Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

i need help removing new.net.domain.plugin, darksma and other malware


  • This topic is locked This topic is locked

#31
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, thanks for the reply.. Please do the following..

Please copy everything inside the code box below and paste it into notepad. Go up to "File > Save As", click the drop-down box to change the "Save As Type" to "All Files". Save it as again.bat on your desktop.

SWXCACLS "C:\">>"%userprofile%\desktop\testing1.txt"
del again.bat


Double-click again.bat A window will open and close quickly, this is normal.

If you do not sure how to make a batch file, please visit HERE for the tutorial.


Please find testing1.txt on your Desktop and post it content here..


Regards
fenzodahl512
  • 0

Advertisements


#32
Derobmai41

Derobmai41

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
*******************************************************************************
Folder: C:\

Permissions:
*******************************************************************************
Username
Type Permissions Inheritance
*******************************************************************************
DESTRUCTOR\Administrators
Allowed Full Control This Folder, Subfolders and Files
\CREATOR OWNER
Allowed Full Control Subfolders and Files only
\Everyone
Allowed Read and Execute This Folder/File Only
NT AUTHORITY\SYSTEM
Allowed Full Control This Folder, Subfolders and Files
DESTRUCTOR\Users
Allowed Special (E2) Subfolders only
DESTRUCTOR\Users
Allowed Special (E3) This Folder and Subfolders
DESTRUCTOR\Users
Allowed Read and Execute This Folder, Subfolders and Files

No Auditing set

Owner: Administrators (DESTRUCTOR\Administrators)
  • 0

#33
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please copy (Ctrl +C) and paste (Ctrl +V) the text in the code box below to Notepad.

( SWXCACLS "C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp" /P /GS:F /GA:X
SWXCACLS "C:\alan" /P /GA:F 
SWXCACLS "C:\alan\*" /P /GA:F 
SWXCACLS "C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp"
SWXCACLS "C:\alan"
SWXCACLS "C:\alan\*" )>>"%userprofile%\desktop\lagi.txt"
del adeh.bat

Save it to your desktop as File name: adeh.bat
Save as type: All Files

Once done, double click adeh.bat to run it. A command window will open briefly, then close. This is quite normal.

A file lagi.txt will be created at your Desktop. Please post its content in your next reply..

If you do not sure how to make a batch file, please visit HERE for the tutorial.




NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.




Please post the following in your next reply..

1. C:\lagi.txt content
2. MalwareBytes' log
3. A fresh Deckard System Scanner log (after MalwareBytes' step)
4. Tell me about your computer condition..


Regards
fenzodahl512
  • 0

#34
Derobmai41

Derobmai41

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©

Changing permissions to "C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp" was unsuccessful.
Reason:
Access is denied

SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©

Changing permissions to "C:\alan" was unsuccessful.
Reason:
Access is denied

SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
*******************************************************************************
File: C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp

Access is denied

SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
*******************************************************************************
Folder: C:\alan

Access is denied

SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©

Changing permissions to "C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp" was unsuccessful.
Reason:
Access is denied

SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©

Changing permissions to "C:\alan" was unsuccessful.
Reason:
Access is denied

SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
*******************************************************************************
File: C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp

Access is denied

SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
*******************************************************************************
Folder: C:\alan

Access is denied

SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
  • 0

#35
Derobmai41

Derobmai41

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Malwarebytes' Anti-Malware 1.17
Database version: 862

20:31:59 6/16/2008
mbam-log-6-16-2008 (20-31-59).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 116747
Time elapsed: 23 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
D:\drive C\Desktop\BugdoctorSetup.exe (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
  • 0

#36
Derobmai41

Derobmai41

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Deckard's System Scanner v20071014.68
Run by C4 BOMB on 2008-06-16 20:32:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as C4 BOMB.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:32:53, on 6/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\C4 BOMB\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\C4BOMB~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ondemand5.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 70.88.112.17:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Recordpad] "C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe" -logon
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai...cat-no-eula.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1171077850125
O18 - Protocol: bw+0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPCtlPriv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 16869 bytes

-- Files created between 2008-05-16 and 2008-06-16 -----------------------------

2008-06-16 19:49:08 0 d-------- C:\Documents and Settings\C4 BOMB\Application Data\Malwarebytes
2008-06-16 19:49:06 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-16 19:49:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-15 13:12:16 68096 --a------ C:\WINDOWS\zip.exe
2008-06-15 13:12:16 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-15 13:12:16 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-15 13:12:16 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-15 13:12:16 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-15 13:12:16 98816 --a------ C:\WINDOWS\sed.exe
2008-06-15 13:12:16 80412 --a------ C:\WINDOWS\grep.exe
2008-06-15 13:12:16 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-10 15:25:34 4718592 --a------ C:\Documents and Settings\C4 BOMB\ntuser.dat
2008-06-05 15:01:00 0 d-------- C:\Documents and Settings\Test\Application Data\Identities
2008-06-05 15:00:29 0 dr------- C:\Documents and Settings\Test\My Documents
2008-06-05 15:00:29 0 d--h----- C:\Documents and Settings\Test\Local Settings
2008-06-05 15:00:29 0 dr------- C:\Documents and Settings\Test\Favorites
2008-06-05 15:00:29 0 d-------- C:\Documents and Settings\Test\Desktop
2008-06-05 15:00:29 0 d---s---- C:\Documents and Settings\Test\Cookies
2008-06-05 15:00:29 0 dr-h----- C:\Documents and Settings\Test\Application Data
2008-06-05 15:00:29 0 d---s---- C:\Documents and Settings\Test\Application Data\Microsoft
2008-06-05 15:00:28 0 d--h----- C:\Documents and Settings\Test\Templates
2008-06-05 15:00:28 0 dr------- C:\Documents and Settings\Test\Start Menu
2008-06-05 15:00:28 0 dr-h----- C:\Documents and Settings\Test\SendTo
2008-06-05 15:00:28 0 dr-h----- C:\Documents and Settings\Test\Recent
2008-06-05 15:00:28 0 d--h----- C:\Documents and Settings\Test\PrintHood
2008-06-05 15:00:28 565248 --a------ C:\Documents and Settings\Test\NTUSER.DAT
2008-06-05 15:00:28 0 d--h----- C:\Documents and Settings\Test\NetHood
2008-06-04 20:26:24 0 d-------- C:\Documents and Settings\C4 BOMB\Pics
2008-05-31 17:45:18 0 d--h----- C:\$AVG8.VAULT$
2008-05-31 17:40:03 0 d-------- C:\Program Files\AVG
2008-05-31 17:40:03 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-31 16:45:31 0 d-------- C:\Program Files\Trend Micro
2008-05-27 13:06:11 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-27 13:03:54 0 d-------- C:\Documents and Settings\Administrator.DESTRUCTOR\Application Data\Identities
2008-05-27 13:02:55 0 d--h----- C:\Documents and Settings\Administrator.DESTRUCTOR\Templates
2008-05-27 13:02:55 0 dr------- C:\Documents and Settings\Administrator.DESTRUCTOR\Start Menu
2008-05-27 13:02:55 0 dr-h----- C:\Documents and Settings\Administrator.DESTRUCTOR\SendTo
2008-05-27 13:02:55 0 dr-h----- C:\Documents and Settings\Administrator.DESTRUCTOR\Recent
2008-05-27 13:02:55 0 d--h----- C:\Documents and Settings\Administrator.DESTRUCTOR\PrintHood
2008-05-27 13:02:55 0 d--h----- C:\Documents and Settings\Administrator.DESTRUCTOR\NetHood
2008-05-27 13:02:55 0 dr------- C:\Documents and Settings\Administrator.DESTRUCTOR\My Documents
2008-05-27 13:02:55 0 d--h----- C:\Documents and Settings\Administrator.DESTRUCTOR\Local Settings
2008-05-27 13:02:55 0 dr------- C:\Documents and Settings\Administrator.DESTRUCTOR\Favorites
2008-05-27 13:02:55 0 d-------- C:\Documents and Settings\Administrator.DESTRUCTOR\Desktop
2008-05-27 13:02:55 0 d---s---- C:\Documents and Settings\Administrator.DESTRUCTOR\Cookies
2008-05-27 13:02:55 0 dr-h----- C:\Documents and Settings\Administrator.DESTRUCTOR\Application Data
2008-05-27 13:02:55 0 d---s---- C:\Documents and Settings\Administrator.DESTRUCTOR\Application Data\Microsoft
2008-05-27 13:02:54 598016 --a------ C:\Documents and Settings\Administrator.DESTRUCTOR\ntuser.dat
2008-05-27 13:00:42 0 d--h----- C:\Documents and Settings\Guest1\Templates
2008-05-27 13:00:41 0 dr------- C:\Documents and Settings\Guest1\Start Menu
2008-05-27 13:00:41 0 d-------- C:\Documents and Settings\Guest1\Shared
2008-05-27 13:00:41 0 dr-h----- C:\Documents and Settings\Guest1\SendTo
2008-05-27 13:00:41 0 dr-h----- C:\Documents and Settings\Guest1\Recent
2008-05-27 13:00:41 0 d--h----- C:\Documents and Settings\Guest1\PrintHood
2008-05-27 13:00:41 0 d--h----- C:\Documents and Settings\Guest1\NetHood
2008-05-27 13:00:39 0 d--h----- C:\Documents and Settings\Guest1\Local Settings
2008-05-27 13:00:39 0 d-------- C:\Documents and Settings\Guest1\Incomplete
2008-05-27 13:00:39 0 dr------- C:\Documents and Settings\Guest1\Favorites
2008-05-27 13:00:39 0 d--hs---- C:\Documents and Settings\Guest1\Cookies
2008-05-27 13:00:39 0 dr-h----- C:\Documents and Settings\Guest1\Application Data\yahoo!
2008-05-27 13:00:39 0 d-------- C:\Documents and Settings\Guest1\Application Data\Roxio
2008-05-27 13:00:39 0 d-------- C:\Documents and Settings\Guest1\Application Data\Mozilla
2008-05-27 13:00:38 0 dr-h----- C:\Documents and Settings\Guest1\Application Data
2008-05-27 13:00:38 0 d---s---- C:\Documents and Settings\Guest1\Application Data\Microsoft
2008-05-27 13:00:38 0 d-------- C:\Documents and Settings\Guest1\Application Data\Macromedia
2008-05-27 13:00:38 0 d-------- C:\Documents and Settings\Guest1\Application Data\Identities
2008-05-27 13:00:38 0 d-------- C:\Documents and Settings\Guest1\.limewire
2008-05-26 13:21:16 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-05-26 13:17:45 0 d-------- C:\Documents and Settings\Administrator\Cookies
2008-05-26 13:17:45 0 d-------- C:\Documents and Settings\Administrator\Application Data
2008-05-26 13:17:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-26 13:17:44 0 d-------- C:\Documents and Settings\Administrator\Templates
2008-05-26 13:17:44 0 d-------- C:\Documents and Settings\Administrator\Local Settings
2008-05-26 13:17:43 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-23 23:09:31 0 d-------- C:\Program Files\CA


-- Find3M Report ---------------------------------------------------------------

2008-06-15 21:19:24 0 d-------- C:\Documents and Settings\C4 BOMB\Application Data\NCH Swift Sound
2008-06-15 21:19:22 0 d-------- C:\Program Files\NCH Swift Sound
2008-06-15 17:24:14 7168 --ahs---- C:\Program Files\Thumbs.db
2008-06-13 15:31:59 0 d-------- C:\Program Files\music
2008-05-31 17:59:38 0 d-------- C:\Program Files\GameSpy Arcade
2008-05-31 16:17:01 0 d-------- C:\Program Files\Common Files\Scanner
2008-05-31 15:57:41 0 d-------- C:\Program Files\Yahoo!
2008-05-27 13:00:52 0 d-------- C:\Program Files\Google
2008-05-11 01:16:28 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-30 20:27:18 1024 --a------ C:\Documents and Settings\C4 BOMB\Application Data\WavCodec.wff
2008-04-28 16:40:21 0 d-------- C:\Documents and Settings\C4 BOMB\Application Data\Recordpad
2008-04-28 16:40:20 0 d-------- C:\Program Files\NCH Software
2008-04-22 20:16:02 0 d-------- C:\Program Files\Samsung
2008-04-22 20:14:49 0 d-------- C:\Program Files\Verizon Wireless
2008-04-20 13:56:14 17731 --a------ C:\start.bat
2008-04-16 22:44:16 0 d-------- C:\Program Files\WinPcap


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/05/2005 22:05]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [05/01/2006 06:07]
"Recordpad"="C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe" [06/15/2008 21:19]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^C4 BOMB^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\C4 BOMB\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^C4 BOMB^Start Menu^Programs^Startup^MEMonitor.lnk]
path=C:\Documents and Settings\C4 BOMB\Start Menu\Programs\Startup\MEMonitor.lnk
backup=C:\WINDOWS\pss\MEMonitor.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
C:\Program Files\AGEIA Technologies\TrayIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Nap]
"C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusServiceProvider]
C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaISSDT]
"C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cctray]
"C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eTrustPPAP]
"C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]
C:\WINDOWS\system32\JMRaidTool.exe boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
"C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
C:\PROGRA~1\Nero\data\xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSwitch]
C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recordpad]
"C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe" -logon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
"C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
"C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRS Audio Sandbox]
"C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"C:\Program Files\Steam\Steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Warning]
C:\PROGRA~1\SYMNET~1\SNDWarn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ITMRTSVC"=2 (0x2)
"gusvc"=2 (0x2)
"CaCCProvSP"=3 (0x3)
"dmadmin"=3 (0x3)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{345057cf-b883-11db-b332-806d6172696f}]
AutoRun\command- F:\ASUSACPI.exe




-- End of Deckard's System Scanner: finished at 2008-06-16 20:33:25 ------------




Computer speed seems to be back to normal and less program freezes but i still cannot access C:\alan and C:\System Volume Information. I can access the system volume information folder in the other computer in my house there is probably o need to go into i am just wondering y i cannot access it in this computer.
  • 0

#37
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, thanks for the feedback... Now, let me be frank with you.. It looks like someone may has messed with your folders permissions.. That's why you can't access those folders in the first place..


Now, about C:\System Volume Information folder, you don't wanna mess with it.. Just leave it as it is.. You shouldn't get access to that folder..

For your C:\alan folder, lets do the following..


Please copy everything inside the code box below and paste it into notepad. Go up to "File > Save As", click the drop-down box to change the "Save As Type" to "All Files". Save it as letih.bat on your desktop.

( SWXCACLS "C:\alan" /OA /P /GA:F
SWXCACLS "C:\alan\*" /OA /P /GA:F
SWXCACLS "C:\alan"
SWXCACLS "C:\alan\*" )>>lagi1.txt
del letih.bat


Double-click letih.bat A window will open and close quickly, this is normal.

If you do not sure how to make a batch file, please visit HERE for the tutorial.


Please find lagi1.txt on your Desktop and post its content here..


Then please report back whether you success to get your C:\alan folder back or not..



Regards
fenzodahl512

Edited by fenzodahl512, 17 June 2008 - 02:09 AM.

  • 0

#38
Derobmai41

Derobmai41

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
thank you that has worked

SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
Ownerchange for "C:\alan" to Administrators group was successful
File: "C:\alan"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
Ownerchange for "C:\alan\AIMLogger" to Administrators group was successful
File: "C:\alan\AIMLogger"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"

Ownerchange for "C:\alan\Desktop" to Administrators group was successful
File: "C:\alan\Desktop"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"

Ownerchange for "C:\alan\desktop.ini" to Administrators group was successful
File: "C:\alan\desktop.ini"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"

Ownerchange for "C:\alan\ieSpell" to Administrators group was successful
File: "C:\alan\ieSpell"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"

Ownerchange for "C:\alan\My Music" to Administrators group was successful
File: "C:\alan\My Music"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"

Ownerchange for "C:\alan\My Pictures" to Administrators group was successful
File: "C:\alan\My Pictures"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"

Ownerchange for "C:\alan\WM_Alan My Documents" to Administrators group was successful
File: "C:\alan\WM_Alan My Documents"
Granting NTFS rights (F access for This Folder and Files) for "Administrators"

SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
*******************************************************************************
Folder: C:\alan

Permissions:
*******************************************************************************
Username
Type Permissions Inheritance
*******************************************************************************
DESTRUCTOR\Administrators
Allowed Full Control This Folder, Subfolders and Files
DESTRUCTOR\Administrators
Allowed Full Control This Folder, Subfolders and Files (Inherited)
\CREATOR OWNER
Allowed Full Control Subfolders and Files only (Inherited)
NT AUTHORITY\SYSTEM
Allowed Full Control This Folder, Subfolders and Files (Inherited)
DESTRUCTOR\Users
Allowed Special (E2) This Folder and Subfolders (Inherited)
DESTRUCTOR\Users
Allowed Special (E3) This Folder and Subfolders (Inherited)
DESTRUCTOR\Users
Allowed Read and Execute This Folder, Subfolders and Files (Inherited)

No Auditing set

Owner: Administrators (DESTRUCTOR\Administrators)
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
*******************************************************************************
Folder: C:\alan\AIMLogger

Permissions:
*******************************************************************************
Username
Type Permissions Inheritance
*******************************************************************************
DESTRUCTOR\Administrators
Allowed Full Control This Folder, Subfolders and Files
DESTRUCTOR\Administrators
Allowed Full Control This Folder, Subfolders and Files (Inherited)
\CREATOR OWNER
Allowed Full Control Subfolders and Files only (Inherited)
NT AUTHORITY\SYSTEM
Allowed Full Control This Folder, Subfolders and Files (Inherited)
DESTRUCTOR\Users
Allowed Special (E2) This Folder and Subfolders (Inherited)
DESTRUCTOR\Users
Allowed Special (E3) This Folder and Subfolders (Inherited)
DESTRUCTOR\Users
Allowed Read and Execute This Folder, Subfolders and Files (Inherited)

No Auditing set

Owner: Administrators (DESTRUCTOR\Administrators)

*******************************************************************************
Folder: C:\alan\Desktop

Permissions:
*******************************************************************************
Username
Type Permissions Inheritance
*******************************************************************************
DESTRUCTOR\Administrators
Allowed Full Control This Folder, Subfolders and Files
DESTRUCTOR\Administrators
Allowed Full Control This Folder, Subfolders and Files (Inherited)
\CREATOR OWNER
Allowed Full Control Subfolders and Files only (Inherited)
NT AUTHORITY\SYSTEM
Allowed Full Control This Folder, Subfolders and Files (Inherited)
DESTRUCTOR\Users
Allowed Special (E2) This Folder and Subfolders (Inherited)
DESTRUCTOR\Users
Allowed Special (E3) This Folder and Subfolders (Inherited)
DESTRUCTOR\Users
Allowed Read and Execute This Folder, Subfolders and Files (Inherited)

No Auditing set

Owner: Administrators (DESTRUCTOR\Administrators)

*******************************************************************************
File: C:\alan\desktop.ini

Permissions:
*******************************************************************************
Username
Type Permissions Inheritance
*******************************************************************************
DESTRUCTOR\Administrators
Allowed Full Control This Folder/File Only
DESTRUCTOR\Administrators
Allowed Full Control This Folder/File Only (Inherited)
NT AUTHORITY\SYSTEM
Allowed Full Control This Folder/File Only (Inherited)
DESTRUCTOR\Users
Allowed Read and Execute This Folder/File Only (Inherited)

No Auditing set

Owner: Administrators (DESTRUCTOR\Administrators)

*******************************************************************************
Folder: C:\alan\ieSpell

Permissions:
*******************************************************************************
Username
Type Permissions Inheritance
*******************************************************************************
DESTRUCTOR\Administrators
Allowed Full Control This Folder, Subfolders and Files
DESTRUCTOR\Administrators
Allowed Full Control This Folder, Subfolders and Files (Inherited)
\CREATOR OWNER
Allowed Full Control Subfolders and Files only (Inherited)
NT AUTHORITY\SYSTEM
Allowed Full Control This Folder, Subfolders and Files (Inherited)
DESTRUCTOR\Users
Allowed Special (E2) This Folder and Subfolders (Inherited)
DESTRUCTOR\Users
Allowed Special (E3) This Folder and Subfolders (Inherited)
DESTRUCTOR\Users
Allowed Read and Execute This Folder, Subfolders and Files (Inherited)

No Auditing set

Owner: Administrators (DESTRUCTOR\Administrators)

*******************************************************************************
Folder: C:\alan\My Music

Permissions:
*******************************************************************************
Username
Type Permissions Inheritance
*******************************************************************************
DESTRUCTOR\Administrators
Allowed Full Control This Folder, Subfolders and Files
DESTRUCTOR\Administrators
Allowed Full Control This Folder, Subfolders and Files (Inherited)
\CREATOR OWNER
Allowed Full Control Subfolders and Files only (Inherited)
NT AUTHORITY\SYSTEM
Allowed Full Control This Folder, Subfolders and Files (Inherited)
DESTRUCTOR\Users
Allowed Special (E2) This Folder and Subfolders (Inherited)
DESTRUCTOR\Users
Allowed Special (E3) This Folder and Subfolders (Inherited)
DESTRUCTOR\Users
Allowed Read and Execute This Folder, Subfolders and Files (Inherited)

No Auditing set

Owner: Administrators (DESTRUCTOR\Administrators)

*******************************************************************************
Folder: C:\alan\My Pictures

Permissions:
*******************************************************************************
Username
Type Permissions Inheritance
*******************************************************************************
DESTRUCTOR\Administrators
Allowed Full Control This Folder, Subfolders and Files
DESTRUCTOR\Administrators
Allowed Full Control This Folder, Subfolders and Files (Inherited)
\CREATOR OWNER
Allowed Full Control Subfolders and Files only (Inherited)
NT AUTHORITY\SYSTEM
Allowed Full Control This Folder, Subfolders and Files (Inherited)
DESTRUCTOR\Users
Allowed Special (E2) This Folder and Subfolders (Inherited)
DESTRUCTOR\Users
Allowed Special (E3) This Folder and Subfolders (Inherited)
DESTRUCTOR\Users
Allowed Read and Execute This Folder, Subfolders and Files (Inherited)

No Auditing set

Owner: Administrators (DESTRUCTOR\Administrators)

*******************************************************************************
Folder: C:\alan\WM_Alan My Documents

Permissions:
*******************************************************************************
Username
Type Permissions Inheritance
*******************************************************************************
DESTRUCTOR\Administrators
Allowed Full Control This Folder, Subfolders and Files
DESTRUCTOR\Administrators
Allowed Full Control This Folder, Subfolders and Files (Inherited)
\CREATOR OWNER
Allowed Full Control Subfolders and Files only (Inherited)
NT AUTHORITY\SYSTEM
Allowed Full Control This Folder, Subfolders and Files (Inherited)
DESTRUCTOR\Users
Allowed Special (E2) This Folder and Subfolders (Inherited)
DESTRUCTOR\Users
Allowed Special (E3) This Folder and Subfolders (Inherited)
DESTRUCTOR\Users
Allowed Read and Execute This Folder, Subfolders and Files (Inherited)

No Auditing set

Owner: Administrators (DESTRUCTOR\Administrators)
  • 0

#39
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Great! Now lets do the following...

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Tell me about your computer..

Regards
fenzodahl512
  • 0

#40
Derobmai41

Derobmai41

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
not able to scan...keep getting the message "starting java applet has failed. please go online to use this program' i have internet connection i do not know y it is not going through
  • 0

Advertisements


#41
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Ok.. lets do this then...


Please download Dr.Web CureIt to the Desktop:
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, please do a re-scan.. This time, choose Complete Scan
  • Click the green arrow button at the right, and the scan will start.
  • After the scan finished, click Select all
  • Click on Cure and choose Move incurable
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your Desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.



Please also include a fresh Deckard System Scanner log in your next reply.. Tell me about your computer condition now..

Regards
fenzodahl512
  • 0

#42
Derobmai41

Derobmai41

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
Deckard's System Scanner v20071014.68
Run by C4 BOMB on 2008-06-18 22:10:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as C4 BOMB.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:10:27, on 6/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\C4 BOMB\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\C4BOMB~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ondemand5.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 70.88.112.17:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai...cat-no-eula.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1171077850125
O18 - Protocol: bw+0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {9666D999-019D-4F23-9AEE-E13299C948B9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPCtlPriv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 17413 bytes

-- Files created between 2008-05-18 and 2008-06-18 -----------------------------

2008-06-18 20:18:09 0 d-------- C:\Documents and Settings\C4 BOMB\DoctorWeb
2008-06-16 19:49:08 0 d-------- C:\Documents and Settings\C4 BOMB\Application Data\Malwarebytes
2008-06-16 19:49:06 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-16 19:49:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-15 13:12:16 68096 --a------ C:\WINDOWS\zip.exe
2008-06-15 13:12:16 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-15 13:12:16 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-15 13:12:16 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-15 13:12:16 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-15 13:12:16 98816 --a------ C:\WINDOWS\sed.exe
2008-06-15 13:12:16 80412 --a------ C:\WINDOWS\grep.exe
2008-06-15 13:12:16 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-10 15:25:34 4718592 --a------ C:\Documents and Settings\C4 BOMB\ntuser.dat
2008-06-05 15:01:00 0 d-------- C:\Documents and Settings\Test\Application Data\Identities
2008-06-05 15:00:29 0 dr------- C:\Documents and Settings\Test\My Documents
2008-06-05 15:00:29 0 d--h----- C:\Documents and Settings\Test\Local Settings
2008-06-05 15:00:29 0 dr------- C:\Documents and Settings\Test\Favorites
2008-06-05 15:00:29 0 d-------- C:\Documents and Settings\Test\Desktop
2008-06-05 15:00:29 0 d---s---- C:\Documents and Settings\Test\Cookies
2008-06-05 15:00:29 0 dr-h----- C:\Documents and Settings\Test\Application Data
2008-06-05 15:00:29 0 d---s---- C:\Documents and Settings\Test\Application Data\Microsoft
2008-06-05 15:00:28 0 d--h----- C:\Documents and Settings\Test\Templates
2008-06-05 15:00:28 0 dr------- C:\Documents and Settings\Test\Start Menu
2008-06-05 15:00:28 0 dr-h----- C:\Documents and Settings\Test\SendTo
2008-06-05 15:00:28 0 dr-h----- C:\Documents and Settings\Test\Recent
2008-06-05 15:00:28 0 d--h----- C:\Documents and Settings\Test\PrintHood
2008-06-05 15:00:28 565248 --a------ C:\Documents and Settings\Test\NTUSER.DAT
2008-06-05 15:00:28 0 d--h----- C:\Documents and Settings\Test\NetHood
2008-06-04 20:26:24 0 d-------- C:\Documents and Settings\C4 BOMB\Pics
2008-05-31 17:45:18 0 d--h----- C:\$AVG8.VAULT$
2008-05-31 17:40:03 0 d-------- C:\Program Files\AVG
2008-05-31 17:40:03 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-31 16:45:31 0 d-------- C:\Program Files\Trend Micro
2008-05-27 13:06:11 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-27 13:03:54 0 d-------- C:\Documents and Settings\Administrator.DESTRUCTOR\Application Data\Identities
2008-05-27 13:02:55 0 d--h----- C:\Documents and Settings\Administrator.DESTRUCTOR\Templates
2008-05-27 13:02:55 0 dr------- C:\Documents and Settings\Administrator.DESTRUCTOR\Start Menu
2008-05-27 13:02:55 0 dr-h----- C:\Documents and Settings\Administrator.DESTRUCTOR\SendTo
2008-05-27 13:02:55 0 dr-h----- C:\Documents and Settings\Administrator.DESTRUCTOR\Recent
2008-05-27 13:02:55 0 d--h----- C:\Documents and Settings\Administrator.DESTRUCTOR\PrintHood
2008-05-27 13:02:55 0 d--h----- C:\Documents and Settings\Administrator.DESTRUCTOR\NetHood
2008-05-27 13:02:55 0 dr------- C:\Documents and Settings\Administrator.DESTRUCTOR\My Documents
2008-05-27 13:02:55 0 d--h----- C:\Documents and Settings\Administrator.DESTRUCTOR\Local Settings
2008-05-27 13:02:55 0 dr------- C:\Documents and Settings\Administrator.DESTRUCTOR\Favorites
2008-05-27 13:02:55 0 d-------- C:\Documents and Settings\Administrator.DESTRUCTOR\Desktop
2008-05-27 13:02:55 0 d---s---- C:\Documents and Settings\Administrator.DESTRUCTOR\Cookies
2008-05-27 13:02:55 0 dr-h----- C:\Documents and Settings\Administrator.DESTRUCTOR\Application Data
2008-05-27 13:02:55 0 d---s---- C:\Documents and Settings\Administrator.DESTRUCTOR\Application Data\Microsoft
2008-05-27 13:02:54 598016 --a------ C:\Documents and Settings\Administrator.DESTRUCTOR\ntuser.dat
2008-05-27 13:00:42 0 d--h----- C:\Documents and Settings\Guest1\Templates
2008-05-27 13:00:41 0 dr------- C:\Documents and Settings\Guest1\Start Menu
2008-05-27 13:00:41 0 d-------- C:\Documents and Settings\Guest1\Shared
2008-05-27 13:00:41 0 dr-h----- C:\Documents and Settings\Guest1\SendTo
2008-05-27 13:00:41 0 dr-h----- C:\Documents and Settings\Guest1\Recent
2008-05-27 13:00:41 0 d--h----- C:\Documents and Settings\Guest1\PrintHood
2008-05-27 13:00:41 0 d--h----- C:\Documents and Settings\Guest1\NetHood
2008-05-27 13:00:39 0 d--h----- C:\Documents and Settings\Guest1\Local Settings
2008-05-27 13:00:39 0 d-------- C:\Documents and Settings\Guest1\Incomplete
2008-05-27 13:00:39 0 dr------- C:\Documents and Settings\Guest1\Favorites
2008-05-27 13:00:39 0 d--hs---- C:\Documents and Settings\Guest1\Cookies
2008-05-27 13:00:39 0 dr-h----- C:\Documents and Settings\Guest1\Application Data\yahoo!
2008-05-27 13:00:39 0 d-------- C:\Documents and Settings\Guest1\Application Data\Roxio
2008-05-27 13:00:39 0 d-------- C:\Documents and Settings\Guest1\Application Data\Mozilla
2008-05-27 13:00:38 0 dr-h----- C:\Documents and Settings\Guest1\Application Data
2008-05-27 13:00:38 0 d---s---- C:\Documents and Settings\Guest1\Application Data\Microsoft
2008-05-27 13:00:38 0 d-------- C:\Documents and Settings\Guest1\Application Data\Macromedia
2008-05-27 13:00:38 0 d-------- C:\Documents and Settings\Guest1\Application Data\Identities
2008-05-27 13:00:38 0 d-------- C:\Documents and Settings\Guest1\.limewire
2008-05-26 13:21:16 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-05-26 13:17:45 0 d-------- C:\Documents and Settings\Administrator\Cookies
2008-05-26 13:17:45 0 d-------- C:\Documents and Settings\Administrator\Application Data
2008-05-26 13:17:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-26 13:17:44 0 d-------- C:\Documents and Settings\Administrator\Templates
2008-05-26 13:17:44 0 d-------- C:\Documents and Settings\Administrator\Local Settings
2008-05-26 13:17:43 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-23 23:09:31 0 d-------- C:\Program Files\CA


-- Find3M Report ---------------------------------------------------------------

2008-06-17 22:49:10 0 d-------- C:\Program Files\Java
2008-06-17 17:52:17 0 d-------- C:\Program Files\music
2008-06-17 17:52:17 0 d-------- C:\Program Files\Messenger
2008-06-17 17:52:15 0 d-------- C:\Program Files\Steam
2008-06-17 17:52:14 0 d-------- C:\Program Files\LimeWire
2008-06-17 17:52:14 0 d-------- C:\Program Files\Incomplete
2008-06-17 17:52:14 0 d-------- C:\Program Files\GameSpy Arcade
2008-06-17 17:52:14 0 d-------- C:\Program Files\DivX
2008-06-17 17:52:13 0 d-------- C:\Program Files\AIM
2008-06-16 20:33:50 7168 --ahs---- C:\Program Files\Thumbs.db
2008-06-15 21:19:24 0 d-------- C:\Documents and Settings\C4 BOMB\Application Data\NCH Swift Sound
2008-06-15 21:19:22 0 d-------- C:\Program Files\NCH Swift Sound
2008-05-31 16:17:01 0 d-------- C:\Program Files\Common Files\Scanner
2008-05-31 15:57:41 0 d-------- C:\Program Files\Yahoo!
2008-05-27 13:00:52 0 d-------- C:\Program Files\Google
2008-05-11 01:16:28 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-30 20:27:18 1024 --a------ C:\Documents and Settings\C4 BOMB\Application Data\WavCodec.wff
2008-04-28 16:40:21 0 d-------- C:\Documents and Settings\C4 BOMB\Application Data\Recordpad
2008-04-28 16:40:20 0 d-------- C:\Program Files\NCH Software
2008-04-22 20:16:02 0 d-------- C:\Program Files\Samsung
2008-04-22 20:14:49 0 d-------- C:\Program Files\Verizon Wireless
2008-04-20 13:56:14 17731 --a------ C:\start.bat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/05/2005 22:05]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [05/01/2006 06:07]
"SoundMax"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [04/10/2006 10:19]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^C4 BOMB^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\C4 BOMB\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^C4 BOMB^Start Menu^Programs^Startup^MEMonitor.lnk]
path=C:\Documents and Settings\C4 BOMB\Start Menu\Programs\Startup\MEMonitor.lnk
backup=C:\WINDOWS\pss\MEMonitor.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
C:\Program Files\AGEIA Technologies\TrayIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Nap]
"C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusServiceProvider]
C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaISSDT]
"C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cctray]
"C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eTrustPPAP]
"C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]
C:\WINDOWS\system32\JMRaidTool.exe boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
"C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
C:\PROGRA~1\Nero\data\xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSwitch]
C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recordpad]
"C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe" -logon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
"C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
"C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRS Audio Sandbox]
"C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"C:\Program Files\Steam\Steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Warning]
C:\PROGRA~1\SYMNET~1\SNDWarn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ITMRTSVC"=2 (0x2)
"gusvc"=2 (0x2)
"CaCCProvSP"=3 (0x3)
"dmadmin"=3 (0x3)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{345057cf-b883-11db-b332-806d6172696f}]
AutoRun\command- F:\ASUSACPI.exe




-- End of Deckard's System Scanner: finished at 2008-06-18 22:10:45 ------------






I don't really see much change but i'm sure what was just done did help in a way.

Attached Files


  • 0

#43
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Logs look clean to me.. Tell me, do you still have problems with your computer.. Also I don't see any antivirus in your latest log.. Tell me what antivirus installed in this computer :)
  • 0

#44
Derobmai41

Derobmai41

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
No problems anymore....thank you very much for your help..i tried doing what i could myself but you guys still amaze me with what you can do to fix a computer...any tech, at like best buy or a computer store, they probably would of just reformatted the computer.

I used to use Norton for my anti virus but it slows down my computer allot so i tried out avg which seems to work pretty well just my internet speed gets slower because it scans every site to see of anything false on the sites. I have been pretty good with avoiding viruses and stuff...most likely the only reason y i ran into this problem was because my friend decided to help me out and get me some music editing programs. If you have any suggestions of anti virus that does not affect computer speed or matter of fact mainly internet speed i will look into them.
  • 0

#45
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, thanks for the reply... Apology for my late reply.. I was in hospital for two days due to bad food (food poisoning)..


Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
    Please note that the space between x and / is needed

    Posted Image




NEXT


Now for some cleanup..
  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.




NEXT


Please Install/Update Sun Java

Updating Java:
  • Go to Start --> Control Panel --> Add or Remove Programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
  • It should have next icon next to it: Posted Image
  • Select it and click Remove. This will uninstall the previous (outdated) version of Java.
  • Then Download and install the newest version from here: Java Runtime Environment (JRE) 6 Update 6




NEXT


I haven't seen any antivirus in your logs.. Antivirus is extremely crucial as without it you will get re-infected again! Do you have any? If you don't, please install ONLY ONE of these free and excellent antivirus below:


I also haven't seen any third-party firewall in your logs.. Do you have any? If you don't, please install ONLY ONE of these free and excellent firewall below:
After you install the third party firewall, please disable your Windows firewall. Please go to My Computer >> Control Panel >> Windows Firewall and choose Off (not recommended) option. Then please click Apply and Ok.


Lastly, to keep your operating system up to date please visit the link below monthly

To learn more about how to protect yourself while on the internet read this excellent article by Tony Klein: So how did I get infected in the first place?

Please also read an excellent article by miekiemoes :Help! My computer is slow!

And another excellent article by CastleCops Malware Prevention: Prevent Re-infection

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :)



Have a safe and happy computing day!


Regards
fenzodahl512
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP