Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virtum-Gen/Virtumonde.dll [RESOLVED]


  • This topic is locked This topic is locked

#1
duffdude

duffdude

    New Member

  • Member
  • Pip
  • 9 posts
Hello everyone i have been infected by Virum-Gen/Virtumonde.dll Recently about 2 days ago.I have tried for these 2 days solving my problem because i don't like bothering other people and im new here too but i must resort to you wonderful,kind people because my sophos AV cannot delete it properly.Here is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:33:22, on 6/16/2008
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP2 (6.00.3790.3959)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Sophos\Remote Management System\RouterNT.exe
C:\Program Files\Windows Home Server\WHSConnector.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hide My IP 2008\SecureSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
O2 - BHO: (no name) - {42A70D2D-3F1A-4061-B18A-FC1A5ACD44AA} - C:\WINDOWS\system32\ssqPgDUK.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {E707216F-6AFF-4BD4-962D-EC5CDBA812A1} - C:\WINDOWS\system32\yayyApNe.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\RunServices: [WGETMO] C:\WINDOWS\SYSTEM32\WGETMO.EXE
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O15 - ESC Trusted Zone: http://www.2shared.com
O15 - ESC Trusted Zone: http://lastchaos.aeriagames.com
O15 - ESC Trusted Zone: http://view.atdmt.com
O15 - ESC Trusted Zone: http://www.baictron.com
O15 - ESC Trusted Zone: http://*.bux.to
O15 - ESC Trusted Zone: http://www.cabalonline.com
O15 - ESC Trusted Zone: http://adserving.cpxinteractive.com
O15 - ESC Trusted Zone: http://www.daemon-search.com
O15 - ESC Trusted Zone: http://ad.doubleclick.net
O15 - ESC Trusted Zone: http://www.goozeman.game-deception.com
O15 - ESC Trusted Zone: http://xiah.gamescampus.com
O15 - ESC Trusted Zone: http://www.google.ca
O15 - ESC Trusted Zone: http://www.gunzonline.com
O15 - ESC Trusted Zone: http://img72.imageshack.us
O15 - ESC Trusted Zone: http://www.java.com
O15 - ESC Trusted Zone: http://bl137w.blu137.mail.live.com
O15 - ESC Trusted Zone: http://search.live.com
O15 - ESC Trusted Zone: http://files1.majorgeeks.com
O15 - ESC Trusted Zone: http://about1.mirc.com
O15 - ESC Trusted Zone: http://about2.mirc.com
O15 - ESC Trusted Zone: http://rad.msn.com
O15 - ESC Trusted Zone: http://*.myshoppingsavings.net
O15 - ESC Trusted Zone: http://www.nokia.ca
O15 - ESC Trusted Zone: http://cabal.ogplanet.com
O15 - ESC Trusted Zone: http://forum.organner.pl
O15 - ESC Trusted Zone: http://www.plaync.com
O15 - ESC Trusted Zone: http://*.project-7.net
O15 - ESC Trusted Zone: http://rs230tl2.rapidshare.com
O15 - ESC Trusted Zone: http://www.rewardscentre.net
O15 - ESC Trusted Zone: http://*.steamcommunity.com
O15 - ESC Trusted Zone: http://storefront.steampowered.com
O15 - ESC Trusted Zone: http://ftp.twaren.net
O15 - ESC Trusted Zone: http://media.warrock.net
O15 - ESC Trusted Zone: http://client.winamp.com
O15 - ESC Trusted Zone: http://*.windowsupdate.com
O15 - ESC Trusted Zone: http://launcher.worldofwarcraft.com
O15 - ESC Trusted Zone: http://www.worldofwarcraft.com
O15 - ESC Trusted Zone: http://*.xpservers.net
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O15 - ESC Trusted IP range: http://64.15.152.87
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O20 - Winlogon Notify: FGWLNotify - C:\Program Files\Fortres Grand\Fortres Security Runtime 6.0\FGWLNotify.dll
O20 - Winlogon Notify: yayyApNe - C:\WINDOWS\SYSTEM32\yayyApNe.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SecureSrv - Unknown owner - C:\Program Files\Hide My IP 2008\SecureSrv.exe
O23 - Service: Sophos Agent - Sophos Plc - C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Sophos Message Router - Sophos Plc - C:\Program Files\Sophos\Remote Management System\RouterNT.exe

--
End of file - 8279 bytes


Thank you very much.

Edited by duffdude, 16 June 2008 - 08:34 PM.

  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.




Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.







Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#3
duffdude

duffdude

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
THANK YOU VERY MUCH YOU ARE THE BEST!I think i fixed,even if i didn't thank you.Anyways i havent done the kaspersky scan yet nor did i do the combo fix thing.So here is my hijack this log,but it seems its fixed from the ATF cleaner.Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:21:58, on 6/17/2008
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP2 (6.00.3790.3959)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Sophos\Remote Management System\RouterNT.exe
C:\Program Files\Windows Home Server\WHSConnector.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hide My IP 2008\SecureSrv.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\jkos-Administrator\binaries\ScanningProcess.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://google.ca/
O2 - BHO: (no name) - {42A70D2D-3F1A-4061-B18A-FC1A5ACD44AA} - C:\WINDOWS\system32\ssqPgDUK.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {E707216F-6AFF-4BD4-962D-EC5CDBA812A1} - C:\WINDOWS\system32\yayyApNe.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunServices: [WGETMO] C:\WINDOWS\SYSTEM32\WGETMO.EXE
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O15 - ESC Trusted Zone: http://www.2shared.com
O15 - ESC Trusted Zone: http://lastchaos.aeriagames.com
O15 - ESC Trusted Zone: http://view.atdmt.com
O15 - ESC Trusted Zone: http://www.baictron.com
O15 - ESC Trusted Zone: http://*.bux.to
O15 - ESC Trusted Zone: http://www.cabalonline.com
O15 - ESC Trusted Zone: http://adserving.cpxinteractive.com
O15 - ESC Trusted Zone: http://www.daemon-search.com
O15 - ESC Trusted Zone: http://ad.doubleclick.net
O15 - ESC Trusted Zone: http://www.goozeman.game-deception.com
O15 - ESC Trusted Zone: http://xiah.gamescampus.com
O15 - ESC Trusted Zone: http://www.google.ca
O15 - ESC Trusted Zone: http://www.gunzonline.com
O15 - ESC Trusted Zone: http://img72.imageshack.us
O15 - ESC Trusted Zone: http://www.java.com
O15 - ESC Trusted Zone: http://bl137w.blu137.mail.live.com
O15 - ESC Trusted Zone: http://search.live.com
O15 - ESC Trusted Zone: http://files1.majorgeeks.com
O15 - ESC Trusted Zone: http://about1.mirc.com
O15 - ESC Trusted Zone: http://about2.mirc.com
O15 - ESC Trusted Zone: http://rad.msn.com
O15 - ESC Trusted Zone: http://*.myshoppingsavings.net
O15 - ESC Trusted Zone: http://www.nokia.ca
O15 - ESC Trusted Zone: http://cabal.ogplanet.com
O15 - ESC Trusted Zone: http://forum.organner.pl
O15 - ESC Trusted Zone: http://www.plaync.com
O15 - ESC Trusted Zone: http://*.project-7.net
O15 - ESC Trusted Zone: http://rs230tl2.rapidshare.com
O15 - ESC Trusted Zone: http://www.rewardscentre.net
O15 - ESC Trusted Zone: http://*.steamcommunity.com
O15 - ESC Trusted Zone: http://storefront.steampowered.com
O15 - ESC Trusted Zone: http://ftp.twaren.net
O15 - ESC Trusted Zone: http://media.warrock.net
O15 - ESC Trusted Zone: http://client.winamp.com
O15 - ESC Trusted Zone: http://*.windowsupdate.com
O15 - ESC Trusted Zone: http://launcher.worldofwarcraft.com
O15 - ESC Trusted Zone: http://www.worldofwarcraft.com
O15 - ESC Trusted Zone: http://*.xpservers.net
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O15 - ESC Trusted IP range: http://64.15.152.87
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O20 - Winlogon Notify: FGWLNotify - C:\Program Files\Fortres Grand\Fortres Security Runtime 6.0\FGWLNotify.dll
O20 - Winlogon Notify: yayyApNe - C:\WINDOWS\SYSTEM32\yayyApNe.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SecureSrv - Unknown owner - C:\Program Files\Hide My IP 2008\SecureSrv.exe
O23 - Service: Sophos Agent - Sophos Plc - C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Sophos Message Router - Sophos Plc - C:\Program Files\Sophos\Remote Management System\RouterNT.exe

--
End of file - 8984 bytes
  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
You are still infected, I need to see those logs
  • 0

#5
duffdude

duffdude

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
dang i cant use ComboFix my OS is not supported.Im running 2003 server..basiclly xp.Any other solutions?
  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
No worries

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#7
duffdude

duffdude

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Extra.txt:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows® Server 2003, Enterprise Edition (build 3790) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
CPU 1: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 23%
Physical Memory (total/avail): 2046.05 MiB / 1563.16 MiB
Pagefile Memory (total/avail): 3950.13 MiB / 3502.07 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1928.63 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 189.91 GiB total, 46.37 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Removable (No Media)
G: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6L200R0 - 189.92 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 189.91 GiB - C:

\\.\PHYSICALDRIVE1 - Lexmark USB Mass Storage USB Device



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is disabled.

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLIENTNAME=Console
ClusterLog=C:\WINDOWS\Cluster\cluster.log
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DENIP4
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
INCLUDE=C:\Program Files\Microsoft Visual Studio .NET 2003\SDK\v1.1\include\
LIB=C:\Program Files\Microsoft Visual Studio .NET 2003\SDK\v1.1\Lib\
LOGONSERVER=\\DENIP4
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=DENIP4
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
VirtualSandboxInstallationDirectory=C:\Program Files\Fortres Grand\Virtual Sandbox 1.0
VirtualSandboxName=(None)
VS71COMNTOOLS=C:\Program Files\Microsoft Visual Studio .NET 2003\Common7\Tools\
VS80COMNTOOLS=C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
ArtMoney SE v7.28 --> "C:\Program Files\ArtMoney\Uninstall\unins000.exe"
Benge's Animated Sprite Pack For FPS Creator --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AED21179-5EBE-4737-94B0-37BFFDF8DA66}\Setup.exe" -l0x9
Bf2SP64 2.32 --> C:\Program Files\EA GAMES\Battlefield 2\Uninstall.exe
CABAL Online --> "C:\Program Files\OGPlanet\CABAL Online\unins000.exe"
Call of Duty® 4 - Modern Warfare™ --> C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.4 Patch --> C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch --> C:\Program Files\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.6 Patch --> C:\Program Files\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Camtasia Studio 5 --> MsiExec.exe /I{7BB40A22-8D98-43F9-A08A-E7EFF5AB1324}
Cheat Engine 5.4 --> "C:\Program Files\Cheat Engine\unins000.exe"
Command & Conquer 3 --> MsiExec.exe /I{B0C30E93-D3D9-4F04-A2AC-54749B573275}
Counter-Strike --> "C:\Program Files\Steam\steam.exe" steam://uninstall/10
Counter-Strike: Source --> "C:\Program Files\Steam\steam.exe" steam://uninstall/240
Curator Defense --> MsiExec.exe /I{7A8358BC-78B6-404B-9792-F344A6AB59C9}
Dev-C++ 5 beta 9 release (4.9.9.2) --> "C:\Dev-Cpp\uninstall.exe"
EAX4 Unified Redist --> MsiExec.exe /X{89661B04-C646-4412-B6D3-5E19F02F1F37}
FlashGet 1.9.0.1012 --> C:\Program Files\FlashGet\uninst.exe
Fortress Forever 2.0 --> c:\program files\steam\SteamApps\SourceMods\uninst.exe
FPS Creator --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B91E4360-298A-4306-9E95-9AD91A0952A1}\setup.exe" -l0x9
FPS Creator Model Pack --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AFEA5739-4FFC-4304-BF1E-BAE4772CF54D}\Setup.exe" -l0x9
FPS Creator Model Pack - 10 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24EB39DB-B958-413D-818E-C0875101C96B}\Setup.exe" -l0x9
FPS Creator Model Pack - 11 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15014839-85AF-439E-9C3C-A93BB74957B1}\Setup.exe" -l0x9
FPS Creator Model Pack - 16 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDB48672-B567-4A4B-989E-0A7C2E220B6F}\Setup.exe" -l0x9
FPS Creator Model Pack - 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3B78E403-D116-4C56-9D1E-4C245AFC82D9}\Setup.exe" -l0x9
FPS Creator Model Pack - 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E6342632-BA22-4FE2-A32E-E664684AD659}\Setup.exe" -l0x9
FPS Creator Model Pack - 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F4BB48A-7F05-4CB8-B8F4-81581DC51090}\Setup.exe" -l0x9
FPS Creator Model Pack - 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71E13F8B-365D-4FCF-BA69-9209FAF9D680}\Setup.exe" -l0x9
FPS Creator Model Pack - 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F964E0BB-3AD6-4188-B985-453037BE8FFD}\Setup.exe" -l0x9
FPS Creator Model Pack - 7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6D05799-9659-48CD-8B8A-1AC424A572A9}\Setup.exe" -l0x9
FPS Creator Model Pack - 9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{444E3FAE-DC6D-498B-BF98-6B6B61CA46D9}\Setup.exe" -l0x9
Fraps (remove only) --> "C:\Fraps\uninstall.exe"
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
GameWiz32 --> C:\WINDOWS\system32\GKSUI18.EXE C:\Program Files\GameWiz32\Uninstall7CE6.DAT
Guild Wars --> "C:\Program Files\Guild Wars\Gw.exe" -uninstall
Hide My IP 2008 --> "C:\Program Files\Hide My IP 2008\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
InfraRecorder --> C:\Program Files\InfraRecorder\uninstall.exe
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Lexmark 3400 Series --> C:\Program Files\Lexmark 3400 Series\Install\x86\Uninst.exe
LimeWire 4.18.2 --> "C:\Program Files\LimeWire\uninstall.exe"
Magic ISO Maker v5.5 (build 0261) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MagicDisc 2.7.97 --> C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
MAIET entertainment - Gunz --> C:\Program Files\MAIET\Gunz\Uninstall.exe
Microsoft .NET Framework 2.0 Service Pack 1 --> MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1 --> MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5 --> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5 --> MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Device Emulator version 1.0 - ENU --> MsiExec.exe /X{78B75C6D-E53C-424C-BF83-4B63BD4A6682}
Microsoft Document Explorer 2005 --> C:\Program Files\Common Files\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe
Microsoft Document Explorer 2005 --> MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1}
Microsoft MPEG-4 VKI Video Codec V1/V2/V3 --> rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\mpg4c32.inf
Microsoft MSDN 2005 Express Edition - ENU --> C:\Program Files\Microsoft Visual Studio 8\Microsoft MSDN 2005 Express Edition - ENU\install.exe
Microsoft Rise Of Nations --> "C:\Program Files\Microsoft Games\Rise of Nations\UNINSTAL.EXE" /runtemp /addremove
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools --> MsiExec.exe /X{1389C6A4-4965-4AEC-9175-08B54A10FA48}
Microsoft SQL Server Compact 3.5 Design Tools ENU --> MsiExec.exe /X{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}
Microsoft SQL Server Compact 3.5 ENU --> MsiExec.exe /I{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}
Microsoft Virtual PC 2007 --> MsiExec.exe /X{8A7CAA24-7B23-410B-A7C3-F994B0944160}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual J# .NET Redistributable Package 1.1 --> MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
Microsoft Visual J# 2.0 Redistributable Package --> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Microsoft Visual Studio .NET Professional 2003 - English --> "C:\Program Files\Microsoft Visual Studio .NET 2003\Setup\Visual Studio .NET Professional 2003 - English\setup.exe" /MaintMode
Microsoft Visual Studio 2005 Professional Edition - ENU --> C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Studio 2005 Professional Edition - ENU\setup.exe
Microsoft Visual Studio 6.0 Enterprise Edition --> "C:\Program Files\Microsoft Visual Studio\Common\Setup\1033\Setup.exe"
Microsoft VM for Java --> RunDll32 advpack.dll,LaunchINFSection java.inf,UnInstall
Microsoft Web Publishing Wizard 1.53 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework --> MsiExec.exe /X{B4C0A315-07FB-39F9-85CD-8CE20C019350}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 --> MsiExec.exe /X{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}
mIRC --> C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mount&Blade --> C:\Mount&Blade\uninstall.exe
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSDN Library for Visual Studio 2005 --> msiexec /i {23959E96-A80F-4172-A655-210E9BB7BFBE}
MSDN Library for Visual Studio 2005 --> MsiExec.exe /X{23959E96-A80F-4172-A655-210E9BB7BFBE}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
NetTools 5.0 --> "C:\Program Files\Net Tools\unins000.exe"
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OpenOffice.org Installer 1.0 --> MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
PacSteamT --> C:\PacSteamT\PacSteamT-Uninstall.exe
PDF Reader 2 --> C:\WINDOWS\cadkasdeinst01e.exe "C:\Program Files\PDF Reader 2\"
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PeerGuardian 2.0 --> "C:\Program Files\PeerGuardian2\unins000.exe"
PlayNC Launcher --> C:\Program Files\InstallShield Installation Information\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}\setup.exe -runfromtemp -l0x0009 -removeonly
PP Xfire Skin --> MsiExec.exe /I{3F505FE9-C790-4CDE-82FA-290CE2B6ED4A}
Real Alternative 1.7.5 --> "C:\Program Files\Real Alternative\unins000.exe"
Rohan_USA --> C:\Program Files\GoUninstUSA.exe
S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0005] --> "C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\unins000.exe"
Smart Mod Manager --> MsiExec.exe /I{3E622929-C72B-4321-9B3D-F673A1DCAAB6}
Sony Vegas Pro 8.0 --> MsiExec.exe /X{1246FF64-3035-4A92-8FE6-A968275495EB}
Sophos Anti-Virus --> MsiExec.exe /X{034759DA-E21A-4795-BFB3-C66D17FAD183}
Sophos AutoUpdate --> MsiExec.exe /X{15C418EB-7675-42BE-B2B3-281952DA014D}
Sophos Remote Management System --> MsiExec.exe /X{FF11005D-CBC8-45D5-A288-25C7BB304121}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
SpeedFan (remove only) --> "C:\Program Files\SpeedFan\uninstall.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Tabula Rasa --> C:\Program Files\InstallShield Installation Information\{9E268090-3CE4-4833-BC0A-664F3E3FE2BD}\Setup.exe -runfromtemp -l0x0009 -removeonly
vbSkinner Free 2 --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\vbSkinner Free 2\ST6UNST.LOG"
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoLAN VLC media player 0.8.6f --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Home Server Connector --> MsiExec.exe /I{21E49794-7C13-4E84-8659-55BD378267D5}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Server 2003 Service Pack 2 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPcap 3.0 --> "C:\Program Files\WinPcap\Uninstall.exe" "C:\Program Files\WinPcap\install.log"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
Xiah --> "C:\Program Files\Gamescampus\Xiah\unins000.exe"
XML Paper Specification Shared Components Pack 1.0 -->
XviD MPEG-4 Video Codec --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_XviD 132 C:\WINDOWS\INF\xvid.inf


-- Application Event Log -------------------------------------------------------

Event Record #/Type4721 / Error
Event Submitted/Written: 06/17/2008 06:20:19 PM
Event ID/Source: 38 / Sophos Anti-Virus
Event Description:
Virus/spyware 'Troj/Virtum-Gen' was not removed because of errors.

Event Record #/Type4720 / Error
Event Submitted/Written: 06/17/2008 06:20:19 PM
Event ID/Source: 41 / Sophos Anti-Virus
Event Description:
File "C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED\gqpdupkm.dll.000" could not be removed.

Event Record #/Type4719 / Error
Event Submitted/Written: 06/17/2008 06:20:19 PM
Event ID/Source: 41 / Sophos Anti-Virus
Event Description:
File "C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED\amqyelvp.dll.000" could not be removed.

Event Record #/Type4718 / Error
Event Submitted/Written: 06/17/2008 06:20:19 PM
Event ID/Source: 41 / Sophos Anti-Virus
Event Description:
File "C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED\xbuolmeq.dll.000" could not be removed.

Event Record #/Type4717 / Error
Event Submitted/Written: 06/17/2008 06:20:19 PM
Event ID/Source: 41 / Sophos Anti-Virus
Event Description:
File "C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED\dqigdmfg.dll.000" could not be removed.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type7431 / Error
Event Submitted/Written: 06/17/2008 06:20:24 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058

Event Record #/Type7429 / Error
Event Submitted/Written: 06/17/2008 06:19:21 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service lxcy_device with arguments ""
in order to run the server:
{323CE21C-A448-40AA-BA74-7FCF1E44105A}

Event Record #/Type7420 / Error
Event Submitted/Written: 06/17/2008 05:56:08 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Event Record #/Type7419 / Error
Event Submitted/Written: 06/17/2008 05:56:05 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
AFD
Fips
giveio
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
SAVOnAccessControl
SAVOnAccessFilter
speedfan
sptd
Tcpip
vmm
WS2IFSL

Event Record #/Type7418 / Error
Event Submitted/Written: 06/17/2008 05:56:05 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Windows Home Server Connector Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31



-- End of Deckard's System Scanner: finished at 2008-06-17 18:35:37 ------------
  • 0

#8
duffdude

duffdude

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
main.txt:

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-06-17 18:22:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:23:24, on 6/17/2008
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP2 (6.00.3790.3959)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Sophos\Remote Management System\RouterNT.exe
C:\Program Files\Windows Home Server\WHSConnector.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Hide My IP 2008\SecureSrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://google.ca/
O2 - BHO: (no name) - {42A70D2D-3F1A-4061-B18A-FC1A5ACD44AA} - C:\WINDOWS\system32\ssqPgDUK.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {E707216F-6AFF-4BD4-962D-EC5CDBA812A1} - C:\WINDOWS\system32\yayyApNe.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunServices: [WGETMO] C:\WINDOWS\SYSTEM32\WGETMO.EXE
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O15 - ESC Trusted Zone: http://www.2shared.com
O15 - ESC Trusted Zone: http://lastchaos.aeriagames.com
O15 - ESC Trusted Zone: http://view.atdmt.com
O15 - ESC Trusted Zone: http://www.baictron.com
O15 - ESC Trusted Zone: http://*.bux.to
O15 - ESC Trusted Zone: http://www.cabalonline.com
O15 - ESC Trusted Zone: http://adserving.cpxinteractive.com
O15 - ESC Trusted Zone: http://www.daemon-search.com
O15 - ESC Trusted Zone: http://ad.doubleclick.net
O15 - ESC Trusted Zone: http://www.goozeman.game-deception.com
O15 - ESC Trusted Zone: http://xiah.gamescampus.com
O15 - ESC Trusted Zone: http://www.google.ca
O15 - ESC Trusted Zone: http://www.gunzonline.com
O15 - ESC Trusted Zone: http://img72.imageshack.us
O15 - ESC Trusted Zone: http://www.java.com
O15 - ESC Trusted Zone: http://bl137w.blu137.mail.live.com
O15 - ESC Trusted Zone: http://search.live.com
O15 - ESC Trusted Zone: http://files1.majorgeeks.com
O15 - ESC Trusted Zone: http://about1.mirc.com
O15 - ESC Trusted Zone: http://about2.mirc.com
O15 - ESC Trusted Zone: http://rad.msn.com
O15 - ESC Trusted Zone: http://*.myshoppingsavings.net
O15 - ESC Trusted Zone: http://www.nokia.ca
O15 - ESC Trusted Zone: http://cabal.ogplanet.com
O15 - ESC Trusted Zone: http://forum.organner.pl
O15 - ESC Trusted Zone: http://www.plaync.com
O15 - ESC Trusted Zone: http://*.project-7.net
O15 - ESC Trusted Zone: http://rs230tl2.rapidshare.com
O15 - ESC Trusted Zone: http://www.rewardscentre.net
O15 - ESC Trusted Zone: http://*.steamcommunity.com
O15 - ESC Trusted Zone: http://storefront.steampowered.com
O15 - ESC Trusted Zone: http://ftp.twaren.net
O15 - ESC Trusted Zone: http://media.warrock.net
O15 - ESC Trusted Zone: http://client.winamp.com
O15 - ESC Trusted Zone: http://*.windowsupdate.com
O15 - ESC Trusted Zone: http://launcher.worldofwarcraft.com
O15 - ESC Trusted Zone: http://www.worldofwarcraft.com
O15 - ESC Trusted Zone: http://*.xpservers.net
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O15 - ESC Trusted IP range: http://64.15.152.87
O20 - Winlogon Notify: FGWLNotify - C:\Program Files\Fortres Grand\Fortres Security Runtime 6.0\FGWLNotify.dll
O20 - Winlogon Notify: yayyApNe - C:\WINDOWS\SYSTEM32\yayyApNe.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SecureSrv - Unknown owner - C:\Program Files\Hide My IP 2008\SecureSrv.exe
O23 - Service: Sophos Agent - Sophos Plc - C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Sophos Message Router - Sophos Plc - C:\Program Files\Sophos\Remote Management System\RouterNT.exe

--
End of file - 8905 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 giveio - c:\windows\system32\giveio.sys
R1 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 SBKUPNT - c:\windows\system32\drivers\sbkupnt.sys
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>

S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys (file missing)
S3 Ad-Watch Real-Time Scanner (AW Real-Time Scanner) - c:\windows\system32\drivers\awrtpd.sys (file missing)
S3 Ad-Watch Registry Filter (Ad-Watch Registry Kernel Filter) - c:\windows\system32\drivers\awrtrd.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 FGCWL - c:\program files\fortres grand\virtual sandbox 1.0\fgcwl.sys (file missing)
S3 gokudr1ver - c:\program files\super saiyan\goku.sys
S3 IpInIp (IP in IP Tunnel Driver) - c:\windows\system32\drivers\ipinip.sys (file missing)
S3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys <Not Verified; Politecnico di Torino; NPF Driver>
S3 pgfilter - c:\program files\peerguardian2\pgfilter.sys
S3 SCREAMINGBDRIVER (Screaming Bee Audio) - c:\windows\system32\drivers\screamingbaudio.sys (file missing)
S3 uzsnuq - c:\documents and settings\administrator\desktop\lol\uzsnuq.sys (file missing)
S3 VMnetAdapter (VMware Virtual Ethernet Adapter Driver) - c:\windows\system32\drivers\vmnetadapter.sys (file missing)
S3 XDva158 - c:\windows\system32\xdva158.sys (file missing)
S3 zenx1 - c:\documents and settings\administrator\desktop\zenxengine_maplestory\zenxengine_maplestory\zenxengine maplestory\zenx.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 SAVAdminService (Sophos Anti-Virus status reporter) - "c:\program files\sophos\sophos anti-virus\savadminservice.exe" <Not Verified; Sophos Plc; Sophos Anti-Virus>
R2 SAVService (Sophos Anti-Virus) - "c:\program files\sophos\sophos anti-virus\savservice.exe" <Not Verified; Sophos Plc; Sophos Anti-Virus>
R2 Sophos Agent - "c:\program files\sophos\remote management system\managementagentnt.exe" -service -name agent <Not Verified; Sophos Plc; Sophos Messaging System>
R2 Sophos AutoUpdate Service - "c:\program files\sophos\autoupdate\alsvc.exe" <Not Verified; Sophos Plc; Sophos AutoUpdate>
R2 Sophos Message Router - "c:\program files\sophos\remote management system\routernt.exe" -service -name router -orblistenendpoints iiop://:8193/ssl_port=8194 <Not Verified; Sophos Plc; Sophos Messaging System>

S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini"
S4 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
S4 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S4 fsrt (Fortres Security Runtime) - "c:\program files\fortres grand\fortres security runtime 6.0\fsrt.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-05-17 and 2008-06-17 -----------------------------

2008-06-17 17:27:36 168 --a------ C:\Start_.cmd
2008-06-17 01:14:55 0 d-------- C:\Program Files\Lavasoft
2008-06-17 01:14:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-17 00:29:03 0 d-------- C:\Program Files\WinPcap
2008-06-17 00:28:29 77824 --a------ C:\WINDOWS\system32\nmapwin.exe <Not Verified; JVSoftware; NMapWin nmap front-end>
2008-06-17 00:28:29 108536 --a------ C:\WINDOWS\system32\nmap-services
2008-06-17 00:28:29 557444 --a------ C:\WINDOWS\system32\nmap-service-probes
2008-06-17 00:28:29 290816 --a------ C:\WINDOWS\system32\nmapserv.exe
2008-06-17 00:28:29 17955 --a------ C:\WINDOWS\system32\nmap-rpc
2008-06-17 00:28:29 6318 --a------ C:\WINDOWS\system32\nmap-protocols
2008-06-17 00:28:29 809345 --a------ C:\WINDOWS\system32\nmap-os-fingerprints
2008-06-17 00:28:29 225546 --a------ C:\WINDOWS\system32\nmap-mac-prefixes
2008-06-17 00:28:29 192 --a------ C:\WINDOWS\system32\nmap_performance.reg
2008-06-17 00:28:29 452096 --a------ C:\WINDOWS\system32\nmap.exe <Not Verified; ; Nmap>
2008-06-17 00:28:29 25611 --a------ C:\WINDOWS\system32\COPYING
2008-06-17 00:28:29 192007 --a------ C:\WINDOWS\system32\CHANGELOG
2008-06-17 00:28:28 114688 --a------ C:\WINDOWS\system32\CCGNU32.dll <Not Verified; Open Source Telecom; OST Common C++>
2008-06-17 00:28:23 10752 --a------ C:\WINDOWS\system32\aamd532.dll <Not Verified; Almeida & Andrade Ltda; MD5 Maker DLL>
2008-06-17 00:28:22 561179 --a------ C:\WINDOWS\system32\dao360.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-17 00:28:20 137216 --a------ C:\WINDOWS\system32\MSDERUN.DLL <Not Verified; Microsoft Corporation; Microsoft Data Environment Runtime 1.0>
2008-06-17 00:28:17 0 d-------- C:\Program Files\Net Tools
2008-06-16 22:33:13 0 d-------- C:\Program Files\Trend Micro
2008-06-16 20:33:12 0 d-------- C:\Program Files\Sun
2008-06-16 20:32:25 0 d-------- C:\Program Files\Common Files\Java
2008-06-16 18:59:01 2154 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-16 16:40:44 1152 --a------ C:\WINDOWS\system32\windrv.sys
2008-06-16 16:40:02 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-15 15:18:54 0 d-------- C:\Program Files\Spyware Doctor
2008-06-15 15:18:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools
2008-06-15 15:16:08 577232 --ahs---- C:\WINDOWS\system32\wHQqYJlm.ini2
2008-06-15 14:11:27 2087 --ahs---- C:\WINDOWS\system32\kmnnmnnn.ini2
2008-06-15 03:18:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-15 03:06:51 0 --a------ C:\WINDOWS\system32\MSVolume.dll
2008-06-15 03:00:48 3976 --ahs---- C:\WINDOWS\system32\KUDgPqss.ini2
2008-06-15 03:00:37 58368 --a------ C:\WINDOWS\system32\tuvVoOFv.dll
2008-06-15 02:58:37 58368 --a------ C:\WINDOWS\system32\ssqoNgGx.dll
2008-06-15 02:55:42 58368 --a------ C:\WINDOWS\system32\yayyApNe.dll
2008-06-15 02:46:18 0 d-------- C:\Documents and Settings\Administrator\Application Data\HideIP
2008-06-15 02:37:20 0 d-------- C:\Documents and Settings\Administrator\Application Data\Hide IP NG
2008-06-14 22:43:31 0 d-------- C:\binary
2008-06-14 21:29:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft Games
2008-06-14 21:26:42 0 d-------- C:\Program Files\GameSpy Arcade
2008-06-14 21:24:47 0 d-------- C:\Program Files\Microsoft Games
2008-06-14 04:05:54 12 --a------ C:\Program Files\ID.dat
2008-06-14 03:54:06 0 d-------- C:\Program Files\sound
2008-06-14 03:53:52 0 d-------- C:\Program Files\Collision
2008-06-14 03:53:40 0 d-------- C:\Program Files\world
2008-06-14 03:49:08 0 d-------- C:\Program Files\bitmaps
2008-06-14 03:45:49 0 d-------- C:\Program Files\model
2008-06-14 03:43:28 162816 --a------ C:\Program Files\fmod.dll <Not Verified; Firelight Technologies Pty, Ltd; FMOD>
2008-06-14 03:43:28 40960 --a------ C:\Program Files\Error.exe
2008-06-14 03:43:28 98304 --a------ C:\Program Files\eax.dll <Not Verified; Creative Technology Ltd; Creative Technology Ltd eax>
2008-06-14 03:43:28 1038848 --a------ C:\Program Files\dbghelp.dll <Not Verified; Microsoft Corporation; Debugging Tools for Windows®>
2008-06-14 03:43:28 63488 --a------ C:\Program Files\bugslayerutil.dll <Not Verified; Debugging Applications for Microsoft .NET and Microsoft Windows; >
2008-06-14 03:43:27 0 d-------- C:\Program Files\shaderbin
2008-06-14 03:37:47 0 d-------- C:\Program Files\res
2008-06-14 03:37:36 0 d-------- C:\Program Files\music
2008-06-14 03:37:35 0 d-------- C:\Program Files\GameGuard
2008-06-14 03:37:32 218112 --a------ C:\Program Files\wmasf.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Services>
2008-06-14 03:37:32 4 --a------ C:\Program Files\version.dat
2008-06-14 03:37:32 7536640 --a------ C:\Program Files\rohanclient.exe <Not Verified; YNK Games; Rohan>
2008-06-14 03:37:32 53248 --a------ C:\Program Files\npkpdb.dll <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Program Database DLL>
2008-06-14 03:37:32 37009 --a------ C:\Program Files\npkcusb.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
2008-06-14 03:37:32 34978 --a------ C:\Program Files\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
2008-06-14 03:37:32 467024 --a------ C:\Program Files\npkcrypt.dll <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver Support Dll>
2008-06-14 03:37:32 0 d-------- C:\Program Files\data
2008-06-14 03:37:31 118784 --a------ C:\Program Files\MakeReg.exe
2008-06-14 03:37:31 24576 --a------ C:\Program Files\Loader.exe <Not Verified; ; Loader ?? ????>
2008-06-14 03:37:31 460 --a------ C:\Program Files\Loader.dat
2008-06-14 03:37:31 856064 --a------ C:\Program Files\libeay32.dll
2008-06-14 03:37:31 5537792 --a------ C:\Program Files\Launcher.dll <Not Verified; Geomind; Launcher DLL>
2008-06-14 03:37:31 30208 --a------ C:\Program Files\gouninstusa.exe
2008-06-13 23:55:03 0 d-------- C:\Program Files\Hide My IP 2008
2008-06-11 22:08:07 0 d-------- C:\Shiz
2008-06-11 17:31:04 0 d-------- C:\Program Files\Microsoft Device Emulator
2008-06-11 17:30:55 0 d-------- C:\Program Files\Microsoft SQL Server 2005 Mobile Edition
2008-06-11 17:15:45 0 d-------- C:\WINDOWS\Symbols
2008-06-11 17:15:45 0 d-------- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
2008-06-11 17:15:44 0 d-------- C:\Program Files\Common Files\Business Objects
2008-06-11 17:15:44 0 d-------- C:\Program Files\CE Remote Tools
2008-06-09 16:18:03 0 d-------- C:\Program Files\MSDN
2008-06-09 16:14:30 96896 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
2008-06-09 16:14:29 0 d-------- C:\Program Files\MagicDisc
2008-06-09 16:10:37 0 d-------- C:\Program Files\MagicISO
2008-06-09 15:14:16 0 d-------- C:\Program Files\LimeWire
2008-06-09 12:39:40 0 d-------- C:\Program Files\Microsoft.NET
2008-06-09 04:27:04 0 d-------- C:\Program Files\HTML Help Workshop
2008-06-09 04:27:03 0 d-------- C:\Program Files\Common Files\Merge Modules
2008-06-09 04:27:03 0 d-------- C:\Program Files\Common Files\Crystal Decisions
2008-06-09 04:25:41 0 d-------- C:\Program Files\Microsoft Visual Studio .NET 2003
2008-06-08 01:04:15 0 d-------- C:\Program Files\Steam
2008-06-07 01:19:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mount&Blade
2008-06-07 01:18:35 0 d-------- C:\Mount&Blade
2008-06-05 00:18:11 252 --a------ C:\uxthemepatch.cmd
2008-06-03 00:59:55 64 --a------ C:\WINDOWS\system32\system.bat
2008-06-03 00:59:55 146 --a------ C:\WINDOWS\system32\syssvr.bat
2008-06-03 00:59:55 114 --a------ C:\WINDOWS\system32\drivers\config.sys
2008-06-01 23:39:51 0 d-------- C:\Program Files\Gamescampus
2008-06-01 02:08:54 0 d-------- C:\Program Files\dbh Studios
2008-05-31 02:19:42 0 d-------- C:\Program Files\Indianboy 2007 Present Discord Times Precracked Full version
2008-05-31 01:49:57 0 d-------- C:\Program Files\ReflexiveArcade
2008-05-29 00:48:26 0 d-------- C:\Documents and Settings\Administrator\.unlimitedftp
2008-05-28 00:45:42 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-27 18:40:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Dev-Cpp
2008-05-27 18:38:42 0 d-------- C:\Dev-Cpp
2008-05-26 23:15:57 73728 --a------ C:\WINDOWS\system32\GkSui18.EXE
2008-05-26 23:15:56 0 d-------- C:\Program Files\GameWiz32
2008-05-24 22:45:31 0 d-------- C:\Program Files\vbSkinner Free 2
2008-05-24 22:45:27 197120 -----n--- C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>
2008-05-24 22:45:26 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-05-24 01:10:23 0 d-------- C:\Program Files\PTDD Group
2008-05-23 23:03:04 11 --a------ C:\WINDOWS\epmbcd
2008-05-23 22:21:13 0 d-------- C:\Program Files\EASEUS
2008-05-23 21:33:16 14976 --a------ C:\WINDOWS\system32\drivers\SBKUPNT.SYS
2008-05-23 21:33:16 13312 --a------ C:\WINDOWS\system32\DEVLOAD.EXE
2008-05-23 21:24:46 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-05-23 18:49:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\InfraRecorder
2008-05-23 18:49:27 0 d-------- C:\Program Files\InfraRecorder
2008-05-22 19:49:04 0 d-------- C:\WINDOWS\.silabclient_store_32
2008-05-22 17:25:40 1 --a------ C:\Documents and Settings\Administrator\SI.bin
2008-05-22 16:48:07 0 d-------- C:\WINDOWS\system32\NtmsData
2008-05-21 22:20:53 0 d-------- C:\Program Files\Microsoft Virtual PC
2008-05-21 19:33:35 0 d-------- C:\Program Files\Hushpage
2008-05-21 19:10:18 0 d-------- C:\WINDOWS\.mpr_file_store_32
2008-05-21 19:10:06 0 d-------- C:\Program Files\MoparScape
2008-05-21 19:01:26 106496 --a------ C:\WINDOWS\system\kernel.exe <Not Verified; Microsoft Corporation; Kernel>
2008-05-21 18:58:26 1034859 --a------ C:\WINDOWS\system32\woblist.dll
2008-05-20 00:38:45 0 d-------- C:\Program Files\SoftwarePassport
2008-05-19 23:57:03 0 d-------- C:\FGCDIR
2008-05-19 23:21:31 0 d-------- C:\Program Files\Fortres Grand
2008-05-19 22:08:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\VMware
2008-05-19 21:50:17 0 d-------- C:\Documents and Settings\Default User\Application Data\VMware
2008-05-19 21:48:48 0 d-------- C:\Documents and Settings\All Users\Application Data\VMware
2008-05-19 21:43:49 163840 --a------ C:\WINDOWS\system32\windowsupdater68367892376.exe <Not Verified; Pre-Instinct® Software; Server>
2008-05-18 23:02:31 0 d-------- C:\Program Files\NCSoft
2008-05-18 15:18:44 61440 --a------ C:\WINDOWS\system\WanPacket.dll <Not Verified; CACE Technologies; WinPcap low level NetMon wrapper library>
2008-05-18 15:18:41 61440 --a------ C:\WINDOWS\system32\WanPacket.dll <Not Verified; CACE Technologies; WinPcap low level NetMon wrapper library>
2008-05-18 15:14:23 225280 --a------ C:\WINDOWS\system32\wpcap.dll <Not Verified; NetGroup - Politecnico di Torino; WinPcap high level library>
2008-05-17 18:46:23 0 d-------- C:\Documents and Settings\Administrator\Application Data\GetRightToGo


-- Find3M Report ---------------------------------------------------------------

2008-06-17 16:48:28 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-17 01:09:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\Xfire
2008-06-17 00:57:49 32 --a------ C:\WINDOWS\go
2008-06-17 00:55:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-06-16 23:56:14 0 d-------- C:\Program Files\FlashGet
2008-06-16 20:33:04 0 d-------- C:\Program Files\Java
2008-06-16 20:32:25 0 d-------- C:\Program Files\Common Files
2008-06-16 16:15:29 0 d-------- C:\Program Files\lx_cats
2008-06-15 02:35:13 204 --a------ C:\Program Files\Option.cfg
2008-06-15 02:35:13 796 --a------ C:\Program Files\3116037.set
2008-06-12 23:43:25 0 d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-06-11 17:07:24 0 d-------- C:\Program Files\PeerGuardian2
2008-06-10 16:49:16 0 d-------- C:\Documents and Settings\Administrator\Application Data\mIRC
2008-06-10 16:43:14 0 d-------- C:\Program Files\mIRC
2008-06-09 20:11:38 0 d-------- C:\Program Files\Xfire
2008-06-07 02:29:03 0 d-------- C:\Program Files\Cheat Engine
2008-06-06 00:42:21 0 d-------- C:\Program Files\PDF Reader 2
2008-05-24 01:10:23 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-23 18:47:12 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-22 17:20:40 0 d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-05-22 17:15:56 0 d-------- C:\Program Files\Funcom
2008-05-14 19:21:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\Screaming Bee
2008-05-14 19:19:00 0 d-------- C:\Program Files\Common Files\Screaming Bee
2008-05-14 19:18:07 0 d-------- C:\Program Files\Screaming Bee
2008-05-13 15:53:01 0 d-------- C:\Program Files\Common Files\Bcgsoft
2008-05-13 15:50:07 0 d-------- C:\Program Files\The Game Creators
2008-05-09 19:16:54 0 d-------- C:\Program Files\OGPlanet
2008-05-08 23:16:46 0 d-------- C:\Program Files\Microsoft Synchronization Services
2008-05-08 23:16:46 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-08 23:12:20 0 d-------- C:\Program Files\Microsoft SDKs
2008-05-06 00:04:07 0 d-------- C:\Documents and Settings\Administrator\Application Data\Easy Macro Recorder
2008-05-04 19:11:03 0 d-------- C:\Program Files\ArtMoney
2008-05-03 01:14:55 0 d-------- C:\Program Files\Workspace Macro Pro 6.5
2008-05-02 18:57:58 0 d-------- C:\Program Files\ZD Soft
2008-04-29 22:44:01 0 d-------- C:\Program Files\Silkroad
2008-04-26 13:58:25 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-04-25 16:05:49 0 d-------- C:\Program Files\Vstplugins
2008-04-25 16:05:36 0 d-------- C:\Program Files\Sony
2008-04-25 15:58:42 0 d-------- C:\Program Files\MSBuild
2008-04-25 15:54:02 0 d-------- C:\Program Files\Reference Assemblies
2008-04-25 15:50:50 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sony Setup
2008-04-22 15:19:40 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-21 22:30:44 0 d-------- C:\Program Files\Common Files\TechSmith Shared
2008-04-21 22:30:40 0 d-------- C:\Program Files\TechSmith
2008-04-20 20:48:15 0 d-------- C:\Program Files\World of Warcraft
2008-04-20 16:12:13 0 d-------- C:\Program Files\MAIET
2008-04-20 00:02:00 7711 --a------ C:\Program Files\UnInstall_24318.txt
2008-04-20 00:01:56 0 d-------- C:\Program Files\Super Saiyan
2008-04-19 21:00:05 0 d-------- C:\Program Files\LittleFighter2
2008-04-19 01:38:52 0 d-------- C:\Program Files\InnerSpace
2008-04-18 22:29:59 72192 --a------ C:\WINDOWS\cadkasdeinst01e.exe
2008-04-17 18:57:14 0 d-------- C:\Program Files\MSXML 4.0
2008-03-23 04:08:17 17920 --a------ C:\WINDOWS\system32\sophosboottasks.exe <Not Verified; Sophos Plc; Sophos Anti-Virus>
2008-03-22 16:11:42 98304 --a------ C:\WINDOWS\system32CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{42A70D2D-3F1A-4061-B18A-FC1A5ACD44AA}]
C:\WINDOWS\system32\ssqPgDUK.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E707216F-6AFF-4BD4-962D-EC5CDBA812A1}]
06/15/2008 02:55 58368 --a------ C:\WINDOWS\system32\yayyApNe.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 15:42]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41]
"LXCYCATS"="C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [02/24/2006 07:54]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 01:41]
"SNM"="C:\Program Files\SpyNoMore\SNM.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [12/10/2007 14:53]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [02/13/2008 19:09]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"WGETMO"=C:\WINDOWS\SYSTEM32\WGETMO.EXE

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [6/9/2008 4:14:29 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AutoUpdate Monitor.lnk - C:\Program Files\Sophos\AutoUpdate\ALMon.exe [3/23/2008 4:59:22 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ShowSuperHidden"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E707216F-6AFF-4BD4-962D-EC5CDBA812A1}"= C:\WINDOWS\system32\yayyApNe.dll [06/15/2008 02:55 58368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
dimsntfy.dll 02/17/2007 03:50 19456 C:\WINDOWS\system32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FGWLNotify]
C:\Program Files\Fortres Grand\Fortres Security Runtime 6.0\FGWLNotify.dll 04/11/2006 11:29 69632 C:\Program Files\Fortres Grand\Fortres Security Runtime 6.0\FGWLNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayyApNe]
yayyApNe.dll 06/15/2008 02:55 58368 C:\WINDOWS\system32\yayyApNe.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mlJYqQHw
"Notification Packages"= RASSFM KDCSVC WDIGEST scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Home Server.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Home Server.lnk
backup=C:\WINDOWS\pss\Windows Home Server.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cam]
C:\WINDOWS\camdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\camdrvs]
C:\Winnt\camdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
"C:\Program Files\Lexmark 3400 Series\ezprint.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
"c:\Program Files\Microsoft IntelliPoint\ipoint.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\Documents and Settings\Administrator\Desktop\Test.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcymon.exe]
"C:\Program Files\Lexmark 3400 Series\lxcymon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDM Agent]
C:\Program Files\PDM\PDM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchAndDestroyT]
C:\Program Files\Search And Destroy\SearchAndDestroy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\program files\steam\steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"fsrt"=2 (0x2)
"lanmanserver"=2 (0x2)
"lxcy_device"=3 (0x3)
"idsvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService Alerter WebClient LmHosts WinHttpAutoProxySvc W32Time
NetworkService 6to4 DHCP DnsCache
WinErr ERsvc
tapisrv Tapisrv
regsvc RemoteRegistry
swprv swprv
DcomLaunch DcomLaunch

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
HidServ
LanmanServer
LanmanWorkstation
Messenger
Nla
NWCWorkstation
Sacsvr
Schedule
Seclogon
Themes
TrkWks
TrkSvr
W32Time
Wmi
WmdmPmSp
winmgmt
wuauserv
BITS
ShellHWDetection
uploadmgr
xmlprov
AeLookupSvc
helpsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f63bd39-f4ba-11d8-8787-00111166bb1d}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \WIP\CMD\go.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{988ae6bf-ecc9-11dc-9fe6-00111166bb1d}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \WIP\CMD\go.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36BBA8D2-CA5C-4847-81CC-4F807DD86C91}]
%SystemRoot%\system32\regsvr32.exe /s /n /i:IEUpdateUser urlmon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6D69F546-C1AF-4049-AE9E-28627B91D3F5}]
%SystemRoot%\system32\regsvr32.exe /s /n /i:IEUpdateAdmin urlmon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}]
%SystemRoot%\system32\rundll32.exe iesetup.dll,IEHardenAdmin

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}]
%SystemRoot%\system32\rundll32.exe iesetup.dll,IEHardenUser



-- End of Deckard's System Scanner: finished at 2008-06-17 18:35:37 ------------
  • 0

#9
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {42A70D2D-3F1A-4061-B18A-FC1A5ACD44AA} - C:\WINDOWS\system32\ssqPgDUK.dll (file missing)
O2 - BHO: (no name) - {E707216F-6AFF-4BD4-962D-EC5CDBA812A1} - C:\WINDOWS\system32\yayyApNe.dll
O4 - HKLM\..\RunServices: [WGETMO] C:\WINDOWS\SYSTEM32\WGETMO.EXE
O15 - ESC Trusted Zone: http://*.myshoppingsavings.net
O15 - ESC Trusted IP range: http://64.15.152.87
O20 - Winlogon Notify: yayyApNe - C:\WINDOWS\SYSTEM32\yayyApNe.dll


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.




Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\WINDOWS\system32\wHQqYJlm.ini2
    C:\WINDOWS\system32\kmnnmnnn.ini2
    C:\WINDOWS\system32\MSVolume.dll
    C:\WINDOWS\system32\KUDgPqss.ini2
    C:\WINDOWS\system32\tuvVoOFv.dll
    C:\WINDOWS\system32\ssqoNgGx.dll
    C:\WINDOWS\system32\yayyApNe.dll
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cam
    C:\WINDOWS\camdrv.exe
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\camdrvs
    C:\Winnt\camdrv.exe
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f63bd39-f4ba-11d8-8787-00111166bb1d}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{988ae6bf-ecc9-11dc-9fe6-00111166bb1d}
    purity 
    EmptyTemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Reboot and post a new DSS log
  • 0

#10
duffdude

duffdude

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
OTlog: Explorer killed successfully
File/Folder C:\WINDOWS\system32\wHQqYJlm.ini2 not found.
File/Folder C:\WINDOWS\system32\kmnnmnnn.ini2 not found.
File/Folder C:\WINDOWS\system32\MSVolume.dll not found.
File/Folder C:\WINDOWS\system32\KUDgPqss.ini2 not found.
File/Folder C:\WINDOWS\system32\tuvVoOFv.dll not found.
File/Folder C:\WINDOWS\system32\ssqoNgGx.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\yayyApNe.dll
C:\WINDOWS\system32\yayyApNe.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\yayyApNe.dll scheduled to be moved on reboot.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cam >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cam\\ not found.
File/Folder C:\WINDOWS\camdrv.exe not found.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\camdrvs >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\camdrvs\\ not found.
File/Folder C:\Winnt\camdrv.exe not found.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f63bd39-f4ba-11d8-8787-00111166bb1d} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f63bd39-f4ba-11d8-8787-00111166bb1d}\\ not found.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{988ae6bf-ecc9-11dc-9fe6-00111166bb1d} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{988ae6bf-ecc9-11dc-9fe6-00111166bb1d}\\ not found.
< purity >
< EmptyTemp >
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06172008_200658

Files moved on Reboot...
DllUnregisterServer procedure not found in C:\WINDOWS\system32\yayyApNe.dll
C:\WINDOWS\system32\yayyApNe.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\yayyApNe.dll scheduled to be moved on reboot.

Malwarebytes' Anti-Malware 1.17
Database version: 865

8:33:02 PM 6/17/2008
mbam-log-6-17-2008 (20-33-02).txt

Scan type: Quick Scan
Objects scanned: 39008
Time elapsed: 7 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 10
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\yayyApNe.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{e707216f-6aff-4bd4-962d-ec5cdba812a1} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e707216f-6aff-4bd4-962d-ec5cdba812a1} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yayyapne (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\chilkatmail2.chilkatemail2 (Rogue.AntiSpamBoy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\chilkatmail2.chilkatemail2.1 (Rogue.AntiSpamBoy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\chilkatmail2.chilkatemailbundle2 (Rogue.AntiSpamBoy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\chilkatmail2.chilkatemailbundle2.1 (Rogue.AntiSpamBoy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\chilkatmail2.chilkatmailman2 (Rogue.AntiSpamBoy) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\chilkatmail2.chilkatmailman2.1 (Rogue.AntiSpamBoy) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{e707216f-6aff-4bd4-962d-ec5cdba812a1} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\yayyApNe.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
  • 0

Advertisements


#11
duffdude

duffdude

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Deckard's System Scanner v20071014.68
Run by Administrator on 2008-06-17 21:17:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:17:21, on 6/17/2008
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP2 (6.00.3790.3959)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Windows Home Server\WHSConnector.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hide My IP 2008\SecureSrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Sophos\Remote Management System\RouterNT.exe
C:\Program Files\Xfire\xfire.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ADMINI~1.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {E707216F-6AFF-4BD4-962D-EC5CDBA812A1} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O15 - ESC Trusted Zone: http://www.2shared.com
O15 - ESC Trusted Zone: http://lastchaos.aeriagames.com
O15 - ESC Trusted Zone: http://view.atdmt.com
O15 - ESC Trusted Zone: http://www.baictron.com
O15 - ESC Trusted Zone: http://*.bux.to
O15 - ESC Trusted Zone: http://www.cabalonline.com
O15 - ESC Trusted Zone: http://adserving.cpxinteractive.com
O15 - ESC Trusted Zone: http://www.daemon-search.com
O15 - ESC Trusted Zone: http://ad.doubleclick.net
O15 - ESC Trusted Zone: http://www.goozeman.game-deception.com
O15 - ESC Trusted Zone: http://xiah.gamescampus.com
O15 - ESC Trusted Zone: http://www.google.ca
O15 - ESC Trusted Zone: http://www.gunzonline.com
O15 - ESC Trusted Zone: http://img72.imageshack.us
O15 - ESC Trusted Zone: http://www.java.com
O15 - ESC Trusted Zone: http://bl137w.blu137.mail.live.com
O15 - ESC Trusted Zone: http://search.live.com
O15 - ESC Trusted Zone: http://files1.majorgeeks.com
O15 - ESC Trusted Zone: http://about1.mirc.com
O15 - ESC Trusted Zone: http://about2.mirc.com
O15 - ESC Trusted Zone: http://rad.msn.com
O15 - ESC Trusted Zone: http://www.nokia.ca
O15 - ESC Trusted Zone: http://cabal.ogplanet.com
O15 - ESC Trusted Zone: http://forum.organner.pl
O15 - ESC Trusted Zone: http://www.plaync.com
O15 - ESC Trusted Zone: http://*.project-7.net
O15 - ESC Trusted Zone: http://rs230tl2.rapidshare.com
O15 - ESC Trusted Zone: http://www.rewardscentre.net
O15 - ESC Trusted Zone: http://*.steamcommunity.com
O15 - ESC Trusted Zone: http://storefront.steampowered.com
O15 - ESC Trusted Zone: http://ftp.twaren.net
O15 - ESC Trusted Zone: http://media.warrock.net
O15 - ESC Trusted Zone: http://client.winamp.com
O15 - ESC Trusted Zone: http://*.windowsupdate.com
O15 - ESC Trusted Zone: http://launcher.worldofwarcraft.com
O15 - ESC Trusted Zone: http://www.worldofwarcraft.com
O15 - ESC Trusted Zone: http://*.xpservers.net
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O20 - Winlogon Notify: FGWLNotify - C:\Program Files\Fortres Grand\Fortres Security Runtime 6.0\FGWLNotify.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SecureSrv - Unknown owner - C:\Program Files\Hide My IP 2008\SecureSrv.exe
O23 - Service: Sophos Agent - Sophos Plc - C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Sophos Message Router - Sophos Plc - C:\Program Files\Sophos\Remote Management System\RouterNT.exe

--
End of file - 8633 bytes

-- Files created between 2008-05-17 and 2008-06-17 -----------------------------

2008-06-17 20:13:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-06-17 20:13:17 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-17 20:13:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-17 17:27:36 168 --a------ C:\Start_.cmd
2008-06-17 01:14:55 0 d-------- C:\Program Files\Lavasoft
2008-06-17 01:14:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-17 00:29:03 0 d-------- C:\Program Files\WinPcap
2008-06-17 00:28:29 77824 --a------ C:\WINDOWS\system32\nmapwin.exe <Not Verified; JVSoftware; NMapWin nmap front-end>
2008-06-17 00:28:29 108536 --a------ C:\WINDOWS\system32\nmap-services
2008-06-17 00:28:29 557444 --a------ C:\WINDOWS\system32\nmap-service-probes
2008-06-17 00:28:29 290816 --a------ C:\WINDOWS\system32\nmapserv.exe
2008-06-17 00:28:29 17955 --a------ C:\WINDOWS\system32\nmap-rpc
2008-06-17 00:28:29 6318 --a------ C:\WINDOWS\system32\nmap-protocols
2008-06-17 00:28:29 809345 --a------ C:\WINDOWS\system32\nmap-os-fingerprints
2008-06-17 00:28:29 225546 --a------ C:\WINDOWS\system32\nmap-mac-prefixes
2008-06-17 00:28:29 192 --a------ C:\WINDOWS\system32\nmap_performance.reg
2008-06-17 00:28:29 452096 --a------ C:\WINDOWS\system32\nmap.exe <Not Verified; ; Nmap>
2008-06-17 00:28:29 25611 --a------ C:\WINDOWS\system32\COPYING
2008-06-17 00:28:29 192007 --a------ C:\WINDOWS\system32\CHANGELOG
2008-06-17 00:28:28 114688 --a------ C:\WINDOWS\system32\CCGNU32.dll <Not Verified; Open Source Telecom; OST Common C++>
2008-06-17 00:28:23 10752 --a------ C:\WINDOWS\system32\aamd532.dll <Not Verified; Almeida & Andrade Ltda; MD5 Maker DLL>
2008-06-17 00:28:22 561179 --a------ C:\WINDOWS\system32\dao360.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-17 00:28:20 137216 --a------ C:\WINDOWS\system32\MSDERUN.DLL <Not Verified; Microsoft Corporation; Microsoft Data Environment Runtime 1.0>
2008-06-17 00:28:17 0 d-------- C:\Program Files\Net Tools
2008-06-16 22:33:13 0 d-------- C:\Program Files\Trend Micro
2008-06-16 20:33:12 0 d-------- C:\Program Files\Sun
2008-06-16 20:32:25 0 d-------- C:\Program Files\Common Files\Java
2008-06-16 18:59:01 2154 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-16 16:40:44 1152 --a------ C:\WINDOWS\system32\windrv.sys
2008-06-16 16:40:02 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-15 15:18:54 0 d-------- C:\Program Files\Spyware Doctor
2008-06-15 15:18:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools
2008-06-15 03:18:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-15 02:46:18 0 d-------- C:\Documents and Settings\Administrator\Application Data\HideIP
2008-06-15 02:37:20 0 d-------- C:\Documents and Settings\Administrator\Application Data\Hide IP NG
2008-06-14 22:43:31 0 d-------- C:\binary
2008-06-14 21:29:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft Games
2008-06-14 21:26:42 0 d-------- C:\Program Files\GameSpy Arcade
2008-06-14 21:24:47 0 d-------- C:\Program Files\Microsoft Games
2008-06-14 04:05:54 12 --a------ C:\Program Files\ID.dat
2008-06-14 03:54:06 0 d-------- C:\Program Files\sound
2008-06-14 03:53:52 0 d-------- C:\Program Files\Collision
2008-06-14 03:53:40 0 d-------- C:\Program Files\world
2008-06-14 03:49:08 0 d-------- C:\Program Files\bitmaps
2008-06-14 03:45:49 0 d-------- C:\Program Files\model
2008-06-14 03:43:28 162816 --a------ C:\Program Files\fmod.dll <Not Verified; Firelight Technologies Pty, Ltd; FMOD>
2008-06-14 03:43:28 40960 --a------ C:\Program Files\Error.exe
2008-06-14 03:43:28 98304 --a------ C:\Program Files\eax.dll <Not Verified; Creative Technology Ltd; Creative Technology Ltd eax>
2008-06-14 03:43:28 1038848 --a------ C:\Program Files\dbghelp.dll <Not Verified; Microsoft Corporation; Debugging Tools for Windows®>
2008-06-14 03:43:28 63488 --a------ C:\Program Files\bugslayerutil.dll <Not Verified; Debugging Applications for Microsoft .NET and Microsoft Windows; >
2008-06-14 03:43:27 0 d-------- C:\Program Files\shaderbin
2008-06-14 03:37:47 0 d-------- C:\Program Files\res
2008-06-14 03:37:36 0 d-------- C:\Program Files\music
2008-06-14 03:37:35 0 d-------- C:\Program Files\GameGuard
2008-06-14 03:37:32 218112 --a------ C:\Program Files\wmasf.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Services>
2008-06-14 03:37:32 4 --a------ C:\Program Files\version.dat
2008-06-14 03:37:32 7536640 --a------ C:\Program Files\rohanclient.exe <Not Verified; YNK Games; Rohan>
2008-06-14 03:37:32 53248 --a------ C:\Program Files\npkpdb.dll <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Program Database DLL>
2008-06-14 03:37:32 37009 --a------ C:\Program Files\npkcusb.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
2008-06-14 03:37:32 34978 --a------ C:\Program Files\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
2008-06-14 03:37:32 467024 --a------ C:\Program Files\npkcrypt.dll <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver Support Dll>
2008-06-14 03:37:32 0 d-------- C:\Program Files\data
2008-06-14 03:37:31 118784 --a------ C:\Program Files\MakeReg.exe
2008-06-14 03:37:31 24576 --a------ C:\Program Files\Loader.exe <Not Verified; ; Loader ?? ????>
2008-06-14 03:37:31 460 --a------ C:\Program Files\Loader.dat
2008-06-14 03:37:31 856064 --a------ C:\Program Files\libeay32.dll
2008-06-14 03:37:31 5537792 --a------ C:\Program Files\Launcher.dll <Not Verified; Geomind; Launcher DLL>
2008-06-14 03:37:31 30208 --a------ C:\Program Files\gouninstusa.exe
2008-06-13 23:55:03 0 d-------- C:\Program Files\Hide My IP 2008
2008-06-11 22:08:07 0 d-------- C:\Shiz
2008-06-11 17:31:04 0 d-------- C:\Program Files\Microsoft Device Emulator
2008-06-11 17:30:55 0 d-------- C:\Program Files\Microsoft SQL Server 2005 Mobile Edition
2008-06-11 17:15:45 0 d-------- C:\WINDOWS\Symbols
2008-06-11 17:15:45 0 d-------- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
2008-06-11 17:15:44 0 d-------- C:\Program Files\Common Files\Business Objects
2008-06-11 17:15:44 0 d-------- C:\Program Files\CE Remote Tools
2008-06-09 16:18:03 0 d-------- C:\Program Files\MSDN
2008-06-09 16:14:30 96896 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
2008-06-09 16:14:29 0 d-------- C:\Program Files\MagicDisc
2008-06-09 16:10:37 0 d-------- C:\Program Files\MagicISO
2008-06-09 15:14:16 0 d-------- C:\Program Files\LimeWire
2008-06-09 12:39:40 0 d-------- C:\Program Files\Microsoft.NET
2008-06-09 04:27:04 0 d-------- C:\Program Files\HTML Help Workshop
2008-06-09 04:27:03 0 d-------- C:\Program Files\Common Files\Merge Modules
2008-06-09 04:27:03 0 d-------- C:\Program Files\Common Files\Crystal Decisions
2008-06-09 04:25:41 0 d-------- C:\Program Files\Microsoft Visual Studio .NET 2003
2008-06-08 01:04:15 0 d-------- C:\Program Files\Steam
2008-06-07 01:19:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mount&Blade
2008-06-07 01:18:35 0 d-------- C:\Mount&Blade
2008-06-05 00:18:11 252 --a------ C:\uxthemepatch.cmd
2008-06-03 00:59:55 64 --a------ C:\WINDOWS\system32\system.bat
2008-06-03 00:59:55 146 --a------ C:\WINDOWS\system32\syssvr.bat
2008-06-03 00:59:55 114 --a------ C:\WINDOWS\system32\drivers\config.sys
2008-06-01 23:39:51 0 d-------- C:\Program Files\Gamescampus
2008-06-01 02:08:54 0 d-------- C:\Program Files\dbh Studios
2008-05-31 02:19:42 0 d-------- C:\Program Files\Indianboy 2007 Present Discord Times Precracked Full version
2008-05-31 01:49:57 0 d-------- C:\Program Files\ReflexiveArcade
2008-05-29 00:48:26 0 d-------- C:\Documents and Settings\Administrator\.unlimitedftp
2008-05-28 00:45:42 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-27 18:40:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Dev-Cpp
2008-05-27 18:38:42 0 d-------- C:\Dev-Cpp
2008-05-26 23:15:57 73728 --a------ C:\WINDOWS\system32\GkSui18.EXE
2008-05-26 23:15:56 0 d-------- C:\Program Files\GameWiz32
2008-05-24 22:45:31 0 d-------- C:\Program Files\vbSkinner Free 2
2008-05-24 22:45:27 197120 -----n--- C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>
2008-05-24 22:45:26 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-05-24 01:10:23 0 d-------- C:\Program Files\PTDD Group
2008-05-23 23:03:04 11 --a------ C:\WINDOWS\epmbcd
2008-05-23 22:21:13 0 d-------- C:\Program Files\EASEUS
2008-05-23 21:33:16 14976 --a------ C:\WINDOWS\system32\drivers\SBKUPNT.SYS
2008-05-23 21:33:16 13312 --a------ C:\WINDOWS\system32\DEVLOAD.EXE
2008-05-23 21:24:46 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-05-23 18:49:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\InfraRecorder
2008-05-23 18:49:27 0 d-------- C:\Program Files\InfraRecorder
2008-05-22 19:49:04 0 d-------- C:\WINDOWS\.silabclient_store_32
2008-05-22 17:25:40 1 --a------ C:\Documents and Settings\Administrator\SI.bin
2008-05-22 16:48:07 0 d-------- C:\WINDOWS\system32\NtmsData
2008-05-21 22:20:53 0 d-------- C:\Program Files\Microsoft Virtual PC
2008-05-21 19:33:35 0 d-------- C:\Program Files\Hushpage
2008-05-21 19:10:18 0 d-------- C:\WINDOWS\.mpr_file_store_32
2008-05-21 19:10:06 0 d-------- C:\Program Files\MoparScape
2008-05-21 19:01:26 106496 --a------ C:\WINDOWS\system\kernel.exe <Not Verified; Microsoft Corporation; Kernel>
2008-05-21 18:58:26 1034859 --a------ C:\WINDOWS\system32\woblist.dll
2008-05-20 00:38:45 0 d-------- C:\Program Files\SoftwarePassport
2008-05-19 23:57:03 0 d-------- C:\FGCDIR
2008-05-19 23:21:31 0 d-------- C:\Program Files\Fortres Grand
2008-05-19 22:08:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\VMware
2008-05-19 21:50:17 0 d-------- C:\Documents and Settings\Default User\Application Data\VMware
2008-05-19 21:48:48 0 d-------- C:\Documents and Settings\All Users\Application Data\VMware
2008-05-19 21:43:49 163840 --a------ C:\WINDOWS\system32\windowsupdater68367892376.exe <Not Verified; Pre-Instinct® Software; Server>
2008-05-18 23:02:31 0 d-------- C:\Program Files\NCSoft
2008-05-18 15:18:44 61440 --a------ C:\WINDOWS\system\WanPacket.dll <Not Verified; CACE Technologies; WinPcap low level NetMon wrapper library>
2008-05-18 15:18:41 61440 --a------ C:\WINDOWS\system32\WanPacket.dll <Not Verified; CACE Technologies; WinPcap low level NetMon wrapper library>
2008-05-18 15:14:23 225280 --a------ C:\WINDOWS\system32\wpcap.dll <Not Verified; NetGroup - Politecnico di Torino; WinPcap high level library>
2008-05-17 18:46:23 0 d-------- C:\Documents and Settings\Administrator\Application Data\GetRightToGo


-- Find3M Report ---------------------------------------------------------------

2008-06-17 20:33:50 0 d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-06-17 19:54:41 0 d-------- C:\Documents and Settings\Administrator\Application Data\Xfire
2008-06-17 16:48:28 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-17 00:57:49 32 --a------ C:\WINDOWS\go
2008-06-16 23:56:14 0 d-------- C:\Program Files\FlashGet
2008-06-16 20:33:04 0 d-------- C:\Program Files\Java
2008-06-16 20:32:25 0 d-------- C:\Program Files\Common Files
2008-06-16 16:15:29 0 d-------- C:\Program Files\lx_cats
2008-06-15 02:35:13 204 --a------ C:\Program Files\Option.cfg
2008-06-15 02:35:13 796 --a------ C:\Program Files\3116037.set
2008-06-12 23:43:25 0 d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-06-11 17:07:24 0 d-------- C:\Program Files\PeerGuardian2
2008-06-10 16:49:16 0 d-------- C:\Documents and Settings\Administrator\Application Data\mIRC
2008-06-10 16:43:14 0 d-------- C:\Program Files\mIRC
2008-06-09 20:11:38 0 d-------- C:\Program Files\Xfire
2008-06-07 02:29:03 0 d-------- C:\Program Files\Cheat Engine
2008-06-06 00:42:21 0 d-------- C:\Program Files\PDF Reader 2
2008-05-24 01:10:23 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-23 18:47:12 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-22 17:20:40 0 d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-05-22 17:15:56 0 d-------- C:\Program Files\Funcom
2008-05-14 19:21:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\Screaming Bee
2008-05-14 19:19:00 0 d-------- C:\Program Files\Common Files\Screaming Bee
2008-05-14 19:18:07 0 d-------- C:\Program Files\Screaming Bee
2008-05-13 15:53:01 0 d-------- C:\Program Files\Common Files\Bcgsoft
2008-05-13 15:50:07 0 d-------- C:\Program Files\The Game Creators
2008-05-09 19:16:54 0 d-------- C:\Program Files\OGPlanet
2008-05-08 23:16:46 0 d-------- C:\Program Files\Microsoft Synchronization Services
2008-05-08 23:16:46 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-08 23:12:20 0 d-------- C:\Program Files\Microsoft SDKs
2008-05-06 00:04:07 0 d-------- C:\Documents and Settings\Administrator\Application Data\Easy Macro Recorder
2008-05-04 19:11:03 0 d-------- C:\Program Files\ArtMoney
2008-05-03 01:14:55 0 d-------- C:\Program Files\Workspace Macro Pro 6.5
2008-05-02 18:57:58 0 d-------- C:\Program Files\ZD Soft
2008-04-29 22:44:01 0 d-------- C:\Program Files\Silkroad
2008-04-26 13:58:25 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-04-25 16:05:49 0 d-------- C:\Program Files\Vstplugins
2008-04-25 16:05:36 0 d-------- C:\Program Files\Sony
2008-04-25 15:58:42 0 d-------- C:\Program Files\MSBuild
2008-04-25 15:54:02 0 d-------- C:\Program Files\Reference Assemblies
2008-04-25 15:50:50 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sony Setup
2008-04-22 15:19:40 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-21 22:30:44 0 d-------- C:\Program Files\Common Files\TechSmith Shared
2008-04-21 22:30:40 0 d-------- C:\Program Files\TechSmith
2008-04-20 20:48:15 0 d-------- C:\Program Files\World of Warcraft
2008-04-20 16:12:13 0 d-------- C:\Program Files\MAIET
2008-04-20 00:02:00 7711 --a------ C:\Program Files\UnInstall_24318.txt
2008-04-20 00:01:56 0 d-------- C:\Program Files\Super Saiyan
2008-04-19 21:00:05 0 d-------- C:\Program Files\LittleFighter2
2008-04-19 01:38:52 0 d-------- C:\Program Files\InnerSpace
2008-04-18 22:29:59 72192 --a------ C:\WINDOWS\cadkasdeinst01e.exe
2008-04-17 18:57:14 0 d-------- C:\Program Files\MSXML 4.0
2008-03-23 04:08:17 17920 --a------ C:\WINDOWS\system32\sophosboottasks.exe <Not Verified; Sophos Plc; Sophos Anti-Virus>
2008-03-22 16:11:42 98304 --a------ C:\WINDOWS\system32CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E707216F-6AFF-4BD4-962D-EC5CDBA812A1}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 15:42]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41]
"LXCYCATS"="C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [02/24/2006 07:54]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 01:41]
"SNM"="C:\Program Files\SpyNoMore\SNM.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [12/10/2007 14:53]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [02/13/2008 19:09]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [6/9/2008 4:14:29 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AutoUpdate Monitor.lnk - C:\Program Files\Sophos\AutoUpdate\ALMon.exe [3/23/2008 4:59:22 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ShowSuperHidden"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
dimsntfy.dll 02/17/2007 03:50 19456 C:\WINDOWS\system32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FGWLNotify]
C:\Program Files\Fortres Grand\Fortres Security Runtime 6.0\FGWLNotify.dll 04/11/2006 11:29 69632 C:\Program Files\Fortres Grand\Fortres Security Runtime 6.0\FGWLNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mlJYqQHw
"Notification Packages"= RASSFM KDCSVC WDIGEST scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Home Server.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Home Server.lnk
backup=C:\WINDOWS\pss\Windows Home Server.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
"C:\Program Files\Lexmark 3400 Series\ezprint.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
"c:\Program Files\Microsoft IntelliPoint\ipoint.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\Documents and Settings\Administrator\Desktop\Test.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcymon.exe]
"C:\Program Files\Lexmark 3400 Series\lxcymon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDM Agent]
C:\Program Files\PDM\PDM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchAndDestroyT]
C:\Program Files\Search And Destroy\SearchAndDestroy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\program files\steam\steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"fsrt"=2 (0x2)
"lanmanserver"=2 (0x2)
"lxcy_device"=3 (0x3)
"idsvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService Alerter WebClient LmHosts WinHttpAutoProxySvc W32Time
NetworkService 6to4 DHCP DnsCache
WinErr ERsvc
tapisrv Tapisrv
regsvc RemoteRegistry
swprv swprv
DcomLaunch DcomLaunch

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
HidServ
LanmanServer
LanmanWorkstation
Messenger
Nla
NWCWorkstation
Sacsvr
Schedule
Seclogon
Themes
TrkWks
TrkSvr
W32Time
Wmi
WmdmPmSp
winmgmt
wuauserv
BITS
ShellHWDetection
uploadmgr
xmlprov
AeLookupSvc
helpsvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36BBA8D2-CA5C-4847-81CC-4F807DD86C91}]
%SystemRoot%\system32\regsvr32.exe /s /n /i:IEUpdateUser urlmon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6D69F546-C1AF-4049-AE9E-28627B91D3F5}]
%SystemRoot%\system32\regsvr32.exe /s /n /i:IEUpdateAdmin urlmon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}]
%SystemRoot%\system32\rundll32.exe iesetup.dll,IEHardenAdmin

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}]
%SystemRoot%\system32\rundll32.exe iesetup.dll,IEHardenUser



-- End of Deckard's System Scanner: finished at 2008-06-17 21:18:10 ------------

Thank you very much,the dll's are gone i think,sophos has no more threats detected.You are the man!I wish i had enough money to send to your paypal,unfortunately im broke >.< But thank you very much!
  • 0

#12
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {E707216F-6AFF-4BD4-962D-EC5CDBA812A1} - (no file)


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.




Now we need to fix your problems by making a .reg file. Copy the code below into a Notepad file. Name the file as fix.reg, change the "Save as Type" to "All files" and save it on the desktop.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,00,\
00


Then double click on the fix.reg file, when it prompts to merge click "Yes".




Reboot and post a new DSS log
  • 0

#13
duffdude

duffdude

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Deckard's System Scanner v20071014.68
Run by Administrator on 2008-06-18 17:06:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:06:58, on 6/18/2008
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP2 (6.00.3790.3959)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Sophos\Remote Management System\RouterNT.exe
C:\Program Files\Windows Home Server\WHSConnector.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hide My IP 2008\SecureSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Xfire\xfire.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ADMINI~1.EXE

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O15 - ESC Trusted Zone: http://www.2shared.com
O15 - ESC Trusted Zone: http://lastchaos.aeriagames.com
O15 - ESC Trusted Zone: http://view.atdmt.com
O15 - ESC Trusted Zone: http://www.baictron.com
O15 - ESC Trusted Zone: http://*.bux.to
O15 - ESC Trusted Zone: http://www.cabalonline.com
O15 - ESC Trusted Zone: http://adserving.cpxinteractive.com
O15 - ESC Trusted Zone: http://www.daemon-search.com
O15 - ESC Trusted Zone: http://ad.doubleclick.net
O15 - ESC Trusted Zone: http://www.goozeman.game-deception.com
O15 - ESC Trusted Zone: http://xiah.gamescampus.com
O15 - ESC Trusted Zone: http://www.google.ca
O15 - ESC Trusted Zone: http://www.gunzonline.com
O15 - ESC Trusted Zone: http://img72.imageshack.us
O15 - ESC Trusted Zone: http://www.java.com
O15 - ESC Trusted Zone: http://bl137w.blu137.mail.live.com
O15 - ESC Trusted Zone: http://search.live.com
O15 - ESC Trusted Zone: http://files1.majorgeeks.com
O15 - ESC Trusted Zone: http://about1.mirc.com
O15 - ESC Trusted Zone: http://about2.mirc.com
O15 - ESC Trusted Zone: http://rad.msn.com
O15 - ESC Trusted Zone: http://www.nokia.ca
O15 - ESC Trusted Zone: http://cabal.ogplanet.com
O15 - ESC Trusted Zone: http://forum.organner.pl
O15 - ESC Trusted Zone: http://www.plaync.com
O15 - ESC Trusted Zone: http://*.project-7.net
O15 - ESC Trusted Zone: http://rs230tl2.rapidshare.com
O15 - ESC Trusted Zone: http://www.rewardscentre.net
O15 - ESC Trusted Zone: http://*.steamcommunity.com
O15 - ESC Trusted Zone: http://storefront.steampowered.com
O15 - ESC Trusted Zone: http://ftp.twaren.net
O15 - ESC Trusted Zone: http://media.warrock.net
O15 - ESC Trusted Zone: http://client.winamp.com
O15 - ESC Trusted Zone: http://*.windowsupdate.com
O15 - ESC Trusted Zone: http://launcher.worldofwarcraft.com
O15 - ESC Trusted Zone: http://www.worldofwarcraft.com
O15 - ESC Trusted Zone: http://*.xpservers.net
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{312163ED-C0CC-4A8B-9F5E-126952D9C48A}: NameServer = 192.168.1.100
O20 - Winlogon Notify: FGWLNotify - C:\Program Files\Fortres Grand\Fortres Security Runtime 6.0\FGWLNotify.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SecureSrv - Unknown owner - C:\Program Files\Hide My IP 2008\SecureSrv.exe
O23 - Service: Sophos Agent - Sophos Plc - C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Sophos Message Router - Sophos Plc - C:\Program Files\Sophos\Remote Management System\RouterNT.exe

--
End of file - 8097 bytes

-- Files created between 2008-05-18 and 2008-06-18 -----------------------------

2008-06-17 20:13:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-06-17 20:13:17 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-17 20:13:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-17 17:27:36 168 --a------ C:\Start_.cmd
2008-06-17 01:14:55 0 d-------- C:\Program Files\Lavasoft
2008-06-17 01:14:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-17 00:29:03 0 d-------- C:\Program Files\WinPcap
2008-06-17 00:28:29 77824 --a------ C:\WINDOWS\system32\nmapwin.exe <Not Verified; JVSoftware; NMapWin nmap front-end>
2008-06-17 00:28:29 108536 --a------ C:\WINDOWS\system32\nmap-services
2008-06-17 00:28:29 557444 --a------ C:\WINDOWS\system32\nmap-service-probes
2008-06-17 00:28:29 290816 --a------ C:\WINDOWS\system32\nmapserv.exe
2008-06-17 00:28:29 17955 --a------ C:\WINDOWS\system32\nmap-rpc
2008-06-17 00:28:29 6318 --a------ C:\WINDOWS\system32\nmap-protocols
2008-06-17 00:28:29 809345 --a------ C:\WINDOWS\system32\nmap-os-fingerprints
2008-06-17 00:28:29 225546 --a------ C:\WINDOWS\system32\nmap-mac-prefixes
2008-06-17 00:28:29 192 --a------ C:\WINDOWS\system32\nmap_performance.reg
2008-06-17 00:28:29 452096 --a------ C:\WINDOWS\system32\nmap.exe <Not Verified; ; Nmap>
2008-06-17 00:28:29 25611 --a------ C:\WINDOWS\system32\COPYING
2008-06-17 00:28:29 192007 --a------ C:\WINDOWS\system32\CHANGELOG
2008-06-17 00:28:28 114688 --a------ C:\WINDOWS\system32\CCGNU32.dll <Not Verified; Open Source Telecom; OST Common C++>
2008-06-17 00:28:23 10752 --a------ C:\WINDOWS\system32\aamd532.dll <Not Verified; Almeida & Andrade Ltda; MD5 Maker DLL>
2008-06-17 00:28:22 561179 --a------ C:\WINDOWS\system32\dao360.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-06-17 00:28:20 137216 --a------ C:\WINDOWS\system32\MSDERUN.DLL <Not Verified; Microsoft Corporation; Microsoft Data Environment Runtime 1.0>
2008-06-17 00:28:17 0 d-------- C:\Program Files\Net Tools
2008-06-16 22:33:13 0 d-------- C:\Program Files\Trend Micro
2008-06-16 20:33:12 0 d-------- C:\Program Files\Sun
2008-06-16 20:32:25 0 d-------- C:\Program Files\Common Files\Java
2008-06-16 18:59:01 2154 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-16 16:40:44 1152 --a------ C:\WINDOWS\system32\windrv.sys
2008-06-16 16:40:02 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-15 15:18:54 0 d-------- C:\Program Files\Spyware Doctor
2008-06-15 15:18:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools
2008-06-15 03:18:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-15 02:46:18 0 d-------- C:\Documents and Settings\Administrator\Application Data\HideIP
2008-06-15 02:37:20 0 d-------- C:\Documents and Settings\Administrator\Application Data\Hide IP NG
2008-06-14 22:43:31 0 d-------- C:\binary
2008-06-14 21:29:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft Games
2008-06-14 21:26:42 0 d-------- C:\Program Files\GameSpy Arcade
2008-06-14 21:24:47 0 d-------- C:\Program Files\Microsoft Games
2008-06-14 04:05:54 12 --a------ C:\Program Files\ID.dat
2008-06-14 03:54:06 0 d-------- C:\Program Files\sound
2008-06-14 03:53:52 0 d-------- C:\Program Files\Collision
2008-06-14 03:53:40 0 d-------- C:\Program Files\world
2008-06-14 03:49:08 0 d-------- C:\Program Files\bitmaps
2008-06-14 03:45:49 0 d-------- C:\Program Files\model
2008-06-14 03:43:28 162816 --a------ C:\Program Files\fmod.dll <Not Verified; Firelight Technologies Pty, Ltd; FMOD>
2008-06-14 03:43:28 40960 --a------ C:\Program Files\Error.exe
2008-06-14 03:43:28 98304 --a------ C:\Program Files\eax.dll <Not Verified; Creative Technology Ltd; Creative Technology Ltd eax>
2008-06-14 03:43:28 1038848 --a------ C:\Program Files\dbghelp.dll <Not Verified; Microsoft Corporation; Debugging Tools for Windows®>
2008-06-14 03:43:28 63488 --a------ C:\Program Files\bugslayerutil.dll <Not Verified; Debugging Applications for Microsoft .NET and Microsoft Windows; >
2008-06-14 03:43:27 0 d-------- C:\Program Files\shaderbin
2008-06-14 03:37:47 0 d-------- C:\Program Files\res
2008-06-14 03:37:36 0 d-------- C:\Program Files\music
2008-06-14 03:37:35 0 d-------- C:\Program Files\GameGuard
2008-06-14 03:37:32 218112 --a------ C:\Program Files\wmasf.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Services>
2008-06-14 03:37:32 4 --a------ C:\Program Files\version.dat
2008-06-14 03:37:32 7536640 --a------ C:\Program Files\rohanclient.exe <Not Verified; YNK Games; Rohan>
2008-06-14 03:37:32 53248 --a------ C:\Program Files\npkpdb.dll <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Program Database DLL>
2008-06-14 03:37:32 37009 --a------ C:\Program Files\npkcusb.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
2008-06-14 03:37:32 34978 --a------ C:\Program Files\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
2008-06-14 03:37:32 467024 --a------ C:\Program Files\npkcrypt.dll <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver Support Dll>
2008-06-14 03:37:32 0 d-------- C:\Program Files\data
2008-06-14 03:37:31 118784 --a------ C:\Program Files\MakeReg.exe
2008-06-14 03:37:31 24576 --a------ C:\Program Files\Loader.exe <Not Verified; ; Loader ?? ????>
2008-06-14 03:37:31 460 --a------ C:\Program Files\Loader.dat
2008-06-14 03:37:31 856064 --a------ C:\Program Files\libeay32.dll
2008-06-14 03:37:31 5537792 --a------ C:\Program Files\Launcher.dll <Not Verified; Geomind; Launcher DLL>
2008-06-14 03:37:31 30208 --a------ C:\Program Files\gouninstusa.exe
2008-06-13 23:55:03 0 d-------- C:\Program Files\Hide My IP 2008
2008-06-11 22:08:07 0 d-------- C:\Shiz
2008-06-11 17:31:04 0 d-------- C:\Program Files\Microsoft Device Emulator
2008-06-11 17:30:55 0 d-------- C:\Program Files\Microsoft SQL Server 2005 Mobile Edition
2008-06-11 17:15:45 0 d-------- C:\WINDOWS\Symbols
2008-06-11 17:15:45 0 d-------- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
2008-06-11 17:15:44 0 d-------- C:\Program Files\Common Files\Business Objects
2008-06-11 17:15:44 0 d-------- C:\Program Files\CE Remote Tools
2008-06-09 16:18:03 0 d-------- C:\Program Files\MSDN
2008-06-09 16:14:30 96896 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
2008-06-09 16:14:29 0 d-------- C:\Program Files\MagicDisc
2008-06-09 16:10:37 0 d-------- C:\Program Files\MagicISO
2008-06-09 15:14:16 0 d-------- C:\Program Files\LimeWire
2008-06-09 12:39:40 0 d-------- C:\Program Files\Microsoft.NET
2008-06-09 04:27:04 0 d-------- C:\Program Files\HTML Help Workshop
2008-06-09 04:27:03 0 d-------- C:\Program Files\Common Files\Merge Modules
2008-06-09 04:27:03 0 d-------- C:\Program Files\Common Files\Crystal Decisions
2008-06-09 04:25:41 0 d-------- C:\Program Files\Microsoft Visual Studio .NET 2003
2008-06-08 01:04:15 0 d-------- C:\Program Files\Steam
2008-06-07 01:19:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mount&Blade
2008-06-07 01:18:35 0 d-------- C:\Mount&Blade
2008-06-05 00:18:11 252 --a------ C:\uxthemepatch.cmd
2008-06-03 00:59:55 64 --a------ C:\WINDOWS\system32\system.bat
2008-06-03 00:59:55 146 --a------ C:\WINDOWS\system32\syssvr.bat
2008-06-03 00:59:55 114 --a------ C:\WINDOWS\system32\drivers\config.sys
2008-06-01 23:39:51 0 d-------- C:\Program Files\Gamescampus
2008-06-01 02:08:54 0 d-------- C:\Program Files\dbh Studios
2008-05-31 02:19:42 0 d-------- C:\Program Files\Indianboy 2007 Present Discord Times Precracked Full version
2008-05-31 01:49:57 0 d-------- C:\Program Files\ReflexiveArcade
2008-05-29 00:48:26 0 d-------- C:\Documents and Settings\Administrator\.unlimitedftp
2008-05-28 00:45:42 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-27 18:40:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Dev-Cpp
2008-05-27 18:38:42 0 d-------- C:\Dev-Cpp
2008-05-26 23:15:57 73728 --a------ C:\WINDOWS\system32\GkSui18.EXE
2008-05-26 23:15:56 0 d-------- C:\Program Files\GameWiz32
2008-05-24 22:45:31 0 d-------- C:\Program Files\vbSkinner Free 2
2008-05-24 22:45:27 197120 -----n--- C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>
2008-05-24 22:45:26 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-05-24 01:10:23 0 d-------- C:\Program Files\PTDD Group
2008-05-23 23:03:04 11 --a------ C:\WINDOWS\epmbcd
2008-05-23 22:21:13 0 d-------- C:\Program Files\EASEUS
2008-05-23 21:33:16 14976 --a------ C:\WINDOWS\system32\drivers\SBKUPNT.SYS
2008-05-23 21:33:16 13312 --a------ C:\WINDOWS\system32\DEVLOAD.EXE
2008-05-23 21:24:46 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-05-23 18:49:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\InfraRecorder
2008-05-23 18:49:27 0 d-------- C:\Program Files\InfraRecorder
2008-05-22 19:49:04 0 d-------- C:\WINDOWS\.silabclient_store_32
2008-05-22 17:25:40 1 --a------ C:\Documents and Settings\Administrator\SI.bin
2008-05-22 16:48:07 0 d-------- C:\WINDOWS\system32\NtmsData
2008-05-21 22:20:53 0 d-------- C:\Program Files\Microsoft Virtual PC
2008-05-21 19:33:35 0 d-------- C:\Program Files\Hushpage
2008-05-21 19:10:18 0 d-------- C:\WINDOWS\.mpr_file_store_32
2008-05-21 19:10:06 0 d-------- C:\Program Files\MoparScape
2008-05-21 19:01:26 106496 --a------ C:\WINDOWS\system\kernel.exe <Not Verified; Microsoft Corporation; Kernel>
2008-05-21 18:58:26 1034859 --a------ C:\WINDOWS\system32\woblist.dll
2008-05-20 00:38:45 0 d-------- C:\Program Files\SoftwarePassport
2008-05-19 23:57:03 0 d-------- C:\FGCDIR
2008-05-19 23:21:31 0 d-------- C:\Program Files\Fortres Grand
2008-05-19 22:08:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\VMware
2008-05-19 21:50:17 0 d-------- C:\Documents and Settings\Default User\Application Data\VMware
2008-05-19 21:48:48 0 d-------- C:\Documents and Settings\All Users\Application Data\VMware
2008-05-19 21:43:49 163840 --a------ C:\WINDOWS\system32\windowsupdater68367892376.exe <Not Verified; Pre-Instinct® Software; Server>
2008-05-18 23:02:31 0 d-------- C:\Program Files\NCSoft
2008-05-18 15:18:44 61440 --a------ C:\WINDOWS\system\WanPacket.dll <Not Verified; CACE Technologies; WinPcap low level NetMon wrapper library>
2008-05-18 15:18:41 61440 --a------ C:\WINDOWS\system32\WanPacket.dll <Not Verified; CACE Technologies; WinPcap low level NetMon wrapper library>
2008-05-18 15:14:23 225280 --a------ C:\WINDOWS\system32\wpcap.dll <Not Verified; NetGroup - Politecnico di Torino; WinPcap high level library>


-- Find3M Report ---------------------------------------------------------------

2008-06-17 23:32:02 0 d-------- C:\Documents and Settings\Administrator\Application Data\Xfire
2008-06-17 21:26:30 0 d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-06-17 16:48:28 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-17 00:57:49 32 --a------ C:\WINDOWS\go
2008-06-16 23:56:14 0 d-------- C:\Program Files\FlashGet
2008-06-16 20:33:04 0 d-------- C:\Program Files\Java
2008-06-16 20:32:25 0 d-------- C:\Program Files\Common Files
2008-06-16 16:15:29 0 d-------- C:\Program Files\lx_cats
2008-06-15 02:35:13 204 --a------ C:\Program Files\Option.cfg
2008-06-15 02:35:13 796 --a------ C:\Program Files\3116037.set
2008-06-12 23:43:25 0 d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-06-11 17:07:24 0 d-------- C:\Program Files\PeerGuardian2
2008-06-10 16:49:16 0 d-------- C:\Documents and Settings\Administrator\Application Data\mIRC
2008-06-10 16:43:14 0 d-------- C:\Program Files\mIRC
2008-06-09 20:11:38 0 d-------- C:\Program Files\Xfire
2008-06-07 02:29:03 0 d-------- C:\Program Files\Cheat Engine
2008-06-06 00:42:21 0 d-------- C:\Program Files\PDF Reader 2
2008-05-24 01:10:23 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-23 18:47:12 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-22 17:20:40 0 d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-05-22 17:15:56 0 d-------- C:\Program Files\Funcom
2008-05-18 19:08:17 0 d-------- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
2008-05-14 19:21:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\Screaming Bee
2008-05-14 19:19:00 0 d-------- C:\Program Files\Common Files\Screaming Bee
2008-05-14 19:18:07 0 d-------- C:\Program Files\Screaming Bee
2008-05-13 15:53:01 0 d-------- C:\Program Files\Common Files\Bcgsoft
2008-05-13 15:50:07 0 d-------- C:\Program Files\The Game Creators
2008-05-09 19:16:54 0 d-------- C:\Program Files\OGPlanet
2008-05-08 23:16:46 0 d-------- C:\Program Files\Microsoft Synchronization Services
2008-05-08 23:16:46 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-08 23:12:20 0 d-------- C:\Program Files\Microsoft SDKs
2008-05-06 00:04:07 0 d-------- C:\Documents and Settings\Administrator\Application Data\Easy Macro Recorder
2008-05-04 19:11:03 0 d-------- C:\Program Files\ArtMoney
2008-05-03 01:14:55 0 d-------- C:\Program Files\Workspace Macro Pro 6.5
2008-05-02 18:57:58 0 d-------- C:\Program Files\ZD Soft
2008-04-29 22:44:01 0 d-------- C:\Program Files\Silkroad
2008-04-26 13:58:25 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-04-25 16:05:49 0 d-------- C:\Program Files\Vstplugins
2008-04-25 16:05:36 0 d-------- C:\Program Files\Sony
2008-04-25 15:58:42 0 d-------- C:\Program Files\MSBuild
2008-04-25 15:54:02 0 d-------- C:\Program Files\Reference Assemblies
2008-04-25 15:50:50 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sony Setup
2008-04-22 15:19:40 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-21 22:30:44 0 d-------- C:\Program Files\Common Files\TechSmith Shared
2008-04-21 22:30:40 0 d-------- C:\Program Files\TechSmith
2008-04-20 20:48:15 0 d-------- C:\Program Files\World of Warcraft
2008-04-20 16:12:13 0 d-------- C:\Program Files\MAIET
2008-04-20 00:02:00 7711 --a------ C:\Program Files\UnInstall_24318.txt
2008-04-20 00:01:56 0 d-------- C:\Program Files\Super Saiyan
2008-04-19 21:00:05 0 d-------- C:\Program Files\LittleFighter2
2008-04-19 01:38:52 0 d-------- C:\Program Files\InnerSpace
2008-04-18 22:29:59 72192 --a------ C:\WINDOWS\cadkasdeinst01e.exe
2008-03-23 04:08:17 17920 --a------ C:\WINDOWS\system32\sophosboottasks.exe <Not Verified; Sophos Plc; Sophos Anti-Virus>
2008-03-22 16:11:42 98304 --a------ C:\WINDOWS\system32CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 03:42]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41]
"LXCYCATS"="C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [02/24/2006 07:54]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 01:41]
"SNM"="C:\Program Files\SpyNoMore\SNM.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [02/13/2008 07:09]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [6/9/2008 4:14:29 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AutoUpdate Monitor.lnk - C:\Program Files\Sophos\AutoUpdate\ALMon.exe [3/23/2008 4:59:22 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ShowSuperHidden"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
dimsntfy.dll 02/17/2007 03:50 19456 C:\WINDOWS\system32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FGWLNotify]
C:\Program Files\Fortres Grand\Fortres Security Runtime 6.0\FGWLNotify.dll 04/11/2006 11:29 69632 C:\Program Files\Fortres Grand\Fortres Security Runtime 6.0\FGWLNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= RASSFM KDCSVC WDIGEST scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Home Server.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Home Server.lnk
backup=C:\WINDOWS\pss\Windows Home Server.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
"C:\Program Files\Lexmark 3400 Series\ezprint.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
"c:\Program Files\Microsoft IntelliPoint\ipoint.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\Documents and Settings\Administrator\Desktop\Test.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcymon.exe]
"C:\Program Files\Lexmark 3400 Series\lxcymon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDM Agent]
C:\Program Files\PDM\PDM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchAndDestroyT]
C:\Program Files\Search And Destroy\SearchAndDestroy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\program files\steam\steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"fsrt"=2 (0x2)
"lanmanserver"=2 (0x2)
"lxcy_device"=3 (0x3)
"idsvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService Alerter WebClient LmHosts WinHttpAutoProxySvc W32Time
NetworkService 6to4 DHCP DnsCache
WinErr ERsvc
tapisrv Tapisrv
regsvc RemoteRegistry
swprv swprv
DcomLaunch DcomLaunch

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
HidServ
LanmanServer
LanmanWorkstation
Messenger
Nla
NWCWorkstation
Sacsvr
Schedule
Seclogon
Themes
TrkWks
TrkSvr
W32Time
Wmi
WmdmPmSp
winmgmt
wuauserv
BITS
ShellHWDetection
uploadmgr
xmlprov
AeLookupSvc
helpsvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36BBA8D2-CA5C-4847-81CC-4F807DD86C91}]
%SystemRoot%\system32\regsvr32.exe /s /n /i:IEUpdateUser urlmon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6D69F546-C1AF-4049-AE9E-28627B91D3F5}]
%SystemRoot%\system32\regsvr32.exe /s /n /i:IEUpdateAdmin urlmon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}]
%SystemRoot%\system32\rundll32.exe iesetup.dll,IEHardenAdmin

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}]
%SystemRoot%\system32\rundll32.exe iesetup.dll,IEHardenUser



-- End of Deckard's System Scanner: finished at 2008-06-18 17:07:27 ------------
  • 0

#14
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean

Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image



  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it.
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:

SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

#15
duffdude

duffdude

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Don't thank me for you helping me.THANK YOU! for helping me get rid of this,thank you very much :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP