heres my smith log
SmitFraudFix v2.328
Scan done at 13:38:16.73, Mon 06/23/2008
Run from C:\Documents and Settings\j\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\Program Files\Hewlett-Packard\HP Connections XP\HPConnectionsXP.exe
C:\Documents and Settings\j\Desktop\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\j
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\j\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\j\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
+--------------------------------------------------+
[!] Suspicious: 763444.dll
BHO: 763444 Class - {984C42AE-0B1D-4495-B16B-935DA5671133}
BHO CLSID TypeLib: {E63648F7-3933-440E-AAAA-A8584DD7B7EB}
Corrected TypeLib: {E63648F7-3933-440E-B4F6-A8584DD7B7EB}
Interface: {F7D09218-46D7-4D3D-9B7F-315204CD0836}
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\\progra~1\\agnitum\\outpos~1\\wl_hook.dll"
"LoadAppInit_DLLs"=dword:00000001
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 68.87.85.98
DNS Server Search Order: 68.87.69.146
HKLM\SYSTEM\CCS\Services\Tcpip\..\{1C7EF43D-2C31-468C-9D44-AB170AD1E4E8}: DhcpNameServer=68.87.85.98 68.87.69.146
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1C7EF43D-2C31-468C-9D44-AB170AD1E4E8}: DhcpNameServer=68.87.85.98 68.87.69.146
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.85.98 68.87.69.146
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.85.98 68.87.69.146
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
heres my dss log
Deckard's System Scanner v20071014.68
Run by j on 2008-06-23 13:51:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 4 Restore Point(s) --
4: 2008-06-23 20:51:45 UTC - RP178 - Deckard's System Scanner Restore Point
3: 2008-06-23 20:27:47 UTC - RP177 - Installed HP Connections XP
2: 2008-06-22 03:58:51 UTC - RP176 - Restore Operation
1: 2008-06-22 03:57:04 UTC - RP175 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 255 MiB (512 MiB recommended).-- HijackThis (run as j.exe) ---------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:54:56, on 6/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP Connections XP\HPConnectionsXP.exe
C:\Documents and Settings\j\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\j.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.c.../search/ie.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.c...//www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://us4.hpwis.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://srch-us4.hpwis.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://srch-us4.hpwis.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://srch-us4.hpwis.com/R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.ghiath.com/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {10AE6707-5A0A-48BC-8BED-41736D11E3DD} - (no file)
O2 - BHO: (no name) - {17BC7FFC-02C7-483C-8A90-3461D51F4B25} - (no file)
O2 - BHO: (no name) - {253A35B3-8CB8-40EF-9683-78104346AFD7} - (no file)
O2 - BHO: (no name) - {29ADD426-D8F0-4FCE-AE07-903F1DFAEFD3} - (no file)
O2 - BHO: (no name) - {461C7695-9741-453E-8A33-FE04231D8515} - (no file)
O2 - BHO: (no name) - {56071E0D-C61B-11D3-B41C-00E02927A304} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: 763444 helper - {984C42AE-0B1D-4495-B16B-935DA5671133} - C:\WINDOWS\system32\763444\763444.dll
O2 - BHO: (no name) - {99CBA29C-B20E-4173-BC16-15C3BCAC06F4} - C:\WINDOWS\system32\ddcBUlMG.dll
O2 - BHO: (no name) - {C395A967-CEDA-43C8-AE51-1CFB9BD1F4B5} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: (no name) - {D6258CA6-2028-4CDD-B496-CACC18721A60} - C:\WINDOWS\system32\iifdcDvW.dll
O2 - BHO: (no name) - {F08487B1-AFEC-45CF-B2E9-D05DEE137D22} - (no file)
O2 - BHO: (no name) - {F5A48D4D-00B6-4AD2-B273-29007E82CA02} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {9EF873D0-0259-4D2A-AA60-F61FA5B28FE8} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\mcafee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\mcafee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\Program Files\mcafee.com\Agent\mcupdate.exe /embedding
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [5495c47c] rundll32.exe "C:\WINDOWS\system32\jpkhemic.dll",b
O4 - HKLM\..\Run: [HPConnectionsXP c5abd8b1-0f62-43f4-a9b8-938e04bb517e] C:\Program Files\Hewlett-Packard\HP Connections XP\HPConnectionsXP.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O4 - Global Startup: hp center UI.lnk.disabled
O4 - Global Startup: hp center.lnk.disabled
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: Outpost Security Suite Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Security Suite Pro\ie_bar.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
http://us.dl1.yimg.c...nst20040510.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.mi...b?1198340481764O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.mi...b?1198341157327O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O20 - Winlogon Notify: iifdcDvW - C:\WINDOWS\SYSTEM32\iifdcDvW.dll
O21 - SSODL: leorop - {F8F5E481-D4F3-4C3D-A249-0D632668089B} - (no file)
O21 - SSODL: nopzet - {E990305D-1B22-436A-A794-FBF364CC3A4D} - (no file)
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - C:\Program Files\mcafee.com\VSO\mcshield.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
--
End of file - 7991 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R3 VBEngNT - c:\windows\system32\drivers\vbengnt.sys <Not Verified; VirusBuster Kft.; VirusBuster Engine SYS for Windows NT/2000/XP>
S3 Freedom (FREEDOM Miniport) - c:\windows\system32\drivers\freedom.sys (file missing)
S3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
All services whitelisted.
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: SW\{2F412AB5-ED3A-4590-AB24-B0CE2AA77D3C}\{9B365890-165F-11D0-A195-0020AFD156E4}
Manufacturer:
Name:
PNP Device ID: SW\{2F412AB5-ED3A-4590-AB24-B0CE2AA77D3C}\{9B365890-165F-11D0-A195-0020AFD156E4}
Service:
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: SW\{4245FF73-1DB4-11D2-86E4-98AE20524153}\{9B365890-165F-11D0-A195-0020AFD156E4}
Manufacturer:
Name:
PNP Device ID: SW\{4245FF73-1DB4-11D2-86E4-98AE20524153}\{9B365890-165F-11D0-A195-0020AFD156E4}
Service:
-- Scheduled Tasks -------------------------------------------------------------
2008-06-20 17:15:00 390 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
-- Files created between 2008-05-23 and 2008-06-23 -----------------------------
2008-06-23 13:38:54 2306 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-23 13:37:46 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-06-23 13:37:45 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-06-23 13:37:44 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-23 13:37:43 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-23 13:37:42 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-06-23 13:37:42 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-23 13:37:41 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-06-23 13:37:39 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified;
http://www.beyondlogic.org; Command Line Process Utility>
2008-06-23 05:28:47 91392 --a------ C:\WINDOWS\system32\jpkhemic.dll
2008-06-23 04:48:38 0 d-------- C:\Documents and Settings\j\Application Data\GRETECH
2008-06-21 20:49:44 0 d-------- C:\Documents and Settings\j\Application Data\Sun
2008-06-21 20:29:33 0 d-------- C:\Program Files\Trend Micro
2008-06-21 19:58:45 0 d-------- C:\Documents and Settings\j\Application Data\Yahoo!
2008-06-21 02:30:35 0 d-------- C:\Documents and Settings\j\Application Data\Macromedia
2008-06-21 02:22:05 0 d-------- C:\Documents and Settings\j\Application Data\Mozilla
2008-06-20 15:02:53 0 d-------- C:\Documents and Settings\j\Application Data\InterTrust
2008-06-20 15:02:53 0 d-------- C:\Documents and Settings\j\Application Data\Identities
2008-06-20 15:02:53 0 d-------- C:\Documents and Settings\j\Application Data\Corel
2008-06-20 15:02:53 0 d-------- C:\Documents and Settings\j\Application Data\Adobe
2008-06-20 15:02:52 0 dr-h----- C:\Documents and Settings\j\SendTo
2008-06-20 15:02:52 0 dr-h----- C:\Documents and Settings\j\Recent
2008-06-20 15:02:52 0 d--h----- C:\Documents and Settings\j\PrintHood
2008-06-20 15:02:52 0 d--h----- C:\Documents and Settings\j\NetHood
2008-06-20 15:02:52 0 dr------- C:\Documents and Settings\j\My Documents
2008-06-20 15:02:52 0 d--h----- C:\Documents and Settings\j\Local Settings
2008-06-20 15:02:52 0 dr------- C:\Documents and Settings\j\Favorites
2008-06-20 15:02:52 0 d-------- C:\Documents and Settings\j\Desktop
2008-06-20 15:02:52 0 d--hs---- C:\Documents and Settings\j\Cookies
2008-06-20 15:02:52 0 dr-h----- C:\Documents and Settings\j\Application Data
2008-06-20 15:02:51 0 d-------- C:\Documents and Settings\j\WINDOWS
2008-06-20 15:02:51 0 d--h----- C:\Documents and Settings\j\Templates
2008-06-20 15:02:51 0 dr------- C:\Documents and Settings\j\Start Menu
2008-06-20 15:02:51 1310720 --a------ C:\Documents and Settings\j\NTUSER.DAT
2008-06-20 13:44:53 118784 --a------ C:\WINDOWS\SeaMonkeyUninstall.exe
2008-06-20 13:43:26 118784 --a------ C:\WINDOWS\GREUninstall.exe
2008-06-20 13:41:45 0 d-------- C:\Program Files\mozilla.org
2008-06-20 13:36:28 0 d-------- C:\Documents and Settings\k\Application Data\Free Download Manager
2008-06-20 13:28:41 0 d-------- C:\Documents and Settings\k\Application Data\Free Upload Manager
2008-06-20 04:25:27 0 d-------- C:\Documents and Settings\k\Application Data\MSN6
2008-06-19 07:00:56 228979 --ahs---- C:\WINDOWS\system32\GMlUBcdd.ini2
2008-06-19 07:00:44 322432 --a------ C:\WINDOWS\system32\ddcBUlMG.dll
2008-06-19 06:41:22 0 d-------- C:\Program Files\Error Repair Professional
2008-06-18 01:55:55 0 d-------- C:\WINDOWS\system32\763444
2008-06-17 14:13:39 1073745 --a------ C:\WINDOWS\system32\drivers\VBEngNT.sys <Not Verified; VirusBuster Kft.; VirusBuster Engine SYS for Windows NT/2000/XP>
2008-06-17 14:10:50 0 d-------- C:\WINDOWS\system32\Filt
2008-06-17 14:10:49 0 d-------- C:\Program Files\Agnitum
2008-06-17 14:10:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Agnitum
2008-06-17 13:59:21 94080 --a------ C:\WINDOWS\system32\ioorxoxk.dll
2008-06-17 13:52:41 5888 --ahs---- C:\WINDOWS\system32\dgfMUvut.ini2
2008-06-17 13:32:23 28800 --a------ C:\WINDOWS\system32\iifdcDvW.dll
2008-06-15 15:19:05 0 d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-06-15 15:19:04 0 d-------- C:\Program Files\Free Download Manager
2008-06-02 14:32:46 0 d-------- C:\Program Files\Flash Favorite
2008-05-30 16:22:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 16:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 16:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 16:22:46 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 16:22:46 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-26 17:36:06 0 d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-05-26 17:35:08 0 d-------- C:\Program Files\GRETECH
-- Find3M Report ---------------------------------------------------------------
2008-06-23 13:27:51 0 d-------- C:\Program Files\Hewlett-Packard
2008-06-23 13:27:48 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-21 20:25:40 0 d-------- C:\Program Files\Java
2008-06-20 13:44:53 8881 --a------ C:\WINDOWS\mozver.dat
2008-06-20 13:42:12 0 d-------- C:\Program Files\Common Files
2008-06-20 12:51:53 0 d-------- C:\Program Files\WildTangent
2008-06-19 02:48:08 0 d-------- C:\Program Files\Screensavers.com
2008-06-19 02:48:06 0 d-------- C:\Program Files\s?stem
2008-06-19 02:48:06 0 d-------- C:\Program Files\HP Instant Support
2008-06-19 02:48:04 0 d-------- C:\Program Files\Insider
2008-06-18 20:04:17 0 d-------- C:\Program Files\RegistryFix
2008-06-17 20:02:47 0 d-------- C:\Program Files\DivX
2008-06-17 15:38:13 0 d-------- C:\Program Files\ZipItFree
2008-06-17 15:14:15 0 d-------- C:\Program Files\Common Files\Scanner
2008-06-17 15:07:09 0 d-------- C:\Program Files\Windows NT
2008-06-17 15:07:04 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-17 15:07:00 0 d-------- C:\Program Files\Tcl
2008-06-17 15:06:36 0 d-------- C:\Program Files\Realtek AC97
2008-06-17 15:06:28 0 d-------- C:\Program Files\QuickenFC
2008-06-17 15:06:27 0 d-------- C:\Program Files\Python
2008-06-17 15:06:27 0 d-------- C:\Program Files\PC-Doctor for Windows XP
2008-06-17 15:05:46 0 d-------- C:\Program Files\Movie Maker
2008-06-17 15:05:33 0 d-------- C:\Program Files\Microsoft Works
2008-06-17 15:04:55 0 d-------- C:\Program Files\Messenger
2008-06-17 15:04:35 0 d-------- C:\Program Files\HPSelect
2008-06-17 15:04:32 0 d-------- C:\Program Files\HP RecordNow
2008-06-17 15:04:20 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-06-17 15:04:09 0 d-------- C:\Program Files\Common Files\LightScribe
2008-06-17 15:04:05 0 d-------- C:\Program Files\Common Files\aolshare
2008-06-17 15:03:53 0 d-------- C:\Program Files\Common Files\aolback
2008-06-17 15:03:53 0 d-------- C:\Program Files\Common Files\AOL
2008-06-17 15:03:36 0 d-------- C:\Program Files\America Online 9.0
2008-06-17 15:03:36 0 d-------- C:\Program Files\AlbumPlayer
2008-06-17 11:56:28 0 d-------- C:\Program Files\YouTube Downloader
2008-06-17 11:55:30 0 d-------- C:\Program Files\PopCap Games
2008-05-22 15:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 15:19:46 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 15:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 15:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-18 17:48:44 0 d-------- C:\Program Files\Aimersoft
2008-05-16 13:49:00 71 --a------ C:\WINDOWS\popcinfot.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10AE6707-5A0A-48BC-8BED-41736D11E3DD}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17BC7FFC-02C7-483C-8A90-3461D51F4B25}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{253A35B3-8CB8-40EF-9683-78104346AFD7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29ADD426-D8F0-4FCE-AE07-903F1DFAEFD3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{461C7695-9741-453E-8A33-FE04231D8515}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{984C42AE-0B1D-4495-B16B-935DA5671133}]
06/18/2008 01:55 15360 --a------ C:\WINDOWS\system32\763444\763444.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{99CBA29C-B20E-4173-BC16-15C3BCAC06F4}]
06/19/2008 07:00 322432 --a------ C:\WINDOWS\system32\ddcBUlMG.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C395A967-CEDA-43C8-AE51-1CFB9BD1F4B5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D6258CA6-2028-4CDD-B496-CACC18721A60}]
06/17/2008 13:32 28800 --a------ C:\WINDOWS\system32\iifdcDvW.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F08487B1-AFEC-45CF-B2E9-D05DEE137D22}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5A48D4D-00B6-4AD2-B273-29007E82CA02}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 10:04]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [06/15/2001 16:34]
"NvCplDaemon"="NvQTwk" []
"S3TRAY2"="S3tray2.exe" [10/04/2001 12:06 C:\WINDOWS\SYSTEM32\S3tray2.exe]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [08/07/2001 18:25]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [08/07/2001 17:36]
"VirusScan Online"="C:\Program Files\mcafee.com\VSO\mcvsshld.exe" [10/12/2001 11:41]
"MCAgentExe"="C:\Program Files\mcafee.com\Agent\mcagent.exe" [10/11/2001 17:20]
"MCUpdateExe"="C:\Program Files\mcafee.com\Agent\mcupdate.exe" [10/11/2001 17:20]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/2003 08:38]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [06/25/2003 11:24]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [07/22/2005 19:33]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28]
"5495c47c"="C:\WINDOWS\system32\jpkhemic.dll" [06/23/2008 05:28]
"HPConnectionsXP c5abd8b1-0f62-43f4-a9b8-938e04bb517e"="C:\Program Files\Hewlett-Packard\HP Connections XP\HPConnectionsXP.exe" [04/04/2008 10:17]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 00:56]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hp center UI.lnk.disabled [3/9/2008 9:46:53 AM]
hp center.lnk.disabled [3/3/2008 8:54:49 PM]
Sonic CinePlayer Quick Launch.lnk - C:\Program Files\Common Files\Sonic Shared\CineTray.exe [5/26/2006 2:01:00 AM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{D6258CA6-2028-4CDD-B496-CACC18721A60}"= C:\WINDOWS\system32\iifdcDvW.dll [06/17/2008 13:32 28800]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifdcDvW]
iifdcDvW.dll 06/17/2008 13:32 28800 C:\WINDOWS\SYSTEM32\iifdcDvW.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=c:\progra~1\agnitum\outpos~1\wl_hook.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddcBUlMG
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
-- End of Deckard's System Scanner: finished at 2008-06-23 13:57:48 ------------
extra log
Deckard's System Scanner v20071014.68
Run by j on 2008-06-23 13:51:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 4 Restore Point(s) --
4: 2008-06-23 20:51:45 UTC - RP178 - Deckard's System Scanner Restore Point
3: 2008-06-23 20:27:47 UTC - RP177 - Installed HP Connections XP
2: 2008-06-22 03:58:51 UTC - RP176 - Restore Operation
1: 2008-06-22 03:57:04 UTC - RP175 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 255 MiB (512 MiB recommended).-- HijackThis (run as j.exe) ---------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:54:56, on 6/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP Connections XP\HPConnectionsXP.exe
C:\Documents and Settings\j\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\j.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.c.../search/ie.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.c...//www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://us4.hpwis.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://srch-us4.hpwis.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://srch-us4.hpwis.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://srch-us4.hpwis.com/R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.ghiath.com/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {10AE6707-5A0A-48BC-8BED-41736D11E3DD} - (no file)
O2 - BHO: (no name) - {17BC7FFC-02C7-483C-8A90-3461D51F4B25} - (no file)
O2 - BHO: (no name) - {253A35B3-8CB8-40EF-9683-78104346AFD7} - (no file)
O2 - BHO: (no name) - {29ADD426-D8F0-4FCE-AE07-903F1DFAEFD3} - (no file)
O2 - BHO: (no name) - {461C7695-9741-453E-8A33-FE04231D8515} - (no file)
O2 - BHO: (no name) - {56071E0D-C61B-11D3-B41C-00E02927A304} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: 763444 helper - {984C42AE-0B1D-4495-B16B-935DA5671133} - C:\WINDOWS\system32\763444\763444.dll
O2 - BHO: (no name) - {99CBA29C-B20E-4173-BC16-15C3BCAC06F4} - C:\WINDOWS\system32\ddcBUlMG.dll
O2 - BHO: (no name) - {C395A967-CEDA-43C8-AE51-1CFB9BD1F4B5} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: (no name) - {D6258CA6-2028-4CDD-B496-CACC18721A60} - C:\WINDOWS\system32\iifdcDvW.dll
O2 - BHO: (no name) - {F08487B1-AFEC-45CF-B2E9-D05DEE137D22} - (no file)
O2 - BHO: (no name) - {F5A48D4D-00B6-4AD2-B273-29007E82CA02} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {9EF873D0-0259-4D2A-AA60-F61FA5B28FE8} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\mcafee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\mcafee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\Program Files\mcafee.com\Agent\mcupdate.exe /embedding
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [5495c47c] rundll32.exe "C:\WINDOWS\system32\jpkhemic.dll",b
O4 - HKLM\..\Run: [HPConnectionsXP c5abd8b1-0f62-43f4-a9b8-938e04bb517e] C:\Program Files\Hewlett-Packard\HP Connections XP\HPConnectionsXP.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O4 - Global Startup: hp center UI.lnk.disabled
O4 - Global Startup: hp center.lnk.disabled
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: Outpost Security Suite Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Security Suite Pro\ie_bar.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
http://us.dl1.yimg.c...nst20040510.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.mi...b?1198340481764O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.mi...b?1198341157327O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O20 - Winlogon Notify: iifdcDvW - C:\WINDOWS\SYSTEM32\iifdcDvW.dll
O21 - SSODL: leorop - {F8F5E481-D4F3-4C3D-A249-0D632668089B} - (no file)
O21 - SSODL: nopzet - {E990305D-1B22-436A-A794-FBF364CC3A4D} - (no file)
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - C:\Program Files\mcafee.com\VSO\mcshield.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
--
End of file - 7991 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R3 VBEngNT - c:\windows\system32\drivers\vbengnt.sys <Not Verified; VirusBuster Kft.; VirusBuster Engine SYS for Windows NT/2000/XP>
S3 Freedom (FREEDOM Miniport) - c:\windows\system32\drivers\freedom.sys (file missing)
S3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
All services whitelisted.
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: SW\{2F412AB5-ED3A-4590-AB24-B0CE2AA77D3C}\{9B365890-165F-11D0-A195-0020AFD156E4}
Manufacturer:
Name:
PNP Device ID: SW\{2F412AB5-ED3A-4590-AB24-B0CE2AA77D3C}\{9B365890-165F-11D0-A195-0020AFD156E4}
Service:
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: SW\{4245FF73-1DB4-11D2-86E4-98AE20524153}\{9B365890-165F-11D0-A195-0020AFD156E4}
Manufacturer:
Name:
PNP Device ID: SW\{4245FF73-1DB4-11D2-86E4-98AE20524153}\{9B365890-165F-11D0-A195-0020AFD156E4}
Service:
-- Scheduled Tasks -------------------------------------------------------------
2008-06-20 17:15:00 390 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
-- Files created between 2008-05-23 and 2008-06-23 -----------------------------
2008-06-23 13:38:54 2306 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-23 13:37:46 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-06-23 13:37:45 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-06-23 13:37:44 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-06-23 13:37:43 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-23 13:37:42 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-06-23 13:37:42 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-23 13:37:41 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-06-23 13:37:39 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified;
http://www.beyondlogic.org; Command Line Process Utility>
2008-06-23 05:28:47 91392 --a------ C:\WINDOWS\system32\jpkhemic.dll
2008-06-23 04:48:38 0 d-------- C:\Documents and Settings\j\Application Data\GRETECH
2008-06-21 20:49:44 0 d-------- C:\Documents and Settings\j\Application Data\Sun
2008-06-21 20:29:33 0 d-------- C:\Program Files\Trend Micro
2008-06-21 19:58:45 0 d-------- C:\Documents and Settings\j\Application Data\Yahoo!
2008-06-21 02:30:35 0 d-------- C:\Documents and Settings\j\Application Data\Macromedia
2008-06-21 02:22:05 0 d-------- C:\Documents and Settings\j\Application Data\Mozilla
2008-06-20 15:02:53 0 d-------- C:\Documents and Settings\j\Application Data\InterTrust
2008-06-20 15:02:53 0 d-------- C:\Documents and Settings\j\Application Data\Identities
2008-06-20 15:02:53 0 d-------- C:\Documents and Settings\j\Application Data\Corel
2008-06-20 15:02:53 0 d-------- C:\Documents and Settings\j\Application Data\Adobe
2008-06-20 15:02:52 0 dr-h----- C:\Documents and Settings\j\SendTo
2008-06-20 15:02:52 0 dr-h----- C:\Documents and Settings\j\Recent
2008-06-20 15:02:52 0 d--h----- C:\Documents and Settings\j\PrintHood
2008-06-20 15:02:52 0 d--h----- C:\Documents and Settings\j\NetHood
2008-06-20 15:02:52 0 dr------- C:\Documents and Settings\j\My Documents
2008-06-20 15:02:52 0 d--h----- C:\Documents and Settings\j\Local Settings
2008-06-20 15:02:52 0 dr------- C:\Documents and Settings\j\Favorites
2008-06-20 15:02:52 0 d-------- C:\Documents and Settings\j\Desktop
2008-06-20 15:02:52 0 d--hs---- C:\Documents and Settings\j\Cookies
2008-06-20 15:02:52 0 dr-h----- C:\Documents and Settings\j\Application Data
2008-06-20 15:02:51 0 d-------- C:\Documents and Settings\j\WINDOWS
2008-06-20 15:02:51 0 d--h----- C:\Documents and Settings\j\Templates
2008-06-20 15:02:51 0 dr------- C:\Documents and Settings\j\Start Menu
2008-06-20 15:02:51 1310720 --a------ C:\Documents and Settings\j\NTUSER.DAT
2008-06-20 13:44:53 118784 --a------ C:\WINDOWS\SeaMonkeyUninstall.exe
2008-06-20 13:43:26 118784 --a------ C:\WINDOWS\GREUninstall.exe
2008-06-20 13:41:45 0 d-------- C:\Program Files\mozilla.org
2008-06-20 13:36:28 0 d-------- C:\Documents and Settings\k\Application Data\Free Download Manager
2008-06-20 13:28:41 0 d-------- C:\Documents and Settings\k\Application Data\Free Upload Manager
2008-06-20 04:25:27 0 d-------- C:\Documents and Settings\k\Application Data\MSN6
2008-06-19 07:00:56 228979 --ahs---- C:\WINDOWS\system32\GMlUBcdd.ini2
2008-06-19 07:00:44 322432 --a------ C:\WINDOWS\system32\ddcBUlMG.dll
2008-06-19 06:41:22 0 d-------- C:\Program Files\Error Repair Professional
2008-06-18 01:55:55 0 d-------- C:\WINDOWS\system32\763444
2008-06-17 14:13:39 1073745 --a------ C:\WINDOWS\system32\drivers\VBEngNT.sys <Not Verified; VirusBuster Kft.; VirusBuster Engine SYS for Windows NT/2000/XP>
2008-06-17 14:10:50 0 d-------- C:\WINDOWS\system32\Filt
2008-06-17 14:10:49 0 d-------- C:\Program Files\Agnitum
2008-06-17 14:10:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Agnitum
2008-06-17 13:59:21 94080 --a------ C:\WINDOWS\system32\ioorxoxk.dll
2008-06-17 13:52:41 5888 --ahs---- C:\WINDOWS\system32\dgfMUvut.ini2
2008-06-17 13:32:23 28800 --a------ C:\WINDOWS\system32\iifdcDvW.dll
2008-06-15 15:19:05 0 d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-06-15 15:19:04 0 d-------- C:\Program Files\Free Download Manager
2008-06-02 14:32:46 0 d-------- C:\Program Files\Flash Favorite
2008-05-30 16:22:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 16:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 16:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 16:22:46 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 16:22:46 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-26 17:36:06 0 d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2008-05-26 17:35:08 0 d-------- C:\Program Files\GRETECH
-- Find3M Report ---------------------------------------------------------------
2008-06-23 13:27:51 0 d-------- C:\Program Files\Hewlett-Packard
2008-06-23 13:27:48 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-21 20:25:40 0 d-------- C:\Program Files\Java
2008-06-20 13:44:53 8881 --a------ C:\WINDOWS\mozver.dat
2008-06-20 13:42:12 0 d-------- C:\Program Files\Common Files
2008-06-20 12:51:53 0 d-------- C:\Program Files\WildTangent
2008-06-19 02:48:08 0 d-------- C:\Program Files\Screensavers.com
2008-06-19 02:48:06 0 d-------- C:\Program Files\s?stem
2008-06-19 02:48:06 0 d-------- C:\Program Files\HP Instant Support
2008-06-19 02:48:04 0 d-------- C:\Program Files\Insider
2008-06-18 20:04:17 0 d-------- C:\Program Files\RegistryFix
2008-06-17 20:02:47 0 d-------- C:\Program Files\DivX
2008-06-17 15:38:13 0 d-------- C:\Program Files\ZipItFree
2008-06-17 15:14:15 0 d-------- C:\Program Files\Common Files\Scanner
2008-06-17 15:07:09 0 d-------- C:\Program Files\Windows NT
2008-06-17 15:07:04 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-17 15:07:00 0 d-------- C:\Program Files\Tcl
2008-06-17 15:06:36 0 d-------- C:\Program Files\Realtek AC97
2008-06-17 15:06:28 0 d-------- C:\Program Files\QuickenFC
2008-06-17 15:06:27 0 d-------- C:\Program Files\Python
2008-06-17 15:06:27 0 d-------- C:\Program Files\PC-Doctor for Windows XP
2008-06-17 15:05:46 0 d-------- C:\Program Files\Movie Maker
2008-06-17 15:05:33 0 d-------- C:\Program Files\Microsoft Works
2008-06-17 15:04:55 0 d-------- C:\Program Files\Messenger
2008-06-17 15:04:35 0 d-------- C:\Program Files\HPSelect
2008-06-17 15:04:32 0 d-------- C:\Program Files\HP RecordNow
2008-06-17 15:04:20 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-06-17 15:04:09 0 d-------- C:\Program Files\Common Files\LightScribe
2008-06-17 15:04:05 0 d-------- C:\Program Files\Common Files\aolshare
2008-06-17 15:03:53 0 d-------- C:\Program Files\Common Files\aolback
2008-06-17 15:03:53 0 d-------- C:\Program Files\Common Files\AOL
2008-06-17 15:03:36 0 d-------- C:\Program Files\America Online 9.0
2008-06-17 15:03:36 0 d-------- C:\Program Files\AlbumPlayer
2008-06-17 11:56:28 0 d-------- C:\Program Files\YouTube Downloader
2008-06-17 11:55:30 0 d-------- C:\Program Files\PopCap Games
2008-05-22 15:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 15:19:46 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 15:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 15:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-18 17:48:44 0 d-------- C:\Program Files\Aimersoft
2008-05-16 13:49:00 71 --a------ C:\WINDOWS\popcinfot.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10AE6707-5A0A-48BC-8BED-41736D11E3DD}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17BC7FFC-02C7-483C-8A90-3461D51F4B25}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{253A35B3-8CB8-40EF-9683-78104346AFD7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29ADD426-D8F0-4FCE-AE07-903F1DFAEFD3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{461C7695-9741-453E-8A33-FE04231D8515}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{984C42AE-0B1D-4495-B16B-935DA5671133}]
06/18/2008 01:55 15360 --a------ C:\WINDOWS\system32\763444\763444.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{99CBA29C-B20E-4173-BC16-15C3BCAC06F4}]
06/19/2008 07:00 322432 --a------ C:\WINDOWS\system32\ddcBUlMG.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C395A967-CEDA-43C8-AE51-1CFB9BD1F4B5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D6258CA6-2028-4CDD-B496-CACC18721A60}]
06/17/2008 13:32 28800 --a------ C:\WINDOWS\system32\iifdcDvW.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F08487B1-AFEC-45CF-B2E9-D05DEE137D22}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5A48D4D-00B6-4AD2-B273-29007E82CA02}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 10:04]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [06/15/2001 16:34]
"NvCplDaemon"="NvQTwk" []
"S3TRAY2"="S3tray2.exe" [10/04/2001 12:06 C:\WINDOWS\SYSTEM32\S3tray2.exe]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [08/07/2001 18:25]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [08/07/2001 17:36]
"VirusScan Online"="C:\Program Files\mcafee.com\VSO\mcvsshld.exe" [10/12/2001 11:41]
"MCAgentExe"="C:\Program Files\mcafee.com\Agent\mcagent.exe" [10/11/2001 17:20]
"MCUpdateExe"="C:\Program Files\mcafee.com\Agent\mcupdate.exe" [10/11/2001 17:20]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/2003 08:38]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [06/25/2003 11:24]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [07/22/2005 19:33]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28]
"5495c47c"="C:\WINDOWS\system32\jpkhemic.dll" [06/23/2008 05:28]
"HPConnectionsXP c5abd8b1-0f62-43f4-a9b8-938e04bb517e"="C:\Program Files\Hewlett-Packard\HP Connections XP\HPConnectionsXP.exe" [04/04/2008 10:17]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 00:56]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hp center UI.lnk.disabled [3/9/2008 9:46:53 AM]
hp center.lnk.disabled [3/3/2008 8:54:49 PM]
Sonic CinePlayer Quick Launch.lnk - C:\Program Files\Common Files\Sonic Shared\CineTray.exe [5/26/2006 2:01:00 AM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{D6258CA6-2028-4CDD-B496-CACC18721A60}"= C:\WINDOWS\system32\iifdcDvW.dll [06/17/2008 13:32 28800]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifdcDvW]
iifdcDvW.dll 06/17/2008 13:32 28800 C:\WINDOWS\SYSTEM32\iifdcDvW.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=c:\progra~1\agnitum\outpos~1\wl_hook.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddcBUlMG
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSe