS\system32\wmvxencd.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:07 767488 --a------ D:\WINDOWS\system32\wmvsencd.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:06 1382912 --a------ D:\WINDOWS\system32\wmvsdecd.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:05 1574912 --a------ D:\WINDOWS\system32\wmvencod.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:04 1543680 --a------ D:\WINDOWS\system32\wmvdecod.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:02 4096 --a------ D:\WINDOWS\system32\wmvadve.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:02 4096 --a------ D:\WINDOWS\system32\wmvadvd.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:02 204288 --a------ D:\WINDOWS\system32\wmpsrcwp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:02 130048 --a------ D:\WINDOWS\system32\wmpps.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:02 613376 --a------ D:\WINDOWS\system32\wmpmde.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:01 1661440 --a------ D:\WINDOWS\system32\WMPEncEn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:19:59 535040 --a------ D:\WINDOWS\system32\wmdrmsdk.dll <Not Verified; Microsoft Corporation; Microsoft® DRM>
2008-04-27 04:19:58 348672 --a------ D:\WINDOWS\system32\wmdrmnet.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:19:58 429056 --a------ D:\WINDOWS\system32\wmdrmdev.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:19:57 8704 --a------ D:\WINDOWS\system32\wdfmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:19:57 4096 --a------ D:\WINDOWS\system32\wdfapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:19:57 8704 --a------ D:\WINDOWS\system32\uWDF.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:19:55 259072 --a------ D:\WINDOWS\system32\mpg4decd.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:19:55 317440 --a------ D:\WINDOWS\system32\mp4sdecd.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:19:55 259072 --a------ D:\WINDOWS\system32\mp43decd.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:19:54 212992 --a------ D:\WINDOWS\system32\mfplat.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:19:54 249856 --a------ D:\WINDOWS\system32\drmupgds.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:19:53 276992 --a------ D:\WINDOWS\system32\audiodev.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 20:39:32 2746880 --a------ D:\WINDOWS\system32\logonui.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 19:42:54 2710016 --a------ D:\WINDOWS\system32\winntbbu.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Find3M Report ---------------------------------------------------------------

2008-05-11 16:28:07 62 --ahs---- D:\Documents and Settings\Captain Kool\Application Data\desktop.ini
2008-04-27 04:20:15 165376 --a------ D:\WINDOWS\system32\wudfplatform.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:13 133632 --a------ D:\WINDOWS\system32\wpdshserviceobj.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:13 38400 --a------ D:\WINDOWS\system32\wpdshextres.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:13 17408 --a------ D:\WINDOWS\system32\wpdshextautoplay.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:19:59 295936 --a------ D:\WINDOWS\system32\wmpeffects.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:19:57 199168 --a------ D:\WINDOWS\system32\portabledevicewmdrm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:19:57 166912 --a------ D:\WINDOWS\system32\portabledevicetypes.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:19:57 101888 --a------ D:\WINDOWS\system32\portabledeviceclassextension.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:19:56 132096 --a------ D:\WINDOWS\system32\portabledevicewiacompat.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:19:56 284160 --a------ D:\WINDOWS\system32\portabledeviceapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-24 06:45:21 218624 --a------ D:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-23 17:32:39 1587712 --a------ D:\WINDOWS\system32\msgina.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-29 02:18:30 186880 --a------ D:\WINDOWS\system32\taskmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="D:\Program Files\Unlocker\UnlockerAssistant.exe" [01/03/2008 02:10 AM]
"egui"="D:\Program Files\ESET\ESET Smart Security\egui.exe" [01/03/2008 04:54 AM]
"SMSystemAnalyzer"="D:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe" [06/05/2008 04:48 PM]
"KernelFaultCheck"="D:\WINDOWS\system32\dumprep 0 -k" []
"ATIPTA"="D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [25/08/2004 12:52 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [14/04/2008 01:42 AM]
"True Transparency"="D:\Program Files\Utilities\True Transparency\TrueTransparency.exe" [28/10/2007 04:44 PM]
"Sidebar"="D:\Program Files\Windows Sidebar\sidebar.exe" [02/12/2007 10:58 PM]
"VistaStartMenu"="D:\Program Files\Vista Start Menu\VistaStartMenu.exe" [12/11/2007 10:58 AM]
"RocketDock"="D:\Program Files\RocketDock\RocketDock.exe" [02/09/2007 01:58 PM]
"FreeRAM XP"="D:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [23/03/2006 12:13 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
"ShowDeskFix"=regsvr32 /s /n /i:u shell32

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"True Transparency"="D:\Program Files\Utilities\True Transparency\TrueTransparency.exe"
"LClock"=D:\Program Files\LClock\LClock.exe

D:\Documents and Settings\Captain Kool\Start Menu\Programs\Startup\
MagicDisc.lnk - D:\Program Files\MagicDisc\MagicDisc.exe [5/23/2008 7:08:25 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
D:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register



-- End of Deckard's System Scanner: finished at 2008-05-25 18:06:17 ------------

Deckard's System Scanner v20071014.68
Run by Captain Kool on 2008-05-25 18:01:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
16: 2008-05-25 21:00:50 UTC - RP16 - Deckard's System Scanner Restore Point
15: 2008-05-25 18:08:09 UTC - RP15 - System Checkpoint
14: 2008-05-24 15:55:28 UTC - RP14 - Removed Project64 1.6
13: 2008-05-24 00:45:37 UTC - RP13 - Installed Project64 1.6
12: 2008-05-23 01:53:27 UTC - RP12 - System Checkpoint


-- First Restore Point --
1: 2008-05-14 20:13:17 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Captain Kool.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:02:06 PM, on 25/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20772)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\ESET\ESET Smart Security\egui.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
D:\Program Files\ESET\ESET Smart Security\ekrn.exe
D:\Program Files\iolo\common\lib\ioloServiceManager.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\uTorrent\uTorrent.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Documents and Settings\Captain Kool\Desktop\dss.exe
D:\DOCUME~1\CAPTAI~1\Desktop\Captain Kool.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SMSystemAnalyzer] "D:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [True Transparency] "D:\Program Files\Utilities\True Transparency\TrueTransparency.exe"
O4 - HKCU\..\Run: [Sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [VistaStartMenu] "D:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\Run: [RocketDock] "D:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "D:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [True Transparency] "D:\Program Files\Utilities\True Transparency\TrueTransparency.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [LClock] D:\Program Files\LClock\LClock.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: MagicDisc.lnk = D:\P
  • 0

#9
Captain K

Captain K

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
here's the extra text file
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: mobile AMD Athlon™ XP-M 1400+
Percentage of Memory in Use: 38%
Physical Memory (total/avail): 767.48 MiB / 475.62 MiB
Pagefile Memory (total/avail): 1878.09 MiB / 1658.34 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1863.09 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 4.02 GiB total, 2.75 GiB free.
D: is Fixed (NTFS) - 38.16 GiB total, 12.76 GiB free.
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 90432D2 - 4.02 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 4.02 GiB - C:

\\.\PHYSICALDRIVE1 - Maxtor 94098U8 - 38.16 GiB - 1 partition
\PARTITION0 - Installable File System - 38.16 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALKY=D:\Program Files\Alky for Applications\Libraries\
ALLUSERSPROFILE=D:\Documents and Settings\All Users
APPDATA=D:\Documents and Settings\Captain Kool\Application Data
CLIENTNAME=Console
CommonProgramFiles=D:\Program Files\Common Files
COMPUTERNAME=DESKTOP
ComSpec=D:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=D:
HOMEPATH=\Documents and Settings\Captain Kool
LOGONSERVER=\\DESKTOP
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=D:\WINDOWS\system32;D:\WINDOWS;D:\WINDOWS\System32\Wbem;D:\Program Files\Alky for Applications\Libraries\;D:\Program Files\ATI Technologies\ATI Control Panel
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0800
ProgramFiles=D:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=D:
SystemRoot=D:\WINDOWS
TEMP=D:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp
TMP=D:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp
USERDOMAIN=DESKTOP
USERNAME=Captain Kool
USERPROFILE=D:\Documents and Settings\Captain Kool
windir=D:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Captain Kool (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf
µTorrent --> "D:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Flash Player Plugin --> D:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> D:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE D:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Alky for Applications (Windows XP) --> MsiExec.exe /X{BB05D173-9681-4812-A7FA-BD4042A3DA00}
Ashampoo Burning Studio 7.21 --> "D:\Program Files\Ashampoo\Ashampoo Burning Studio 7\unins000.exe"
ATI - Software Uninstall Utility --> D:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 D:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HydraVision --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
CCleaner (remove only) --> "D:\Program Files\CCleaner\uninst.exe"
Collectorz.com Movie Collector --> D:\PROGRA~1\COLLEC~1.COM\MOVIEC~1\UNWISE.EXE D:\PROGRA~1\COLLEC~1.COM\MOVIEC~1\install.log
ESET Smart Security --> MsiExec.exe /I{6ECB944F-D027-4E8A-9906-70E77C005AD5}
Gadget Installer --> MsiExec.exe /I{3F3733A5-8322-454D-A638-3B74E1C83752}
HashTab 2.0.8 --> D:\Program Files\HashTab Shell Extension\uninst.exe
HijackThis 2.0.2 --> "D:\Documents and Settings\Captain Kool\Desktop\HijackThis.exe" /uninstall
IconPackager --> D:\PROGRA~1\Stardock\OBJECT~1\ICONPA~1\iconpackager.exe /uninstallwise
iolo technologies' System Mechanic Professional 7 --> "D:\Program Files\iolo\System Mechanic Professional 7\unins000.exe"
IZArc 3.81 --> "D:\Program Files\IZArc\unins000.exe"
James Bond 007: Nightfire --> D:\PROGRA~1\EAGAME~1\NIGHTF~1\UNWISE.EXE D:\PROGRA~1\EAGAME~1\NIGHTF~1\INSTALL.LOG
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
K-Lite Codec Pack 3.9.0 Standard --> "D:\Program Files\K-Lite Codec Pack\unins000.exe"
Kaspersky Online Scanner --> D:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Magic ISO Maker v5.5 (build 0259) --> D:\PROGRA~1\MagicISO\UNWISE.EXE D:\PROGRA~1\MagicISO\INSTALL.LOG
MagicDisc 2.6.93 --> D:\PROGRA~1\MAGICD~1\UNWISE.EXE D:\PROGRA~1\MAGICD~1\INSTALL.LOG
Malwarebytes' Anti-Malware --> "D:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office 2007 Recent Documents Gadget --> MsiExec.exe /X{90120000-008A-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.14) --> D:\Program Files\Mozilla Firefox\uninstall\helper.exe
oggcodecs 0.71.0946 --> D:\Program Files\illiminable\oggcodecs\uninst.exe
Pinnacle Game Profiler --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{49BF48CC-ABB6-4795-9B35-B5DE005D8612}\Setup.exe" -l0x9
RapidShare Manager --> rundll32.exe dfshim.dll,ShArpMaintain RapidShareManager.application, Culture=neutral, PublicKeyToken=c14d24c3c9280019, processorArchitecture=msil
RocketDock 1.3.5 --> "D:\Program Files\RocketDock\unins000.exe"
True Transparency 0.8.5 --> rundll32.exe advpack.dll,LaunchINFSection TrueTran.inf,UnInstall
Unlocker 1.8.6 --> D:\Program Files\Unlocker\uninst.exe
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VideoLAN VLC media player 0.8.6f --> D:\Program Files\VideoLAN\VLC\uninstall.exe
Vista Start Menu --> D:\Program Files\Vista Start Menu\uninstall.exe
Windows Sidebar --> RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,UnInstall
WinRAR archiver --> D:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type125 / Error
Event Submitted/Written: 05/18/2008 05:51:55 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application pinnacle.exe, version 4.2.0.0, faulting module kernel32.dll, version 5.1.2600.5512, fault address 0x00012aeb.
Processing media-specific event for [pinnacle.exe!ws!]

Event Record #/Type124 / Error
Event Submitted/Written: 05/18/2008 05:31:28 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application pinnacle.exe, version 4.2.0.0, faulting module kernel32.dll, version 5.1.2600.5512, fault address 0x00012aeb.
Processing media-specific event for [pinnacle.exe!ws!]

Event Record #/Type121 / Error
Event Submitted/Written: 05/18/2008 01:10:03 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x02264130.
Processing media-specific event for [explorer.exe!ws!]

Event Record #/Type119 / Error
Event Submitted/Written: 05/17/2008 04:37:11 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x02174130.
Processing media-specific event for [explorer.exe!ws!]

Event Record #/Type117 / Error
Event Submitted/Written: 05/17/2008 01:49:31 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x10004130.
Processing media-specific event for [explorer.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type1068 / Error
Event Submitted/Written: 05/25/2008 11:28:19 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The PinnacleUpdate Service service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type1011 / Error
Event Submitted/Written: 05/24/2008 00:26:47 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The PinnacleUpdate Service service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type990 / Error
Event Submitted/Written: 05/24/2008 11:05:13 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The PinnacleUpdate Service service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type971 / Error
Event Submitted/Written: 05/24/2008 09:08:58 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The PinnacleUpdate Service service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type920 / Error
Event Submitted/Written: 05/23/2008 02:54:48 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The PinnacleUpdate Service service terminated unexpectedly. It has done this 1 time(s).



-- End of Deckard's System Scanner: finished at 2008-05-25 18:06:17 ------------
  • 0

#10
sarahw

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Hi,
I seem to have overlooked your thread. I'm really sorry about that.

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

Advertisements


#11
Captain K

Captain K

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hey sarahw. These are the 2 log files you requested. That's a pretty kool avatar you have there by the way


ComboFix 08-05-27.4 - Captain Kool 2008-05-28 16:37:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.577 [GMT -3:00]
Running from: D:\Documents and Settings\Captain Kool\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
D:\Program Files\iolo\common\lib\ioloHL.dll


((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-28 )))))))))))))))))))))))))))))))
.

2008-05-27 21:21 . 2008-05-27 21:21 <DIR> d-------- D:\Documents and Settings\Captain Kool\Application Data\FireShot
2008-05-25 18:00 . 2008-05-25 18:00 <DIR> d-------- D:\Deckard
2008-05-25 00:41 . 2008-05-25 00:41 <DIR> d-------- D:\WINDOWS\system32\Kaspersky Lab
2008-05-25 00:41 . 2008-05-25 00:41 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-25 00:03 . 2008-05-25 00:03 <DIR> d-------- D:\Program Files\Malwarebytes' Anti-Malware
2008-05-25 00:03 . 2008-05-25 00:03 <DIR> d-------- D:\Documents and Settings\Captain Kool\Application Data\Malwarebytes
2008-05-25 00:03 . 2008-05-25 00:03 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-25 00:03 . 2008-05-05 20:46 27,048 --a------ D:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-25 00:03 . 2008-05-05 20:46 15,864 --a------ D:\WINDOWS\system32\drivers\mbam.sys
2008-05-24 22:33 . 2008-05-25 00:08 <DIR> d-------- D:\Documents and Settings\Captain Kool\Interstate.2007.NTSC.DVDR-DPiMP
2008-05-24 00:02 . 2008-05-24 00:02 <DIR> d-------- D:\Documents and Settings\Captain Kool\Application Data\vlc
2008-05-23 22:23 . 2008-05-23 22:23 <DIR> d-------- D:\Documents and Settings\Captain Kool\Application Data\dvdcss
2008-05-23 22:22 . 2008-05-23 22:22 <DIR> d-------- D:\Program Files\VideoLAN
2008-05-23 21:45 . 2008-05-24 12:55 <DIR> d-------- D:\Program Files\Project64 1.6
2008-05-23 19:08 . 2008-05-23 19:08 <DIR> d-------- D:\Program Files\MagicDisc
2008-05-23 19:08 . 2008-02-18 17:29 96,256 --a------ D:\WINDOWS\system32\drivers\mcdbus.sys
2008-05-23 19:03 . 2008-05-23 19:03 <DIR> d-------- D:\Program Files\MagicISO
2008-05-22 20:20 . 2008-05-22 21:36 <DIR> d-------- D:\Documents and Settings\Captain Kool\Indiana.Jones.And.The.Kingdom.Of.The.Crystal.Skull.TS.XviD-KAMERA
2008-05-22 18:33 . 2008-05-22 18:33 22 --a------ D:\WINDOWS\system32\ati64hlp.stb
2008-05-22 11:07 . 2008-04-13 23:15 32,128 --a------ D:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-22 11:07 . 2008-04-13 23:17 25,856 --a------ D:\WINDOWS\system32\drivers\usbprint.sys
2008-05-21 16:38 . 2008-05-21 16:38 22 --a------ D:\WINDOWS\system32\ati64hl2.stb
2008-05-20 18:02 . 2008-05-20 18:02 619 --a------ D:\WINDOWS\eReg.dat
2008-05-20 17:05 . 2008-05-20 17:05 <DIR> d-------- D:\Documents and Settings\Captain Kool\Application Data\Ashampoo
2008-05-20 17:03 . 2008-05-20 17:03 <DIR> d-------- D:\Program Files\Ashampoo
2008-05-20 17:03 . 2008-05-20 17:03 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\ashampoo
2008-05-20 07:04 . 2008-05-20 07:11 <DIR> d-------- D:\WINDOWS\system32\Adobe
2008-05-20 07:04 . 2008-03-19 18:26 499,712 --a------ D:\WINDOWS\system32\msvcp71.dll
2008-05-19 23:05 . 2008-05-23 18:23 <DIR> d-------- D:\Documents and Settings\Captain Kool\Metal_Gear_Solid_3_Snake_Eater_USA_PS2DVD-STRiKE
2008-05-19 21:32 . 2008-05-19 21:33 <DIR> d-------- D:\Program Files\ATI Technologies
2008-05-19 21:32 . 2004-08-25 12:52 516,096 --------- D:\WINDOWS\system32\ati2sgag.exe
2008-05-19 21:32 . 2004-08-25 03:40 294,912 -ra------ D:\WINDOWS\system32\atiiiexx.dll
2008-05-19 21:32 . 2004-08-25 03:22 151,552 -ra------ D:\WINDOWS\system32\ATIDEMGR.dll
2008-05-19 21:02 . 2008-05-20 17:54 <DIR> d-------- D:\Program Files\EA GAMES
2008-05-19 13:15 . 2008-05-19 13:15 <DIR> d-------- D:\Program Files\illiminable
2008-05-18 22:32 . 2008-05-18 22:32 <DIR> d-------- D:\Program Files\Trend Micro
2008-05-18 18:50 . 2008-05-20 07:35 <DIR> d-------- D:\Program Files\Can You See What I See
2008-05-18 18:33 . 2008-05-18 18:33 <DIR> d-------- D:\WINDOWS\Sun
2008-05-18 17:26 . 2008-05-18 17:26 <DIR> d-------- D:\Documents and Settings\Captain Kool\Application Data\KALiNKOsoft
2008-05-18 16:48 . 2008-05-18 16:48 <DIR> d-------- D:\Program Files\KALiNKOsoft
2008-05-18 16:48 . 2008-05-19 21:33 <DIR> d--h----- D:\Program Files\InstallShield Installation Information
2008-05-18 16:47 . 2008-05-19 21:31 <DIR> d-------- D:\Program Files\Common Files\InstallShield
2008-05-18 13:31 . 2008-05-18 13:31 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Trymedia
2008-05-17 21:44 . 2008-05-17 21:44 <DIR> d-------- D:\Documents and Settings\Captain Kool\Application Data\Friday's games
2008-05-17 19:34 . 2008-05-17 19:34 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Gogii
2008-05-17 19:29 . 2008-05-17 19:29 <DIR> d-------- D:\Program Files\ReflexiveArcade
2008-05-17 16:24 . 2008-05-18 12:36 <DIR> d-------- D:\Documents and Settings\Captain Kool\Application Data\UseNeXT
2008-05-17 01:12 . 2008-05-17 01:12 406 --a------ D:\WINDOWS\system32\ioloBootDefrag.cfg
2008-05-17 01:01 . 2008-05-17 01:01 <DIR> d-------- D:\Documents and Settings\LocalService\Application Data\iolo
2008-05-17 01:01 . 2008-05-06 16:49 428,904 --a------ D:\WINDOWS\system32\Incinerator.dll
2008-05-17 01:01 . 2006-07-24 18:51 9,341 --a------ D:\WINDOWS\system32\drivers\filedisk.sys
2008-05-17 01:00 . 2008-03-24 08:53 34,304 --a------ D:\WINDOWS\system32\iolobtdfg.exe
2008-05-17 01:00 . 2008-03-24 08:53 22,528 --a------ D:\WINDOWS\system32\smrgdf.exe
2008-05-17 00:59 . 2008-05-17 00:59 <DIR> d-------- D:\Program Files\iolo
2008-05-17 00:53 . 2008-05-17 00:53 74,703 --a------ D:\WINDOWS\system32\mfc45.dll
2008-05-17 00:52 . 2008-05-17 01:12 <DIR> d-------- D:\Documents and Settings\Captain Kool\Application Data\iolo
2008-05-17 00:52 . 2008-05-17 01:12 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\iolo
2008-05-16 22:29 . 2008-05-16 22:32 <DIR> d-------- D:\Program Files\Collectorz.com
2008-05-15 22:31 . 2008-05-15 22:31 <DIR> d-------- D:\Program Files\YourWare Solutions
2008-05-15 22:27 . 2008-05-15 22:29 <DIR> d-------- D:\Documents and Settings\Captain Kool\Application Data\GetRightToGo
2008-05-15 18:39 . 2008-05-15 18:40 <DIR> d-------- D:\Program Files\Common Files\Adobe
2008-05-15 18:38 . 2008-05-20 07:04 1,244 --a------ D:\WINDOWS\mozver.dat
2008-05-14 19:46 . 2008-05-17 01:25 <DIR> d-------- D:\WAR2
2008-05-14 16:48 . 2008-05-27 18:42 <DIR> d--h----- D:\WINDOWS\$hf_mig$
2008-05-12 19:13 . 2008-05-24 18:40 <DIR> d-------- D:\Documents and Settings\Captain Kool\Application Data\Vista Start Menu
2008-05-12 18:48 . 2008-05-12 19:13 <DIR> d-------- D:\Program Files\Vista Start Menu
2008-05-12 18:39 . 2008-05-12 18:39 <DIR> d-------- D:\Documents and Settings\Captain Kool\Application Data\Media Player Classic
2008-05-11 22:07 . 2008-04-13 23:47 83,072 --a------ D:\WINDOWS\system32\drivers\wdmaud.sys
2008-05-11 22:07 . 2008-04-13 23:15 52,864 --a------ D:\WINDOWS\system32\drivers\DMusic.sys
2008-05-11 22:07 . 2008-04-13 23:15 6,272 --a------ D:\WINDOWS\system32\drivers\splitter.sys
2008-05-11 21:21 . 2008-05-11 21:21 <DIR> d-------- D:\Documents and Settings\Captain Kool\Application Data\ESET
2008-05-11 21:16 . 2008-05-11 21:16 <DIR> d-------- D:\Program Files\ESET
2008-05-11 21:16 . 2008-05-11 21:16 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\ESET
2008-05-11 20:15 . 2008-05-11 20:15 <DIR> d-------- D:\Documents and Settings\Captain Kool\Application Data\Talkback
2008-05-11 20:15 . 2008-05-11 20:15 0 --a------ D:\WINDOWS\nsreg.dat
2008-05-11 20:14 . 2008-05-11 20:14 <DIR> d-------- D:\Documents and Settings\Captain Kool\Application Data\Styler
2008-05-11 20:13 . 2008-04-14 01:42 221,184 --a------ D:\WINDOWS\system32\wmpns.dll
2008-05-11 20:12 . 2008-05-27 21:04 <DIR> d-------- D:\Documents and Settings\Captain Kool\Application Data\uTorrent
2008-05-11 20:12 . 2008-05-25 00:35 <DIR> d-------- D:\Documents and Settings\Captain Kool\Application Data\Desktopicon
2008-05-11 20:12 . 2008-05-24 22:33 <DIR> d-------- D:\Documents and Settings\Captain Kool
2008-05-11 20:10 . 2008-05-11 20:10 <DIR> d---s---- D:\WINDOWS\system32\Microsoft
2008-05-11 20:10 . 2008-05-14 19:35 <DIR> d--hs---- D:\Documents and Settings\NetworkService
2008-05-11 20:08 . 2008-05-11 20:06 <DIR> d-------- D:\WINDOWS\system32\config\systemprofile\nsc2167.tmp
2008-05-11 20:08 . 2007-03-06 12:04 20,120 --a------ D:\WINDOWS\sKzVistaUltimateSound(Loud).reg
2008-05-11 20:08 . 2008-03-20 10:43 12,536 --a------ D:\WINDOWS\system32\oemlogo.bmp
2008-05-11 20:08 . 2008-03-19 13:16 96 --a------ D:\WINDOWS\system32\oeminfo.ini
2008-05-11 20:07 . 2008-05-14 19:30 <DIR> d-------- D:\Program Files\Unlocker
2008-05-11 20:07 . 2008-04-16 15:45 <DIR> d-------- D:\Program Files\Stardock
2008-05-11 20:07 . 2008-04-16 15:45 <DIR> d-------- D:\Program Files\RocketDock
2008-05-11 20:07 . 2008-05-18 13:11 <DIR> d-------- D:\Program Files\LClock
2008-05-11 20:07 . 2008-05-11 20:07 <DIR> d-------- D:\Program Files\K-Lite Codec Pack
2008-05-11 20:07 . 2008-05-11 20:07 <DIR> d-------- D:\Program Files\Common Files\Stardock
2008-05-11 20:07 . 2004-01-11 19:00 348,160 --a------ D:\WINDOWS\system32\msvcr71.dll
2008-05-11 20:07 . 2007-09-04 13:56 164,352 --a------ D:\WINDOWS\system32\unrar.dll
2008-05-11 20:06 . 2008-05-11 20:06 <DIR> d-------- D:\Program Files\Sysinternals
2008-05-11 20:06 . 2008-05-11 20:06 <DIR> d-------- D:\Program Files\IZArc
2008-05-11 20:06 . 2008-05-11 20:06 <DIR> d-------- D:\Program Files\HashTab Shell Extension
2008-05-11 20:06 . 2008-05-11 20:06 <DIR> d-------- D:\Program Files\Alky for Applications
2008-05-11 20:06 . 2008-03-25 02:37 69,632 --a------ D:\WINDOWS\system32\javacpl.cpl
2008-05-11 20:05 . 2008-05-11 20:06 <DIR> d-------- D:\Program Files\Java
2008-05-11 20:05 . 2008-05-11 20:05 <DIR> d-------- D:\Program Files\Common Files\Java
2008-05-11 20:00 . 2008-05-14 19:35 <DIR> d--hs---- D:\Documents and Settings\LocalService

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-13 21:21 --------- d-----w D:\Program Files\Styler
2008-05-11 23:14 --------- d-----w D:\Program Files\VistaExperience.org
2008-05-11 22:59 --------- d-----w D:\Program Files\Reference Assemblies
2008-05-11 22:59 --------- d-----w D:\Program Files\MSBuild
2008-05-11 22:49 --------- d-----w D:\Program Files\CCleaner
2008-05-11 22:47 --------- d-----w D:\Program Files\uTorrent
2008-05-11 22:46 --------- d-----w D:\Program Files\Windows Sidebar
2008-05-11 22:41 --------- d-----w D:\Program Files\Desktop
2008-05-11 22:40 --------- d-----w D:\Program Files\Windows Media Connect 2
2008-05-11 22:40 --------- d-----w D:\Program Files\Utilities
2008-04-27 08:21 9,216 ----a-w D:\WINDOWS\system32\drivers\VIDEX32.sys
2008-04-27 08:20 3,038 ----a-w D:\WINDOWS\system32\presetup.cmd
2008-04-27 08:20 28,672 ----a-w D:\WINDOWS\system32\setupold.exe
2008-04-27 08:10 86,073 ----a-w D:\WINDOWS\system32\usrfaxa.dll
2008-04-27 08:06 990,208 ----a-w D:\WINDOWS\system32\syssetup.dll
2008-04-27 08:06 361,344 ----a-w D:\WINDOWS\system32\drivers\tcpip.sys
2008-04-27 08:06 24,576 ----a-w D:\WINDOWS\system32\nlsdl.dll
2008-04-27 08:06 23,552 ----a-w D:\WINDOWS\system32\normaliz.dll
2008-04-27 08:06 140,288 ----a-w D:\WINDOWS\system32\sfc_os.dll
2008-04-27 08:04 92,504 ----a-w D:\WINDOWS\system32\cdm.dll
2008-04-27 08:04 549,720 ----a-w D:\WINDOWS\system32\wuapi.dll
2008-04-27 08:04 53,080 ----a-w D:\WINDOWS\system32\wuauclt.exe
2008-04-27 08:04 33,624 ----a-w D:\WINDOWS\system32\wups.dll
2008-04-27 08:04 325,976 ----a-w D:\WINDOWS\system32\wucltui.dll
2008-04-27 08:04 25,944 ----a-w D:\WINDOWS\system32\wuauserv.dll
2008-04-27 08:04 203,096 ----a-w D:\WINDOWS\system32\wuweb.dll
2008-04-27 08:04 16,384 ----a-w D:\WINDOWS\system32\lcid.exe
2008-04-27 08:04 1,712,984 ----a-w D:\WINDOWS\system32\wuaueng.dll
2008-04-27 08:02 3,734,536 ----a-w D:\WINDOWS\system32\d3dx9_36.dll
2008-04-27 08:02 3,727,720 ----a-w D:\WINDOWS\system32\d3dx9_35.dll
2008-04-27 08:02 3,497,832 ----a-w D:\WINDOWS\system32\d3dx9_34.dll
2008-04-27 08:02 3,495,784 ----a-w D:\WINDOWS\system32\d3dx9_33.dll
2008-04-27 08:02 3,426,072 ----a-w D:\WINDOWS\system32\d3dx9_32.dll
2008-04-27 08:02 2,414,360 ----a-w D:\WINDOWS\system32\d3dx9_31.dll
2008-04-27 08:02 2,297,552 ----a-w D:\WINDOWS\system32\d3dx9_26.dll
2008-04-27 07:21 4,096 ----a-w D:\WINDOWS\system32\wmvdmoe2.dll
2008-04-27 07:21 4,096 ----a-w D:\WINDOWS\system32\wmvdmod.dll
2008-04-27 07:21 1,329,152 ----a-w D:\WINDOWS\system32\wmspdmoe.dll
2008-04-27 07:19 8,704 ----a-w D:\WINDOWS\system32\wdfmgr.exe
2008-04-25 23:39 2,746,880 ----a-w D:\WINDOWS\system32\logonui.exe
2008-04-25 22:42 2,710,016 ----a-w D:\WINDOWS\system32\winntbbu.dll
2008-04-24 10:35 2,350,208 ----a-w D:\WINDOWS\system32\ntoskrnl.exe
2008-04-24 10:34 2,227,072 ----a-w D:\WINDOWS\system32\ntkrnlpa.exe
2008-04-24 09:45 218,624 ----a-w D:\WINDOWS\system32\uxtheme.dll
2008-04-23 20:32 1,587,712 ----a-w D:\WINDOWS\system32\msgina.dll
2008-04-14 07:43 40,840 ----a-w D:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 07:42 294,912 ----a-w D:\WINDOWS\system32\msh263.drv
2008-04-14 07:42 23,552 ----a-w D:\WINDOWS\system32\wdmaud.drv
2008-04-14 07:41 4,096 ----a-w D:\WINDOWS\system32\ksuser.dll
2008-04-14 06:40 1,296,669 ----a-r D:\WINDOWS\SET3.tmp
2008-04-14 06:34 16,535 ----a-r D:\WINDOWS\SET8.tmp
2008-04-14 06:34 1,088,840 ----a-r D:\WINDOWS\SET4.tmp
2008-04-14 04:55 1,804 ----a-w D:\WINDOWS\system32\Dcache.bin
2008-04-14 04:46 329,728 ----a-w D:\WINDOWS\system32\netsetup.exe
2008-04-14 04:43 92,424 ----a-w D:\WINDOWS\system32\rdpdd.dll
2008-04-14 04:43 87,176 ----a-w D:\WINDOWS\system32\rdpwsx.dll
2008-04-14 04:43 299,520 ----a-w D:\WINDOWS\system32\drmclien.dll
2008-04-14 04:43 21,896 ----a-w D:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 04:43 139,656 ----a-w D:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 04:43 12,168 ----a-w D:\WINDOWS\system32\tsddd.dll
2008-04-14 04:43 12,040 ----a-w D:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 04:41 98,304 ----a-w D:\WINDOWS\system32\actxprxy.dll
2008-04-14 04:40 53,279 ----a-w D:\WINDOWS\system32\odbcji32.dll
2008-04-14 04:40 4,126 ----a-w D:\WINDOWS\system32\msdxmlc.dll
2008-04-14 04:40 3,584 ----a-w D:\WINDOWS\system32\msafd.dll
2008-04-14 04:40 102,912 ----a-w D:\WINDOWS\system32\dpcdll.dll
2008-04-14 02:49 146,048 ----a-w D:\WINDOWS\system32\drivers\portcls.sys
2008-04-14 02:46 141,056 ----a-w D:\WINDOWS\system32\drivers\ks.sys
2008-04-14 02:45 60,800 ----a-w D:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-14 02:15 60,160 ----a-w D:\WINDOWS\system32\drivers\drmk.sys
2008-04-14 02:15 56,576 ----a-w D:\WINDOWS\system32\drivers\swmidi.sys
2008-04-14 02:15 49,408 ----a-w D:\WINDOWS\system32\drivers\stream.sys
2008-04-14 02:15 2,944 ----a-w D:\WINDOWS\system32\drivers\drmkaud.sys
2008-04-14 02:15 172,416 ----a-w D:\WINDOWS\system32\drivers\kmixer.sys
2008-04-14 02:09 7,552 ----a-w D:\WINDOWS\system32\drivers\MSKSSRV.sys
2008-04-14 02:09 5,376 ----a-w D:\WINDOWS\system32\drivers\MSPCLOCK.sys
2008-04-14 02:09 4,992 ----a-w D:\WINDOWS\system32\drivers\MSPQM.sys
2008-04-14 02:02 196,224 ----a-w D:\WINDOWS\system32\drivers\rdpdr.sys
2008-04-14 00:09 142,592 ----a-w D:\WINDOWS\system32\drivers\aec.sys
2008-04-14 00:04 701,440 ----a-w D:\WINDOWS\system32\drivers\ati2mtag.sys
2008-04-14 00:00 1,845,632 ----a-w D:\WINDOWS\system32\win32k.sys
2008-04-13 23:58 175,744 ----a-w D:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 23:51 162,816 ----a-w D:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 23:50 91,520 ----a-w D:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 23:50 182,656 ----a-w D:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 23:49 75,264 ----a-w D:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 23:49 51,328 ----a-w D:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 23:49 48,384 ----a-w D:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 23:49 138,112 ----a-w D:\WINDOWS\system32\drivers\afd.sys
2008-04-13 23:48 52,480 ----a-w D:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 23:47 456,576 ----a-w D:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 23:47 105,344 ----a-w D:\WINDOWS\system32\drivers\mup.sys
2008-04-13 23:46 49,536 ----a-w D:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 23:45 64,512 ----a-w D:\WINDOWS\system32\drivers\serial.sys
2008-04-13 23:45 574,976 ----a-w D:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 23:45 334,848 ----a-w D:\WINDOWS\system32\drivers\srv.sys
2008-04-13 23:44 63,744 ----a-w D:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 23:44 143,744 ----a-w D:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 23:30 225,664 ----a-w D:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 23:30 19,072 ----a-w D:\WINDOWS\system32\drivers\tdi.sys
.

------- Sigcheck -------

2008-04-27 05:06 361344 68f06fe0021b01e670af37b8c5964fdf D:\WINDOWS\system32\drivers\tcpip.sys

2008-04-24 07:34 2227072 f54927b2c174b5e0b1e6f3bee87f4d22 D:\WINDOWS\system32\ntkrnlpa.exe

2008-04-24 07:35 2350208 46391325b9159057fffafca37a39a669 D:\WINDOWS\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2008-04-14 01:42 15360]
"True Transparency"="D:\Program Files\Utilities\True Transparency\TrueTransparency.exe" [2007-10-28 16:44 133120]
"Sidebar"="D:\Program Files\Windows Sidebar\sidebar.exe" [2007-12-02 22:58 1230848]
"VistaStartMenu"="D:\Program Files\Vista Start Menu\VistaStartMenu.exe" [2007-11-12 10:58 1702080]
"RocketDock"="D:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]
"FreeRAM XP"="D:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 00:13 1591808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="D:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-03-01 02:10 15872]
"egui"="D:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-03-01 04:54 1443072]
"SMSystemAnalyzer"="D:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe" [2008-05-06 16:48 764776]
"ATIPTA"="D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 12:52 339968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 01:42 15360]
"True Transparency"="D:\Program Files\Utilities\True Transparency\TrueTransparency.exe" [2007-10-28 16:44 133120]
"LClock"="D:\Program Files\LClock\LClock.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-03-01 10:03 124928 D:\WINDOWS\system32\advpack.dll]
"ShowDeskFix"="regsvr32 /s /n /i:u shell32" []

D:\Documents and Settings\Captain Kool\Start Menu\Programs\Startup\
MagicDisc.lnk - D:\Program Files\MagicDisc\MagicDisc.exe [5/23/2008 7:08:25 PM 546816]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\uTorrent\\uTorrent.exe"=

R0 VIDEX32;VIDEX32;D:\WINDOWS\system32\drivers\VIDEX32.sys [2008-04-27 05:21]
R2 ioloFileInfoList;iolo FileInfoList Service;D:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-05-02 12:31]
R2 ioloSystemService;iolo System Service;D:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-05-02 12:31]

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 16:40:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: D:\WINDOWS\system32\winlogon.exe
-> D:\Program Files\iolo\common\lib\ioloHL.dll

PROCESS: D:\WINDOWS\system32\lsass.exe
-> D:\Program Files\iolo\common\lib\ioloHL.dll

PROCESS: D:\WINDOWS\system32\csrss.exe
-> D:\Program Files\iolo\common\lib\ioloHL.dll
.
Completion time: 2008-05-28 16:41:12
ComboFix-quarantined-files.txt 2008-05-28 19:41:06

Pre-Run: 13,534,728,192 bytes free
Post-Run: 13,546,278,912 bytes free

284 --- E O F --- 2008-05-27 21:42:19



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:46:57 PM, on 28/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20772)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\ESET\ESET Smart Security\egui.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
D:\Program Files\ESET\ESET Smart Security\ekrn.exe
D:\Program Files\iolo\common\lib\ioloServiceManager.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\explorer.exe
D:\Documents and Settings\Captain Kool\Desktop\Captain Kool.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SMSystemAnalyzer] "D:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [True Transparency] "D:\Program Files\Utilities\True Transparency\TrueTransparency.exe"
O4 - HKCU\..\Run: [Sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [VistaStartMenu] "D:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\Run: [RocketDock] "D:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "D:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [True Transparency] "D:\Program Files\Utilities\True Transparency\TrueTransparency.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [LClock] D:\Program Files\LClock\LClock.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: MagicDisc.lnk = D:\Program Files\MagicDisc\MagicDisc.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B53923D9-9D1E-44F7-8BB4-97F035D5AFC5}: NameServer = 24.222.0.94,24.222.0.95
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - D:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - D:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - D:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - D:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe

--
End of file - 5466 bytes
  • 0

#12
sarahw

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Hi,

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK


  • Posted Image

The above procedure will:
  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.


B]Download and scan with[/B] SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

  • 0

#13
Captain K

Captain K

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi sarahw, Here's the next log file

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/30/2008 at 07:17 PM

Application Version : 4.1.1046

Core Rules Database Version : 3471
Trace Rules Database Version: 1462

Scan type : Complete Scan
Total Scan Time : 00:15:59

Memory items scanned : 294
Memory threats detected : 0
Registry items scanned : 4032
Registry threats detected : 0
File items scanned : 9239
File threats detected : 7

Adware.Tracking Cookie
D:\Documents and Settings\Captain Kool\Cookies\[email protected][1].txt
D:\Documents and Settings\Captain Kool\Cookies\[email protected][1].txt
D:\Documents and Settings\Captain Kool\Cookies\[email protected][1].txt
D:\Documents and Settings\Captain Kool\Cookies\[email protected][2].txt
D:\Documents and Settings\Captain Kool\Cookies\[email protected][1].txt
D:\Documents and Settings\Captain Kool\Cookies\[email protected][2].txt
D:\Documents and Settings\Captain Kool\Cookies\[email protected][1].txt

Edited by Captain K, 30 May 2008 - 04:27 PM.

  • 0

#14
sarahw

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Hi,
How is the computer runing now?
  • 0

#15
Captain K

Captain K

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi sarahw. My computer seems to be all cleaned up now with no strange processes showing in the task manager or any threats in Eset log files. Thanks for all your help and could you please recommend a good anti spyware adware program for a slower pc like mine. Something that I can install, configure, and then forget about..........thanks, Cap'n K
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP