Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

kxvo.exe question.. [RESOLVED]


  • This topic is locked This topic is locked

#1
polgas14

polgas14

    Member

  • Member
  • PipPip
  • 12 posts
Hi..
I'm new here and i want to ask a question..
I just got infected by a kxvo.exe virus and i just wanted to know if it can be resolved by simply using the system restore?..
thx for the help.. :)
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Probably not as it depends on when you got it

Download & Run HijackThis.exe

  • Download HJTInstall.exe to your Desktop.
  • Doubleclick HJTInstall.exe to install it.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Copy/Paste the log to your next reply please.
Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
  • 0

#3
polgas14

polgas14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
i did a system scan and this is what i got..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:19:30 AM, on 6/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\VDOTool\TBPanel.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TBPanel] C:\Program Files\VDOTool\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - Startup: Thoosje Vista Sidebar.lnk = C:\Program Files\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 8977 bytes
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
There is no evidence of an infection there, how did you know you were infected ?

I would like to do a deeper scan to be sure

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#5
polgas14

polgas14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
i did a system restore after i got infected..i just don't know if it works because the file that i copy from the flash drive is still in my computer after i perform system restore..i don't know if it removed the virus..

Deckard's System Scanner v20071014.68
Run by Admin on 2008-06-18 07:56:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
38: 2008-06-18 19:56:57 UTC - RP38 - Deckard's System Scanner Restore Point
37: 2008-06-17 09:50:30 UTC - RP37 - Restore Point 1.2 !!
36: 2008-06-17 09:41:33 UTC - RP36 - Installed Thoosje Quick Xp Optimizer Installer V2
35: 2008-06-17 09:15:53 UTC - RP35 - Restore Operation
34: 2008-06-17 08:34:49 UTC - RP34 - Installed Thoosje Quick Xp Optimizer Installer V2


-- First Restore Point --
1: 2008-06-15 23:59:55 UTC - RP1 - Installed J2SE Runtime Environment 5.0 Update 7


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Admin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:57:59 AM, on 6/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\VDOTool\TBPanel.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Admin\Desktop\dss.exe
C:\PROGRA~1\AVG\AVG8\avgscanx.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TBPanel] C:\Program Files\VDOTool\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - Startup: Thoosje Vista Sidebar.lnk = C:\Program Files\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 8940 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 StyleXPHelper - c:\program files\tgtsoft\stylexp\stylexphelper.exe <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 StyleXPService - "c:\program files\tgtsoft\stylexp\stylexpservice.exe" <Not Verified; ; StyleXPService Module>

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: nVidia WDM Video Capture (universal)
Device ID: DISPLAY\NVCAP\5&1D3EC377&0&CA000002&01&00
Manufacturer: nVidia
Name: nVidia WDM Video Capture (universal)
PNP Device ID: DISPLAY\NVCAP\5&1D3EC377&0&CA000002&01&00
Service: nvcap


-- Scheduled Tasks -------------------------------------------------------------

2008-06-16 20:49:10 354 --a------ C:\WINDOWS\Tasks\At1.job


-- Files created between 2008-05-18 and 2008-06-18 -----------------------------

2008-06-17 21:00:44 0 d-------- C:\Documents and Settings\Admin\Application Data\Malwarebytes
2008-06-17 21:00:42 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-17 21:00:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-17 21:00:10 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-17 07:19:06 0 d-------- C:\Program Files\Trend Micro
2008-06-16 22:38:04 0 d-------- C:\WINDOWS\pss
2008-06-16 21:41:34 0 d-------- C:\Program Files\Thoosje
2008-06-16 20:25:53 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-06-16 20:25:35 0 d-------- C:\Program Files\Reference Assemblies
2008-06-15 17:27:44 0 d-------- C:\Documents and Settings\Admin\Application Data\HP
2008-06-15 17:07:35 0 d-------- C:\Program Files\iTunes
2008-06-15 17:07:27 0 d-------- C:\Program Files\Bonjour
2008-06-15 17:07:04 0 d-------- C:\Program Files\QuickTime
2008-06-15 17:06:56 0 d-------- C:\Program Files\Apple Software Update
2008-06-15 17:06:24 0 d-------- C:\Program Files\Common Files\Apple
2008-06-15 17:06:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-15 14:38:16 0 d-------- C:\Program Files\SystemRequirementsLab
2008-06-15 14:38:06 0 d-------- C:\Documents and Settings\Admin\Application Data\SystemRequirementsLab
2008-06-15 14:33:58 0 d-------- C:\WINDOWS\Sun
2008-06-15 14:33:58 0 d-------- C:\Documents and Settings\Admin\Application Data\Sun
2008-06-15 14:15:04 0 d-------- C:\Documents and Settings\Admin\Incomplete
2008-06-15 14:14:57 0 d-------- C:\Documents and Settings\Admin\Application Data\LimeWire
2008-06-15 13:31:32 0 d--h----- C:\$AVG8.VAULT$
2008-06-15 13:28:28 0 d-------- C:\Documents and Settings\Admin\Application Data\DivX
2008-06-15 13:27:16 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-15 13:27:13 0 d-------- C:\Program Files\AVG
2008-06-15 13:27:13 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-15 13:23:29 304128 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-06-15 13:23:28 0 d-------- C:\Documents and Settings\Admin\WINDOWS
2008-06-15 13:22:17 0 d-------- C:\Documents and Settings\Admin\Application Data\Adobe
2008-06-15 13:20:57 0 d-------- C:\Program Files\Final Fantasy VII
2008-06-15 13:14:01 0 d-------- C:\Program Files\Microsoft Games
2008-06-15 13:09:32 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-15 13:09:29 0 d-------- C:\Documents and Settings\Admin\Application Data\Mozilla
2008-06-15 13:07:18 0 d-------- C:\Program Files\VID_0E8F&PID_0003
2008-06-15 13:05:00 0 dr-h----- C:\Documents and Settings\Admin\Application Data\SecuROM
2008-06-15 13:01:13 25037 --a------ C:\WINDOWS\system32\Nucleus.dll
2008-06-15 13:01:13 494557 --a------ C:\WINDOWS\system32\dxgi.dll
2008-06-15 13:01:12 519912 --a------ C:\WINDOWS\system32\d3dx10.dll
2008-06-15 13:01:12 566624 --a------ C:\WINDOWS\system32\d3d10.dll
2008-06-15 12:59:08 0 d-------- C:\Program Files\Thoosje Sidebar V2.3
2008-06-15 12:58:59 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-15 12:57:51 0 d-------- C:\Program Files\TGTSoft
2008-06-15 12:57:03 0 d-------- C:\WINDOWS\system32\LogFiles
2008-06-15 12:57:03 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-15 12:57:01 0 d-------- C:\Program Files\LimeWire
2008-06-15 12:56:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-15 12:54:57 0 d-------- C:\Program Files\Tomb Raider - Anniversary
2008-06-15 12:54:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-06-15 12:53:56 0 d-------- C:\Program Files\RocketDock
2008-06-15 12:52:05 0 d-------- C:\Documents and Settings\Admin\Application Data\HPAppData
2008-06-15 12:51:38 0 d-------- C:\Program Files\data
2008-06-15 12:51:32 0 d-------- C:\Program Files\DivX
2008-06-15 12:49:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-06-15 12:49:33 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-15 12:47:56 0 d-------- C:\Program Files\AC3Filter
2008-06-15 12:46:30 0 d-------- C:\Program Files\RO
2008-06-15 12:44:04 0 d-------- C:\Documents and Settings\Admin\Application Data\Apple Computer
2008-06-15 12:43:59 0 d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-06-15 12:43:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-15 12:43:18 38229 -----n--- C:\WINDOWS\system32\drivers\StMp3Rec.sys <Not Verified; Generic; Generic MP3 Player>
2008-06-15 12:43:13 0 d-------- C:\Program Files\iPod
2008-06-15 12:41:50 0 d-------- C:\WINDOWS\Downloaded Installations
2008-06-15 12:38:18 0 d-------- C:\Program Files\Common Files\LightScribe
2008-06-15 12:37:46 0 d-------- C:\Documents and Settings\Admin\Application Data\Ahead
2008-06-15 12:37:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-06-15 12:34:57 0 d-------- C:\Program Files\Nero
2008-06-15 12:34:57 0 d-------- C:\Program Files\Common Files\Ahead
2008-06-15 12:34:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-06-15 12:34:36 0 d-------- C:\WINDOWS\RegisteredPackages
2008-06-15 12:33:33 0 d-------- C:\Documents and Settings\LocalService\Application Data\HP
2008-06-15 12:32:26 0 d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-06-15 12:31:36 0 d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-06-15 12:30:48 0 d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-06-15 12:30:47 0 d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-06-15 12:30:39 0 d-------- C:\Program Files\Common Files\HP
2008-06-15 12:30:27 0 d-------- C:\Program Files\Hewlett-Packard
2008-06-15 12:30:20 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-06-15 12:29:45 0 d-------- C:\Program Files\HP
2008-06-15 12:29:44 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-06-15 12:29:09 2000 -----n--- C:\WINDOWS\hpomdl14.dat
2008-06-15 12:29:09 141199 --a------ C:\WINDOWS\hpoins14.dat
2008-06-15 12:29:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-06-15 12:19:38 0 d-------- C:\WINDOWS\nview
2008-06-15 12:19:23 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2008-06-15 12:19:21 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-06-15 12:19:21 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-06-15 12:19:21 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-06-15 12:19:21 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-06-15 12:19:21 425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-06-15 12:19:20 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-06-15 12:19:20 1482752 --a------ C:\WINDOWS\system32\nview.dll
2008-06-15 12:17:45 0 d-------- C:\Program Files\VDOTool
2008-06-15 12:15:11 0 d-------- C:\WINDOWS\OPTIONS
2008-06-15 12:15:06 0 d-------- C:\Documents and Settings\Admin\Application Data\InstallShield
2008-06-15 12:14:50 0 d-------- C:\WINDOWS\system32\Lang
2008-06-15 12:13:42 49152 -r------- C:\WINDOWS\system32\ChCfg.exe
2008-06-15 12:13:29 0 d-------- C:\WINDOWS\system32\RTCOM
2008-06-15 12:13:11 0 d-------- C:\Program Files\Realtek
2008-06-15 12:13:10 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-15 12:13:08 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-06-15 12:13:07 520192 -r------- C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-06-15 12:13:04 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-15 12:10:56 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-06-15 12:10:54 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-06-15 12:10:54 53248 --a------ C:\WINDOWS\system32\CSVer.dll <Not Verified; Windows XP Bundled build C-Centric Single User; Windows XP Bundled build C-Centric Single User CSVer>
2008-06-15 12:10:54 0 d-------- C:\Program Files\Intel
2008-06-15 12:10:51 0 d-------- C:\Intel
2008-06-15 12:10:45 0 d-------- C:\Program Files\Yahoo!
2008-06-15 12:08:32 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-15 12:08:31 171280 --a------ C:\WINDOWS\system32\jit.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-15 12:08:31 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-15 12:08:31 313856 --a------ C:\WINDOWS\system32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Java>
2008-06-15 12:08:31 6550 --a------ C:\WINDOWS\jautoexp.dat
2008-06-15 12:08:29 113 --a------ C:\WINDOWS\system32\zonedon.reg
2008-06-15 12:08:29 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2008-06-15 12:08:28 171792 --a------ C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-15 12:08:28 286992 --a------ C:\WINDOWS\system32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-15 12:08:28 21264 --a------ C:\WINDOWS\system32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-15 12:08:28 947472 --a------ C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-15 12:08:28 154384 --a------ C:\WINDOWS\system32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-15 12:08:28 172304 --a------ C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-15 12:08:28 15120 --a------ C:\WINDOWS\system32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-15 12:08:28 404752 --a------ C:\WINDOWS\system32\javart.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-15 12:08:28 63248 --a------ C:\WINDOWS\system32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-15 12:08:28 187152 --a------ C:\WINDOWS\system32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-15 12:08:27 49424 --a------ C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2008-06-15 12:08:22 0 d-------- C:\Documents and Settings\Admin\Application Data\Macromedia
2008-06-15 12:07:25 0 d-------- C:\Program Files\Microsoft Works
2008-06-15 12:07:21 0 d-------- C:\Program Files\MSBuild
2008-06-15 12:05:22 0 d-------- C:\WINDOWS\SHELLNEW
2008-06-15 12:05:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-15 12:04:56 0 dr-h----- C:\MSOCache
2008-06-15 12:01:00 0 d-------- C:\Documents and Settings\Admin\Application Data\Identities
2008-06-15 12:00:46 0 d-------- C:\Documents and Settings\Administrator\Application Data
2008-06-15 12:00:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-06-15 11:59:56 0 d-------- C:\Program Files\Java
2008-06-15 11:59:55 0 d-------- C:\Program Files\Common Files\Java
2008-06-15 11:58:13 0 d--h----- C:\Documents and Settings\Admin\Templates
2008-06-15 11:58:13 0 dr------- C:\Documents and Settings\Admin\Start Menu
2008-06-15 11:58:13 0 dr-h----- C:\Documents and Settings\Admin\SendTo
2008-06-15 11:58:13 0 dr-h----- C:\Documents and Settings\Admin\Recent
2008-06-15 11:58:13 0 d--h----- C:\Documents and Settings\Admin\PrintHood
2008-06-15 11:58:13 1888256 --a------ C:\Documents and Settings\Admin\NTUSER.DAT
2008-06-15 11:58:13 0 d--h----- C:\Documents and Settings\Admin\NetHood
2008-06-15 11:58:13 0 dr------- C:\Documents and Settings\Admin\My Documents
2008-06-15 11:58:13 0 d--h----- C:\Documents and Settings\Admin\Local Settings
2008-06-15 11:58:13 0 dr------- C:\Documents and Settings\Admin\Favorites
2008-06-15 11:58:13 0 d-------- C:\Documents and Settings\Admin\Desktop
2008-06-15 11:58:13 0 d---s---- C:\Documents and Settings\Admin\Cookies
2008-06-15 11:58:13 0 d--h----- C:\Documents and Settings\Admin\Application Data
2008-06-15 11:57:59 0 d-------- C:\WINDOWS\Prefetch
2008-06-15 11:57:58 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-06-15 11:57:58 258048 --a------ C:\Documents and Settings\LocalService\NTUSER.DAT
2008-06-15 11:57:58 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-06-15 11:57:58 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-06-15 11:57:58 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-06-15 11:57:58 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-06-15 11:57:52 253952 --a------ C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-06-15 11:57:52 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-06-15 11:57:52 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-06-15 11:57:52 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-06-15 11:57:52 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-06-15 11:55:00 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-06-15 11:54:45 0 -rahs---- C:\MSDOS.SYS
2008-06-15 11:54:45 0 -rahs---- C:\IO.SYS
2008-06-15 11:54:45 0 --a------ C:\CONFIG.SYS
2008-06-15 11:54:45 0 --a------ C:\AUTOEXEC.BAT
2008-06-15 11:54:01 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-06-15 11:53:54 0 dr------- C:\WINDOWS\Offline Web Pages
2008-06-15 11:53:54 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-06-15 11:53:46 0 d--h----- C:\Program Files\WindowsUpdate
2008-06-15 11:53:31 0 d-------- C:\WINDOWS\system32\DirectX
2008-06-15 11:53:02 0 d---s---- C:\WINDOWS\Tasks
2008-06-15 11:53:01 0 d-------- C:\Program Files\Common Files\MSSoap
2008-06-15 11:52:58 0 d-------- C:\WINDOWS\srchasst
2008-06-15 11:52:52 0 d-------- C:\Program Files\Movie Maker
2008-06-15 11:52:45 0 d-------- C:\WINDOWS\system32\Restore
2008-06-15 11:52:17 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-06-15 11:52:04 0 d-------- C:\WINDOWS\Registration
2008-06-15 11:51:58 0 d-------- C:\Program Files\Online Services
2008-06-15 11:51:42 291840 --a------ C:\WINDOWS\system32\Bliss.scr <Not Verified; Microsoft; >
2008-06-15 11:51:38 1260544 --a------ C:\WINDOWS\system32\Longhorn Sidebar.exe
2008-06-15 11:51:36 0 d-------- C:\Program Files\Messenger
2008-06-15 11:51:33 0 d-------- C:\Program Files\MSN Gaming Zone
2008-06-15 11:51:02 0 d-------- C:\Program Files\Windows NT
2008-06-15 11:50:59 0 d-------- C:\WINDOWS\system32\MsDtc
2008-06-15 11:50:58 0 d-------- C:\WINDOWS\system32\Com
2008-06-14 23:47:15 0 d--hs---- C:\WINDOWS\Installer
2008-06-14 23:47:15 0 d-------- C:\Program Files\Common Files\ODBC
2008-06-14 23:47:12 0 dr------- C:\Program Files
2008-06-14 23:47:12 0 d-------- C:\Program Files\Common Files
2008-06-14 23:47:12 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-06-14 23:46:51 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-06-14 23:46:51 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-06-14 23:46:51 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-06-14 23:46:51 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-06-14 23:46:51 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-06-14 23:46:51 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-06-14 23:46:51 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-06-14 23:46:51 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-06-14 23:46:51 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-06-14 23:46:51 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-06-14 23:46:51 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-06-14 23:46:51 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-06-14 23:46:51 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-06-14 23:46:51 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-06-14 23:46:51 0 dr------- C:\Documents and Settings\All Users\Documents
2008-06-14 23:46:51 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-06-14 23:44:44 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-06-14 23:44:44 0 d-------- C:\WINDOWS\system32\CatRoot
2008-06-14 23:44:39 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-06-14 23:44:39 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-06-14 23:44:38 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-06-14 23:44:38 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-06-14 23:42:20 0 d--hs---- C:\System Volume Information
2008-06-14 23:42:20 0 d-------- C:\Documents and Settings
2008-06-14 23:41:27 0 d-------- C:\INSTALL
2008-06-14 23:38:07 0 d-------- C:\WINDOWS
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\WinSxS
2008-06-14 23:38:07 0 dr------- C:\WINDOWS\Web
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\twain_32
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\system32
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\system32\wins
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\system32\wbem
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\system32\usmt
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\system32\spool
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\system32\ShellExt
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\system32\Setup
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\system32\ras
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\system32\PreInstall
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\system32\oobe
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\system32\npp
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\system32\mui
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\system32\Macromed
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\system32\inetsrv
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\system32\IME
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\system32\icsxml
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\system32\ias
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\system32\export
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\system32\en
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\system32\drivers
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-06-14 23:38:07 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\system32\dhcp
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\system32\config
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\system32\3076
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\system32\2052
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\system32\1054
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\system32\1042
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\system32\1041
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\system32\1037
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\system32\1033
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\system32\1031
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\system32\1028
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\system32\1025
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\system
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\security
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\Resources
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\repair
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\Provisioning
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\PeerNet
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\pchealth
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\Network Diagnostic
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\mui
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\msapps
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\msagent
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\Media
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\java
2008-06-14 23:38:07 0 d--h----- C:\WINDOWS\inf
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\ime
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\Help
2008-06-14 23:38:07 0 dr--s---- C:\WINDOWS\Fonts
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\ehome
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\Driver Cache
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\Debug
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\Cursors
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\Connection Wizard
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\Config
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\AppPatch
2008-06-14 23:38:07 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2008-06-14 23:46:51 62 --ahs---- C:\Documents and Settings\Admin\Application Data\desktop.ini
2008-05-12 13:53:16 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-12 13:50:16 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-12 13:50:16 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-12 13:50:08 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-12 13:50:08 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-12 13:50:08 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-05-12 13:50:08 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-12 13:50:06 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-12 13:49:02 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
03/02/2007 04:52 PM 1298024 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
03/02/2007 04:52 PM 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"RTHDCPL"="RTHDCPL.EXE" [07/04/2007 08:08 PM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [05/02/2005 10:43 PM C:\WINDOWS\Alcmtr.exe]
"TBPanel"="C:\Program Files\VDOTool\TBPanel.exe" [01/29/2008 11:19 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [01/08/2008 05:53 AM]
"nwiz"="nwiz.exe" [01/08/2008 05:53 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [01/08/2008 05:53 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/01/2007 03:57 PM]
"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [06/25/2007 08:47 AM]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [06/25/2007 08:47 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"RegistryMechanic"="" []
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [06/15/2008 01:40 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 04:00 PM]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [08/23/2007 05:36 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [06/27/2007 07:03 PM]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [05/24/2006 06:31 AM]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [09/02/2007 01:58 PM]

C:\Documents and Settings\Admin\Start Menu\Programs\Startup\
Thoosje Vista Sidebar.lnk - C:\Program Files\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe [10/21/2007 12:28:57 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [3/11/2007 9:26:24 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)
"NoSaveSettings"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F8B9E5C0-4DCC-CFCF-ABA5-00401D608516}]
C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Recycle Bin\kdja.exe



-- End of Deckard's System Scanner: finished at 2008-06-18 07:59:19 ------------
  • 0

#6
polgas14

polgas14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel Pentium III Xeon processor
CPU 1: Intel Pentium III Xeon processor
Percentage of Memory in Use: 27%
Physical Memory (total/avail): 2046.42 MiB / 1474.71 MiB
Pagefile Memory (total/avail): 3939.41 MiB / 3496.13 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.77 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 166.02 GiB total, 138.01 GiB free.
D: is Fixed (NTFS) - 66.86 GiB total, 61.82 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3250310AS - 232.88 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 166.02 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 66.86 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG Anti-Virus v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"E:\\Installation\\Setupx.exe"="E:\\Installation\\Setupx.exe:*:Enabled:Nero ProductSetup"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Administrative Tools\\Recycle Bin\\kdja.exe"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Administrative Tools\\Recycle Bin\\kdja.exe:*:Enabled:windows media player streaming service"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Admin\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PAL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Admin
LOGONSERVER=\\PAL
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 23 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=1706
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Admin\LOCALS~1\Temp
TMP=C:\DOCUME~1\Admin\LOCALS~1\Temp
USERDOMAIN=PAL
USERNAME=Admin
USERPROFILE=C:\Documents and Settings\Admin
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Admin (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\IsUninst.exe -f\"C:\Program Files\Final Fantasy VII\Uninst.isu"
--> C:\WINDOWS\NuNInst.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {471159EB-BECC-453C-B6F2-FE4FAB29B3F3}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer --> MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
3D Red Animated Cursors --> RunDll32 syssetup.dll,SetupInfObjectInstallAction cursors_remove 4 INSTAL3R.INF
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AVG 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CDR KING 2-IN-1 GAMEPAD --> C:\Program Files\InstallShield Installation Information\{FEC7CD2E-2BB5-40C3-9592-078F64677E6C}\setup.exe -runfromtemp -l0x0009 -removeonly
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Fable - The Lost Chapters --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}
Final Fantasy VII - Ultima Edition --> "C:\Program Files\Final Fantasy VII\unins000.exe"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Customer Participation Program 9.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet All-In-One Software 9.0 --> C:\Program Files\HP\Digital Imaging\{706BB40A-4102-4c89-8107-DC68C4EBD19B}\setup\hpzscr01.exe -datfile hposcr14.dat
HP Imaging Device Functions 9.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential 2.01 --> C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing --> MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Solution Center 9.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HPSSupply --> MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
iPod for Windows 2005-02-22 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{B6ACFF51-248A-4290-B50B-E50C81F25B97} /l1033
iTunes --> MsiExec.exe /I{9F70BF98-003C-491D-81FC-FF9792206AF0}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
LimeWire PRO 4.14.9 --> "C:\Program Files\LimeWire\uninstall.exe"
Longhorn Sidebar --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\LongSide.inf,UninstallSidebar
Macromedia Shockwave Player --> MsiExec.exe /X{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB925673) --> MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
Nero 7 Essentials --> MsiExec.exe /X{8E72B982-D54F-486F-B35A-C24B6F171033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA WDM Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B023185F-F1EF-4F97-B0BD-AE6D802226D1}\setup.exe"
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
REALTEK GbE & FE Ethernet PCI-E NIC Driver --> C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x9 -removeonly
Registry Mechanic 7.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
RocketDock 1.3.5 --> "C:\Program Files\RocketDock\unins000.exe"
StyleXP (remove only) --> "C:\Program Files\TGTSoft\StyleXP\StyleXP-uninstall.exe"
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
Thoosje Quick Xp Optimizer Installer V2 --> MsiExec.exe /I{D21B65C4-F7ED-4805-8781-BB835AC85D14}
Thoosje Sidebar V2.3 --> C:\Program Files\Thoosje Sidebar V2.3\Uninstall.exe
Tomb Raider: Anniversary 1.0 --> C:\Program Files\Tomb Raider - Anniversary\uninsttra.exe
VDOTool 6.1 --> "C:\Program Files\VDOTool\unins000.exe"
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinRAR Themes Addon --> C:\PROGRA~1\WinRAR\Themes\UNWISE.EXE C:\PROGRA~1\WinRAR\Themes\INSTALL.LOG
WinZip 10 Pro --> C:\DOCUME~1\ADMINI~1\APPLIC~1\MICROS~1\Crypto\UNWISE.EXE C:\DOCUME~1\ADMINI~1\APPLIC~1\MICROS~1\Crypto\INSTALL.LOG
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Companion --> rundll32.exe C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YCOMP5~1.DLL,DllCommand ui
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type389 / Error
Event Submitted/Written: 06/17/2008 08:43:47 PM
Event ID/Source: 1000 / Microsoft Office 12
Event Description:
Faulting application powerpnt.exe, version 12.0.4518.1014, stamp 45428035, faulting module ppcore.dll, version 12.0.4518.1014, stamp 454281a3, debug? 0, fault address 0x001af7b0.

Event Record #/Type371 / Success
Event Submitted/Written: 06/17/2008 07:33:54 AM
Event ID/Source: 1102 / .NET Runtime Optimization Service
Event Description:
.NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: WindowsFormsIntegration, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

Event Record #/Type369 / Success
Event Submitted/Written: 06/17/2008 07:33:53 AM
Event ID/Source: 1102 / .NET Runtime Optimization Service
Event Description:
.NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: UIAutomationClient, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

Event Record #/Type367 / Success
Event Submitted/Written: 06/17/2008 07:33:53 AM
Event ID/Source: 1102 / .NET Runtime Optimization Service
Event Description:
.NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: UIAutomationClientsideProviders, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

Event Record #/Type365 / Success
Event Submitted/Written: 06/17/2008 07:33:52 AM
Event ID/Source: 1102 / .NET Runtime Optimization Service
Event Description:
.NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: UIAutomationClient, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type730 / Error
Event Submitted/Written: 06/18/2008 07:53:47 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Cardex service failed to start due to the following error:
%%183

Event Record #/Type718 / Error
Event Submitted/Written: 06/18/2008 07:53:23 AM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.1.4 for the Network Card with network address 001D7DA7FE67 has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type706 / Error
Event Submitted/Written: 06/17/2008 08:13:11 PM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.1.4 for the Network Card with network address 001D7DA7FE67 has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type702 / Warning
Event Submitted/Written: 06/17/2008 08:13:06 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001D7DA7FE67. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type691 / Error
Event Submitted/Written: 06/17/2008 07:17:31 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Cardex service failed to start due to the following error:
%%183



-- End of Deckard's System Scanner: finished at 2008-06-18 07:59:19 ------------
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

because the file that i copy from the flash drive

OK that gives me a starting point. First we will secure your system and then run two programmes, one to disinfect and immunise, the other to do some killing

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 6...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Read the License Agreement and then check the box that says: "Accept License Agreement". The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.

THEN

  • 1 - Flash Drive Disinfector
    Download Flash_Disinfector.exe by sUBs from >here< and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

FINALLY FOR NOW

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

HAVING DONE THAT

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Recycle Bin\kdja.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F8B9E5C0-4DCC-CFCF-ABA5-00401D608516}]

3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#8
polgas14

polgas14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
ComboFix 08-06-16.5 - Admin 2008-06-19 4:47:59.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1446 [GMT -12:00]
Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Admin\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Recycle Bin\kdja.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Recycle Bin\kdja.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-19 to 2008-06-19 )))))))))))))))))))))))))))))))
.

2008-06-19 04:21 . 2008-06-19 04:21 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-19 04:21 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-18 18:17 . 2008-06-18 18:18 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-18 18:17 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-18 18:17 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-18 07:56 . 2008-06-18 07:56 <DIR> d-------- C:\Deckard
2008-06-17 21:00 . 2008-06-17 21:00 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-06-17 21:00 . 2008-06-17 21:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-17 21:00 . 2008-06-17 21:00 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Malwarebytes
2008-06-17 07:19 . 2008-06-17 07:19 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-16 21:41 . 2008-06-16 21:41 <DIR> d-------- C:\Program Files\Thoosje
2008-06-16 20:25 . 2008-06-16 20:25 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-06-16 20:25 . 2008-06-16 20:25 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-06-16 20:25 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-06-15 17:27 . 2008-06-15 17:27 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\HP
2008-06-15 17:07 . 2008-06-15 17:07 <DIR> d-------- C:\Program Files\QuickTime
2008-06-15 17:07 . 2008-06-15 17:07 <DIR> d-------- C:\Program Files\iTunes
2008-06-15 17:07 . 2008-06-15 17:07 <DIR> d-------- C:\Program Files\Bonjour
2008-06-15 17:06 . 2008-06-15 17:06 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-06-15 17:06 . 2008-06-15 17:06 <DIR> d-------- C:\Program Files\Apple Software Update
2008-06-15 17:06 . 2008-06-15 17:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-15 16:22 . 2008-06-15 17:01 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-15 14:42 . 2008-06-19 04:44 45 --a------ C:\TEST.XML
2008-06-15 14:38 . 2008-06-15 14:38 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-06-15 14:38 . 2008-06-15 14:38 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\SystemRequirementsLab
2008-06-15 14:33 . 2008-06-15 14:33 <DIR> d-------- C:\WINDOWS\Sun
2008-06-15 14:15 . 2008-06-15 14:15 <DIR> d-------- C:\Documents and Settings\Admin\Incomplete
2008-06-15 14:14 . 2008-06-15 20:24 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\LimeWire
2008-06-15 13:33 . 1998-07-17 13:36 140,800 --a------ C:\WINDOWS\system32\tm20dec.ax
2008-06-15 13:31 . 2008-06-18 08:29 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-15 13:28 . 2008-06-15 13:28 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\DivX
2008-06-15 13:28 . 2008-06-17 22:48 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-06-15 13:27 . 2008-06-18 20:57 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-15 13:27 . 2008-06-15 13:27 <DIR> d-------- C:\Program Files\AVG
2008-06-15 13:27 . 2008-06-15 13:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-15 13:27 . 2008-06-15 13:27 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-15 13:27 . 2008-06-15 13:40 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-15 13:27 . 2008-06-15 13:27 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-06-15 13:27 . 2008-06-15 13:40 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-15 13:23 . 2008-06-15 13:23 <DIR> d-------- C:\Documents and Settings\Admin\WINDOWS
2008-06-15 13:23 . 1997-12-17 18:33 304,128 --a------ C:\WINDOWS\IsUninst.exe
2008-06-15 13:20 . 2008-06-15 14:22 <DIR> d-------- C:\Program Files\Final Fantasy VII
2008-06-15 13:14 . 2008-06-15 13:14 <DIR> d-------- C:\Program Files\Microsoft Games
2008-06-15 13:09 . 2008-06-15 13:09 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-15 13:07 . 2008-06-15 13:07 <DIR> d-------- C:\Program Files\VID_0E8F&PID_0003
2008-06-15 13:05 . 2008-06-15 13:05 <DIR> dr-h----- C:\Documents and Settings\Admin\Application Data\SecuROM
2008-06-15 13:04 . 2008-06-15 13:04 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-06-15 13:03 . 2008-06-15 13:03 51,355 --a------ C:\WINDOWS\system32\muzika.xm
2008-06-15 13:01 . 2008-02-21 23:18 566,624 --a------ C:\WINDOWS\system32\d3d10.dll
2008-06-15 13:01 . 2008-02-21 23:18 519,912 --a------ C:\WINDOWS\system32\d3dx10.dll
2008-06-15 13:01 . 2008-02-21 23:18 494,557 --a------ C:\WINDOWS\system32\dxgi.dll
2008-06-15 13:01 . 2008-02-22 00:10 25,037 --a------ C:\WINDOWS\system32\Nucleus.dll
2008-06-15 12:59 . 2008-06-18 21:08 <DIR> d-------- C:\Program Files\Thoosje Sidebar V2.3
2008-06-15 12:59 . 2006-10-04 02:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-06-15 12:59 . 2006-10-04 02:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-06-15 12:59 . 2006-10-04 02:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-06-15 12:58 . 2008-06-15 12:59 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-06-15 12:57 . 2008-06-15 12:57 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-06-15 12:57 . 2008-06-15 12:58 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-15 12:57 . 2008-06-15 12:57 <DIR> d-------- C:\Program Files\TGTSoft
2008-06-15 12:57 . 2008-06-15 12:57 <DIR> d-------- C:\Program Files\LimeWire
2008-06-15 12:56 . 2008-06-15 12:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-15 12:54 . 2008-06-15 13:04 <DIR> d-------- C:\Program Files\Tomb Raider - Anniversary
2008-06-15 12:53 . 2008-06-15 12:54 <DIR> d-------- C:\Program Files\RocketDock
2008-06-15 12:52 . 2008-06-15 12:52 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\HPAppData
2008-06-15 12:51 . 2008-06-15 12:51 <DIR> d-------- C:\Program Files\DivX
2008-06-15 12:51 . 2008-06-15 12:51 <DIR> d-------- C:\Program Files\data
2008-06-15 12:49 . 2008-06-15 12:49 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-15 12:47 . 2008-06-15 12:47 <DIR> d-------- C:\Program Files\AC3Filter
2008-06-15 12:47 . 2007-08-17 19:54 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm
2008-06-15 12:46 . 2008-06-15 17:49 <DIR> d-------- C:\Program Files\RO
2008-06-15 12:44 . 2008-06-15 12:44 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Apple Computer
2008-06-15 12:43 . 2008-06-15 17:07 <DIR> d-------- C:\Program Files\iPod
2008-06-15 12:43 . 2008-06-15 12:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-06-15 12:43 . 2008-06-15 17:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-15 12:43 . 2004-12-18 20:32 38,229 --------- C:\WINDOWS\system32\drivers\StMp3Rec.sys
2008-06-15 12:41 . 2008-06-15 12:41 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-06-15 12:38 . 2008-06-15 12:38 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-06-15 12:37 . 2008-06-15 12:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-06-15 12:37 . 2008-06-15 12:37 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Ahead
2008-06-15 12:34 . 2008-06-15 12:34 <DIR> d-------- C:\Program Files\Nero
2008-06-15 12:34 . 2008-06-15 12:37 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-06-15 12:34 . 2008-06-15 12:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-06-15 12:33 . 2008-06-15 12:33 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\HP
2008-06-15 12:32 . 2008-06-15 12:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-06-15 12:31 . 2008-06-15 12:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-06-15 12:30 . 2008-06-15 12:30 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-06-15 12:30 . 2008-06-15 12:30 <DIR> d-------- C:\Program Files\Common Files\HP
2008-06-15 12:30 . 2008-06-15 12:30 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-06-15 12:30 . 2008-06-15 12:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-06-15 12:30 . 2008-06-15 12:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-06-15 12:29 . 2008-06-15 12:31 <DIR> d-------- C:\Program Files\HP
2008-06-15 12:29 . 2008-06-15 12:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-06-15 12:29 . 2008-06-15 12:32 141,199 --a------ C:\WINDOWS\hpoins14.dat
2008-06-15 12:29 . 2007-03-07 16:20 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-06-15 12:29 . 2007-03-07 16:20 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-06-15 12:29 . 2007-06-05 11:07 2,000 --------- C:\WINDOWS\hpomdl14.dat
2008-06-15 12:28 . 2007-03-17 04:11 675,840 -ra------ C:\WINDOWS\system32\hpowiax3.dll
2008-06-15 12:28 . 2007-03-17 04:11 569,344 -ra------ C:\WINDOWS\system32\hpotscl3.dll
2008-06-15 12:28 . 2007-03-07 16:20 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2008-06-15 12:28 . 2007-03-07 16:20 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2008-06-15 12:28 . 2007-03-17 04:11 303,104 -ra------ C:\WINDOWS\system32\hpovst10.dll
2008-06-15 12:28 . 2007-03-30 03:07 267,864 -ra------ C:\WINDOWS\system32\hpzids01.dll
2008-06-15 12:28 . 2007-03-28 14:01 117,760 --a------ C:\WINDOWS\system32\hpzll5ha.dll
2008-06-15 12:28 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-06-15 12:28 . 2007-03-07 16:20 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-06-15 12:28 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-15 12:27 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-06-15 12:22 . 2005-02-01 03:30 16,176 --------- C:\WINDOWS\system32\drivers\NVXBAR.SYS
2008-06-15 12:21 . 2005-02-01 03:30 141,246 --------- C:\WINDOWS\system32\drivers\NVCAP.SYS
2008-06-15 12:21 . 2005-02-01 03:30 29,696 --------- C:\WINDOWS\system32\FILTER.AX
2008-06-15 12:21 . 2008-06-19 04:44 558 --a------ C:\WINDOWS\DFC.INI
2008-06-15 12:18 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-06-15 12:17 . 2008-06-15 12:17 <DIR> d-------- C:\Program Files\VDOTool
2008-06-15 12:17 . 2007-03-16 10:11 12,256 --a------ C:\WINDOWS\system32\drivers\TBPanel.sys
2008-06-15 12:15 . 2008-06-15 12:15 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-06-15 12:15 . 2008-06-15 12:15 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\InstallShield
2008-06-15 12:14 . 2008-06-15 12:14 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-06-15 12:14 . 2008-06-15 12:14 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-06-15 12:14 . 2008-06-15 12:14 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-06-15 12:13 . 2008-06-15 12:15 <DIR> d-------- C:\Program Files\Realtek
2008-06-15 12:13 . 2008-06-15 13:17 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-06-15 12:13 . 2008-06-15 12:41 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-06-15 12:12 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-06-15 12:10 . 2008-06-15 17:06 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-19 16:21 --------- d-----w C:\Program Files\Java
2008-06-16 00:13 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-06-16 00:08 155,995 ----a-w C:\WINDOWS\java\Packages\RZDJXRF3.ZIP
2008-05-13 01:53 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-13 01:53 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-13 01:53 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-13 01:53 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-05-13 01:53 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-13 01:53 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-05-13 01:53 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-05-13 01:53 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-05-13 01:51 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-13 01:51 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-13 01:49 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-13 01:49 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
.

------- Sigcheck -------

2006-12-03 09:32 360576 bb4d3a8e6f7eb1d370bc4ad27ab23368 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( [email protected]_ 4.41.53.90 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-19 16:38:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-19 16:44:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 16:00 15360]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 17:36 455968]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 06:31 1372160]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-04 20:08 16380416 C:\WINDOWS\RTHDCPL.exe]
"TBPanel"="C:\Program Files\VDOTool\TBPanel.exe" [2008-01-29 11:19 2157096]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-01-08 05:53 8523776]
"nwiz"="nwiz.exe" [2008-01-08 05:53 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-01-08 05:53 81920]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 08:47 1629480]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 08:47 1057064]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"RegistryMechanic"="" []
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-15 13:40 1177368]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

C:\Documents and Settings\Admin\Start Menu\Programs\Startup\
Thoosje Vista Sidebar.lnk - C:\Program Files\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe [2007-10-21 12:28:57 524288]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-06-15 13:27]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-15 13:27]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-15 13:40]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-15 13:40]
R2 MBAMDrvService;MBAMDrvService;C:\WINDOWS\system32\drivers\mbam.sys [2008-06-10 19:02]
R2 MBAMService;MBAMService;"C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [2008-06-10 19:02]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-06-15 12:14]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-06-17 08:49:10 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\blastclnnn.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-19 04:48:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-19 4:49:19
ComboFix-quarantined-files.txt 2008-06-19 16:49:17
ComboFix2.txt 2008-06-19 16:42:02

Pre-Run: 147,942,416,384 bytes free
Post-Run: 147,932,786,688 bytes free

244
  • 0

#9
polgas14

polgas14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:50:16 AM, on 6/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\VDOTool\TBPanel.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TBPanel] C:\Program Files\VDOTool\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - Startup: Thoosje Vista Sidebar.lnk = C:\Program Files\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 8961 bytes
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nearly there, a little more to delete then a registry sweep for orphans

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\blastclnnn.exe
    C:\WINDOWS\Tasks\At1.job
    C:\WINDOWS\java\Packages\RZDJXRF3.ZIP
    Purity
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

THEN

Run Malwarebytes.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Logs required : OTMoveit and MBAM plus how is your computer running now ?
  • 0

Advertisements


#11
polgas14

polgas14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
File/Folder C:\WINDOWS\system32\blastclnnn.exe not found.
C:\WINDOWS\Tasks\At1.job moved successfully.
C:\WINDOWS\java\Packages\RZDJXRF3.ZIP moved successfully.
< Purity >

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06192008_181128
  • 0

#12
polgas14

polgas14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Malwarebytes' Anti-Malware 1.17
Database version: 867

6:16:15 PM 6/19/2008
mbam-log-6-19-2008 (18-16-15).txt

Scan type: Quick Scan
Objects scanned: 35896
Time elapsed: 1 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


my computer works fine now but i have one question..you said that flash drive disinfector will create a hidden folder autorun.ini right?..why can't i see it even when i change my folder option which you can view hidden files?..i don't know if it's there or not.. :)
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The autoruns should be on your flash drives not your main system
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OOps forgot the important part :)

Now the best part of the day ----- Your log now appears clean :)

Double click OTMoveIt2 once again and you should see a CleanUp! button, press that button, you may get prompted by your firewall that OTMoveIt2 wants to contact the internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself. MBAM can be removed via control panel



Now to get you off to a good start we will re-set your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done



Now that you are clean, to help protect your computer in the future I recommend that you get the following free program: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?


Keep safe :)
  • 0

#15
polgas14

polgas14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
okei..thanks for the help.. :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP