Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Infected but not sure what with [RESOLVED]


  • This topic is locked This topic is locked

#1
ally0000

ally0000

    New Member

  • Member
  • Pip
  • 3 posts
Hi All,

If someone is able to help that would be great, I can't face a re-install as I have a 10 day old daughter at home and a frazzled wife. A few days ago I noticed a bubble saying 'Automatic Updates are disabled' but was unable to re-enable them, I wasn't too bothered at the time. Then later on all these pop ups started, I have Norton Anti-virus corporate edition V10 and windows defender on my PC as well as being behind a Netgear router (with NAT) and a Zone Alarm firewall.

I downloaded Malwarebytes, spyware doctor, Ad-aware and spybit but nothing would clean it.

Any help would be really appreciated. I've read a few posts in this forum and I am going to include logs from Hijack this, DSS and combofix.

Hijack THis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:19:38, on 22/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\VMware\VMware Workstation\hqtray.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\Program Files\Thoosje Sidebar 2.2\Thoosje Sidebar.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: {9dbd5337-e2d2-4bda-d454-4741eba996b0} - {0b699abe-1474-454d-adb4-2d2e7335dbd9} - C:\WINDOWS\system32\kjeipsnx.dll
O2 - BHO: (no name) - {514A5C49-0C7D-42c3-A71B-38864A269B7A} - C:\WINDOWS\system32\iixejoea.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [BMf3b5f465] Rundll32.exe "C:\WINDOWS\system32\eeweavce.dll",s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe min
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Thoosje Sidebar.lnk = C:\Program Files\Thoosje Sidebar 2.2\Thoosje Sidebar.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1208302233578
O17 - HKLM\System\CCS\Services\Tcpip\..\{939E8B02-AB7E-4874-B7CF-230AE7C82776}: NameServer = 192.168.1.1,212.20.226.130
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11348 bytes
=========================================================================
=========================================================================

ComboFix:
ComboFix 08-05-21.2 - Administrator 2008-05-22 21:04:47.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1276 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator.XPS1530\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMf3b5f465.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\dcsolmpk.exe
C:\WINDOWS\system32\ggbpifuj.ini
C:\WINDOWS\system32\nwuuuyue.ini
C:\WINDOWS\system32\setup.ini
C:\WINDOWS\system32\vDMpYJlm.ini
C:\WINDOWS\system32\vDMpYJlm.ini2

.
((((((((((((((((((((((((( Files Created from 2008-04-22 to 2008-05-22 )))))))))))))))))))))))))))))))
.

2008-05-22 17:40 . 2008-05-22 17:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-22 15:26 . 2008-05-22 15:26 269,334 --a------ C:\WINDOWS\system32\ctfmonb.bmp
2008-05-22 15:26 . 2008-05-22 15:26 160,256 --a------ C:\WINDOWS\system32\blackster.scr
2008-05-22 09:00 . 2008-05-22 09:00 135,680 --a------ C:\WINDOWS\system32\kjeipsnx.dll
2008-05-22 09:00 . 2008-05-22 09:00 114,688 --a------ C:\WINDOWS\system32\euyuuuwn.dll
2008-05-22 08:57 . 2008-05-22 08:57 128,000 --a------ C:\WINDOWS\system32\eeweavce.dll
2008-05-22 08:57 . 2008-05-22 08:57 92,160 --a------ C:\WINDOWS\system32\iixejoea.dll
2008-05-22 08:01 . 2007-08-01 22:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-05-22 06:16 . 2008-05-22 08:11 <DIR> d-------- C:\Documents and Settings\Administrator.XPS1530\.housecall6.6
2008-05-22 06:04 . 2008-05-22 06:04 <DIR> d-------- C:\Program Files\Microsoft Baseline Security Analyzer 2
2008-05-22 06:04 . 2008-05-22 06:06 <DIR> d-------- C:\Documents and Settings\Administrator.XPS1530\SecurityScans
2008-05-21 18:28 . 2008-05-21 18:28 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-05-21 18:28 . 2008-05-21 18:28 <DIR> d-------- C:\Documents and Settings\Administrator.XPS1530\Application Data\Malwarebytes
2008-05-21 18:20 . 2008-05-21 18:21 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-05-21 18:10 . 2008-05-21 18:10 <DIR> d-------- C:\Documents and Settings\Administrator.XPS1530\Application Data\PC Tools
2008-05-21 18:10 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-05-21 18:10 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-05-21 18:10 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-05-21 18:10 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-05-03 18:28 . 2008-05-03 18:28 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Creative
2008-05-03 16:22 . 2008-05-03 16:22 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Creative Labs
2008-05-03 16:20 . 2008-05-03 16:20 <DIR> d-------- C:\Program Files\Common Files\Creative Labs Shared
2008-05-03 10:20 . 2008-05-03 10:31 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-04-27 09:39 . 2008-04-27 09:39 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-04-27 09:39 . 2008-04-27 09:39 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-04-26 23:06 . 2008-04-26 23:32 <DIR> d-------- C:\Program Files\MediaMonkey
2008-04-26 21:25 . 2008-04-26 21:25 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\CyberLink
2008-04-26 21:11 . 2008-05-03 23:08 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\NVIDIA
2008-04-26 20:58 . 2008-04-26 22:58 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-04-26 20:58 . 2006-10-04 15:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-04-26 20:58 . 2006-10-04 15:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-04-26 20:58 . 2006-10-04 15:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-04-26 20:57 . 2008-04-26 20:57 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-26 20:57 . 2008-04-26 20:57 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-23 19:00 . 2008-04-23 19:00 <DIR> d-------- C:\WINDOWS\Sun
2008-04-23 19:00 . 2008-04-23 19:00 <DIR> d-------- C:\Documents and Settings\Administrator.XPS1530\Application Data\Juniper Networks
2008-04-22 19:45 . 2008-05-21 20:08 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-22 00:01 . 2008-04-22 00:01 <DIR> d-------- C:\WINDOWS\system32\ALIEHCI
2008-04-22 00:01 . 2003-06-24 11:47 104,088 --------- C:\WINDOWS\system32\drivers\ALiEHCI.SYS
2008-04-22 00:01 . 2001-11-13 21:24 35,587 --------- C:\WINDOWS\system32\rmusb20.EXE
2008-04-22 00:01 . 2003-01-11 17:20 28,672 --------- C:\WINDOWS\system32\Unusb20.exe
2008-04-22 00:01 . 2003-06-24 11:54 17,835 --------- C:\WINDOWS\system32\drivers\ALiHUB.SYS
2008-04-22 00:01 . 2003-06-24 11:53 8,668 --------- C:\WINDOWS\system32\drivers\ALiGP.SYS
2008-04-22 00:01 . 2003-06-24 11:55 5,337 --------- C:\WINDOWS\system32\drivers\ALiRTHUB.SYS
2008-04-22 00:01 . 2003-06-24 13:35 635 --a------ C:\WINDOWS\system32\setup.iss

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-22 20:09 --------- d-----w C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\VMware
2008-05-22 20:09 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\VMware
2008-05-22 20:09 --------- d-----w C:\Documents and Settings\Administrator.XPS1530\Application Data\VMware
2008-05-22 20:06 8,835,104 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-22 20:06 106,676 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-22 20:06 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-05-22 19:58 --------- d-----w C:\Documents and Settings\Administrator.XPS1530\Application Data\Skype
2008-05-22 16:42 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-05-22 16:34 --------- d-----w C:\Program Files\Spyware Doctor
2008-05-22 16:34 --------- d-----w C:\Documents and Settings\Administrator.XPS1530\Application Data\Azureus
2008-05-22 16:28 1,156,608 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-05-22 15:08 --------- d-----w C:\Documents and Settings\Administrator.XPS1530\Application Data\skypePM
2008-05-21 17:20 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-03 17:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-03 15:20 --------- d-----w C:\Program Files\Creative
2008-04-26 20:25 --------- d-----w C:\Program Files\CyberLink
2008-04-23 04:59 --------- d-----w C:\Program Files\Avanquest update
2008-04-21 19:30 --------- d-----w C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\VMware
2008-04-20 23:03 32 ----a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\ezsid.dat
2008-04-20 22:43 --------- d-----w C:\Documents and Settings\Administrator.XPS1530\Application Data\Talkback
2008-04-18 09:17 --------- d-----w C:\Documents and Settings\Administrator.XPS1530\Application Data\Symantec
2008-04-18 07:23 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec
2008-04-17 22:59 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Sony
2008-04-17 22:59 --------- d-----w C:\Documents and Settings\Administrator.XPS1530\Application Data\Sony
2008-04-17 22:54 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-04-17 22:54 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2008-04-17 22:52 --------- d-----w C:\Documents and Settings\Administrator.XPS1530\Application Data\Sony Setup
2008-04-17 22:01 --------- d-----w C:\Program Files\Norton Ghost
2008-04-17 22:01 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-17 18:52 --------- d-----w C:\Documents and Settings\Administrator.XPS1530\Application Data\AdobeUM
2008-04-17 08:50 --------- d-----w C:\Program Files\MagicISO
2008-04-17 08:26 21,361 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-04-17 08:26 21,361 ----a-w C:\WINDOWS\AegisP.sys
2008-04-17 08:26 --------- d-----w C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Intel
2008-04-17 08:26 --------- d-----w C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Intel
2008-04-17 08:26 --------- d-----w C:\Documents and Settings\Default User.WINDOWS\Application Data\Intel
2008-04-17 08:26 --------- d-----w C:\Documents and Settings\Administrator.XPS1530\Application Data\Intel
2008-04-17 08:25 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Intel
2008-04-16 23:29 --------- d-----w C:\Program Files\Winamp
2008-04-16 23:27 --------- d-----w C:\Program Files\Skype
2008-04-16 23:27 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
2008-04-16 00:02 46,592 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-04-16 00:02 1,359,360 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-04-15 23:57 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\UIB
2008-04-15 23:56 --------- d-----w C:\Program Files\DIFX
2008-04-15 23:54 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-15 23:54 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2008-04-15 23:53 --------- d-----w C:\Program Files\DellTPad
2008-04-15 23:48 --------- d-----w C:\Program Files\Thoosje Sidebar 2.2
2008-04-15 23:47 --------- d-----w C:\Program Files\Tweak-XP Pro
2008-04-15 23:35 --------- d-----w C:\Program Files\SpywareBlaster
2008-04-15 23:31 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-15 23:29 --------- d-----w C:\Program Files\DVD Shrink
2008-04-15 23:29 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\DVD Shrink
2008-04-15 23:26 --------- d-----w C:\Program Files\Ahead
2008-04-15 23:25 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Sony Ericsson
2008-04-15 23:25 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\BVRP Software
2008-04-15 23:24 --------- d-----w C:\Program Files\Java
2008-04-15 23:24 --------- d-----w C:\Documents and Settings\Administrator.XPS1530\Application Data\InstallShield
2008-04-15 23:23 --------- d-----w C:\Program Files\CDex_150
2008-04-15 23:20 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\MailFrontier
2008-04-15 23:20 --------- d-----w C:\Documents and Settings\Administrator.XPS1530\Application Data\MailFrontier
2008-04-15 23:09 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Intel
2008-04-15 23:09 --------- d-----w C:\Documents and Settings\Administrator.XPS1530\Application Data\TMP
2008-04-15 23:08 --------- d-----w C:\Program Files\SigmaTel
2008-04-15 22:58 --------- d-----w C:\Program Files\Symantec
2008-04-14 15:59 --------- d-----w C:\Program Files\Sony
2008-04-13 22:39 --------- d-----w C:\Program Files\MyMp3Recorder
2008-04-13 21:46 --------- d-----w C:\Program Files\Steinberg
2008-04-13 21:44 --------- d-----w C:\Program Files\Syncrosoft
2008-04-13 19:37 --------- d-----w C:\Program Files\Freecorder
2008-04-13 19:07 --------- d-----w C:\Program Files\SuperMp3Recorder
2008-04-13 19:07 --------- d-----w C:\Program Files\Admiresoft
2008-04-06 09:44 --------- d-----w C:\Program Files\Sony Ericsson
2008-04-05 12:01 --------- d-----w C:\Program Files\Windows Live
2008-04-05 11:47 --------- d-----w C:\Program Files\VMware
2008-04-05 11:47 --------- d-----w C:\Program Files\Common Files\VMware
2008-04-04 14:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-03-30 23:26 --------- d-----w C:\Program Files\ANYCOM_Blue_USB_200_250_v5_1_0_4200
2008-03-27 21:32 --------- d-----w C:\Program Files\ScreenSaver.com
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-26 20:00 --------- d-----w C:\Program Files\Troytec.com
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-13 22:11 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-03-13 22:11 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2000-04-19 22:00 6,995 ----a-w C:\WINDOWS\inf\RAMDISK.SYS
2006-06-15 20:33 233,472 ----a-w C:\Program Files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-25 18:43 204,895 ----a-w C:\Program Files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 14:41 77,824 ----a-w C:\Program Files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-06-19 13:10 426,081 ----a-w C:\Program Files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 12:19 458,752 ----a-w C:\Program Files\mozilla firefox\plugins\imagickrt.dll
2006-04-10 18:35 139,264 ----a-w C:\Program Files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 11:10 204,800 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 11:42 106,496 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 11:22 212,992 ----a-w C:\Program Files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 11:21 167,936 ----a-w C:\Program Files\mozilla firefox\plugins\RLVoiceUnpacker.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0b699abe-1474-454d-adb4-2d2e7335dbd9}]
2008-05-22 09:00 135680 --a------ C:\WINDOWS\system32\kjeipsnx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{514A5C49-0C7D-42c3-A71B-38864A269B7A}]
2008-05-22 08:57 92160 --a------ C:\WINDOWS\system32\iixejoea.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@={F2F31467-B1AC-4df0-AE79-FD5FA085E22B}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@={A3E208F7-0E3A-4182-A7A6-B169D5D691AA}

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-17 00:13 721408 --a------ C:\Program Files\Fingerprint Reader Suite\farchns.dll

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-17 00:13 721408 --a------ C:\Program Files\Fingerprint Reader Suite\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"Tracks Eraser Pro"="C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe" [2008-01-02 16:04 1343336]
"TransTask"="" []
"TransparentIcons"="" []
"Tweak-XP"="" []
"BlockAds"="" []
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-03 16:48 21898024]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2007-11-20 15:02 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 16:52 48752]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-04-17 13:30 85184]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe" [2005-03-04 20:01 32881]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-07-02 14:29 159744]
"PSQLLauncher"="C:\Program Files\Fingerprint Reader Suite\launcher.exe" [2007-04-16 23:50 49168]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-17 03:03 8495104]
"nwiz"="nwiz.exe" [2007-11-17 03:03 1626112 C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2007-11-17 03:03 86016 C:\WINDOWS\system32\nvhotkey.dll]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-17 03:03 81920]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 20:20 866584]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 14:18 995328]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 14:13 1101824]
"Norton Ghost 14.0"="C:\Program Files\Norton Ghost\Agent\VProTray.exe" [2008-01-19 20:01 2245984]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 07:24 286720]
"vmware-tray"="C:\Program Files\VMware\VMware Workstation\vmware-tray.exe" [2007-10-08 09:27 72240]
"VMware hqtray"="C:\Program Files\VMware\VMware Workstation\hqtray.exe" [2007-10-08 09:26 55856]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 15:26 303104 C:\WINDOWS\stsystra.exe]
"BMf3b5f465"="C:\WINDOWS\system32\eeweavce.dll" [2008-05-22 08:57 128000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:56 15360]

C:\Documents and Settings\Administrator.XPS1530\Start Menu\Programs\Startup\
Thoosje Sidebar.lnk - C:\Program Files\Thoosje Sidebar 2.2\Thoosje Sidebar.exe [2007-08-10 19:28:03 524288]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll 2007-04-16 23:04 86528 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;C:\WINDOWS\system32\dllhost.exe [2004-08-04 00:56]
R3 EraserUtilDrv10741;EraserUtilDrv10741;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys [2008-03-18 14:13]
R3 SymSnapService;SymSnapService;"C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe" [2007-12-20 17:13]
R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2007-04-16 23:44]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-22 20:10:38 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-22 21:08:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\eeweavce.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\DellTPad\hidfind.exe
C:\Program Files\DellTPad\ApntEx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-05-22 21:11:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-22 20:11:09

Pre-Run: 11,021,033,472 bytes free
Post-Run: 10,929,995,776 bytes free

296 --- E O F --- 2008-05-21 17:16:44
==================================================================
==================================================================
  • 0

Advertisements


#2
ally0000

ally0000

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Logs continue:
DSS Extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU T7250 @ 2.00GHz
CPU 1: Intel® Core™2 Duo CPU T7250 @ 2.00GHz
Percentage of Memory in Use: 37%
Physical Memory (total/avail): 2045.99 MiB / 1273.82 MiB
Pagefile Memory (total/avail): 3937.88 MiB / 3316.64 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1944.91 MiB

C: is Fixed (NTFS) - 24.41 GiB total, 10.14 GiB free.
D: is Fixed (NTFS) - 149.27 GiB total, 70.64 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST9200420AS - 186.31 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 24.41 GiB - C:
\PARTITION1 - Installable File System - 149.27 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: ZoneAlarm Firewall v7.0.470.000 (Check Point, LTD.) Disabled
AV: Symantec AntiVirus Corporate Edition v10.0.0.359 (Symantec Corporation) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"="C:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.0"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\Administrator.XPS1530\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_08\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=XPS1530
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator.XPS1530
LOGONSERVER=\\XPS1530
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_08\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1.XPS\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1.XPS\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=XPS1530
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator.XPS1530
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Administrator.XPS1530 (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
642-901-TestEngine-Troytec --> MsiExec.exe /I{50CDD965-6D24-4851-86A7-2C20772F9DA5}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
ALi USB2.0 Driver --> C:\WINDOWS\system32\UnUSB20.EXE RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8E1DCD15-C9F1-49CE-807B-198C8241EB6B}\Setup.exe" -uninst
Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
Azureus --> C:\Program Files\Azureus\Uninstall.exe
CBT Systems Utilities --> C:\WINDOWS\IsUninst.exe -fc:\cbtlib\cbtutil\Uninst.isu
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CDex extraction audio --> "C:\Program Files\CDex_150\uninstall.exe"
Dell Touchpad --> C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
Fingerprint Reader Suite 5.6 --> MsiExec.exe /I{A2289997-10A3-48F2-AA03-99180D761661}
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
Java 2 Runtime Environment, SE v1.4.2_08 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142080}
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Magic ISO Maker v5.4 (build 0256) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
MediaMonkey 3.0 --> "C:\Program Files\MediaMonkey\unins000.exe"
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft Baseline Security Analyzer 2.0.1 --> MsiExec.exe /I{7F231232-C309-4401-964A-2A002B6E1ED9}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSCfg --> MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Norton Ghost --> MsiExec.exe /I{B0255743-165B-4BD5-8DA8-37DFB9930014}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PL-2303 USB-to-Serial --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setup.exe" -l0x9 Installed
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerQuest PartitionMagic Pro 7.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E39C74DF-58FD-4E52-9888-2CC59DFB0B34}\Setup.exe"
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sony Ericsson Media Manager 1.0 --> MsiExec.exe /X{06AC45D1-CB9B-48CC-B5C8-1A55DEE26AD0}
Sony Ericsson PC Suite 3.108.00 --> C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\Setup.exe -runfromtemp -l0x0009 -removeonly
SportTracks --> MsiExec.exe /I{4C1AAB41-BFB7-4A55-B7D7-DC9979220CEC}
Spybot - Search & Destroy 1.3 (beta 6) --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
SpywareBlaster 4.0 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Symantec AntiVirus --> MsiExec.exe /I{5A633ED0-E5D7-4D65-AB8D-53ED43510284}
Thoosje Sidebar 2.2 --> C:\Program Files\Thoosje Sidebar 2.2\Uninstal.exe
Tracks Eraser Pro v7.0 --> "C:\Program Files\Acesoft\Tracks Eraser Pro\unins000.exe"
Tweak-XP Pro --> MsiExec.exe /I{BA3BC81F-0035-4D62-8AB4-6F83D7C1F480}
Tweakui Powertoy for Windows XP --> MsiExec.exe /I{C7793EE8-F666-4E6B-9827-76468679480E}
VMware Workstation --> MsiExec.exe /I{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /us C:\PROGRA~1\DIFX\UninstallScripts\4569969E1360D2854474C661EF9B4D54F143EB16
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type1532 / Error
Event Submitted/Written: 05/22/2008 09:08:45 PM
Event ID/Source: 3003 / WinDefendRtp
Event Description:
%XPS153027 Real-Time Protection checkpoint has encountered an error and failed to start.

User: XPS1530\Administrator

Checkpoint ID: 1

Error Code: 0x8000ffff

Error description: Catastrophic failure

Event Record #/Type1531 / Error
Event Submitted/Written: 05/22/2008 09:08:45 PM
Event ID/Source: 3003 / WinDefendRtp
Event Description:
%XPS153027 Real-Time Protection checkpoint has encountered an error and failed to start.

User: XPS1530\Administrator

Checkpoint ID: 1

Error Code: 0x80070005

Error description: Access is denied.

Event Record #/Type1526 / Warning
Event Submitted/Written: 05/22/2008 09:06:14 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type1518 / Error
Event Submitted/Written: 05/22/2008 05:38:32 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module iixejoea.dll, version 0.0.0.0, fault address 0x000014ec.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type1515 / Error
Event Submitted/Written: 05/22/2008 05:36:20 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x000106c3.
Processing media-specific event for [explorer.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3526 / Warning
Event Submitted/Written: 05/22/2008 09:18:45 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%XPS153027 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %XPS153027 can't undo changes that you allow.

For more information please see the following:
%XPS1530275

Scan ID: {C12AA490-A10F-4F9F-9E8A-3B6A8B4D4D30}

User: XPS1530\Administrator

Name: %XPS1530271

ID: %XPS1530272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %XPS1530276

Alert Type: %XPS1530278

Detection Type: 1.1.1593.02

Event Record #/Type3525 / Warning
Event Submitted/Written: 05/22/2008 09:18:45 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%XPS153027 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %XPS153027 can't undo changes that you allow.

For more information please see the following:
%XPS1530275

Scan ID: {C3565946-7BE8-4579-BFB0-C49888B1F11A}

User: XPS1530\Administrator

Name: %XPS1530271

ID: %XPS1530272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %XPS1530276

Alert Type: %XPS1530278

Detection Type: 1.1.1593.02

Event Record #/Type3524 / Warning
Event Submitted/Written: 05/22/2008 09:18:45 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%XPS153027 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %XPS153027 can't undo changes that you allow.

For more information please see the following:
%XPS1530275

Scan ID: {B9CC8D0A-DFC9-4F69-8109-24498D56981C}

User: XPS1530\Administrator

Name: %XPS1530271

ID: %XPS1530272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %XPS1530276

Alert Type: %XPS1530278

Detection Type: 1.1.1593.02

Event Record #/Type3523 / Warning
Event Submitted/Written: 05/22/2008 09:18:42 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%XPS153027 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %XPS153027 can't undo changes that you allow.

For more information please see the following:
%XPS1530275

Scan ID: {F29102E5-4BB6-4EA5-8898-B7896655F15B}

User: XPS1530\Administrator

Name: %XPS1530271

ID: %XPS1530272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %XPS1530276

Alert Type: %XPS1530278

Detection Type: 1.1.1593.02

Event Record #/Type3522 / Warning
Event Submitted/Written: 05/22/2008 09:18:42 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%XPS153027 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %XPS153027 can't undo changes that you allow.

For more information please see the following:
%XPS1530275

Scan ID: {D1338A44-F335-43E3-A107-A57739796EA5}

User: XPS1530\Administrator

Name: %XPS1530271

ID: %XPS1530272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %XPS1530276

Alert Type: %XPS1530278

Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2008-05-22 21:18:59 ------------
========================================================================
========================================================================
DSS Main.txt

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-05-22 21:17:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
38: 2008-05-22 20:17:56 UTC - RP61 - Deckard's System Scanner Restore Point
37: 2008-05-22 20:04:34 UTC - RP60 - ComboFix created restore point
36: 2008-05-22 16:35:24 UTC - RP59 - Spyware Doctor: Cleaning Threats
35: 2008-05-22 16:27:16 UTC - RP58 - Spyware Doctor: Cleaning Threats
34: 2008-05-22 05:04:24 UTC - RP57 - Installed Microsoft Baseline Security Analyzer 2.0.1


-- First Restore Point --
1: 2008-05-21 19:55:56 UTC - RP24 - Installed SportTracks


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:18:29, on 22/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\VMware\VMware Workstation\hqtray.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\Program Files\Thoosje Sidebar 2.2\Thoosje Sidebar.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Administrator.XPS1530\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: {9dbd5337-e2d2-4bda-d454-4741eba996b0} - {0b699abe-1474-454d-adb4-2d2e7335dbd9} -

C:\WINDOWS\system32\kjeipsnx.dll
O2 - BHO: (no name) - {514A5C49-0C7D-42c3-A71B-38864A269B7A} - C:\WINDOWS\system32\iixejoea.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search &

Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [BMf3b5f465] Rundll32.exe "C:\WINDOWS\system32\eeweavce.dll",s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Tracks Eraser Pro] C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe min
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC

Suite\SEPCSuite.exe" /systray /nologon
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Thoosje Sidebar.lnk = C:\Program Files\Thoosje Sidebar 2.2\Thoosje Sidebar.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet

Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) -

http://upload.facebo...toUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

http://go.microsoft....k/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -

http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://www.update.mi...b?1208302233578
O17 - HKLM\System\CCS\Services\Tcpip\..\{939E8B02-AB7E-4874-B7CF-230AE7C82776}: NameServer =

192.168.1.1,212.20.226.130
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware

2007\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs

Shared\Service\CreativeLicensing.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program

Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program

Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program

Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program

Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware

Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware

Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major

Audio\WDM\STacSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware

Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware

Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common

Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11326 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Creative Labs Licensing Service - "c:\program files\common files\creative labs

shared\service\creativelicensing.exe" <Not Verified; Creative Labs; Creative Labs Licensing Service>
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not

Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 STacSV (SigmaTel Audio Service) - c:\program files\sigmatel\c-major audio\wdm\stacsv.exe <Not Verified;

SigmaTel, Inc.; C-Major Audio>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4354&SUBSYS_022E1028&REV_12\4&541B6E0&0&00E0
Manufacturer: Marvell
Name: Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4354&SUBSYS_022E1028&REV_12\4&541B6E0&0&00E0
Service: yukonwxp


-- Scheduled Tasks -------------------------------------------------------------

2008-05-22 21:10:38 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job


-- Files created between 2008-04-22 and 2008-05-22 -----------------------------

2008-05-22 21:04:14 68096 --a------ C:\WINDOWS\zip.exe
2008-05-22 21:04:14 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-22 21:04:14 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended

Configurator ACLists>
2008-05-22 21:04:14 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service

Controller>
2008-05-22 21:04:14 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry

Editor>
2008-05-22 21:04:14 98816 --a------ C:\WINDOWS\sed.exe
2008-05-22 21:04:14 80412 --a------ C:\WINDOWS\grep.exe
2008-05-22 21:04:14 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-22 17:40:12 0 d-------- C:\Program Files\Trend Micro
2008-05-22 15:26:16 160256 --a------ C:\WINDOWS\system32\blackster.scr <Not Verified; Peter's Productions;

Bugs!>
2008-05-22 09:00:36 114688 --a------ C:\WINDOWS\system32\euyuuuwn.dll
2008-05-22 09:00:29 135680 --a------ C:\WINDOWS\system32\kjeipsnx.dll
2008-05-22 08:57:38 92160 --a------ C:\WINDOWS\system32\iixejoea.dll
2008-05-22 08:57:29 128000 --a------ C:\WINDOWS\system32\eeweavce.dll
2008-05-22 06:16:03 0 d-------- C:\Documents and Settings\Administrator.XPS1530\.housecall6.6
2008-05-22 06:04:55 0 d-------- C:\Documents and Settings\Administrator.XPS1530\SecurityScans
2008-05-22 06:04:25 0 d-------- C:\Program Files\Microsoft Baseline Security Analyzer 2
2008-05-21 18:37:09 0 dr-h----- C:\Documents and Settings\Administrator.XPS1530\Recent
2008-05-21 18:28:27 0 d-------- C:\Documents and Settings\Administrator.XPS1530\Application

Data\Malwarebytes
2008-05-21 18:28:23 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application

Data\Malwarebytes
2008-05-21 18:20:36 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-05-21 18:10:31 0 d-------- C:\Documents and Settings\Administrator.XPS1530\Application Data\PC

Tools
2008-05-03 18:28:58 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Creative
2008-05-03 16:22:23 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Creative

Labs
2008-05-03 16:20:47 0 d-------- C:\Program Files\Common Files\Creative Labs Shared
2008-05-03 10:20:54 0 d-------- C:\WINDOWS\system32\NtmsData
2008-04-26 23:06:41 0 d-------- C:\Program Files\MediaMonkey
2008-04-26 21:25:12 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\CyberLink
2008-04-26 21:11:34 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\NVIDIA
2008-04-26 20:58:22 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-26 20:57:03 0 d-------- C:\WINDOWS\system32\LogFiles
2008-04-26 20:57:03 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-23 19:00:56 0 d-------- C:\Documents and Settings\Administrator.XPS1530\Application

Data\Juniper Networks
2008-04-23 19:00:44 0 d-------- C:\WINDOWS\Sun
2008-04-22 00:01:52 28672 -----n--- C:\WINDOWS\system32\Unusb20.exe
2008-04-22 00:01:52 35587 -----n--- C:\WINDOWS\system32\rmusb20.EXE <Not Verified; Windows ® 2000 DDK

provider; Windows ® 2000 DDK driver>
2008-04-22 00:01:52 5337 -----n--- C:\WINDOWS\system32\drivers\ALiRTHUB.SYS <Not Verified; ALi

Corporation; ALi Roothub Driver for USB2.0>
2008-04-22 00:01:52 17835 -----n--- C:\WINDOWS\system32\drivers\ALiHUB.SYS <Not Verified; ALi Corporation;

ALi Generic Hub Driver for USB2.0>
2008-04-22 00:01:52 8668 -----n--- C:\WINDOWS\system32\drivers\ALiGP.SYS <Not Verified; ALi Corporation;

ALi Composite Device Driver>
2008-04-22 00:01:52 104088 -----n--- C:\WINDOWS\system32\drivers\ALiEHCI.SYS <Not Verified; ALi

Corporation; ALi Ehci Host Controller Driver>
2008-04-22 00:01:52 0 d-------- C:\WINDOWS\system32\ALIEHCI


-- Find3M Report ---------------------------------------------------------------

2008-05-22 21:10:17 0 d-------- C:\Program Files\Symantec AntiVirus
2008-05-22 21:09:51 0 d-------- C:\Documents and Settings\Administrator.XPS1530\Application

Data\VMware
2008-05-22 20:58:44 0 d-------- C:\Documents and Settings\Administrator.XPS1530\Application Data\Skype
2008-05-22 17:34:37 0 d-------- C:\Program Files\Spyware Doctor
2008-05-22 17:34:21 0 d-------- C:\Documents and Settings\Administrator.XPS1530\Application

Data\Azureus
2008-05-22 16:08:45 0 d-------- C:\Documents and Settings\Administrator.XPS1530\Application

Data\skypePM
2008-05-22 02:15:52 130854 --a------ C:\WINDOWS\system32\nvModes.dat
2008-05-21 18:20:07 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-03 18:29:29 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-03 16:20:47 0 d-------- C:\Program Files\Common Files
2008-05-03 16:20:44 0 d-------- C:\Program Files\Creative
2008-04-26 21:25:10 0 d-------- C:\Program Files\CyberLink
2008-04-23 05:59:30 0 d-------- C:\Program Files\Avanquest update
2008-04-20 23:43:48 0 d-------- C:\Documents and Settings\Administrator.XPS1530\Application

Data\Talkback
2008-04-20 23:43:36 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-20 23:43:25 0 d-------- C:\Documents and Settings\Administrator.XPS1530\Application

Data\Mozilla
2008-04-18 10:17:27 0 d-------- C:\Documents and Settings\Administrator.XPS1530\Application

Data\Symantec
2008-04-17 23:59:03 0 d-------- C:\Documents and Settings\Administrator.XPS1530\Application Data\Sony
2008-04-17 23:52:01 0 d-------- C:\Documents and Settings\Administrator.XPS1530\Application Data\Sony

Setup
2008-04-17 23:01:15 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-17 23:01:06 0 d-------- C:\Program Files\Norton Ghost
2008-04-17 19:52:32 0 d-------- C:\Documents and Settings\Administrator.XPS1530\Application

Data\AdobeUM
2008-04-17 09:50:07 0 d-------- C:\Program Files\MagicISO
2008-04-17 09:26:09 0 d-------- C:\Documents and Settings\Administrator.XPS1530\Application Data\Intel
2008-04-17 00:29:51 0 d-------- C:\Program Files\Winamp
2008-04-17 00:27:18 0 d-------- C:\Program Files\Skype
2008-04-16 09:13:28 0 d-------- C:\Documents and Settings\Administrator.XPS1530\Application

Data\Macromedia
2008-04-16 09:13:28 0 d-------- C:\Documents and Settings\Administrator.XPS1530\Application Data\Adobe
2008-04-16 09:10:13 0 d-------- C:\Program Files\Messenger
2008-04-16 00:56:55 0 d-------- C:\Program Files\DIFX
2008-04-16 00:53:36 0 d-------- C:\Program Files\DellTPad
2008-04-16 00:48:22 0 d-------- C:\Program Files\Thoosje Sidebar 2.2
2008-04-16 00:47:32 0 d-------- C:\Program Files\Tweak-XP Pro
2008-04-16 00:40:54 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-16 00:36:47 62 --ahs---- C:\Documents and Settings\Administrator.XPS1530\Application

Data\desktop.ini
2008-04-16 00:35:36 0 d-------- C:\Program Files\SpywareBlaster
2008-04-16 00:31:36 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-16 00:30:55 0 d-------- C:\Documents and Settings\Administrator.XPS1530\Application Data\Real
2008-04-16 00:29:37 0 d-------- C:\Program Files\DVD Shrink
2008-04-16 00:26:31 0 d-------- C:\Program Files\Ahead
2008-04-16 00:24:53 0 d-------- C:\Documents and Settings\Administrator.XPS1530\Application

Data\InstallShield
2008-04-16 00:24:35 0 d-------- C:\Documents and Settings\Administrator.XPS1530\Application Data\Sun
2008-04-16 00:24:34 0 d-------- C:\Program Files\Java
2008-04-16 00:23:56 0 d-------- C:\Program Files\CDex_150
2008-04-16 00:20:42 0 d-------- C:\Documents and Settings\Administrator.XPS1530\Application

Data\MailFrontier
2008-04-16 00:09:08 0 d-------- C:\Documents and Settings\Administrator.XPS1530\Application Data\TMP
2008-04-16 00:08:03 0 d-------- C:\Program Files\SigmaTel
2008-04-15 23:58:07 0 d-------- C:\Program Files\Symantec
2008-04-15 23:55:59 0 d-------- C:\Program Files\Movie Maker
2008-04-15 23:55:50 0 d-------- C:\Program Files\Windows NT
2008-04-15 23:49:41 0 d-------- C:\Documents and Settings\Administrator.XPS1530\Application

Data\Identities
2008-04-15 23:46:35 0 -rahs---- C:\MSDOS.SYS
2008-04-15 23:46:35 0 -rahs---- C:\IO.SYS
2008-04-15 23:46:35 0 --a------ C:\CONFIG.SYS
2008-04-15 23:46:35 0 --a------ C:\AUTOEXEC.BAT
2008-04-15 23:44:01 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-14 16:59:53 0 d-------- C:\Program Files\Sony
2008-04-13 23:39:07 0 d-------- C:\Program Files\MyMp3Recorder
2008-04-13 22:46:12 0 d-------- C:\Program Files\Steinberg
2008-04-13 22:44:10 0 d-------- C:\Program Files\Syncrosoft
2008-04-13 20:37:13 0 d-------- C:\Program Files\Freecorder
2008-04-13 20:07:27 0 d-------- C:\Program Files\Admiresoft
2008-04-13 20:07:10 0 d-------- C:\Program Files\SuperMp3Recorder
2008-04-06 10:44:03 0 d-------- C:\Program Files\Sony Ericsson
2008-04-05 13:01:37 0 d-------- C:\Program Files\Windows Live
2008-04-05 12:47:59 0 d-------- C:\Program Files\VMware
2008-04-05 12:47:59 0 d-------- C:\Program Files\Common Files\VMware
2008-04-04 15:00:00 0 d-------- C:\Program Files\Norton Security Scan
2008-03-31 00:26:47 0 d-------- C:\Program Files\ANYCOM_Blue_USB_200_250_v5_1_0_4200
2008-03-27 22:32:42 0 d-------- C:\Program Files\ScreenSaver.com
2008-03-26 21:00:33 0 d-------- C:\Program Files\Troytec.com


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0b699abe-1474-454d-adb4-2d2e7335dbd9}]
22/05/2008 09:00 135680 --a------ C:\WINDOWS\system32\kjeipsnx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{514A5C49-0C7D-42c3-A71B-38864A269B7A}]
22/05/2008 08:57 92160 --a------ C:\WINDOWS\system32\iixejoea.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08/04/2005 16:52]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [17/04/2005 13:30]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [13/03/2008 23:11]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe" [04/03/2005 20:01]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 11:50]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [02/07/2007 14:29]
"PSQLLauncher"="C:\Program Files\Fingerprint Reader Suite\launcher.exe" [16/04/2007 23:50]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [17/11/2007 03:03]
"nwiz"="nwiz.exe" [17/11/2007 03:03 C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [17/11/2007 03:03 C:\WINDOWS\system32\nvhotkey.dll]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [17/11/2007 03:03]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 20:20]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [08/10/2007 14:18]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [08/10/2007 14:13]
"Norton Ghost 14.0"="C:\Program Files\Norton Ghost\Agent\VProTray.exe" [19/01/2008 20:01]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [29/06/2007 07:24]
"vmware-tray"="C:\Program Files\VMware\VMware Workstation\vmware-tray.exe" [08/10/2007 09:27]
"VMware hqtray"="C:\Program Files\VMware\VMware Workstation\hqtray.exe" [08/10/2007 09:26]
"SigmatelSysTrayApp"="stsystra.exe" [19/02/2007 15:26 C:\WINDOWS\stsystra.exe]
"BMf3b5f465"="C:\WINDOWS\system32\eeweavce.dll" [22/05/2008 08:57]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 17:24]
"Tracks Eraser Pro"="C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe" [02/01/2008 16:04]
"TransTask"="" []
"TransparentIcons"="" []
"Tweak-XP"="" []
"BlockAds"="" []
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [03/04/2008 16:48]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [20/11/2007

15:02]

C:\Documents and Settings\Administrator.XPS1530\Start Menu\Programs\Startup\
Thoosje Sidebar.lnk - C:\Program Files\Thoosje Sidebar 2.2\Thoosje Sidebar.exe [10/08/2007 19:28:03]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14/12/2004 04:44:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll 16/04/2007 23:04 86528 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-05-22 21:18:59 ------------
  • 0

#3
ally0000

ally0000

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Fixed, had a ghost back-up that i thought was infected also but actually wasn't

Cheers,
  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP