Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

i need help removing new.net.domain.plugin, darksma and other malware


  • This topic is locked This topic is locked

#16
sUBs

sUBs

    Malware Expert

  • Expert
  • 599 posts
When did you perform a "Repair Install" on this machine?
  • 0

Advertisements


#17
sUBs

sUBs

    Malware Expert

  • Expert
  • 599 posts

My friend decided to get me a sound editing program for free off the internet and downloaded a virus by accident.

Do you still have this file? If so, please upload it to this website > http://www.bleepingc...e.php?channel=4
  • 0

#18
Derobmai41

Derobmai41

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Not sure what you you mean by repair install and the file was downloaded into the folder "C:\mroe pictures" i miss spelled it when i made it. after that file was downloaded the virus or what ever it is disabled/blocked my access to all but 3 folders in the C drive and any files directly in the C drive. If there is a away to get around that "block" i cant be able to upload it.
  • 0

#19
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, please do the following..

Please download this file and save it directly to your Desktop. Don't do anything with it.. Just leave it there..


NEXT


Please copy (Ctrl +C) and paste (Ctrl +V) the text in the code box below to Notepad.

SWXCACLS C:\alan /GE:F;D
SWXCACLS C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp /GE:F;D
SWXCACLS C:\hiberfil.sys /GE:F;D
SWXCACLS C:\pagefile.sys /GE:F;D
SWXCACLS C:\alan\* /GE:F;D
SWXCACLS C:\alasngvj\* /GE:F;D
SWXCACLS C:\ATI\* /GE:F;D	 
SWXCACLS C:\cd143\* /GE:F;D	
SWXCACLS C:\ComboFix\* /GE:F;D 
SWXCACLS C:\computer\* /GE:F;D	
SWXCACLS C:\Demo Album\* /GE:F;D	
SWXCACLS C:\fixwareout\* /GE:F;D	
SWXCACLS C:\Gabrielle\* /GE:F;D
SWXCACLS C:\htrfhjnf\* /GE:F;D
SWXCACLS C:\Incomplete\* /GE:F;D	
SWXCACLS C:\krock\* /GE:F;D
SWXCACLS C:\limewire music\* /GE:F;D	
SWXCACLS C:\limewire2music\* /GE:F;D	
SWXCACLS C:\limwire2\* /GE:F;D	
SWXCACLS C:\limwire3\* /GE:F;D	
SWXCACLS C:\limwire4\* /GE:F;D
SWXCACLS C:\log\* /GE:F;D	
SWXCACLS C:\MICHELLE\* /GE:F;D	
SWXCACLS C:\Mix\* /GE:F;D	
SWXCACLS C:\mroe pictures\* /GE:F;D
SWXCACLS C:\music\* /GE:F;D	
SWXCACLS C:\New Folder\* /GE:F;D	
SWXCACLS C:\paint ball\* /GE:F;D	
SWXCACLS C:\phone\* /GE:F;D	
SWXCACLS C:\pictures\* /GE:F;D		
SWXCACLS C:\RECYCLER\* /GE:F;D	
SWXCACLS C:\site\* /GE:F;D		
SWXCACLS C:\stuf\* /GE:F;D		
SWXCACLS C:\System Volume Information /GE:F;D	
SWXCACLS C:\System Volume Information\* /GE:F;D	
SWXCACLS C:\Temp\* /GE:F;D		
SWXCACLS C:\tokyo\* /GE:F;D
del Access.bat

Save it to your desktop as File name: Access.bat
Save as type: All Files

Once done, double click Access.bat to run it. A command window will open briefly, then close. This is quite normal.

If you do not sure how to make a batch file, please visit HERE for the tutorial.



NEXT


Please tell me if you can reach those folders. If you do, please upload the file that sUBs mentioned to the link given..

Then please report here after you achieve that..
  • 0

#20
Derobmai41

Derobmai41

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Still cannot access the folder. :)
  • 0

#21
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, thanks for the reply.. Apology for my late reply.. was waiting some input from the expert.. Please do the following...


Please download this file by Bobbi Flekman and save it in your Desktop. Don't do anything with that file. Just leave it there..



NEXT


Please copy everything inside the quote box below and paste it into notepad. Go up to "File > Save As", click the drop-down box to change the "Save As Type" to "All Files". Save it as userlist.bat on your desktop.

SWWHOAMI /ListUsers>>"%userprofile%\Desktop\listusers.txt"
del userlist.bat

Double-click userlist.bat A window will open and close quickly, this is normal. A file listusers.txt will be created on your Desktop. Please post its content in your next reply..

If you do not sure how to make a batch file, please visit HERE for the tutorial.
  • 0

#22
Derobmai41

Derobmai41

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Users on this computer:
Is Admin? | Username
------------------
Yes | Administrator
Yes | Alpunkator
| ASPNET
Yes | C4 BOMB
| Guest
| HelpAssistant (Disabled)
| SUPPORT_388945a0 (Disabled)
Yes | Test




Account named test i created in an earlier attempt to access folders
  • 0

#23
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, thanks for the reply.. please do the following..

If you have deleted SWXCACLS from your Desktop, please download this file again and save it directly to your Desktop. Don't do anything with it.. Just leave it there..


NEXT


Please copy (Ctrl +C) and paste (Ctrl +V) the text in the code box below to Notepad.

( SWXCACLS "C:\alan"
SWXCACLS "C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp"
SWXCACLS "C:\alan\*"
SWXCACLS "C:\System Volume Information"
SWXCACLS "C:\alasngvj\*" /P /GA:F
SWXCACLS "C:\ATI\*" /P /GA:F
SWXCACLS "C:\cd143\*" /P /GA:F
SWXCACLS "C:\ComboFix\*" /P /GA:F
SWXCACLS "C:\computer\*" /P /GA:F
SWXCACLS "C:\Demo Album\*" /P /GA:F
SWXCACLS "C:\fixwareout\*" /P /GA:F
SWXCACLS "C:\Gabrielle\*" /P /GA:F
SWXCACLS "C:\htrfhjnf\*" /P /GA:F
SWXCACLS "C:\Incomplete\*" /P /GA:F
SWXCACLS "C:\krock\*" /P /GA:F
SWXCACLS "C:\limewire music\*" /P /GA:F
SWXCACLS "C:\limewire2music\*" /P /GA:F
SWXCACLS "C:\limwire2\*" /P /GA:F
SWXCACLS "C:\limwire3\*" /P /GA:F
SWXCACLS "C:\limwire4\*" /P /GA:F
SWXCACLS "C:\log\*" /P /GA:F
SWXCACLS "C:\MICHELLE\*" /P /GA:F
SWXCACLS "C:\Mix\*" /P /GA:F
SWXCACLS "C:\mroe pictures\*" /P /GA:F
SWXCACLS "C:\music\*" /P /GA:F
SWXCACLS "C:\New Folder\*" /P /GA:F
SWXCACLS "C:\paint ball\*" /P /GA:F
SWXCACLS "C:\phone\*" /P /GA:F
SWXCACLS "C:\pictures\*" /P /GA:F
SWXCACLS "C:\alasngvj" /P /GA:F	
SWXCACLS "C:\ATI" /P /GA:F
SWXCACLS "C:\cd143" /P /GA:F	
SWXCACLS "C:\ComboFix" /P /GA:F	
SWXCACLS "C:\computer" /P /GA:F
SWXCACLS "C:\Demo Album" /P /GA:F
SWXCACLS "C:\emancipation-proclamation-Joey-Nowak.doc" /P /GA:F	
SWXCACLS "C:\fghtedyjjtjtrj.txt" /P /GA:F
SWXCACLS "C:\fire.htm" /P /GA:F
SWXCACLS "C:\fixwareout" /P /GA:F	
SWXCACLS "C:\Gabrielle" /P /GA:F	
SWXCACLS "C:\helicopter_1024x768.jpg" /P /GA:F
SWXCACLS "C:\htrfhjnf" /P /GA:F
SWXCACLS "C:\Incomplete" /P /GA:F
SWXCACLS "C:\krock" /P /GA:F
SWXCACLS "C:\Lava9.jpg" /P /GA:F
SWXCACLS "C:\limewire music" /P /GA:F
SWXCACLS "C:\limewire2music" /P /GA:F
SWXCACLS "C:\LimeWirePro.lnk" /P /GA:F
SWXCACLS "C:\limwire2" /P /GA:F
SWXCACLS "C:\limwire3" /P /GA:F
SWXCACLS "C:\limwire4" /P /GA:F
SWXCACLS "C:\little_chief.jpg" /P /GA:F
SWXCACLS "C:\log" /P /GA:F
SWXCACLS "C:\MaunaKeaCones2b.jpg" /P /GA:F
SWXCACLS "C:\Mauna_Kea.jpg" /P /GA:F
SWXCACLS "C:\MICHELLE" /P /GA:F
SWXCACLS "C:\Mix" /P /GA:F
SWXCACLS "C:\moduleName.txt" /P /GA:F
SWXCACLS "C:\moonrise.jpg" /P /GA:F
SWXCACLS "C:\mroe pictures" /P /GA:F
SWXCACLS "C:\music" /P /GA:F
SWXCACLS "C:\mv82.pdf" /P /GA:F
SWXCACLS "C:\New Folder" /P /GA:F
SWXCACLS "C:\paint ball" /P /GA:F
SWXCACLS "C:\phone" /P /GA:F
SWXCACLS "C:\pictures" /P /GA:F
SWXCACLS "C:\Documents and Settings\All Users\Application Data\Adobe\Updater5" /P /GE:F
SWXCACLS "C:\Documents and Settings\All Users\DRM" /P /GE:F
SWXCACLS "C:\retards.jpg" /P /GA:F
SWXCACLS "C:\site" /P /GA:F
SWXCACLS "C:\site\*" /P /GA:F
SWXCACLS "C:\sound.wav" /P /GA:F
SWXCACLS "C:\start.bat" /P /GA:F
SWXCACLS "C:\stuf" /P /GA:F
SWXCACLS "C:\stuf\*" /P /GA:F
SWXCACLS "C:\sunset.jpg" /P /GA:F
SWXCACLS "C:\Sunset2sm.jpg" /P /GA:F
SWXCACLS "C:\T6s.jpg" /P /GA:F
SWXCACLS "C:\Temp" /P /GA:F
SWXCACLS "C:\Temp\*" /P /GA:F
SWXCACLS "C:\Thumbs.db" /P /GA:F
SWXCACLS "C:\tokyo" /P /GA:F
SWXCACLS "C:\tokyo\*" /P /GA:F
SWXCACLS "C:\yellow16recovered.jpg" /P /GA:F
SWXCACLS "C:\YServer.txt" /P /GA:F
SWXCACLS "C:\RECYCLER" /P /GA:F
SWXCACLS "C:\RECYCLER\*" /P /GA:F )>>"%userprofile%\Desktop\anonymous.txt"
del permissions.bat

Save it to your desktop as File name: permissions.bat
Save as type: All Files

Once done, double click permissions.bat to run it. A command window will open briefly, then close. This is quite normal.

A new file anonymous.txt will be created on your Desktop. Please attached that file here..

If you do not sure how to make a batch file, please visit HERE for the tutorial.



NEXT


Please tell me if you can reach those folders. If you do, please upload the file that sUBs mentioned to the link given..

Then please report here, and attached anonymous.txt after you achieve that..


Regards
fenzodahl512
  • 0

#24
Derobmai41

Derobmai41

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
yes thank you it works..and everything is still in the folders :) Except the folders C:\alan and C:\System Volume Information
i looked into the folder that i believe the virus was downloaded into and i don't see it...i will upload what i think is it because the virus was imposed as a program that i have downloaded before so maybe it replaced what i originally downloaded 3 months ago.




SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
*******************************************************************************
Folder: C:\alan

Access is denied

SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
*******************************************************************************
File: C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp

Access is denied

SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
*******************************************************************************
Folder: C:\System Volume Information

Permissions:
*******************************************************************************
Username
Type Permissions Inheritance
*******************************************************************************
NT AUTHORITY\SYSTEM
Allowed Full Control This Folder, Subfolders and Files

No Auditing set

Owner: Administrators (DESTRUCTOR\Administrators)
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\alasngvj"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\ATI"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\cd143"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\ComboFix"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\computer"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\Demo Album"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\emancipation-proclamation-Joey-Nowak.doc"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\fghtedyjjtjtrj.txt"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\fire.htm"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\fixwareout"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\Gabrielle"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\helicopter_1024x768.jpg"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\htrfhjnf"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\Incomplete"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\krock"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\Lava9.jpg"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\limewire music"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\limewire2music"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\LimeWirePro.lnk"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\limwire2"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\limwire3"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\limwire4"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\little_chief.jpg"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\log"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\MaunaKeaCones2b.jpg"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\Mauna_Kea.jpg"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\MICHELLE"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\Mix"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\moduleName.txt"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\moonrise.jpg"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\mroe pictures"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\music"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\mv82.pdf"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\New Folder"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\paint ball"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\phone"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\pictures"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\Documents and Settings\All Users\Application Data\Adobe\Updater5"
Granting NTFS rights (F access for This Folder and Files) for "Everyone"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\Documents and Settings\All Users\DRM"
Granting NTFS rights (F access for This Folder and Files) for "Everyone"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\retards.jpg"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\site"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\site\shamrock.gif"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"

File: "C:\site\Thumbs.db"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"

SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\sound.wav"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\start.bat"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\stuf"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\stuf\1117071927.jpg"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"

File: "C:\stuf\1117071941.jpg"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"

File: "C:\stuf\1117072137.jpg"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"

File: "C:\stuf\1117072139.jpg"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"

File: "C:\stuf\1117072141.jpg"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"

File: "C:\stuf\1117072142.jpg"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"

File: "C:\stuf\1117072143.jpg"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"

File: "C:\stuf\1117072144.jpg"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"

File: "C:\stuf\1117072146.jpg"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"

File: "C:\stuf\1117072146a.jpg"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"

File: "C:\stuf\1117072146b.jpg"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"

File: "C:\stuf\Thumbs.db"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"

SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\sunset.jpg"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\Sunset2sm.jpg"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\T6s.jpg"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\Temp"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\Temp\pt8q3khslw"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"

SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\Thumbs.db"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\tokyo"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\tokyo\9.The Fast And The Furious (Tokyo Drift) Soundtrack - 09. Atari Teenage Riot - speed.mp3"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"

File: "C:\tokyo\Creed - One Last Breath.mp3"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"

File: "C:\tokyo\Creed - With Arms Wide Open.mp3"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"

File: "C:\tokyo\Cytherea, teagan presley - Squirters 101.mpg"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"

File: "C:\tokyo\DJ Shadow - Six Days (remix ft. Mos Def).mp3"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"

File: "C:\tokyo\Don Omar - Conteo - Fast and the Furious Tokyo Drift.mp3"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"

File: "C:\tokyo\NERD - She Wants To Move (Remix feat. Common, Mos Def, Q-Tip & De La Soul).mp3"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"

File: "C:\tokyo\The 5, 6, 7, 8's - The Barracuda.mp3"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"

File: "C:\tokyo\The Fast And The Furious (Tokyo Drift) Soundtrack - 04. Evil Nine - Restless.mp3"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"

File: "C:\tokyo\The Fast And The Furious (Tokyo Drift) Soundtrack - 05 - Far East Movement - Round and Round.mp3"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"

File: "C:\tokyo\The Fast And The Furious (Tokyo Drift) Soundtrack - 07. Teriyaki Boyz - Cho Large.mp3"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"

File: "C:\tokyo\The Fast And The Furious (Tokyo Drift) Soundtrack - 08. Dragon Ash - Resound.mp3"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"

File: "C:\tokyo\The Fast And The Furious (Tokyo Drift) Soundtrack - 12. Brian Tyler feat. Slash - Mustang Mismo.mp3"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"

File: "C:\tokyo\The Fast And The Furious (Tokyo Drift) Soundtrack - Don Omar Feat. Tego Calderon- Los Bandaleros.mp3"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"

File: "C:\tokyo\The Game ft 50 Cent - How We Do.mp3"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"

File: "C:\tokyo\The Teriyaki Boys - Tokyo Drift.mp3"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"

SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\yellow16recovered.jpg"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\YServer.txt"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\RECYCLER"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
File: "C:\RECYCLER\S-1-5-18"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"

File: "C:\RECYCLER\S-1-5-21-343818398-1677128483-725345543-1003"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"

File: "C:\RECYCLER\S-1-5-21-343818398-1677128483-725345543-1006"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
  • 0

#25
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, thanks for the reply...

Firstly tell me, what do you know about C:\alan folder. Is it your folder? Or is it another account folder..

Have you upload the file as per requested by sUBs at his post #17?


Please do the following...


Please run AccessEnum again as shown in post #14.. and then attached the log here..




NEXT


Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • Please let your firewall allow the scanning/downloading process.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


Please post each log in separate post..


Regards
fenzodahl512
  • 0

Advertisements


#26
Derobmai41

Derobmai41

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
C:\alan was created by myself under my acct and files inside of the folder should be ones i placed inside of there.

Deckard's System Scanner v20071014.68
Run by C4 BOMB on 2008-06-14 23:20:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
110: 2008-06-15 03:20:39 UTC - RP482 - Deckard's System Scanner Restore Point
109: 2008-06-14 20:07:40 UTC - RP481 - System Checkpoint
108: 2008-06-13 19:56:57 UTC - RP480 - System Checkpoint
107: 2008-06-12 02:30:23 UTC - RP479 - System Checkpoint
106: 2008-06-11 02:08:33 UTC - RP478 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-05-27 17:03:12 UTC - RP373 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as C4 BOMB.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:21:35, on 6/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Documents and Settings\C4 BOMB\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\C4 BOMB.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ondemand5.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 70.88.112.17:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {BDD714BC-D36C-487B-8142-8BA020FB6535} - C:\WINDOWS\system32\iifgHwtQ.dll (file missing)
O2 - BHO: (no name) - {EA1C74CF-350D-4B25-957E-8F8191D1EB90} - C:\WINDOWS\system32\geBrpQIc.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai...cat-no-eula.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1171077850125
O18 - Protocol: bw+0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: offline-8876480 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: iifgHwtQ - iifgHwtQ.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPCtlPriv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 17463 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 AsIO - c:\windows\system32\drivers\asio.sys
R3 SS1020 (Siemens SpeedStream PCI 10/100 Win2000 Driver) - c:\windows\system32\drivers\ss1020n5.sys <Not Verified; Siemens; Siemens SpeedStream PCI 10/100>

S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-26 10:59:06 594 --a------ C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as C4 BOMB at 09 59.job


-- Files created between 2008-05-14 and 2008-06-14 -----------------------------

2008-06-10 15:25:34 4718592 --a------ C:\Documents and Settings\C4 BOMB\ntuser.dat
2008-06-05 15:01:00 0 d-------- C:\Documents and Settings\Test\Application Data\Identities
2008-06-05 15:00:29 0 dr------- C:\Documents and Settings\Test\My Documents
2008-06-05 15:00:29 0 d--h----- C:\Documents and Settings\Test\Local Settings
2008-06-05 15:00:29 0 dr------- C:\Documents and Settings\Test\Favorites
2008-06-05 15:00:29 0 d-------- C:\Documents and Settings\Test\Desktop
2008-06-05 15:00:29 0 d---s---- C:\Documents and Settings\Test\Cookies
2008-06-05 15:00:29 0 dr-h----- C:\Documents and Settings\Test\Application Data
2008-06-05 15:00:29 0 d---s---- C:\Documents and Settings\Test\Application Data\Microsoft
2008-06-05 15:00:28 0 d--h----- C:\Documents and Settings\Test\Templates
2008-06-05 15:00:28 0 dr------- C:\Documents and Settings\Test\Start Menu
2008-06-05 15:00:28 0 dr-h----- C:\Documents and Settings\Test\SendTo
2008-06-05 15:00:28 0 dr-h----- C:\Documents and Settings\Test\Recent
2008-06-05 15:00:28 0 d--h----- C:\Documents and Settings\Test\PrintHood
2008-06-05 15:00:28 786432 --ah----- C:\Documents and Settings\Test\ntuser.dat
2008-06-05 15:00:28 0 d--h----- C:\Documents and Settings\Test\NetHood
2008-06-04 20:26:24 0 d-------- C:\Documents and Settings\C4 BOMB\Pics
2008-06-03 17:43:27 0 d-------- C:\327882R2FWJFW
2008-06-02 22:07:37 68096 --a------ C:\WINDOWS\zip.exe
2008-06-02 22:07:37 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-02 22:07:37 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-02 22:07:37 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-02 22:07:37 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-02 22:07:37 98816 --a------ C:\WINDOWS\sed.exe
2008-06-02 22:07:37 80412 --a------ C:\WINDOWS\grep.exe
2008-06-02 22:07:37 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-31 17:45:18 0 d--h----- C:\$AVG8.VAULT$
2008-05-31 17:40:12 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-31 17:40:03 0 d-------- C:\Program Files\AVG
2008-05-31 17:40:03 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-31 16:45:31 0 d-------- C:\Program Files\Trend Micro
2008-05-27 13:06:11 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-27 13:03:54 0 d-------- C:\Documents and Settings\Administrator.DESTRUCTOR\Application Data\Identities
2008-05-27 13:02:55 0 d--h----- C:\Documents and Settings\Administrator.DESTRUCTOR\Templates
2008-05-27 13:02:55 0 dr------- C:\Documents and Settings\Administrator.DESTRUCTOR\Start Menu
2008-05-27 13:02:55 0 dr-h----- C:\Documents and Settings\Administrator.DESTRUCTOR\SendTo
2008-05-27 13:02:55 0 dr-h----- C:\Documents and Settings\Administrator.DESTRUCTOR\Recent
2008-05-27 13:02:55 0 d--h----- C:\Documents and Settings\Administrator.DESTRUCTOR\PrintHood
2008-05-27 13:02:55 0 d--h----- C:\Documents and Settings\Administrator.DESTRUCTOR\NetHood
2008-05-27 13:02:55 0 dr------- C:\Documents and Settings\Administrator.DESTRUCTOR\My Documents
2008-05-27 13:02:55 0 d--h----- C:\Documents and Settings\Administrator.DESTRUCTOR\Local Settings
2008-05-27 13:02:55 0 dr------- C:\Documents and Settings\Administrator.DESTRUCTOR\Favorites
2008-05-27 13:02:55 0 d-------- C:\Documents and Settings\Administrator.DESTRUCTOR\Desktop
2008-05-27 13:02:55 0 d---s---- C:\Documents and Settings\Administrator.DESTRUCTOR\Cookies
2008-05-27 13:02:55 0 dr-h----- C:\Documents and Settings\Administrator.DESTRUCTOR\Application Data
2008-05-27 13:02:55 0 d---s---- C:\Documents and Settings\Administrator.DESTRUCTOR\Application Data\Microsoft
2008-05-27 13:02:54 598016 --a------ C:\Documents and Settings\Administrator.DESTRUCTOR\ntuser.dat
2008-05-27 13:00:42 0 d--h----- C:\Documents and Settings\Guest1\Templates
2008-05-27 13:00:41 0 dr------- C:\Documents and Settings\Guest1\Start Menu
2008-05-27 13:00:41 0 d-------- C:\Documents and Settings\Guest1\Shared
2008-05-27 13:00:41 0 dr-h----- C:\Documents and Settings\Guest1\SendTo
2008-05-27 13:00:41 0 dr-h----- C:\Documents and Settings\Guest1\Recent
2008-05-27 13:00:41 0 d--h----- C:\Documents and Settings\Guest1\PrintHood
2008-05-27 13:00:41 0 d--h----- C:\Documents and Settings\Guest1\NetHood
2008-05-27 13:00:39 0 d--h----- C:\Documents and Settings\Guest1\Local Settings
2008-05-27 13:00:39 0 d-------- C:\Documents and Settings\Guest1\Incomplete
2008-05-27 13:00:39 0 dr------- C:\Documents and Settings\Guest1\Favorites
2008-05-27 13:00:39 0 d--hs---- C:\Documents and Settings\Guest1\Cookies
2008-05-27 13:00:39 0 dr-h----- C:\Documents and Settings\Guest1\Application Data\yahoo!
2008-05-27 13:00:39 0 d-------- C:\Documents and Settings\Guest1\Application Data\Roxio
2008-05-27 13:00:39 0 d-------- C:\Documents and Settings\Guest1\Application Data\Mozilla
2008-05-27 13:00:38 0 dr-h----- C:\Documents and Settings\Guest1\Application Data
2008-05-27 13:00:38 0 d---s---- C:\Documents and Settings\Guest1\Application Data\Microsoft
2008-05-27 13:00:38 0 d-------- C:\Documents and Settings\Guest1\Application Data\Macromedia
2008-05-27 13:00:38 0 d-------- C:\Documents and Settings\Guest1\Application Data\Identities
2008-05-27 13:00:38 0 d-------- C:\Documents and Settings\Guest1\.limewire
2008-05-26 13:21:16 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-05-26 13:17:45 0 d-------- C:\Documents and Settings\Administrator\Cookies
2008-05-26 13:17:45 0 d-------- C:\Documents and Settings\Administrator\Application Data
2008-05-26 13:17:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-26 13:17:44 0 d-------- C:\Documents and Settings\Administrator\Templates
2008-05-26 13:17:44 0 d-------- C:\Documents and Settings\Administrator\Local Settings
2008-05-26 13:17:43 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-23 23:09:31 0 d-------- C:\Program Files\CA


-- Find3M Report ---------------------------------------------------------------

2008-06-13 15:31:59 0 d-------- C:\Program Files\music
2008-06-11 17:32:08 7168 --ahs---- C:\Program Files\Thumbs.db
2008-05-31 17:59:38 0 d-------- C:\Program Files\GameSpy Arcade
2008-05-31 16:17:01 0 d-------- C:\Program Files\Common Files\Scanner
2008-05-31 15:57:41 0 d-------- C:\Program Files\Yahoo!
2008-05-27 13:00:52 0 d-------- C:\Program Files\Google
2008-05-11 01:16:28 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-30 20:27:18 1024 --a------ C:\Documents and Settings\C4 BOMB\Application Data\WavCodec.wff
2008-04-28 16:40:23 0 d-------- C:\Documents and Settings\C4 BOMB\Application Data\NCH Swift Sound
2008-04-28 16:40:22 0 d-------- C:\Program Files\NCH Swift Sound
2008-04-28 16:40:21 0 d-------- C:\Documents and Settings\C4 BOMB\Application Data\Recordpad
2008-04-28 16:40:20 0 d-------- C:\Program Files\NCH Software
2008-04-22 20:16:02 0 d-------- C:\Program Files\Samsung
2008-04-22 20:14:49 0 d-------- C:\Program Files\Verizon Wireless
2008-04-20 13:56:14 17731 --a------ C:\start.bat
2008-04-16 22:44:16 0 d-------- C:\Program Files\WinPcap


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDD714BC-D36C-487B-8142-8BA020FB6535}]
C:\WINDOWS\system32\iifgHwtQ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EA1C74CF-350D-4B25-957E-8F8191D1EB90}]
C:\WINDOWS\system32\geBrpQIc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/05/2005 22:05]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [05/01/2006 06:07]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/31/2008 17:40]
"SoundMax"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [04/10/2006 10:19]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BDD714BC-D36C-487B-8142-8BA020FB6535}"= C:\WINDOWS\system32\iifgHwtQ.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifgHwtQ]
iifgHwtQ.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^C4 BOMB^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\C4 BOMB\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^C4 BOMB^Start Menu^Programs^Startup^MEMonitor.lnk]
path=C:\Documents and Settings\C4 BOMB\Start Menu\Programs\Startup\MEMonitor.lnk
backup=C:\WINDOWS\pss\MEMonitor.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
C:\Program Files\AGEIA Technologies\TrayIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Nap]
"C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusServiceProvider]
C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaISSDT]
"C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cctray]
"C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eTrustPPAP]
"C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]
C:\WINDOWS\system32\JMRaidTool.exe boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
"C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
C:\PROGRA~1\Nero\data\xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSwitch]
C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recordpad]
"C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe" -logon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
"C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
"C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRS Audio Sandbox]
"C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"C:\Program Files\Steam\Steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Warning]
C:\PROGRA~1\SYMNET~1\SNDWarn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ITMRTSVC"=2 (0x2)
"gusvc"=2 (0x2)
"CaCCProvSP"=3 (0x3)
"dmadmin"=3 (0x3)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{345057cf-b883-11db-b332-806d6172696f}]
AutoRun\command- F:\ASUSACPI.exe




-- End of Deckard's System Scanner: finished at 2008-06-14 23:22:52 ------------

Attached Files


  • 0

#27
Derobmai41

Derobmai41

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU 6600 @ 2.40GHz
CPU 1: Intel® Core™2 CPU 6600 @ 2.40GHz
Percentage of Memory in Use: 24%
Physical Memory (total/avail): 2047.17 MiB / 1550.61 MiB
Pagefile Memory (total/avail): 3429.98 MiB / 3122.91 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1932.87 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 58.59 GiB total, 21.91 GiB free.
D: is Fixed (NTFS) - 43.95 GiB total, 37.45 GiB free.
E: is Fixed (NTFS) - 46.5 GiB total, 30.93 GiB free.
F: is CDROM (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3160023A - 149.05 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 58.59 GiB
\PARTITION1 - Extended w/Extended Int 13 - 90.45 GiB

\\.\PHYSICALDRIVE1 - SPRING MultiCard Slot A USB Device

\\.\PHYSICALDRIVE2 - SPRING MultiCard Slot D USB Device

\\.\PHYSICALDRIVE4 - SPRING MultiCard Slot M USB Device

\\.\PHYSICALDRIVE3 - SPRING MultiCard Slot S USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntivirusOverride is set.

AV: AVG Anti-Virus Free v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"D:\\StubInstaller.exe"="D:\\StubInstaller.exe:*:Disabled:LimeWire swarmed installer"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"="C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault"
"C:\\Program Files\\EA GAMES\\MOHAA\\moh_spearhead.exe"="C:\\Program Files\\EA GAMES\\MOHAA\\moh_spearhead.exe:*:Enabled:Medal of Honor Allied Assault™ Spearhead"
"C:\\Program Files\\EA GAMES\\MOHAA\\fpupdate.exe"="C:\\Program Files\\EA GAMES\\MOHAA\\fpupdate.exe:*:Enabled:fpupdate"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Proxy Switcher Standard\\ProxySwitcher.exe"="C:\\Program Files\\Proxy Switcher Standard\\ProxySwitcher.exe:*:Enabled:Proxy Switcher"
"C:\\Program Files\\EA GAMES\\MOHAA\\moh_breakthrough.exe"="C:\\Program Files\\EA GAMES\\MOHAA\\moh_breakthrough.exe:*:Enabled:Medal of Honor Allied Assault™ Breakthrough"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter\\GRAW.exe"="C:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter\\GRAW.exe:*:Enabled:GRAW"
"C:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault™\\mohpa.exe"="C:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault™\\mohpa.exe:*:Disabled:Medal of Honor Pacific Assault™"
"C:\\Program Files\\Sony\\Media Manager for PSP 2.0\\MediaManager.exe"="C:\\Program Files\\Sony\\Media Manager for PSP 2.0\\MediaManager.exe:*:Enabled:Media Manager for PSP 2.0"
"C:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault™\\mohpa_server.exe"="C:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault™\\mohpa_server.exe:*:Enabled:Medal of Honor Pacific Assault™"
"C:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"="C:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe:*:Enabled:Medal of Honor Airborne"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\WS_FTP\\WS_FTP95.exe"="C:\\Program Files\\WS_FTP\\WS_FTP95.exe:*:Enabled:WS_FTP 95"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\C4 BOMB\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DESTRUCTOR
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\C4 BOMB
LOGONSERVER=\\DESTRUCTOR
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
PS5ROOT=C:\Program Files\Roxio\Easy CD Creator 6\PhotoSuite\
QTJAVA=C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\C4BOMB~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\C4BOMB~1\LOCALS~1\Temp
USERDOMAIN=DESTRUCTOR
USERNAME=C4 BOMB
USERPROFILE=C:\Documents and Settings\C4 BOMB
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

C4 BOMB (admin)
Alpunkator (admin)
Guest1 (admin)
Test (new local, admin)
Administrator.DESTRUCTOR (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> MsiExec /X{65F1CF63-31E0-450B-96F3-4A88BE7361A6}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
AGEIA PhysX v7.07.09 --> MsiExec.exe /X{65F1CF63-31E0-450B-96F3-4A88BE7361A6}
AI Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{310BC5E2-31AF-49BB-904D-E71EB93645DC}\setup.exe" -l0x9
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
AsusUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x9
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
CA Anti-Spyware --> "C:\Program Files\CA\eTrust Internet Security Suite\caunst.exe" /u /product=pp
CA Anti-Spyware --> "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\setup\ccinstaller.exe" /u /silent /module="pp"
CA Pest Patrol Realtime Protection --> MsiExec.exe /X{F05A5232-CE5E-4274-AB27-44EB8105898D}
Chinese Simplified Fonts Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-2447-0000-800000000003}
Chinese Traditional Fonts Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-2448-0000-800000000003}
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Easy CD & DVD Creator 6 --> MsiExec.exe /I{644F9DBE-CEDB-45AF-ACB8-E26692B74F62}
Express Burn --> C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
Express Rip --> C:\Program Files\NCH Swift Sound\ExpressRip\uninst.exe
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Ghost Recon Advanced Warfighter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFC97089-04D6-42CE-A707-A343B4A7D2CD}\setup.exe" -l0x9
Google Earth --> MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Guitar Pro 5.2 --> "C:\Program Files\Guitar Pro 5\unins000.exe"
High Definition Audio Driver Package - KB888111 --> C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
HP Deskjet 3900 series --> C:\Program Files\HP\Digital Imaging\{3819891A-030B-4a4e-98ED-B28A649E48AB}\setup\hpzscr01.exe -datfile hpfscr05.dat
HP Extended Capabilities 5.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone Express --> MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}
HP Imaging Device Functions 5.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
JRAID --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9 -removeonly
LimeWire PRO 4.9.23 --> "C:\Program Files\LimeWire\uninstall.exe"
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.exe" -l0x9 UNINSTALL -removeonly
Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
Medal of Honor Airborne --> MsiExec.exe /X{25F28E39-FDBB-11DB-8314-0800200C9A66}
Medal of Honor Allied Assault --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA94ED-915A-4834-A87E-388D012C8E02}\Setup.exe" -l0x9
Medal of Honor Allied Assault™ Breakthrough --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{823A68CC-3049-4A6B-8F63-7DC85E4BB1C9}\Setup.exe" -l0x9
Medal of Honor Allied Assault™ Breakthrough Patch v2.40 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF9046D6-5F1F-40B6-9782-3DC2D902D391}\Setup.exe" -l0x9
Medal of Honor Allied Assault™ Spearhead --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7914BE1E-F186-4790-B8F4-9F63C52A41C1}\Setup.exe" -l0x9
Medal of Honor Allied Assault™ Spearhead --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE699EDC-9E58-4671-A23E-9CDF7F6F42F2}\Setup.exe" -l0x9
Medal of Honor Allied Assault™ Spearhead Patch 2.15 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18EF2DEE-DCB0-466A-ABA5-4C73E508530A}\Setup.exe" -l0x9
Medal of Honor Pacific Assault™ --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}\Setup.exe" -l0x9 -removeonly
Medal of Honor Pacific Assault™ Patch2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{824539D7-D27E-4CC3-B36F-6404B5EB726B}\setup.exe" -l0x9 -removeonly
MetaFrame Presentation Server Web Client for Win32 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wficat.inf,DefaultUninstall
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Flight Simulator X Demo --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{B98A34C0-A6A2-4087-B272-557C1C6D0A07}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{20110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall
Mozilla Firefox (2.0.0.4) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (2.0.0.5) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero PhotoShow Express --> "C:\Program Files\Nero\data\Xtras\Uninstall.exe"
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
PC Probe II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\Setup.exe" -l0x9
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
ProxySwitcher Standard --> "C:\Program Files\Proxy Switcher Standard\unins000.exe"
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
REALTEK GbE & FE Ethernet PCI-E NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe" -l0x9 -removeonly
Recordpad --> C:\Program Files\NCH Swift Sound\Recordpad\uninst.exe
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{E9ED0801-253D-4FE9-AB20-F63DEFE72547}
Sony Media Manager for PSP 2.0 --> MsiExec.exe /X{05861C9A-98C0-4A8F-9A36-EB2F7E0FA2D1}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Switch --> C:\Program Files\NCH Swift Sound\Switch\uninst.exe
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
V CAST Music Manager --> C:\PROGRA~1\VERIZO~1\VCASTM~1\Setup.exe /remove /q0
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VX2 Screen Saver --> C:\WINDOWS\system32\VX2.scr /u
WavePad Uninstall --> C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinPcap 4.0.2 --> C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type3111 / Error
Event Submitted/Written: 06/14/2008 11:21:58 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type3107 / Error
Event Submitted/Written: 06/14/2008 00:23:30 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.8.20070.5781, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type3102 / Error
Event Submitted/Written: 06/12/2008 11:46:11 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20070.5781, faulting module unknown, version 0.0.0.0, fault address 0x0022004c.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type3086 / Error
Event Submitted/Written: 06/10/2008 04:25:24 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 470267289.

Event Record #/Type3085 / Error
Event Submitted/Written: 06/10/2008 04:25:21 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.8.20070.5781, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type16598 / Warning
Event Submitted/Written: 06/14/2008 00:11:42 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type16579 / Warning
Event Submitted/Written: 06/14/2008 00:22:34 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type16560 / Warning
Event Submitted/Written: 06/12/2008 10:44:07 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type16559 / Warning
Event Submitted/Written: 06/12/2008 07:06:00 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type16558 / Warning
Event Submitted/Written: 06/11/2008 05:33:03 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-06-14 23:22:52 ------------
  • 0

#28
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, thanks for the reply.. Please do the following..


please go to Start > Control Panel > Add or Remove Programs and remove the following (if present):

Viewpoint Media Player




NEXT


1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\iifgHwtQ.dll
C:\WINDOWS\system32\geBrpQIc.dll

Folder::
C:\Program Files\Viewpoint

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDD714BC-D36C-487B-8142-8BA020FB6535}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EA1C74CF-350D-4B25-957E-8F8191D1EB90}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifgHwtQ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BDD714BC-D36C-487B-8142-8BA020FB6535}"=-

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.



Regards
fenzodahl512
  • 0

#29
Derobmai41

Derobmai41

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
ComboFix 08-06-12.2 - C4 BOMB 2008-06-15 13:12:59.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1596 [GMT -4:00]
Running from: C:\Documents and Settings\C4 BOMB\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\C4 BOMB\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\geBrpQIc.dll
C:\WINDOWS\system32\iifgHwtQ.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Viewpoint
C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream_0302021C.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream_0302021C_.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream_0305000D.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\ClassIDs.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\ComponentMgr.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\ComponentRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\AOLUserShell.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\Cursors.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\JpegReader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\Mts3Reader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SceneComponent.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SreeDMMX.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\SWFView.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMgr.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPSpeech.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPVideo.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPVideo2.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\Components\WaveletReader.dll
C:\Program Files\Viewpoint\Viewpoint Media Player\DownLoadHist.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\HostRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
C:\Program Files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe
C:\Program Files\Viewpoint\Viewpoint Media Player\MTSDownloadSites.txt

.
((((((((((((((((((((((((( Files Created from 2008-05-15 to 2008-06-15 )))))))))))))))))))))))))))))))
.

2008-06-14 23:20 . 2008-06-14 23:20 <DIR> d-------- C:\Deckard
2008-06-11 17:32 . 2008-06-11 17:32 6,144 --ahs---- C:\Documents and Settings\Thumbs.db
2008-06-10 14:48 . 2008-04-14 07:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 14:48 . 2008-04-14 07:01 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-05 23:52 . 2008-06-05 23:52 2,679,001 --a------ C:\Documents and Settings\f117.jpg
2008-06-05 15:00 . 2008-06-10 22:05 <DIR> d-------- C:\Documents and Settings\Test
2008-06-04 23:53 . 2008-06-04 23:53 1,271,105 --a------ C:\Documents and Settings\F35test.jpg
2008-06-04 20:26 . 2008-06-04 20:30 <DIR> d-------- C:\Documents and Settings\C4 BOMB\Pics
2008-05-31 17:45 . 2008-06-12 07:35 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-31 17:40 . 2008-06-14 23:22 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-31 17:40 . 2008-05-31 17:40 <DIR> d-------- C:\Program Files\AVG
2008-05-31 17:40 . 2008-05-31 17:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-31 17:40 . 2008-05-31 17:40 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-31 17:40 . 2008-05-31 17:40 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-31 16:45 . 2008-05-31 16:45 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-27 13:06 . 2008-05-27 13:06 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-27 13:02 . 2008-06-10 22:05 <DIR> d-------- C:\Documents and Settings\Administrator.DESTRUCTOR
2008-05-27 13:00 . 2008-05-27 13:00 <DIR> d-------- C:\Documents and Settings\Guest1\Shared
2008-05-27 13:00 . 2008-05-27 13:00 <DIR> d-------- C:\Documents and Settings\Guest1\Incomplete
2008-05-27 13:00 . 2008-05-27 13:00 <DIR> dr-h----- C:\Documents and Settings\Guest1\Application Data\yahoo!
2008-05-27 13:00 . 2008-05-27 13:00 <DIR> d-------- C:\Documents and Settings\Guest1\Application Data\Roxio
2008-05-27 13:00 . 2008-05-27 13:00 <DIR> d-------- C:\Documents and Settings\Guest1\.limewire
2008-05-27 13:00 . 2008-06-10 22:05 <DIR> d-------- C:\Documents and Settings\Guest1
2008-05-26 13:17 . 2008-05-27 13:00 <DIR> d---s---- C:\Documents and Settings\Administrator
2008-05-23 23:09 . 2008-05-31 16:16 <DIR> d-------- C:\Program Files\CA

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-15 17:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-13 19:31 --------- d-----w C:\Program Files\music
2008-06-11 21:32 7,168 --sha-w C:\Program Files\Thumbs.db
2008-05-31 21:59 --------- d-----w C:\Program Files\GameSpy Arcade
2008-05-31 20:17 --------- d-----w C:\Program Files\Common Files\Scanner
2008-05-31 20:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\CA
2008-05-31 19:57 --------- d-----w C:\Program Files\Yahoo!
2008-05-31 19:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-27 17:00 --------- d-----w C:\Program Files\Google
2008-05-11 05:16 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-28 20:40 --------- d-----w C:\Program Files\NCH Swift Sound
2008-04-28 20:40 --------- d-----w C:\Program Files\NCH Software
2008-04-28 20:40 --------- d-----w C:\Documents and Settings\C4 BOMB\Application Data\Recordpad
2008-04-28 20:40 --------- d-----w C:\Documents and Settings\C4 BOMB\Application Data\NCH Swift Sound
2008-04-28 20:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-04-23 00:16 --------- d-----w C:\Program Files\Samsung
2008-04-23 00:14 --------- d-----w C:\Program Files\Verizon Wireless
2008-04-21 06:56 666,624 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-20 17:56 17,731 ----a-w C:\start.bat
2008-04-17 02:44 --------- d-----w C:\Program Files\WinPcap
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2006-06-23 06:48 32,768 -c--a-r C:\WINDOWS\inf\UpdateUSB.exe
.

((((((((((((((((((((((((((((( [email protected]_22.14.45.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-03 02:11:39 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-15 17:16:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-14 11:01:02 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
- 2008-02-16 09:32:03 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2008-04-21 06:56:54 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
- 2008-02-16 09:32:03 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2008-04-21 06:56:54 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2008-02-16 09:32:03 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
+ 2008-04-21 06:56:55 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
- 2008-02-16 09:32:03 1,024,000 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2008-04-21 06:56:54 1,024,000 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
- 2008-02-16 09:32:03 151,040 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2008-04-21 06:56:54 151,040 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2008-02-16 09:32:03 1,054,208 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
+ 2008-04-21 06:56:55 1,054,208 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
- 2008-02-16 09:32:04 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-21 06:56:55 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-02-16 09:32:04 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-21 06:56:55 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-02-16 09:32:04 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-21 06:56:55 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-02-15 09:07:53 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2008-04-17 10:46:59 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2008-02-16 09:32:04 251,904 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-04-21 06:56:56 251,904 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2008-02-16 09:32:04 96,256 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2008-04-21 06:56:56 96,256 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2008-02-16 09:32:04 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-21 06:56:56 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2008-02-16 09:32:06 3,066,880 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-21 06:56:57 3,066,880 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-02-16 09:32:06 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-21 06:56:57 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-02-16 09:32:06 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-21 06:56:57 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-02-16 09:32:07 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-21 06:56:58 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-02-16 09:32:07 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-21 06:56:58 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-10-29 22:43:03 1,287,680 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
- 2006-07-13 08:48:58 202,240 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
- 2008-02-16 09:32:08 1,499,136 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-04-21 06:56:58 1,499,136 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2008-02-16 09:32:08 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2008-04-21 06:56:58 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2008-02-16 09:32:08 618,496 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-21 06:56:58 618,496 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-02-16 09:32:09 666,112 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-21 06:56:59 666,624 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-02-16 09:32:04 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-21 06:56:55 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-02-16 09:32:04 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-21 06:56:55 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-02-16 09:32:04 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-21 06:56:55 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-02-16 09:32:04 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2008-04-21 06:56:56 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2008-02-16 09:32:04 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2008-04-21 06:56:56 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
- 2008-02-16 09:32:04 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-21 06:56:56 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-02-16 09:32:06 3,066,880 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-21 06:56:57 3,066,880 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-02-16 09:32:06 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-21 06:56:57 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-02-16 09:32:06 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-04-21 06:56:57 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-02-16 09:32:07 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-04-21 06:56:58 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2008-02-16 09:32:07 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-21 06:56:58 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2008-05-27 17:01:27 529,696 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2008-06-11 02:05:25 18,200 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
- 2008-02-16 09:32:08 1,499,136 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-04-21 06:56:58 1,499,136 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2008-02-16 09:32:08 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2008-04-21 06:56:58 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\system32\spmsg.dll
- 2008-02-16 09:32:08 618,496 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-21 06:56:58 618,496 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-02-15 09:06:21 351,744 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-04-17 10:37:04 351,744 ----a-w C:\WINDOWS\system32\xpsp3res.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05 344064]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 06:07 843776]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-31 17:40 1177368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^C4 BOMB^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\C4 BOMB\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^C4 BOMB^Start Menu^Programs^Startup^MEMonitor.lnk]
path=C:\Documents and Settings\C4 BOMB\Start Menu\Programs\Startup\MEMonitor.lnk
backup=C:\WINDOWS\pss\MEMonitor.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
C:\Program Files\AGEIA Technologies\TrayIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Nap]
--a------ 2006-08-31 16:01 1422848 C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusServiceProvider]
-ra------ 2006-08-03 05:25 591360 C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaISSDT]
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cctray]
--a------ 2008-05-07 16:39 181512 C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 08:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eTrustPPAP]
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2005-05-12 00:12 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
--a--c--- 2004-08-04 08:00 44032 C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a--c--- 2004-08-04 08:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]
-ra--c--- 2006-06-02 04:45 385024 C:\WINDOWS\system32\JMRaidTool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a--c--- 2007-02-10 01:46 32768 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2005-05-20 15:46 28160 C:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a--c--- 2004-08-04 08:00 59392 C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a--c--- 2004-08-04 08:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a--c--- 2004-08-04 08:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
--a--c--- 2005-02-25 20:28 212992 C:\PROGRA~1\Nero\data\xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSwitch]
--a------ 2005-04-13 18:59 1084416 C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2007-06-29 06:24 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recordpad]
--a------ 2008-04-28 16:40 577540 C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a--c--- 2005-01-12 04:01 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
--a--c--- 2003-07-15 12:36 319488 C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a------ 2003-09-24 14:02 868352 C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
--a--c--- 2003-05-01 18:44 65536 C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2006-04-10 10:19 729088 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRS Audio Sandbox]
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a--c--- 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a--c--- 2007-06-18 12:17 1259000 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2005-04-13 04:48 36975 C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Warning]
--a--c--- 2004-10-29 09:52 218232 C:\PROGRA~1\SYMNET~1\SNDWarn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ITMRTSVC"=2 (0x2)
"gusvc"=2 (0x2)
"CaCCProvSP"=3 (0x3)
"dmadmin"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"D:\\StubInstaller.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"=
"C:\\Program Files\\EA GAMES\\MOHAA\\moh_spearhead.exe"=
"C:\\Program Files\\EA GAMES\\MOHAA\\fpupdate.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Proxy Switcher Standard\\ProxySwitcher.exe"=
"C:\\Program Files\\EA GAMES\\MOHAA\\moh_breakthrough.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter\\GRAW.exe"=
"C:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault™\\mohpa.exe"=
"C:\\Program Files\\Sony\\Media Manager for PSP 2.0\\MediaManager.exe"=
"C:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault™\\mohpa_server.exe"=
"C:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-31 17:40]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-31 17:40]
R3 SS1020;Siemens SpeedStream PCI 10/100 Win2000 Driver;C:\WINDOWS\system32\DRIVERS\SS1020N5.SYS [2001-09-04 06:10]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 16:22]
S3 PPCtlPriv;PPCtlPriv;"C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPCtlPriv.exe" [2008-04-10 10:39]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{345057cf-b883-11db-b332-806d6172696f}]
\Shell\AutoRun\command - F:\ASUSACPI.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-05-26 14:59:06 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as C4 BOMB at 09 59.job"
- C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\CAAntiSpyware.exe
.
**************************************************************************

disk not found C:\

please note that you need administrator rights to perform deep scan
disk not found C:\

please note that you need administrator rights to perform deep scan
disk not found C:\

please note that you need administrator rights to perform deep scan
disk not found C:\

please note that you need administrator rights to perform deep scan
disk not found C:\

please note that you need administrator rights to perform deep scan
disk not found C:\

please note that you need administrator rights to perform deep scan
disk not found C:\

please note that you need administrator rights to perform deep scan
disk not found C:\

please note that you need administrator rights to perform deep scan
disk not found C:\

please note that you need administrator rights to perform deep scan
disk not found C:\

please note that you need administrator rights to perform deep scan
disk not found C:\

please note that you need administrator rights to perform deep scan
disk not found C:\

please note that you need administrator rights to perform deep scan
disk not found C:\

please note that you need administrator rights to perform deep scan
disk not found C:\

please note that you need administrator rights to perform deep scan
disk not found C:\

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-06-15 13:18:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-15 17:18:51
ComboFix2.txt 2008-06-03 02:14:57

Pre-Run: 23,491,207,168 bytes free
Post-Run: 23,473,840,128 bytes free

384 --- E O F --- 2008-06-11 02:10:45
  • 0

#30
Derobmai41

Derobmai41

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:20:24, on 6/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ondemand5.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 70.88.112.17:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai...cat-no-eula.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1171077850125
O18 - Protocol: bw+0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: offline-8876480 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPCtlPriv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 17132 bytes
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP